Net 2011

It Pays to Get Certified
In a digital world, digital literacy is an essential survival skill. Certification proves you have the knowledge and skill to solve business problems in virtually any business environment. Certifications are highly valued credentials that qualify you for jobs, increased compensation, and promotion. CompTIA Network+ certification held by many IT Staff in organizations: 21% of IT staff within a random sampling of U.S. organizations within a cross section of industry verticals hold Network+ certification.
The CompTIA Network+ credential proves knowledge of networking features and functions and is the leading vendor neutral certification for networking professionals. Starting Salary The average starting salary of network engineers can be up to $70,000. Career Pathway CompTIA Network+ is the first step in starting a networking career, and is recognized by Microsoft as part of their MS program. Other corporations, such as Novell, Cisco and HP also recognize CompTIA Network+ as part of their certification tracks. More than 260,000 individuals worldwide are CompTIA Network+ certified. Mandated/Recommended by organizations worldwide such as Cisco, HP, Ricoh, the U.S. State Department, and U.S. government contractors such as EDS, General Dynamics, and Northrop Grumman.
How Certification Helps Your Career
Steps to Getting Certified and Staying Certified

Review Exam Objectives Review the certification objectives to make sure you know what is covered in the exam. http://certification.comptia.org/Training/testingcenters/examobjectives.aspx After you have studied for the certification, take a free assessment and sample test to get an idea of what type of questions might be on the exam. http://certification.comptia.org/Training/testingcenters/samplequestions.aspx Error! Hyperlink
Practice for the Exam
reference not valid.

Purchase an Exam Voucher Take the Test! Stay Certified! Continuing Education Purchase your exam voucher on the CompTIA Marketplace, which is located at: http://www.comptiastore.com/ Select a certification exam provider and schedule a time to take your exam. You can find exam providers at the following link: http://certification.comptia.org/Training/testingcenters.aspx Effective January 1, 2011, CompTIA Network+ certifications are valid for three years from the date of certification. There are a number of ways the certification can be renewed. For more information go to: http://certification.comptia.org/getCertified/steps_to_certification/stayCertified.aspx
How to obtain more information

Visit CompTIA online www.comptia.org to learn more about getting CompTIA certified. Contact CompTIA call 866 835 8020 ext. 5 or email questions@comptia.org Join the IT Pro Community http://itpro.comptia.org to join the IT community to get relevant career information. Connect with us :
CompTIA Network+ (Exam N10005)

Part Number: NH85708(IGEE) Course Edition: 1.1
ACKNOWLEDGMENTS
Project Team
Content Developer: Ranjith Kumar and Nagarajan D R Content Manager: Graphic Designer: Project Manager: Media Instructional Designer: Content Editor: Materials Editor: Business Matter Expert: Technical Reviewer: Project Technical Support: Mike Toscano
NOTICES
DISCLAIMER: While Element K Corporation takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or tness for a particular purpose. The name used in the data les for this course is that of a ctitious company. Any resemblance to current or future companies is purely coincidental. We do not believe we have used anyones name in creating this course, but if we have, please notify us and we will change the name in the next revision of the course. Element K is an independent provider of integrated training solutions for individuals, businesses, educational institutions, and government agencies. Use of screenshots, photographs of another entitys products, or another entitys product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by, nor any afliation of such entity with Element K. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the External Sites). Element K is not responsible for the availability of, or the content located on or through, any External Site. Please contact Element K if you have any concerns regarding such links or External Sites. TRADEMARK NOTICES: Element K and the Element K logo are trademarks of Element K Corporation and its afliates. Microsoft and Windows are registered trademarks of Microsoft Corporation in the U.S. and other countries; the Sun Microsystems and Apple products and services discussed or described may be trademarks of Sun Microsystems or Apple, Inc., respectively. All other product names and services used throughout this course may be common law or registered trademarks of their respective proprietors. Copyright 2012 2012 Element K Corporation. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without express written permission of Element K, 500 Canal View Boulevard, Rochester, NY 14623, (585) 240-7500, (800) 478-7788. Element K Coursewares World Wide Web site is located at www.elementkcourseware.com. This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and conditions of the owner. Do not make illegal copies of books or software. If you believe that this book, related materials, or any other Element K materials are being reproduced or transmitted without permission, please call (800) 478-7788. The logo of the CompTIA Authorized Curriculum Program and the status of this or other training material as Authorized under the CompTIA Authorized Curriculum Program signies that, in CompTIAs opinion, such training material covers the content of CompTIAs related certication exam. CompTIA has not reviewed or approved the accuracy of the contents of this training material and specically disclaims any warranties of merchantability or tness for a particular purpose. CompTIA makes no guarantee concerning the success of persons using any such authorized or other training material in order to prepare for any CompTIA certication exam. The contents of this training material were created for the CompTIA Network+ exam covering CompTIA certication exam objectives that were current as of 2011. How to Become CompTIA Certied: This training material can help you prepare for and pass the related CompTIA certication exam or exams. In order to achieve CompTIA certication, you must register for and pass a CompTIA certication exam or exams. In order to become CompTIA certied, you must: 1. 2. 3. Select a certication exam provider. For more information, visit www.comptia.org/certications/testprep.aspx. Register for and schedule a time to take the CompTIA certication exam(s) at a convenient location. Read and sign the Candidate Agreement, which will be presented at the time of the exam(s). The text of the Candidate Agreement can be found at www.comptia.org/certications/policies/ agreement.aspx.
ii
CompTIA Network+ (Exam N10-005)
COMPTIA NETWORK+ (EXAM N10-005)

LESSON 1 - NETWORK THEORY
A. Networking Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Computer Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Network Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Network Backbones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Peer Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Host Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS
2 3 3 3 4 4 5 6 7 7 8
B. Network Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 WANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Network Coverage Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 The Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Intranets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Extranets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Enterprise Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Contents
iii
CONTENTS
C. Standard Network Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Network Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Centralized Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Client/Server Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Peer-to-Peer Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Mixed Mode Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 D. Physical Network Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Point-to-Point Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Multipoint Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Radiated Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 The Physical Bus Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Data Transmission on a Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 The Physical Star Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 The Physical Ring Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 The Physical Mesh Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 The Physical Tree Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Hybrid Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Types of Hybrid Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 E. Logical Network Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 The Logical Bus Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 The Logical Ring Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 The Logical Star Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
iv
LESSON 2 - NETWORK COMMUNICATIONS METHODS

A. Data Transmission Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Digital Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Unicast Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Broadcast Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Multicast Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Serial Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Parallel Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Baseband Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Broadband Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 B. Media Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Types of Media Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Polling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 CSMA/CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 CSMA/CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Contention Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 C. Signaling Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Analog Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Analog Signal Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Digital Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Analog Signal Modulation and Demodulation . . . . . . . . . . . . . . . . . . . . 57 Digital Signal Modulation and Demodulation . . . . . . . . . . . . . . . . . . . . . 58 Digital Signal Reference Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
CONTENTS
Contents
CONTENTS
LESSON 3 - NETWORK MEDIA AND HARDWARE

A. Bounded Network Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Network Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Copper Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Twisted Pair Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Twisted Pair Cable Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Twisted Pair Cable Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Coaxial Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Coaxial Cable Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Coaxial Connector Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Network Media Performance Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Media Converters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Structured Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Premise Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Plenum and PVC Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Fiber Optic Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Fiber Optic Cable Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Fiber Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Cable Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Other Cable Media Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 B. Unbounded Network Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Wireless Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Radio Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Broadcast Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Spread Spectrum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Types of Spread Spectrum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Infrared Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Microwave Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Wireless Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 How to Install a Wireless Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
vi
CONTENTS
C. Noise Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Electrical Noise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Sources of Electrical Noise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Grounding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Shielding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Differential Signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Noise Control with Twisted Pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Noise Reduction Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 D. Network Connectivity Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Transceivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Switch Installation and Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Router Installation and Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Virtual PBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 NaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Legacy Network Connectivity Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Contents
vii
CONTENTS
LESSON 4 - NETWORK IMPLEMENTATIONS

A. Ethernet Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Ethernet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Switched Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Ethernet Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Networking Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Standards Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 IEEE 802.x Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 The 10Base Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Fast Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Gigabit Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Ring-Based Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 B. Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 WLAN Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Wireless Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Wireless Antenna Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Wireless Antenna Performance Factors . . . . . . . . . . . . . . . . . . . . . . . . . . 129 The IEEE 802.11 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 802.11 Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 802.11 Beacon Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Basic Wireless Network Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 132
viii
LESSON 5 - NETWORKING MODELS

A. The OSI Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 The OSI Reference Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Layer 1: The Physical Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Layer 2: The Data Link Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Layer 3: The Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Layer 4: The Transport Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Network- and Transport-Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Layer 5: The Session Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Layer 6: The Presentation Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Layer 7: The Application Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Application-, Presentation-, and Session-Layer Protocols . . . . . . . . . . . . 145 The OSI Data Communication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 B. The TCP/IP Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 The TCP/IP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 The TCP/IP Network Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Layers in the TCP/IP Network Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Comparison of the OSI and TCP/IP Models . . . . . . . . . . . . . . . . . . . . . . . . 150 Data Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Protocol Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
CONTENTS
LESSON 6 - TCP/IP ADDRESSING AND DATA DELIVERY

A. The TCP/IP Protocol Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 The IP Data Packet Delivery Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Contents
ix
CONTENTS
B. IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Data Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Network Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Subnet Mask Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 IP Address Assignment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Binary and Decimal Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Binary ANDing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 C. Default IP Addressing Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 ICANN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Private IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 The Local and Remote Addressing Process . . . . . . . . . . . . . . . . . . . . . . . 179 Default Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 D. Create Custom IP Addressing Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Custom TCP/IP Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Custom Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Variable Length Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Classless Inter Domain Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 E. Implement IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 IPv4 Address Space Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Implement IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
CONTENTS
F. Delivery Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Buffering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Data Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Error Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Parity Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Cyclic Redundancy Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
LESSON 7 - TCP/IP SERVICES

A. Assign IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Static and Dynamic IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Static IP Address Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 The DHCP Lease Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 APIPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 IP Conguration Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 The ping Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 B. Domain Naming Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Types of DNS Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 The DNS Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 The DNS Name Resolution Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 The HOSTS File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 C. TCP/IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 The tracert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 The pathping Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 The MTR Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Contents
xi
CONTENTS
D. Common TCP/IP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 POP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 IMAP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 NNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 E. TCP/IP Interoperability Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 SCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Zeroconf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
LESSON 8 - LAN INFRASTRUCTURE

A. Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Switches and Network Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Types of Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Circuit Switching Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Packet Switching Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Virtual Circuit Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Cell Switching Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
xii
CONTENTS
B. Enable Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Types of Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Routers vs. Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Routing Table Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Routing Entry Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 The route Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 The Routing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Autonomous Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 Router Roles in Autonomous Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Routing Methods in Autonomous Systems . . . . . . . . . . . . . . . . . . . . . . . . 266 C. Implement Dynamic IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Dynamic Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Distance-Vector Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Link State Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Path-Vector Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Route Convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Routing Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Count-to-Innity Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Router Discovery Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 CARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 D. Virtual LANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Types of VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 VLAN Switch Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 VTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 E. Plan a SOHO Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 SOHO Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 SOHO Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 How to Plan a SOHO Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Contents xiii
CONTENTS
LESSON 9 - WAN INFRASTRUCTURE

A. WAN Transmission Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 DSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 T-Carrier Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Digital Network Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 SONET/SDH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 The Optical Carrier System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 Satellite Transmission Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 WWAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 WiMAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 B. WAN Connectivity Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Cable Internet Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Cable Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Dial-Up Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Dial-Up Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Leased Data Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 ICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Satellite Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 C. Voice over Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Converged Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Voice over Data Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 VoIP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
xiv
LESSON 10 - REMOTE NETWORKING

A. Remote Network Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Remote Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Remote Access Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 Remote Desktop Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 Benets of Remote Desktop Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 RAS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 Remote Control Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 B. Remote Access Networking Implementations . . . . . . . . . . . . . . . . . . . . . . . 332 Remote Access Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 PPP Variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Remote Access Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Web-Based Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 C. Virtual Private Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 VPN Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 Advantages of VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 VPN Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 VPN Concentrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 VPN Connection Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 D. VPN Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 PAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 The Challenge-Response Authentication Process. . . . . . . . . . . . . . . . . . 346 TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
CONTENTS
Contents
xv
CONTENTS
LESSON 11 - SYSTEM SECURITY

A. Computer Security Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Security Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Non-Repudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 Unauthorized Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Data Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Hackers and Attackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 B. System Security Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 C. Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 User Name/Password Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 Strong Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 Biometrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 Multi-Factor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Mutual Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 SSO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 EAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Wireless Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
xvi
CONTENTS
D. Encryption Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Encryption and Security Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Key-Based Encryption Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 WPA/WPA2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Digital Certicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Certicate Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Certicate Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Encryption Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Encryption Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
LESSON 12 - NETWORK SECURITY

A. Network Perimeter Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 The NAT Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Firewall Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Common Firewall Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 DMZs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Web Proxy Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Website Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 NAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Physical Network Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Contents
xvii
CONTENTS
B. Intrusion Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Intrusion Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Types of IDSs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Passive and Active IDSs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 IPSs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Port Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Vulnerability Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 Network Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 C. Protect Network Traffic Using IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 IPSec Protection Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 IPSec Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 IPSec Transport Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Security Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 IPSec Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 IPSec Policy Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Windows IPSec Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
xviii
LESSON 13 - NETWORK SECURITY THREATS AND ATTACKS

A. Network-Based Security Threats and Attacks . . . . . . . . . . . . . . . . . . . . . . . 428 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Physical Security Threats and Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . 429 Social Engineering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430 Social Engineering Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 Malicious Code Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Types of Malicious Code Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Types of Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Buffer Overow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Types of Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 IP Spoong Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Session Hijacking Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Man-in-the-Middle Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Port Scanning Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441 Replay Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 FTP Bounce Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 ARP Poisoning Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444 Wireless Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
CONTENTS
Contents
xix
CONTENTS
B. Apply Threat Mitigation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Antivirus Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Internet Email Virus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 Anti-Spam Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 Common Security Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457 Security Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458 IRPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458 Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 C. Educate Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Employee Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 User Security Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
LESSON 14 - NETWORK MANAGEMENT

A. Network Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 Network Monitoring Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Network Monitoring Tool Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Network Traffic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Port Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Traffic Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Network Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 System Performance Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Network Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
xx
CONTENTS
B. Conguration Management Documentation . . . . . . . . . . . . . . . . . . . . . . . 482 Network Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 Conguration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Network Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Physical Network Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 Logical Network Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 Critical Hardware and Software Inventories . . . . . . . . . . . . . . . . . . . . . . . 486 Network Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Legal Compliance Requirements and Regulations. . . . . . . . . . . . . . . . . 488 Network Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 The Network Baselining Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 C. Network Performance Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 The Need for QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 QoS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Caching Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 High-Bandwidth Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499 Factors Affecting a QoS Implementation . . . . . . . . . . . . . . . . . . . . . . . . . 499
LESSON 15 - NETWORK TROUBLESHOOTING

A. Network Troubleshooting Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Troubleshooting Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 The Network+ Troubleshooting Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Contents
xxi
CONTENTS
B. Network Troubleshooting Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Troubleshooting with IP Conguration Utilities. . . . . . . . . . . . . . . . . . . . . . 509 The ping Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 The traceroute Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510 The arp Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 The NBTSTAT Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 The NETSTAT Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 The Nslookup Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 SNIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 C. Hardware Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Network Technicians Hand Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Electrical Safety Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522 Wire Crimpers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 Punch Down Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 Punch Down Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 Circuit Testers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 Multimeters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 Voltmeters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525 Cable Testers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Cable Certiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Types of Cable Testers and Certiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Crossover Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Hardware Loopback Plugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528 Time-Domain Reectometers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529 Tone Generators and Locators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529 Environment Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 Butt Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 LED Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531 Network Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 Demarc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 Wireless Testers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534 WLAN Survey Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
xxii
CONTENTS
D. Common Connectivity Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536 Physical Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 Logical Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538 Wireless Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540 Routing and Switching Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
APPENDIX A - MAPPING NETWORK+ COURSE CONTENT TO THE COMPTIA NETWORK+ EXAM OBJECTIVES APPENDIX B - COMPTIA NETWORK+ ACRONYMS APPENDIX C - NETWORK FAULT TOLERANCE METHODS
A. Network Fault Tolerance Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Non-RAID Disk Fault Tolerance Features . . . . . . . . . . . . . . . . . . . . . . . . . . 578 Link Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 How to Create an Enterprise Fault Tolerance Plan . . . . . . . . . . . . . . . . . . 579
APPENDIX D - DISASTER RECOVERY PLANNING

A. Disaster Recovery Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581 Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581 Disaster Recovery Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583 The Network Reconstruction Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583 Hot, Warm, and Cold Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 UPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 Specialized Data Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585 Backup Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587 Network Reconstruction Plan Maintenance . . . . . . . . . . . . . . . . . . . . . . 588
LESSON LABS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 GLOSSARY

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
Contents xxiii
NOTES
xxiv
INTRODUCTION
ABOUT THIS COURSE

The CompTIA Network+ (Exam N10-005) course builds on your existing user-level knowledge and experience with personal computer operating systems and networks to present the fundamental skills and concepts that you will need to use on the job in any type of networking career. If you are pursuing a CompTIA technical certication path, the CompTIA A+ certication is an excellent rst step to take before preparing for the CompTIA Network+ certication. The CompTIA Network+ (Exam N10-005) course can benet you in two ways. It can assist you if you are preparing to take the CompTIA Network+ examination (Exam N10-005). Also, if your job duties include network troubleshooting, installation, or maintenance, or if you are preparing for any type of network-related career, it provides the background knowledge and skills you will require to be successful.
Course Description
Target Student
This course is intended for entry-level computer support professionals with a basic knowledge of computer hardware, software, and operating systems to prepare for the CompTIA Network+ (Exam N10-005), or who wish to increase their knowledge and understanding of networking concepts and acquire the required skills to prepare for a career in network support or administration. A typical student taking up the CompTIA Network+ (Exam N10-005) course should have a minimum of nine months or more of professional computer support experience as a PC or help desk technician. Networking experience is helpful but not mandatory; A+ certication or equivalent skills and knowledge is helpful but not mandatory.
Course Prerequisites
To ensure your success, you will need basic Windows end-user computer skills. To meet this prerequisite, you can take any one or more of the following New Horizons courses, or have equivalent experience: Introduction to Personal Computers: Using Windows XP Windows XP Professional: An Introduction Introduction to Personal Computers: Using Windows 7 Microsoft Windows 7: Level 1
Introduction
xxv
INTRODUCTION
Microsoft Windows 7: Level 2 In addition, we highly recommend that you hold the CompTIA A+ certication, or have equivalent skills and knowledge. You may want to take the following New Horizons course: CompTIA A+ Certication: A Comprehensive Approach for All 2009 Exam Objectives (Windows 7)
How to Use This Book

As a Learning Guide
This book is divided into lessons and topics, covering a subject or a set of related subjects. In most cases, lessons are arranged in order of increasing prociency. The results-oriented topics include relevant and supporting information you need to master the content. Each topic has various types of activities designed to enable you to practice the guidelines and procedures as well as to solidify your understanding of the informational material presented in the course. At the back of the book, you will nd a glossary of the denitions of the terms and concepts used throughout the course. You will also nd an index to assist in locating information within the instructional components of the book.
As a Review Tool
Any method of instruction is only as effective as the time and effort you, the student, are willing to invest in it. In addition, some of the information that you learn in class may not be important to you immediately, but it may become important later. For this reason, we encourage you to spend some time reviewing the content of the course after your time in the classroom.
As a Reference
The organization and layout of this book make it an easy-to-use resource for future reference. Taking advantage of the glossary, index, and table of contents, you can use this book as a rst source of denitions, background information, and summaries.
Course Objectives
In this course, you will describe the major networking technologies, systems, skills, and tools in use in modern networks. You will: identify the basic network theory concepts.
xxvi
identify the major network communications methods. describe network media and hardware components. identify the major types of network implementations. identify the components of a TCP/IP network implementation.
INTRODUCTION
identify TCP/IP addressing and data delivery methods. identify the major services deployed on TCP/IP networks. identify the components of a LAN implementation. identify the infrastructure of a WAN implementation. identify the components of a remote network implementation. identify the major issues and methods to secure systems on a network. identify the major issues and technologies in network security. identify network security threats and attacks. identify the tools, methods, and techniques used in managing a network. describe troubleshooting of issues on a network.
Course Requirements
Hardware
This course requires one computer for each student, one computer for the instructor, and one computer to function as a classroom server. Each computer will need: 1.4 gigahertz (GHz) (single 64bit) processor or 1.3 GHz (dual core) processor or above. 4 GB of RAM or greater. 320 GB of hard disk or larger. Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1024 x 768 pixels, at least 256-color display, and a video adapter with at least 64 MB of memory. A mouse or other pointing device. A CD/DVD-ROM drive. Network adapter and cabling connecting each classroom computer. Network interface card and network cabling. A projection system for the instructor. Internet access. To support the activities in Lesson 3, the instructor should provide as many physical examples of different types of network media and connectors as possible. For the data backup activity in Appendix D, the instructor needs to provide an alternative backup location (such as a removable USB drive or a folder on the hard disk). To support the activities in Lessons 3 and 15, the instructor should provide as many physical examples of hardware tools as possible. For the optional cable assembly activity in Lesson 15, the instructor will need to provide students with raw cable, the appropriate connectors, the appropriate crimping tool, a cable tester, and an optional eye loupe.
Introduction
xxvii
INTRODUCTION
Software
The setup instructions and the classroom activities were designed and tested for systems running Windows Server 2008 R2 (Standard Edition). It is very possible that the activities will work properly or with little alteration if the classroom systems are running Windows Server 2008 instead, but New Horizons has not tested this conguration. Microsoft Windows Server 2008 R2, Standard Edition, with sufficient licenses. The Microsoft Network Monitor should be installed on the Instructor and Student machines. It is available at www.microsoft.com/downloads/en/details.aspx?FamilyID= 983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en. Copy the NM34_x64.exe le into the Tools folder that is created during the extraction of the course data les. Third-party security tool: SuperScan. It is available at www.mcafee.com/us/downloads/ free-tools/superscan.aspx. Copy the le into the Tools folder that is created during the extraction of the course data les.
Class Setup
Figure 0-1: A network diagram of the class setup. The number of student computers will differ.
On the Domain Controller:

See your manufacturers reference manual for hardware considerations that apply to your specic hardware setup.
xxviii
INTRODUCTION
Approximate initial setup time: 3 to 4 hours for the domain controller. It will take about 45 minutes to set up each student computer if you install them individually, but you can save a great deal of time by either performing the operating system installation simultaneously on all systems by sharing the installation source les rather than running all directly from the installation DVD, or by installing one system and then imaging it to the other computers. Once you have created the basic installation for the instructor and student computers, imaging the systems is highly recommended, as this will make it easier to set up class or lab activities repeatedly. You may wish to run the image within a virtual machine environment.
The system designated as Domain Controller needs to be a dedicated server. This system will remain idle throughout the course. Activities should not be performed on this computer.
1. 2.
Boot the computer with the Windows Server 2008 R2 installation DVD. Press a key when prompted to boot from DVD or CD to start the Windows Server 2008 R2 setup program. Install a new copy of Windows Server 2008 R2 using the following parameters: a. In the Install Windows window, accept the default values to set Language to install to English, Time and currency format to English (United States), Keyboard or input method to US. Click Next. Click Install now. On the Type your product key for activation page, type your product key and click Next. On the Select the operating system you want to install page, verify that Windows Server 2008 R2 Standard (Full Installation) is selected and click Next. On the Please read the license terms page, read the terms, check I accept the license terms, and click Next. On the Which type of installation do you want page, click Custom (advanced). Delete the existing partitions. 1. 2. 8. 9. Click Drive options (advanced), Select the drives one at a time and click Delete. In the Install Windows dialog box, click OK. Repeat the step till all the drives are deleted.
b. c. d. e. f. g.
Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 41060 and click Apply to allocate 40 GB to the C drive. In the Install Windows message box, click OK to allows Windows to create additional partitions for system les.
10. Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 61440 and click Apply to allocate 60 GB. 11. Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 61440 and click Apply to allocate 60 GB. 12. Select the Disk 0 Partition 2 and click Next. 13. On the Installing Windows page, observe the progress of the installation. Wait for the installation to complete. The system will automatically reboot. 14. Wait approximately 15 minutes for Windows to set up your computer. When prompted to press a key to boot from DVD or CD, ignore the message. At this point, it will be safe for you to remove the disc from the DVD drive. 15. The Installing Windows page will be displayed with the updated installation details. The system will automatically reboot.
Introduction
xxix
INTRODUCTION
3. 4. 5. 6. On rebooting, the system will display a message The users password must be changed before logging on the rst time. Click OK to change the password. For the Administrator user, in the New password and the Conrm password text boxes, type !Pass1234 as the password and click the right arrow button. The message Your password has been changed. is displayed. Click OK. For the domain controller, change the computer name to DC. a. b. c. d. e. f. 7. a. b. c. In the Initial Conguration Tasks window, in the Provide Computer Information section, click the Provide computer name and domain link. In the System Properties dialog box, click Change. In the Computer Name/Domain Changes dialog box, in the Computer name text box, select the existing computer name and type DC and click OK. In the Computer Name/Domain Changes message box, click OK to restart the computer. In the System Properties dialog box, click Close. In the Microsoft Windows dialog box, click Restart Later. In the Provide Computer Information section, click the Congure networking link. In the Network Connections window, select the Local Area Connection icon, rightclick, and choose Properties. In the Local Area Connection Properties dialog box, in the This connection uses the following items section, select Internet Protocol Version 4 (TCP/IPv4). Click Properties. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select the Use the following IP address option. Congure it with a static IP address of 192.168.1.200 and press Tab to automatically populate the subnet mask of 255.255.255.0. Enter this same IP address as the Preferred DNS server address. (You will install and congure DNS later.) If necessary, specify the default Gateway as appropriate for your environment. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click OK. If necessary, to disable the IPv6 protocol, in the Local Area Connection Properties dialog box, in the This connection uses the following items section, uncheck the Internet Protocol Version 6 (TCP/IPv6) check box. Click Close. In the Local Area Connection Properties dialog box, click Close. Close the Network Connections window.
Congure the IP address.
d.
e. f.
g. h. 8. 9.
In the Initial Conguration Tasks window, click Close. In the Initial Conguration Tasks dialog box, click Yes to restart the computer.
10. If you were not able to perform the previous step, in the Server Manager window, at the bottom of the window, click Restart, and then click Yes to restart the computer. 11. When installation is complete, log on as Administrator with the password !Pass1234 12. If necessary, set the Date and Time Zone. a. b. In the Initial Conguration Tasks window, under Provide Computer Information, click Set time zone. In the Date and Time dialog box, in the Time zone section, click Change time zone.
xxx
INTRODUCTION
c. d. a. b. c. In the Time zone drop-down list, select your time zone, and click OK. In the Date and Time dialog box, click OK. Choose StartControl Panel. In the Control Panel window, in the Appearance section, click the Adjust screen resolution link. In the Screen Resolution window, in the Change the appearance of your display section, in the Resolution drop-down list, drag the slider from Low, 800 by 600 pixels, to the resolution at 1024 by 768 pixels. Click outside the slider to collapse the drop-down list. Click OK. In the Display Settings dialog box, click Keep changes to apply the new display settings. Close the Control Panel window. Choose StartAdministrative ToolsComputer Management. In the Computer Management window, in the left pane, with Storage expanded, select Disk Management. In the Disk Management section, select the E: drive. Choose ActionAll Tasks Change Drive Letter and Paths. In the Change Drive Letter and Paths for E: () dialog box, click Change. In the Change Drive Letter or Path dialog box, from the Assign the following drive letter drop-down list, select S and click OK. In the Disk Management dialog box, click Yes. On the task bar, click the blinking Folder icon. In the Microsoft Windows dialog box, click Format disk. In the Format Local Disk (S:) dialog box, click Start. In the Format Local Disk (S:) message box, click OK to start formatting the drive. In the Format Local Disk (S:) message box, click OK. In the Format Local Disk (S:) dialog box, click Close. In the Disk Management section, select the D: drive. Choose ActionAll Tasks Format. In the Format D: dialog box with the Perform a quick format check box checked, click OK. In the Format D: dialog box, click OK. Close the Computer Management window. 13. Change your display settings so that the screen area is at least 1024 x 768 pixels.
d. e. a. b. c.
14. Change drive letter of E: as S: and format the drives S: and D: as NTFS.
d. e. f. g. h. i. j. k.
l.
15. Install the Active Directory Domain Services role and promote the computer to a domain controller. a. b. c. d. e. f. In the Initial Conguration Tasks window, in the Customize This Server section, click the Add roles link. In the Add Roles Wizard, on the Before You Begin page, click Next. On the Select Server Roles page, check the Active Directory Domain Services check box. In the Add Roles Wizard dialog box, click Add Required Features to add all the suggested features. On the Select Server Roles page, click Next. On the Active Directory Domain Services page, click Next.
Introduction
xxxi
INTRODUCTION
g. h. i. j. k. l. On the Conrm Installation Selections page, click Install. On the Installation Results page, click the Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe) link. In the Active Directory Domain Services Installation Wizard, on the Welcome to the Active Directory Domain Services Installation Wizard page, click Next. On the Operating System Compatibility page, click Next. On the Choose a Deployment Conguration page, select the Create a new domain in a new forest option, and click Next. On the Name the Forest Root Domain page, in the FQDN of the forest root domain text box, type Classnet.com and click Next.
m. On the Set Forest Functional Level page, in the Forest functional level section, from the Forest functional level drop-down list, select Windows Server 2008 R2, and click Next. n. o. p. On the Additional Domain Controller Options page, with the DNS server check box checked, click Next. In the Active Directory Domain Services Installation Wizard dialog box, click Yes. On the Location for Database, Log Files, and SYSVOL page, in the SYSVOL folder text box, change the path to D:\Windows\SYSVOL. Accept the default path for Database and Log les folders and click Next. On the Directory Services Restore Mode Administrator Password page, in the Password and Conrm password text boxes, type p@ssw0rd and click Next. On the Summary page, click Next. In the Active Directory Domain Services Installation Wizard message box, observe the progressive installation messages. Wait for the installation to complete, and on the Completing the Active Directory Domain Services Installation Wizard page, click Finish. In the Active Directory Domain Services Installation Wizard dialog box, click Restart Now to restart the computer. Log on to Classnet.com domain as Administrator with the password !Pass1234 Choose StartAdministrative ToolsActive Directory Users and Computers. Expand the Classnet.com object. Right-click the Users folder and choose NewUser. Enter User## in the Last Name and User logon Name elds, and click Next. In the Password and Conrm Password elds, type !Pass1234 and uncheck User must change password at next login. Check the User cannot change password and Password never expires check boxes and click Next. Click Finish. Repeat these steps for each student in the classroom, where User## corresponds to the number of students. Be sure to create an instructor account using User100. Close the Active Directory Users and Computers window. In the Initial Conguration Tasks window, in the Customize This Server section, click the Add roles link.
q. r. s.
t. u. a. b. c. d. e.
16. Create user accounts in Active Directory.
f.
g. a.
17. Install the DHCP server.
xxxii
INTRODUCTION
b. c. d. e. f. g. In the Add Roles Wizard, on the Before You Begin page, click Next. On the Select Server Roles page, check DHCP Server check box and click Next. On the DHCP Server page, click Next. On the Select Network Connection Bindings page, click Next. On the Specify IPv4 DNS Server Settings page, click Next. On the Specify IPv4 WINS Server Settings page, click Next to proceed without a WINS server.
18. On the Add or Edit DHCP Scopes page, click Add. In the Add Scope dialog box, create a DHCP scope using the following parameters: a. b. c. d. e. f. In the Scope name text box, type Classnet scope In the Starting IP address and Ending IP address text boxes, enter 192.168.1.25 and 192.168.1.95, respectively. In the Subnet mask text box, verify that the address is 255.255.255.0. Verify that the Activate this scope check box is checked and click OK. On the Add or Edit DHCP Scopes page, verify that the Classnet scope is listed and click Next. On the Congure DHCPv6 Stateless Mode page, in the Select the DHCPv6 stateless mode conguration for this server section, select the Disable DHCPv6 stateless mode for this server option and click Next. On the Authorize DHCP Server page, in the Specify credentials to use for authorizing this DHCP server in AD DS section, with the Use current credentials option selected, click Next. On the Conrm Installation Selections page, click Install. Wait for the installation to complete the process and display the results. On the Installation Results page, click Close. Choose StartAdministrative ToolsDNS. Expand the DC object, and select Reverse Lookup Zones. Choose ActionNew Zone. In the New Zone Wizard dialog box, click Next. Verify that Primary zone is selected and click Next. Verify that To all DNS servers running on domain controllers in this domain: Classnet.com is selected and click Next. Verify that IPv4 Reverse Lookup Zone is selected and click Next. With the Network ID radio button selected, type 192.168.1 and click Next. Verify that Allow only secure dynamic updates (recommended for Active Directory) is selected, and click Next. Click Finish. Under Reverse Lookup Zones, expand and right-click the 1.168.192.in-addr.arpa folder and choose New Pointer (PTR). In the New Resource Record dialog box, in the Host IP Address text box, type 200 onto the end of the incomplete IP address.
g.
h. i. j. a. b. c. d. e. f. g. h. i. j. k. l.
19. Create a Reverse Lookup Zone and add a Pointer record.
m. In the Host name text box, click and type DC and click OK.
Introduction
xxxiii
INTRODUCTION
n. a. b. c. d. e. Close the DNS Manager window. Choose StartAdministrative ToolsServer Manager. In the Server Manager window, in the left pane, expand Diagnostics and select Device Manager. In the middle pane, select the DC server object, and choose ActionAdd legacy hardware. In the Add Hardware wizard, on the Welcome to the Add Hardware Wizard page, click Next. On the The wizard can help you install other hardware page, in the What do you want the wizard to do section, select the Install the hardware that I manually select from a list (Advanced) option and click Next. In the Common hardware types list, scroll down and select Network adapters. Click Next. In the Manufacturer list, select Microsoft. In the Network Adapter list, scroll down and select Microsoft Loopback Adapter. Click Next. On the The wizard is ready to install your hardware page, click Next. On the Completing the Add Hardware Wizard page, click Finish. The adapter will obtain an APIPA address (169.254.x.x). Choose StartNetwork. Click Network and Sharing Center. In the left pane, click the Change adapter settings link. In the Network Connections window, right-click Local Area Connection 2 (the loopback adapter) and choose Rename. Close the Network Connections window. In the Server Manager window, in the left pane, select Roles. In the right pane, click the Add Roles link. In the Add Roles Wizard, on the Before You Begin page, click Next. On the Select Server Roles page, check the Network Policy and Access Services check box and click Next. On the Network Policy and Access Services page, click Next. On the Select Role Services page, check the Routing and Remote Access Services check box and click Next. On the Conrm Installation Selections page, click Install. Wait for the installation to complete the process and display the results. On the Installation Results page, click Close. Close the Server Manager window. Choose StartAdministrative ToolsGroup Policy Management. Expand the tree (Forest: Classnet.comDomainsClassnet.comDomain Controllers) and click Default Domain Controllers Policy. In the Group Policy Management Console message box, click OK. 20. Install the Microsoft Loopback Adapter.
f. g. h. i. j. k. l.
m. Enter Loopback Adapter. n. a. b. c. d. e. f. g. h. i. a. b. c. 21. Add the Routing and Remote Access Services role.
22. Allow authenticated users to log on to the domain controller.
xxxiv
INTRODUCTION
d. e. Choose ActionEdit. In the Group Policy Management Editor window, if necessary, expand Computer Conguration. Expand Policies, Windows Settings, Security Settings, Local Policies. Select User Rights Assignment. In the details pane, double-click Allow log on locally. In the Allow log on locally Properties dialog box, click Add User or Group. In the Add User or Group dialog box, in the User and group names text box, click Browse. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Advanced. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Find Now. In the Search results section, select Authenticated Users and click OK.
f. g. h. i. j. k. l.
m. In the Select Users, Computers, Service Accounts, or Groups dialog box, click OK. In the Add User or Group dialog box, click OK. In the Allow log on locally Properties dialog box, click OK to close it. n. Close the Group Policy Management Editor and Group Policy Management windows. Choose StartAdministrative ToolsRouting and Remote Access. Select the server object (DC (local)) and choose ActionCongure and Enable Routing and Remote Access. 1. In the Routing and Remote Access Server Setup Wizard dialog box, on the Welcome to the Routing and Remote Access Server Setup Wizard page, click Next. On the Conguration page, verify that Remote access (dial-up or VPN) option is selected and click Next. On the Remote Access page, check the VPN check box and click Next. On the VPN Connection page, in the Network interfaces section, select Loopback Adapter and click Next. On the IP Address Assignment page, verify that the Automatically option is selected and click Next. On the Managing Multiple Remote Access Servers page, verify that the No, use Routing and Remote Access to authenticate connection requests option is selected and click Next. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.
23. Congure and enable Routing and Remote Access Services. a. b.
2. 3. 4. 5. 6.
7. 3. 4.
After you nish the Routing and Remote Access Server Setup Wizard, click OK to close the Routing and Remote Access dialog box. After the RRAS service starts, in the Routing and Remote Access window, congure the agent with the servers IP address (192.168.y.#). 1. Expand IPv4, and select the DHCP Relay Agent.
Introduction
xxxv
INTRODUCTION
2. Choose ActionProperties and in the DHCP Relay Agent Properties dialog box, in the Server address text box, type the servers IP address (192.168.1.200). Click Add and then click OK. Right-click DHCP Relay Agent and choose New Interface. Select the Loopback Adapter and click OK. Click OK to accept the default relay agent properties. 3.
5.
Collapse all the expanded nodes of the tree and close the Routing and Remote Access window. Choose StartAdministrative ToolsComputer Management. Expand Services and Applications. Select Services. Enable the Remote Procedure Call (RPC) Locator service. 1. 2. In the middle pane, double-click Remote Procedure Call (RPC) Locator. In the Remote Procedure Call (RPC) Locator Properties (Local Computer) dialog box, from the Startup type drop-down list, select Automatic. Click Apply. Click Start. Wait for the service to start and then click OK to close the Properties dialog box.
24. Congure and enable the Remote Procedure Call (RPC) Locator service. a. b. c.
4. a. b. c. d. e. a. b.
Close the Computer Management window. Choose StartInternet Explorer. In the Set Up Windows Internet Explorer 8 dialog box, on the Welcome to Internet Explorer 8 page, click Next. On the Turn on Suggested Sites page, select the Yes, turn on Suggested Sites option and click Next. On the Choose your settings page, select the Use express settings option and click Finish. Close the Windows Internet Explorer window. Choose StartNetwork and click Network and Sharing Center. Click the Change advanced sharing settings link. In the Advanced sharing settings window, in the Network Discovery section, select the Turn on network discovery option. Click Save changes. Close the Network and Sharing Center window. In the Initial Conguration Tasks window, in the Customize This Server section, click the Congure Windows Firewall link. In the Windows Firewall window, in the left pane, click the Turn Windows Firewall on or off link. In the Customize Settings window, on the Customize settings for each type of network page, in the each of the three sectionsDomain network location settings, Home or work (private) network location settings, and Public network location settings, select the Turn off Windows Firewall (not recommended) option and click OK. Close the Windows Firewall window.
25. Congure Internet Explorer.
26. Turn on Network Discovery.
c. d. a. b. c.
27. Turn off the Windows Firewall.
d.
xxxvi
INTRODUCTION
e. In the Initial Conguration Tasks window, check the Do not show this window at logon check box and click Close to close the Initial Conguration Tasks window. Choose Start Administrative ToolsServices. In the Services window, in the right pane, scroll down and double-click Windows Firewall. In the Windows Firewall Properties (Local Computer) dialog box, click Stop. From the Startup type drop-down list, select Disabled. Click Apply. Click OK to close the Properties dialog box. Close the Services window. Eject the DVD from the DVD-ROM drive. Choose StartLog off. 28. Disable the Windows Firewall service. a. b. c. d. e. f. g. a. b.
29. Complete the setup.
On the Instructor and Student Computers:

1. 2. Boot the computer with the Windows Server 2008 R2 installation DVD. Press a key when prompted to boot from DVD or CD to start the Windows Server 2008 R2 setup program. Install a new copy of Windows Server 2008 R2 using the following parameters: a. In the Install Windows window, accept the default values to set Language to install to English, Time and currency format to English (United States), Keyboard or input method to US. Click Next. Click Install now. On the Type your product key for activation page, type your product key and click Next. On the Select the operating system you want to install page, verify that Windows Server 2008 R2 Standard (Full Installation) is selected and click Next. On the Please read the license terms page, read the terms, check I accept the license terms, and click Next. On the Which type of installation do you want page, click Custom (advanced). Delete the existing partitions. 1. 2. 8. 9. Click Drive options (advanced), Select the drives one at a time and click Delete. In the Install Windows dialog box, click OK. Repeat the step till all the drives are deleted.
b. c. d. e. f. g.
Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 41060 and click Apply to allocate 40 GB to the C drive. In the Install Windows message box, click OK to allows Windows to create additional partitions for system les.
10. Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 61440 and click Apply to allocate 60 GB. 11. Select the Disk 0 Unallocated Space and click New. In the Size text box, doubleclick and type 61440 and click Apply to allocate 60 GB. 12. Select the Disk 0 Partition 2 and click Next.
Introduction
xxxvii
INTRODUCTION
13. On the Installing Windows page, observe the progress of the installation. Wait for the installation to complete. The system will automatically reboot. 14. Wait approximately 15 minutes for Windows to set up your computer. When prompted to press a key to boot from DVD or CD, ignore the message. At this point, it will be safe for you to remove the disc from the DVD drive. 15. The Installing Windows page will be displayed with the updated installation details. The system will automatically reboot. 3. 4. 5. 6. On rebooting, the system will display a message The users password must be changed before logging on the rst time. Click OK to change the password. For the Administrator user, in the New password and the Conrm password text boxes, type !Pass1234 as the password and click the right arrow button. The message Your password has been changed. is displayed. Click OK. Verify the automatically assigned IP address of the computer and congure the preferred DNS server. a. b. In the Initial Conguration Tasks window, in the Provide Computer Information section, click the Congure networking link. In the Network Connections window, select the Local Area Connection icon, rightclick, and choose Status. In the Local Area Connection Status dialog box, click Details. In the Network Connection Details dialog box, verify that the IPv4 address is within the range of 192.168.1.25 to 192.168.1.95 which is the range of the DHCP scope. Click Close. In the Local Area Connection Status dialog box, click Properties. In the Local Area Connection Properties dialog box, in the This connection uses the following items section, select Internet Protocol Version 4 (TCP/IPv4). Click Properties. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select the Use the following DNS server addresses option. In the Preferred DNS server text box, type 192.168.1.200 and click OK. If necessary, to disable the IPv6 protocol, in the Local Area Connection Properties dialog box, in the This connection uses the following items section, uncheck the Internet Protocol Version 6 (TCP/IPv6) check box. Click Close. In the Local Area Connection Status dialog box, click Close. Close the Network Connections window. In the Initial Conguration Tasks window, in the Provide Computer Information section, click the Provide computer name and domain link. In the System Properties dialog box, click Change. In the Computer Name/Domain Changes dialog box, in the Computer name text box, select the existing computer name and type Computer100 for the Instructor machine, and Computer## for the student machine, where ## is the number assigned to each student. In the Member of section, select Domain. In the Domain text box, type Classnet and click OK.
c.
d. e.
f.
g.
h. i. j. 7. a. b. c.
Change the computer name.
d.
xxxviii
INTRODUCTION
e. f. g. h. i. 8. In the Windows Security dialog box, in the User name text box, type Administrator. In the Password text box, click and type !Pass1234 and click OK. In the Computer Name/Domain Changes message box, verify that the message Welcome to the Classnet domain. is displayed and click OK. In the Computer Name/Domain Changes message box, click OK to restart the computer. In the System Properties dialog box, click Close. In the Microsoft Windows dialog box, click Restart Now.
When the system restarts, in the log on screen, click Switch User and then click Other User. In the User name text box, type Classnet\Administrator and in the Password text box, type !Pass1234 and press Enter. If necessary, set the Date and Time Zone. a. b. c. d. a. b. c. In the Initial Conguration Tasks window, under Provide Computer Information, click Set time zone. In the Date and Time dialog box, in the Time zone section, click Change time zone. In the Time zone drop-down list, select your time zone, and click OK. In the Date and Time dialog box, click OK. Choose StartControl Panel. In the Control Panel window, in the Appearance section, click the Adjust screen resolution link. In the Screen Resolution window, in the Change the appearance of your display section, in the Resolution drop-down list, drag the slider from Low, 800 by 600 pixels, to the resolution at 1024 by 768 pixels. Click outside the slider to collapse the drop-down list. Click OK. In the Display Settings dialog box, click Keep changes to apply the new display settings. Close the Control Panel window. Choose StartAdministrative ToolsComputer Management. In the Computer Management window, in the left pane, with Storage expanded, select Disk Management. In the Disk Management section, select the E: drive. Choose ActionAll Tasks Change Drive Letter and Paths. In the Change Drive Letter and Paths for E: () dialog box, click Change. In the Change Drive Letter or Path dialog box, from the Assign the following drive letter drop-down list, select S and click OK. In the Disk Management dialog box, click Yes. On the task bar, click the blinking Folder icon. In the Microsoft Windows dialog box, click Format disk. In the Format Local Disk (S:) dialog box, click Start. In the Format Local Disk (S:) message box, click OK to start formatting the drive. In the Format Local Disk (S:) message box, click OK.
9.
10. Change your display settings so that the screen area is at least 1024 x 768 pixels.
d. e. a. b. c.
11. Change drive letter of E: as S: and format the drives S: and D: as NTFS.
d. e. f. g. h. i.
Introduction
xxxix
INTRODUCTION
j. k. In the Format Local Disk (S:) dialog box, click Close. In the Disk Management section, select the D: drive. Choose ActionAll Tasks Format. In the Format D: dialog box with the Perform a quick format check box checked, click OK. In the Format D: dialog box, click OK. Close the Computer Management window.
l.
12. Install the Active Directory Domain Services role and promote the computer to a domain controller. a. b. c. d. e. f. g. h. i. j. k. l. In the Initial Conguration Tasks window, in the Customize This Server section, click the Add roles link. In the Add Roles Wizard, on the Before You Begin page, click Next. On the Select Server Roles page, check the Active Directory Domain Services check box. In the Add Roles Wizard dialog box, click Add Required Features to add all the suggested features. On the Select Server Roles page, click Next. On the Active Directory Domain Services page, click Next. On the Conrm Installation Selections page, click Install. On the Installation Results page, click the Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe) link. In the Active Directory Domain Services Installation Wizard, on the Welcome to the Active Directory Domain Services Installation Wizard page, click Next. On the Operating System Compatibility page, click Next. On the Choose a Deployment Conguration page, select the Existing forest option, and click Create a new domain in an existing forest option. Click Next. On the Network Credentials page, in the Type the name of any domain in the forest where you plan to install this domain controller section, verify that Classnet.com is the listed domain name. In the Specify the account credentials to use to perform the installation section, verify that My current logged on credentials (CLASSNET\Administrator) is selected and click Next.
m. On the Name the New Domain page, in the FQDN of the parent domain text box, verify that Classnet.com is listed. In the Single-label DNS name of the child domain text box, type Child##, where ## corresponds to the number of the students computer. For the instructors computer, it is Child100. In the FQDN of the new child domain section, observe that Child##.Classnet.com is listed, where ## corresponds to the number of students computer. Click Next. n. o. p. q. On the Select a Site page, click Next. On the Additional Domain Controller Options page, with the DNS server check box checked, click Next. In the Static IP assignment dialog box, click Yes, the computer will use an IP address automatically assigned by a DHCP server (not recommended). On the Location for Database, Log Files, and SYSVOL page, in the SYSVOL folder text box, change the path to D:\Windows\SYSVOL. Accept the default path for Database and Log les folders and click Next. On the Directory Services Restore Mode Administrator Password page, in the Password and Conrm password text boxes, type p@ssw0rd and click Next. On the Summary page, click Next.
r. s.
xl
INTRODUCTION
t. In the Active Directory Domain Services Installation Wizard message box, observe the progressive installation messages. Wait for the installation to complete, and on the Completing the Active Directory Domain Services Installation Wizard page, click Finish. In the Active Directory Domain Services Installation Wizard message box, click Restart Now to restart the computer. Log on to Classnet.com domain as Administrator with the password !Pass1234 Choose StartAdministrative ToolsActive Directory Users and Computers. Expand the Child##.Classnet.com object, where ## corresponds to the computer number. Right-click the Users folder and choose NewUser. Enter Test## in the Last Name and User logon name elds, and click Next. In the Password and Conrm Password elds, type !Pass1234 and uncheck User must change password at next login. Check the User cannot change password and Password never expires check boxes and click Next. Click Finish. Right-click the Users folder and choose NewUser. Enter User## in the Last Name and User logon name elds, and click Next. In the Password and Conrm Password elds, type !Pass1234 and uncheck User must change password at next login. Check the User cannot change password and Password never expires check boxes and click Next. Click Finish. Close the Active Directory Users and Computers window. Choose StartAdministrative ToolsGroup Policy Management. Expand the tree (Forest: Classnet.com). Select Domains. Choose ActionShow Domains. In the Show Domains dialog box, check the Child##.Classnet.com for your student number and click OK. Expand the tree (DomainsChild##.Classnet.comDomain Controllers) and click Default Domain Controllers Policy. In the Group Policy Management Console message box, click OK. Choose ActionEdit. In the Group Policy Management Editor window, if necessary, expand Computer Conguration. Expand Policies, Windows Settings, Security Settings, Local Policies. Select User Rights Assignment. In the details pane, double-click Allow log on locally. In the Allow log on locally Properties dialog box, click Add User or Group.
u. v. a. b. c. d. e.
13. Create user accounts in Active Directory.
f. g. h. i. j. k. l. a. b. c. d. e. f. g. h. i.
14. Allow authenticated users to log on locally.
j. k. l.
m. In the Add User or Group dialog box, in the User and group names text box, click Browse.
Introduction xli
INTRODUCTION
n. o. p. q. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Advanced. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Find Now. In the Search results section, select Authenticated Users and click OK. In the Select Users, Computers, Service Accounts, or Groups dialog box, click OK. In the Add User or Group dialog box, click OK. In the Allow log on locally Properties dialog box, click OK to close it. Close the Group Policy Management Editor and Group Policy Management windows. Choose StartCommand Prompt. In the Command Prompt window, enter gpupdate /force Verify that the User Policy update and Computer Policy update are completed successfully. Close the Command Prompt window. Choose StartAdministrative ToolsComputer Management. Expand Services and Applications. Select Services. Enable the Remote Procedure Call (RPC) Locator service. 1. 2. In the middle pane, double-click Remote Procedure Call (RPC) Locator. In the Remote Procedure Call (RPC) Locator Properties (Local Computer) dialog box, from the Startup type drop-down list, select Automatic. Click Apply. Click Start. Wait for the service to start and then click OK to close the Properties dialog box.
r.
15. Force the Policy update. a. b. c. d. a. b. c.
16. Congure and enable the Remote Procedure Call (RPC) Locator service.
4. a. b. c. d. e. a. b.
Close the Computer Management window. Choose StartInternet Explorer. In the Set Up Windows Internet Explorer 8 dialog box, on the Welcome to Internet Explorer 8 page, click Next. On the Turn on Suggested Sites page, select the Yes, turn on Suggested Sites option and click Next. On the Choose your settings page, select the Use express settings option and click Finish. Close the Windows Internet Explorer window. Choose StartNetwork and click Network and Sharing Center. Click the Change advanced sharing settings link. In the Advanced sharing settings window, in the Network Discovery section, select the Turn on network discovery option. Click Save changes. Close the Network and Sharing Center window. Choose StartAdministrative ToolsDNS.
17. Congure Internet Explorer.
18. Turn on Network Discovery.
c. d. a.
xlii
19. Create a Reverse Lookup Zone.
INTRODUCTION
b. c. d. e. f. g. h. i. j. k. a. b. c. d. e. Expand the Computer## object, and select Reverse Lookup Zones. Choose ActionNew Zone. In the New Zone Wizard dialog box, click Next. Verify that Primary zone is selected and click Next. Verify that To all DNS servers running on domain controllers in this domain: Child##.Classnet.com is selected and click Next. Verify that IPv4 Reverse Lookup Zone is selected and click Next. With the Network ID radio button selected, type 192.168.1 and click Next. Verify that Allow only secure dynamic updates (recommended for Active Directory) is selected, and click Next. Click Finish. Close the DNS Manager window. Choose StartAdministrative ToolsServer Manager. In the Server Manager window, in the left pane, expand Diagnostics and select Device Manager. In the middle pane, select the Computer## object, and choose ActionAdd legacy hardware. In the Add Hardware wizard, on the Welcome to the Add Hardware Wizard page, click Next. On the The wizard can help you install other hardware page, in the What do you want the wizard to do section, select the Install the hardware that I manually select from a list (Advanced) option and click Next. In the Common hardware types list, scroll down and select Network adapters. Click Next. In the Manufacturer list, select Microsoft. In the Network Adapter list, scroll down and select Microsoft Loopback Adapter. Click Next. On the The wizard is ready to install your hardware page, click Next. On the Completing the Add Hardware Wizard page, click Finish. The adapter will obtain an APIPA address (169.254.x.x). Close the Server Manager window. Choose StartNetwork. Click Network and Sharing Center. In the left pane, click the Change adapter settings link.
20. Install the Microsoft Loopback Adapter.
f. g. h. i. j. k. l.
m. In the Network Connections window, right-click Local Area Connection 2 (the loopback adapter) and choose Rename. n. o. a. b. c. Enter Loopback Adapter. Close the Network Connections window. In the Initial Conguration Tasks window, in the Customize This Server section, click the Congure Windows Firewall link. In the Windows Firewall window, in the left pane, click the Turn Windows Firewall on or off link. In the Customize Settings window, on the Customize settings for each type of network page, in the each of the three sectionsDomain network location settings,
xliii
21. Turn off the Windows Firewall.
Introduction
INTRODUCTION
Home or work (private) network location settings, and Public network location settings, select the Turn off Windows Firewall (not recommended) option and click OK. d. e. Close the Windows Firewall window. In the Initial Conguration Tasks window, check the Do not show this window at logon check box and click Close to close the Initial Conguration Tasks window. Choose Start Administrative ToolsServices. In the Services window, in the right pane, scroll down and double-click Windows Firewall. In the Windows Firewall Properties (Local Computer) dialog box, click Stop. From the Startup type drop-down list, select Disabled. Click Apply. Click OK to close the Properties dialog box. Close the Services window. To install the course data les, insert the course CD-ROM and click the Data Files button. This will install a folder named Data on your C drive. This folder contains all the data les that you will use to complete this course. It also includes several simulated activities that can be used in lieu of the hands-on activities in the course. Close any other open windows. Eject all media. Choose StartLog off.
22. Disable the Windows Firewall service. a. b. c. d. e. f. g. a.
23. Complete the setup.
b. c. d.
Lesson Lab Setup Instructions

In the back of the book, there is an optional Lesson Lab for each lesson in this course. Lesson Labs are meant to be self-guided high-level activities for students to reinforce what they learned in class, and are completely separate from the activities you will present in the main ow of instruction. Some labs can be completed in the classroom following their respective lessons, either because they are discussion-only or because they use a similar environment as the classroom conguration. Other labs use different computer and network congurations and must be set up independently outside the classroom if you choose to have students complete them. If specic setup instructions are needed, they are included in the back of the book with each lab activity.
List of Additional Files

Printed with each activity is a list of les students open to complete that activity. Many activities also require additional les that students do not open, but are needed to support the le(s) students are working with. These supporting les are included with the student data les on the course CD-ROM or data disk. Do not delete these les.
xliv
LESSON 1
LESSON 1
Network Theory
In this lesson, you will identify the basic network theory concepts. You will: Describe common terminology used in computer networking. Describe the primary categories of networks. Describe the standard networking models. Describe the primary physical network topologies. Describe the primary logical network topologies.
Lesson Time 1 hour(s), 10 minutes
Lesson 1: Network Theory
LESSON 1
Introduction
The CompTIA Network+ certication covers a wide range of knowledge and skills that apply to different networking job roles. Any networking job role requires a fundamental knowledge of network terminology, components, models, and topologies. In this lesson, you will identify the basic concepts of the current networking theory. With a background in CompTIA Network+ information and skills, your networking career can move in many directions. Whether you are a network support technician, installer, or administrator, knowledge of the basic networking theory provides the necessary foundation needed for learning more advanced networking concepts. A good grasp of the fundamental networking theory will help you succeed in any network-related job role.
The CompTIA A+ and Security+ courses and certications are recommended but not required as preparation for the Network+ course. Students with an A+ and a Security+ background might be familiar with some of the basic concepts and technical information presented in this lesson and in other lessons throughout the remainder of the course. Be sure to assess your students level of knowledge and adjust your presentation accordingly.
This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.5 Describe different network topologies. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.5 Describe different network topologies. 3.7 Compare and contrast different LAN technologies. 3.5 Describe different network topologies. Topic B: Topic C: Topic D:
Topic E:
TOPIC A
Networking Terminology
This lesson introduces the primary elements of the network theory. In the computer industry, there is a set of common terminology used to discuss the network theory. In this topic, you will dene common terms used in computer networking. Networking, like any other technical discipline, has a language of its own. Part of mastering the technology involves familiarity with the language you use to describe that technology. With too many technical terms involved in the eld of networking, the information and denitions in this topic will help you get familiar with these terms and the context in which they are used in networking.
LESSON 1
Computer Networks
Denition: A computer network is a group of computers that are connected together to communicate and share network resources such as les and peripheral devices. No two computer networks are alike in size or in conguration. Each network, however, includes common components that provide the resources and communications channels necessary for the network to operate. Example:
Computer Networks
Figure 1-1: A simple computer network.
Network Components
There are several common components that make up a computer network, each of which performs a specic task.
Network Components
Network Component
Device Physical media Network adapter Network operating system
Description
Hardware such as computers, servers, printers, fax machines, switches, and routers. Media that connects devices to a network and transmits data between the devices. Hardware that translates data between the network and a device. Software that controls network traffic and access to common network resources.
Network devices are explained in more detail in subsequent lessons.
Nodes
Denition: A node, commonly referred to as a workstation or a client, is any device that can connect to a network and generate, process, or transfer data. Every node has addressing information to enable other devices to communicate with it. Network nodes can either be endpoints or redistribution points. Endpoints are nodes that function as a source or destination for data transfer. Redistribution points are nodes that transfer data, such as a network switch or a router.
Nodes
LESSON 1
Example:
Figure 1-2: Nodes on a network.
The Network Backbone

The Network Backbone
Denition: The network backbone is a very-high-speed transmission path that carries the majority of network data. It connects either small networks into a larger structure, or server nodes to a network where the majority of client computers are attached. The technology in use on a backbone network can be different from that used on client network sections. Since the backbone cabling connects switches and routers on a network, it can carry more traffic than other types of cabling on the network. Example:
Figure 1-3: A network backbone is the highest-speed transmission path.
Types of Network Backbones

Types of Network Backbones
There are several types of network backbones that you may encounter.
Network Backbone
Serial
Description
Consists of multiple switches connected by one backbone cable. Typically not scaled for enterprise-wide use.
LESSON 1
Network Backbone
Distributed/hierarchical
Description
Consists of multiple switches connected serially to hubs or routers. Due to their hierarchical structure, these networks can be easily expanded without a signicant cost impact. Serves well as one-site enterprise-wide networks; their switch layers can be congured by geography (a oor in a building) or function (a workgroup). Distributed backbone networks enable an administrator to segregate workgroups, simplifying their management. Uses a router or switch as the nexus for several subnetworks. The router or switch must have multiprocessors to bear the frequently high level of network traffic. Router or switch failures in a collapsed backbone can bring down the entire network. Depending on the routers processing capabilities, data transmission can also be slow. Suits enterprise-wide applications. Like the collapsed backbone network, the parallel backbone network uses a central router or switch but augments the dependent switches with multiple cable connections. These multiple links ensure connectivity to the whole enterprise.
Collapsed
Parallel
Servers
Denition: A server is a network computer that shares resources with and responds to requests from computers, devices, and other servers on the network. Servers provide centralized access and storage for resources that can include applications, les, printers or other hardware, and services such as email. A server can be optimized and dedicated to one specic function, or it can serve general needs. Multiple servers of various types can coexist on the same network. Example:
Servers
Figure 1-4: Servers performing generic and dedicated tasks. Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 is the latest version of Microsofts server-oriented Windows operating system. Windows Server 2008 R2 provides:
LESSON 1
The Active Directory service (ADS). Integrated network services such as the Domain Name System (DNS) and the Dynamic Host Conguration Protocol (DHCP). Advanced services such as clustering, a public-key infrastructure, routing, and web services. User and group security on the le- and object- levels. Advanced security features such as a built-in rewall, le encryption, and Internet Protocol Security (IPSec).
ADS, DNS, DHCP, and IPSec are covered in greater detail in subsequent lessons.
SUSE Linux Enterprise Server SUSE is an open source server operating system that uses the Linux platform. The latest version is SUSE Linux Enterprise Server 11 SP1.
Clients
Clients
Denition: A client is a network computer that utilizes the resources of other network computers, including other clients. The client computer has its own processor, memory, and storage, and can maintain its own resources and perform its own tasks and processing. Any type of computer on a network can function as a client of another computer when needed.
The term client most often refers to workstation or desktop computers employed by end users. Any computer on the network can function as a client, when it uses other computers resources, such as a Windows Server 2008 R2 computer accessing resources on another server.
Example:
Figure 1-5: Clients connected to a server.
LESSON 1
Microsoft Windows 7 Microsoft Windows 7 is a popular and widely deployed operating system on client computers. Windows 7 features an enhanced Graphical User Interface (GUI), support for a wide range of applications and devices, a minimum of 32-bit processing, native networking support, and a large suite of built-in applications and accessories such as the Internet Explorer browser. Windows 7 currently comes preinstalled on many personal computers sold commercially.
Peer Computers
Denition: A peer is a self-sufficient computer that acts as both a server and a client to other computers on a network. Peer computing is most often used in smaller networks with no dedicated central server, but both clients and servers in other types of networks can share resources with peer computers. Example:
Peer Computers
Figure 1-6: Peer computers in a network.
Host Computers
Denition: A host computer is a powerful, centralized computer system, such as a mainframe computer, that performs data storage and processing tasks on behalf of clients and other network devices. On a host-based network, the host computer does all computing tasks and returns the resultant data to the end users computer.
Host Computers
LESSON 1
Example:
Figure 1-7: A host computer connected to several network devices. TCP/IP Hosts In the early days of computer networking, all computers were host computers that controlled the activities of network terminal devices. The hosts were joined together to communicate in the early research networks that laid the foundation for the Internet. As the TCP/IP protocol was adopted and became ubiquitous, and personal computers joined the networks, the term host was generalized and is now used to refer to virtually any independent system on a TCP/IP network.
Terminals
Terminals
Denition: A terminal is a specialized device on a host-based network that transmits data a user enters to a host for processing and displays the results. Terminals are often called dumb because they have no processor or memory of their own. Terminals usually consist of just a keyboard and a monitor. Standard client computers that need to interact with host computers can run software called a terminal emulator so that they appear as dedicated terminals to the host. Example:
Figure 1-8: A terminal on a network.
ACTIVITY 1-1
Dening Networking Terminology
Scenario: In this activity, you will dene common terms used in computer networking.
LESSON 1
1.
What is a network computer that shares resources with and responds to requests from other computers called? a) Client b) Server c) Terminal d) Host
2.
Match the network term to its definition.
a c d b
Server Client Host Terminal
A computer that shares its resources with other computers on a network. b. A device that transmits data from a user to a host for processing. c. A computer that uses the resources of other computers on the network. d. A centralized computer that performs storage and processing tasks for other network devices.
a.
3.
What is a network computer that transmits data a user enters to a host for processing and displays the results? a) Server b) Host c) Terminal d) Client
4.
What is a computer that acts as both a server and a client? a) Host b) Client c) Server d) Peer
5.
True or False? A host computer transmits data to another computer for processing and displays the result to a user. True False
LESSON 1
6. In which type of network are multiple switches connected by a single backbone cable? a) Distributed b) Serial c) Collapsed d) Parallel
TOPIC B
Network Categories
So far, you have learned about various network components that constitute a network. You will now describe how you can replicate these basic network structures on a larger scale. In this topic, you will identify the primary network categories. The area covered by present day networks may be small enough to t a building or large enough to span continents. Networks of different sizes have different requirements and features, and may use completely different technologies. Companies can deploy a network depending on their size and communications needs. As a network professional, you may work with a network of any possible size or type. A thorough knowledge of the size-based classication of networks and their related technologies will help you choose the network type that is best suited for your needs.
LANs
LANs
Denition: A Local Area Network (LAN) is a self-contained network that spans a small area, such as a single building, oor, or room. In a LAN, all nodes and segments are directly connected with cables or short-range wireless technologies. It does not require a leased telecommunication system to function. Due to their smaller size and fewer number of nodes, LANs provide faster data transfer than other network types. Different technologies can be implemented on a LAN depending on conguration needs and working of the network. Ethernet is the most commonly implemented LAN technology. Other LAN technologies such as the token ring, the token bus, and the Fiber Distributed Data Interface (FDDI) can also be used on LANs.
10
LESSON 1
Example:
Figure 1-9: Devices connected to form a LAN. LAN Administrator Duties LAN administrators are responsible for managing and maintaining the local network. The administrators responsibilities not only include maintaining machines and cabling but also network software. LAN administrators may also be required to perform installation and deployment, upgrades, and troubleshooting for different applications. LAN administrators need to be versatile and adaptable with a broad range of skills and knowledge about network applications and hardware.
WANs
Denition: A Wide Area Network (WAN) is a network that spans a large area, often across multiple geographical locations. WANs typically connect multiple LANs and other networks using long-range transmission media. Such a network scheme facilitates communication among users and computers in different locations. WANs can be private, such as those built and maintained by large, multinational corporations, or they can be public, such as the Internet.
WANs
11
LESSON 1
Example:
Figure 1-10: A WAN composed of several LANs. WAN Administrator Duties WAN administrators typically handle more complex technical issues than LAN administrators, and focus on resolving network issues rather than user issues. A WAN administrator performs the following duties: Designs and maintains the connection scheme between remote segments of a network. Develops and troubleshoots routing structures. Works with both voice and data systems. Develops scripts to automate complex network administrative tasks. Works on security issues and helps implement recovery schemes. Plans, tests, and implements hardware and software upgrades.
Network Coverage Areas

Network Coverage Areas
There are other network categories based on the geographical area they cover.
WAP, infrared, and Bluetooth are covered in more detail in subsequent lessons.
Network Category
MAN CAN
Description
A Metropolitan Area Network (MAN) covers an area equivalent to a city or a municipality. A Campus Area Network (CAN) covers an area equivalent to an academic campus or business park. A CAN is typically owned or used exclusively by an entity.
12
LESSON 1
Network Category
PAN
Description
A Personal Area Network (PAN) connects two to three computers with cables and is most often seen in small or home offices. A Wireless Personal Area Network (WPAN) is a variation of PAN that connects wireless devices in close proximity but not through a Wireless Access Point (WAP). Infrared and Bluetooth are technologies used for connecting devices in a WPAN.
The Internet
The Internet is the single largest global WAN, linking virtually every country in the world. Publicly owned and operated, the Internet is widely used for sending email, transferring les, and carrying out online commercial transactions. All information on the Internet is stored as web pages, which can be accessed through software known as a web browser. Most of the processes related to the Internet are specied by the Internet Protocol (IP), and all the nodes connected to the Internet are identied by a unique address, known as an IP address. The Internet Corporation for Assigned Names and Numbers (ICANN) coordinates the assignments of unique identications on the Internet, such as domain names, IP addresses, and extension names, while the Internet Society (ISOC) coordinates and oversees standards and practices for the Internet.
You can get more information on the ISOC at its website www.isoc.org. The Internet
Figure 1-11: The Internet consists of computers connected across the world.
Intranets
Denition: An intranet is a private network that uses Internet protocols and services to share a companys information with its employees. As with the Internet, the employees can access an intranet via a web browser and navigate a companys web pages. However, an intranet is not very useful if it is not connected with the Internet. An intranet contains information that is segregated from the Internet for condentiality and security reasons.
Intranets
13
LESSON 1
Example:
Figure 1-12: An intranet connecting users in a private network.
Extranets
Extranets
Denition: An extranet is a private network that grants controlled access to users outside of the network. It is an extension of an organizations intranet. With the help of an extranet, organizations can grant access to users such as vendors, suppliers, and clients to connect to resources on the network. Example:
Figure 1-13: An extranet connecting a user outside of the network.
14
LESSON 1
Enterprise Networks
Denition: An enterprise network is a network that includes elements of both local and wide area networks. Owned and operated by a single organization to interlink its computers and resources, it employs technologies and software designed for fast data access, email exchange, and collaboration. Enterprise networks are scalable and include high-end equipment, strong security systems, and mission-critical applications. Example:
Enterprise Networks
Figure 1-14: An enterprise network.
ACTIVITY 1-2
Identifying Network Categories
Scenario: In this activity, you will identify the primary categories of networks.
1.
Ristell & Sons Publishing has a remote office that accesses its corporate office with relatively high bandwidth. Which network category does it use? a) LAN b) WAN c) CAN d) MAN
15
LESSON 1
2. InfiniTrain occupies four floors in the East building of the River View Business Complex. What category does this network fit into? a) LAN b) WAN c) CAN d) MAN 3. This figure represents a company with a central office, an attached warehouse, and a remote supplier. Which portions of the network are LANs?
a) Section CTampa Headquarters b) Section ATampa Headquarters and Tampa Warehouse c) Section BTampa Warehouse and London Supplier 4.
You might want to point out that section B could be considered a CAN depending on the distance between Tampa Headquarters and Tampa Warehouse.
This figure represents the same small company with a central office, an attached warehouse, and a remote sales office. Which portion of the network is a WAN?
a) Section ATampa Headquarters b) Section BTampa Headquarters and Tampa Warehouse c) Section CTampa Warehouse and Boston Sales Office
16
LESSON 1
5. Which network employs elements of both local and wide area networks? a) Metropolitan area network b) Personal area network c) Campus area network d) Enterprise network
TOPIC C
Standard Network Models
Up to this point, you have identied the primary categories that describe the size and extent of a network. For every network deployed, the actual model of the network will depend on the individual networks requirements that the network is designed to cater. In this topic, you will identify the standard networking models currently in use. As a networking professional, you will need to work in a variety of network environments that use different technologies, implementation designs, and models. The model to be used is a result of an analysis of requirements, connectivity methods, and technologies that are being used. Some of these models might be more prevalent than others, and you need to understand the different network models you might encounter.
Network Models
Denition: A network model is a design specication for how the nodes on a network are constructed to interact and communicate. A network model determines the degree to which communications and processing are centralized or distributed. There are three primary network models: Centralized or hierarchical Example: Client/server Peer-to-peer
Network Models
Figure 1-15: A centralized network.
17
LESSON 1
Segments
Segments
Denition: A segment is a physical subdivision of a network that links a number of devices, or serves as a connection between two nodes. A segment is bounded by physical internetworking devices such as switches and routers. All nodes attached to a segment have common access to that portion of the network. Example:
Figure 1-16: Segments of a network. Segmenting for Performance Dividing a network into segments can improve network performance. With segments, traffic is conned to a portion of the network containing nodes that communicate with each other most often. However, performance can suffer if nodes must regularly communicate with nodes on other segments. Devices such as switches and routers that link segments can lead to slower transmission between segments.
Centralized Networks
Centralized Networks
Denition: A centralized network is a computer network in which a central host computer controls all network communication, and performs data processing and storage on behalf of clients. Users connect to the host via dedicated terminals or terminal emulators. Centralized networks provide high performance and centralized management, but they are expensive to implement.
The terms hierarchical network and host-based network can also be used to describe centralized networks.
18
LESSON 1
Example:
Figure 1-17: A centralized computer network. Decentralized Networks A pure centralized network is rare in todays environment. Most of the network types you encounter will be decentralized to some extent, with the client/server architecture having some degree of centralization, and the peer-to-peer architecture being almost purely decentralized. In a decentralized network, each peer can connect directly with other peers without being managed by a central server. A server provides services to the nodes upon a request from them. A peer-to-peer network is an example of a decentralized network.
Client/Server Networks
Denition: A client/server network is a network in which servers provide resources to clients. Typically, there is at least one server providing central authentication services. Servers also provide access to shared les, printers, hardware storage, and applications. In client/server networks, processing power, management services, and administrative functions can be concentrated where needed, while clients can still perform many basic end-user tasks on their own.
Client/Server Networks
You will learn more about authentication services in subsequent lessons.
19
LESSON 1
Example:
Figure 1-18: Clients and a server in a client/server network.
Peer-to-Peer Networks
Peer-to-Peer Networks
Denition: A peer-to-peer network is a network in which resource sharing, processing, and communications control are completely decentralized. All clients on the network are equal in terms of providing and using resources, and each individual workstation authenticates its users. Peer-to-peer networks are easy and inexpensive to implement. However, they are only practical in very small organizations, due to the lack of centralized data storage and administration. A peer-to-peer network is more commonly referred to as a workgroup. In a peer-to-peer network, user accounts must be duplicated on every workstation from which a user accesses resources. Such distribution of user information makes maintaining a peer-to-peer network difficult, especially as the network grows. Example:
Figure 1-19: Computers in a peer-to-peer network.
20
LESSON 1
Mixed Mode Networks
Denition: A mixed mode network incorporates elements from more than one of the three standard network models. Some mixed mode networks consist of a client/server network combined with a centralized mainframe. An end users workstation functions as a client to the network directory server, and employs terminal emulation software to authenticate to the host system. Example: A common example of a mixed mode network is a workgroup created to share local resources within a client/server network. For example, you might share one clients local printer with just a few other users. The client sharing the printer on the network does not use the client/server networks directory structure to authenticate and authorize access to the printer. Example:
Mixed Mode Networks
Figure 1-20: A mixed mode network.
21
LESSON 1
ACTIVITY 1-3
Identifying the Standard Network Models
Scenario: In this activity, you will identify the standard network models.
1.
On your network, users access a single host computer via a terminal for all of their data processing and storage. Which network model does your network use? a) Peer-to-peer b) Mixed mode c) Client/server d) Centralized
2.
On your network, users directly share files stored on their computers with other users. Additionally, they access shared storage, printing, and fax resources, which are connected to a department-wide server. Which network model does your network use? a) Peer-to-peer b) Client/server c) Centralized d) Mixed mode
3.
Match the network model with its description.
Centralized
a.
Client/server
Peer-to-peer
Mixed mode
Nodes can perform basic end-user tasks on their own, but depend on another network resource for advanced processing tasks. b. Resource sharing, processing, and communications control are completely decentralized. c. A host computer performs data processing and storage on behalf of clients. d. Displays characteristics of more than one of the three standard network models.
22
LESSON 1
4. Rudison Technologies Ltd. has four employees who need to share information and hardware such as a scanner and printer. They also need Internet access. None of the users have advanced computing skills. Which type of network would best suit their needs? a) Client/server b) Peer-to-peer c) Centralized d) Mixed mode
TOPIC D
Physical Network Topologies
In the previous topic, you identied the various network models. Now you are ready to see how these components can combine to create large structural units called network topologies. In this topic, you will identify the primary physical network topologies. Network topologies inuence the ow of data through a network and the design of communication protocols to a large extent. Getting to know the different topologies is essential to design or troubleshoot a network. Knowledge of the physical topology of a network is critical for you to be able to successfully execute many network management tasks including fault monitoring and problem isolation. No matter what your role, you will need to understand the characteristics of the network topology you are working with, and identify how the topology affects the network performance and troubleshooting.
Topology
Denition: A topology is a network specication that determines the networks overall layout, signaling, and data-ow patterns. A physical topology describes a networks physical wiring layout or shape, while a logical topology describes the paths through which data moves. The physical and logical topologies can be different for a network. Common physical topologies include a star, ring, mesh, tree, and bus.
Topology
23
LESSON 1
Example:
Figure 1-21: Physical and logical topologies on the same network can differ.
Point-to-Point Connections
Point-to-Point Connections
Denition: A point-to-point connection is a direct connection between two nodes on a network. One node transmits data directly to the other. Modern point-to-point connections implementations are present for both wired and wireless connections, including microwave and laser links, as well as Ethernet and coaxial cables. Wireless point-to-point connections often do not work if there are any obstacles in the path between endpoints to establish a good connection. Example: Direct Connection Between Two Computers Connecting one hosts Network Interface Card (NIC) directly to another hosts NIC with a Cat5 crossover cable is an example of a point-to-point connection.
NIC, Cat5 and other cable types are covered in more detail in subsequent lessons.
Figure 1-22: A point-to-point connection between two computers.
Multipoint Connections
Multipoint Connections
Denition: Multipoint connections are connections between multiple nodes. Each multipoint connection has more than two endpoints. A signal transmitted by any device on the medium is not private. All devices that share the medium can detect the signal but they do not receive it unless they are the recipients. Example: Multipoint connections are the most common way to physically connect a network. Physical bus and star networks are examples of multipoint connections.
24
LESSON 1
Radiated Connections
Denition: A radiated, or broadcast connection is a wireless point-to-point or multipoint connection between devices. Wireless LAN, infrared, and Wi-Fi networks are all radiated connections. Example: Wi-Fi Wi-Fi is a brand name promoted by the Wi-Fi Alliance for WLANs. Wireless radio communications following the IEEE 802.11, or Wi-Fi, standard are the most common choice for ordinary wireless LAN connectivity for portable computers inside homes, offices, and increasingly, public buildings. Choose Wi-Fi when you need to connect portable computer systems to a wired or wireless LAN. Wi-Fi enables users to move from place to place freely without a line of sight connection to the access point. Wi-Fi provides good performance within the wireless access point coverage area, barring any signal interference.
Radiated Connections
Figure 1-23: A radiated connection with a wireless router.
The Physical Bus Topology

Denition: A physical bus topology is a network topology in which the nodes are arranged in a linear format, and a T-connector connects each node directly to the network cable. The cable is called the bus and serves as a single communication channel. Signals can reect off the ends of the cable, so you must install 50 ohm terminators to prevent this reection. Attaching a terminator at both ends of the network cable prevents a condition called signal bounce, in which signals endlessly move from one end of the wire to the other. Terminators impede or absorb signals so they cannot reect onto the wire.
You must ground a bus network on one end to reduce static electricity. The Physical Bus Topology
Disadvantages of the Bus Topology The bus topology has a few disadvantages. A bus network: Is easy to implement but can be unreliable, because the entire bus fails if there is a break in the network cable. Cannot support multiple pairs of terminals at the same time. Transmits data slower than the other topologies as only two nodes can communicate at any time.
25
LESSON 1
Example:
Figure 1-24: A physical bus topology.
Data Transmission on a Bus

Data Transmission on a Bus
On a bus, as all communication takes place through the same path, only a single pair of terminals can communicate at a time. Data is transmitted on a bus in a sequence of steps: 1. Each node on a bus listens passively to the channel until it receives a signal. The data signal passes by every node, but not through the node. 2. 3. The node transmits data when the bus is free, and the allocation of the channel to nodes is done on a rst-come, rst-serve basis. When a node is ready to transmit data to another node, it sends out a broadcast alert to inform all other nodes that a transmission is being done. This is to avoid a collision of data packets from multiple users on the bus. If two nodes try to transmit data at exactly the same time, a collision occurs on the wire. Each node waits a random period of time before retransmission. The destination node picks up the transmission. If none of the nodes accept the transmitted data, such as in the case of the destination node being switched off, the data packet is terminated by the bus itself.
4. 5. 6.
Figure 1-25: Data transmission on a bus.
26
LESSON 1
The Physical Star Topology
Denition: A physical star topology is a network topology that uses a central connectivity device, such as a switch, with individual physical connections to each node. The individual nodes send data to the connectivity device, and the device then either forwards data to the appropriate destination node, as in the case of a switch, or simply passes it through to all attached nodes, as in the case of a hub. Star topologies are reliable and easy to maintain as a single failed node does not bring down the whole network. However, if the central connectivity device fails, the entire network fails. Example: Although star topologies are extremely common in client/server networks, a host-based computing system is a classic example of a physical star topology. Each node has a connection to the host computer and is not aware of other nodes on the network.
The Physical Star Topology
Figure 1-26: A physical star topology.
The Physical Ring Topology

Denition: A physical ring topology is a network topology in which each node is connected to the two nearest nodes: the upstream and downstream neighbors. The ow of data in a ring network is unidirectional to avoid collisions. All nodes in the network are connected to form a circle. There is no central connecting device to control network traffic, and each node handles all data packets that pass through it. Data moves in one direction through each node that scans data packets, accepts packets destined for it, and forwards packets destined for another node. Each node in the ring topology acts as a repeater and boosts the signal when it retransmits the data packet. This boost in the signal ensures that the signal quality is high. Ring topologies are potentially unreliable as the failure of a single node can bring down the entire network.
The Physical Ring Topology
27
LESSON 1
Example:
Figure 1-27: A physical ring topology. Example: The Dual Ring Topology A variant of the ring topology is the dual ring topology, which allows the use of two rings with each ring carrying data in opposite directions. Dual ring congurations are faster as data can be sent through the shortest path between a sender and the receiver. It is a more reliable topology because in case of a breakage in the inner or outer ring, the topology automatically recongures to a single ring data ow, thus reducing down time on the network.
The Physical Mesh Topology

The Physical Mesh Topology
Denition: A physical mesh topology is a network topology in which each node is directly connected to every other node, similar to the physical point-to-point topology. This conguration allows each node to communicate with multiple nodes at the same time. Since all nodes have dedicated links with other nodes, there is no congestion on the network and data travels very fast. Because no node can be isolated from the network, this topology is extremely reliable. It is also difficult to implement and maintain because the number of connections increases exponentially with the number of nodes. Mesh topologies typically provide reliable communications between independent networks. The Partial Mesh Topology The partial mesh topology is a variation of the mesh topology in which only a few nodes have direct links with all the other nodes. This differentiates it from the full mesh topology in which all nodes have direct links with others. It is less complex, less expensive, and contains less redundancies than a full mesh topology. A partial mesh topology is commonly used in subnetworks of large networks where the number of users is low and lower data transfer rates can be used. Example: Mesh Topology on the Internet The connections between major divisions of the Internet use a mesh topology.
28
LESSON 1
Example:
Figure 1-28: A representation of the physical mesh topology.
The Physical Tree Topology

Denition: A physical tree topology is a network topology in which a central, or root node is hierarchically connected to one or more second-level nodes, which are one level lower in the hierarchy. The root node has a point-to-point link with each of the second-level nodes, while each of the second-level nodes is connected to one or more third-level nodes via a point-to-point link. The root node is the only node that has no other node above it in the hierarchy. Each node in the network has the same number of lowerlevel nodes connected to it; this number is referred to as the branching factor of the hierarchical tree. Example:
The Physical Tree Topology
Figure 1-29: A physical tree topology with a branching factor of 3.
29
LESSON 1
Hybrid Topologies
Hybrid Topologies
Denition: A hybrid topology is any topology that exhibits the characteristics of more than one standard topology. Each section of the network follows the rules of its own topology. Hybrid topologies can be complex to maintain because they typically incorporate a wide range of technologies. Most of the large networks consist of several smaller subnetworks, and each subnetwork may have a different topology. Example: Common Hybrid Topologies Two common hybrid topologies are the star bus and the star ring. The star bus topology connects several star networks to a network backbone in a bus layout. The star ring connects several ring networks to a central device in a star conguration. Data is sent in a circular pattern around the star conguration.
Hybrid topologies are typically not designed as such. They usually arise when administrators connect existing network implementations independently using different topologies.
Figure 1-30: The star bus topology connects star networks to a bus.
Types of Hybrid Topologies

Types of Hybrid Topologies
There are other types of hybrid topologies on a network.
Hybrid Topology
Star-bus
Formed By
Linking the central nodes of some star networks using a common bus. Inside each subnetwork, data will ow similar to a star network and each of these star networks will be treated as a node on the larger bus network. To move data from one subnetwork to another, it has to be placed on the common bus. Connecting the central nodes of two or more star networks with a new common node. To move data from one subnetwork to another, it must be routed through the new common node. Connecting the central nodes of multiple star networks in a ring. The data ow between different subnetworks is through this ring.
Star-of-stars
Star-ring
30
ACTIVITY 1-4
Identifying Physical Network Topologies
Scenario: In this activity, you will identify the different physical network topologies.
LESSON 1
1.
True or False? A physical topology describes the data flow patterns on a network. True False
2.
Match the physical network topology with its description.
c d b a e
3.
Bus Star Ring Mesh Hybrid
Network nodes have a direct connection to every other node. b. Network nodes connect in a circle. c. Network nodes are arranged in a linear format. d. Network nodes connect to a central connectivity device. e. Exhibits the characteristics of more than one standard topology.
a.
Which physical network topology connects each node to both its upstream and downstream neighbors? a) Star b) Bus c) Tree d) Ring
4.
Which of these statements are valid with respect to the bus topology? a) All nodes in the network are connected to a common transmission path. b) Multiple pairs of nodes can communicate at a time. c) It requires less cabling than other topologies. d) Data transmission is slower than other topologies.
5.
In which network connection type can all the devices detect the signal transmitted on the medium? a) Point-to-point b) Radiated c) Multipoint
31
LESSON 1
TOPIC E
Logical Network Topologies
In the previous topic, you identied the physical network topologies. Because the path of data ow does not always correspond to the physical wiring layout of the network, you also need to consider how logical data paths work. In this topic, you will identify logical network topologies. You may be faced with a situation where you need to troubleshoot a logical segment of your network and ensure the ow of data between two links when the physical topology seems just ne. Logical network topologies provide information that physical topologies do not provide such as the data transmission path between a sender and a receiver and the different places in which this path converges or diverges. This information will also help you plan the transmission links and resource sharing capabilities and identify network routes apart from troubleshooting.
The Logical Bus Topology

The Logical Bus Topology
Denition: A logical bus topology is a network topology in which nodes receive the data transmitted all at the same time, regardless of the physical wiring layout of the network. In a logical bus with the physical star topology, even though nodes connect to a central switch and resemble a star, data appears to ow in a single, continuous stream, from the sending node to all other nodes through the switch. As the transmission medium is shared, only one node can transmit at a time. Example:
Figure 1-31: A logical bus topology.
32
LESSON 1
The Logical Ring Topology
Denition: A logical ring topology is a network topology in which each node receives data only from its upstream neighbor and retransmits data only to its downstream neighbor, regardless of the physical layout of the network. However, a logical ring must be used with a pure or hybrid physical ring topology such as star-ring. Although nodes might be connected to a central device in a star layout, data moves through the network in a circle until it reaches the original transmitting node, which then removes the data from the ring. Example:
The Logical Ring Topology
Figure 1-32: A logical ring topology.
The Logical Star Topology

Denition: A logical star topology implementation is less common than a logical ring or a logical bus. In a logical star topology, although all nodes are wired onto the same bus cable, a central device polls each node to check to see if it needs to transmit data. The central device also controls how long a node has access to the cable. A multiplexer (mux) manages individual signals and enables them to share the media.
The Logical Star Topology
Multiplexers are explained in more detail in subsequent lessons.
33
LESSON 1
Example:
Figure 1-33: A multiplexer managing signaling between nodes in a logical star topology.
ACTIVITY 1-5
Identifying Logical Network Topologies
Scenario: In this activity, you will identify logical network topologies.
1.
In which logical network topology do nodes receive the data transmitted simultaneously, regardless of the physical wiring of the network? a) Bus b) Star c) Ring
2.
In which of the logical topologies does a node receive data only from its upstream neighbor and retransmit the data only to its downstream neighbor? a) Star b) Bus c) Ring
3.
In which logical network topology does a central device poll nodes and control access to the channel? a) Bus b) Ring c) Star
34
Lesson 1 Follow-up
In this lesson, you identied the basic components of the current networking theory. Any network you encounter will utilize some of these basic networking components and concepts. You need to understand these fundamentals in order to succeed in your professional networking career.
1. In your opinion, what are the considerations for choosing between the different topologies to implement in your network? Answers will vary, but may include: organizational constraints, hardware availability, the number of physical devices or end users, geographical constraints, and an inability to carry the traffic load. 2. Describe any background experience you have working with LANs, WANs, or other types of networks. Answers will vary, but may include: most personal computer users today will have encountered LANs in a school computer lab, on the job, or through home networking. In addition, anyone who has browsed the Internet has used a WAN.
LESSON 1
35
NOTES
36
LESSON 2
LESSON 2
Network Communications Methods
In this lesson, you will identify the major network communications methods. You will: Identify the primary data transmission methods on a network. Identify media access methods and their characteristics. Identify the major network signaling methods.
Lesson 2: Network Communications Methods
37
LESSON 2
Introduction
In the previous lesson, you learned about the basic network components and topologies. All of these network types employ a set of communications methods to transmit data. In this lesson, you will identify the primary transmission, media access, and signaling methods that networks use to communicate. The essence of networking is communicationsending data from node to node for sharing between users and systems. The methods a network uses to communicate are vital to its proper functioning. Just like humans use different languages for communication, networks often use different communication methods to talk to one another. Understanding the language you need to use for communication is essential to be able to communicate. By the same token, understanding these basic communication methods will be critical to your success as a networking professional. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.3 Explain the purpose and properties of IP addressing. 3.7 Compare and contrast different LAN technologies. 3.7 Compare and contrast different LAN technologies.
Topic B:
TOPIC A
Data Transmission Methods
With the network in place, the next step is to identify methods to transmit data. In this topic, you will identify the primary data transmission methods. As a network professional, you will probably be expected to monitor network performance and response time. The manner in which data is transmitted between nodes on a network can signicantly impact network traffic and performance. You will need to understand the characteristics and potential effects of the transmission methods, which are implemented on the networks you support to understand their impact on the network.
Data Transmission
Data Transmission
Denition: Data transmission is the exchange of data among different computers or other electronic devices through a network. Unlike telephony, which involves only transmission of voice, data transmission sends non-voice information such as graphics, animations, audio, text, and video over the network. Most of the data transmission takes place through computer networks and the term data networks is synonymous with computer networks.
38
LESSON 2
Example:
Figure 2-1: Data communication on a computer network. Instantaneous Data Transfer Though data is typically stored as les before being transmitted, there are exceptions to this process. In some forms of data communication, such as online chat or video conferencing, data needs to be transmitted as soon as it is generated. In such cases, data is immediately converted into a network-compatible format and transmitted without being stored either in main memory or on a disk.
Digital Data Transmission

Digital data transmissions use voltage differences to represent the 1s and 0s in data. Unlike analog signal transmission, they are not modulated over a carrier. On-off keying or Manchester encoding converts data into a digital waveform. Each bit takes a predened time to transmit, and the sender and receiver synchronize their clocks either by transmitting a bit pattern or by monitoring for the reception of the rst bit.
Digital Data Transmission (2 slides)
Figure 2-2: Digital data transmission using on-off keying. On-Off Keying On-off keying is a digital data transmission encoding scheme in which a change in voltage from one state to another within a predetermined interval is symbolized by a 1. No voltage transition is symbolized by a 0. The receiver synchronizes its clock with the sender by watching for 1s. Variations of this scheme are called Non-Return to Zero (NRZ) and Non-Return to Zero Inverted (NRZI) encoding. On-off keying is used over serial ports and other relatively low-speed digital data connections.
Transmission of analog signals will be covered in more detail in topic C of this lesson.
39
LESSON 2
Because the receiver synchronizes its clock by watching for 1s, problems can arise when long sequences of 1s or 0s must be sent. The receiver may not be able to synchronize its clock for a long interval. With its clock out of sync, the receiver could incorrectly decipher how many 1s or 0s have been transmitted, leading to data corruption. Manchester Encoding Manchester encoding was developed as a way to overcome the limitations of on-off keying. The transition from positive to ground represents a binary 0 and a negative to positive voltage transition in the middle of the bit period designates a binary 1. Thus, every bit involves a voltage transition and the problem of transmitting a long string of 1s or 0s is eliminated. Manchester encoding is used over Ethernet and other high-speed digital data connections.
Unicast Transmission
Unicast Transmission
Denition: Unicast transmission is a method for data transfer from a source address to a destination address. Network nodes not involved in the transfer ignore the transmission. Unicast transmission is the predominant mode of transmission on LANs and the Internet. Some familiar unicast applications are Hyper-Text Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), and File Transfer Protocol (FTP). Example:
Figure 2-3: Data transfer in a unicast transmission.
Broadcast Transmission
Broadcast Transmission
Denition: Broadcast transmission is a transmission method in which data is sent from a source node to all other nodes on a network. Network services that rely on broadcast transmissions generate a great deal of traffic. Occasionally, nodes use broadcast transmissions to check for the availability of a particular service on the network. If the service is not available, the nodes broadcast a request for the service. If a server is present, it responds to the request.
40
LESSON 2
Example: Some servers periodically advertise their presence to the network by sending a broadcast message.
Figure 2-4: Data transfer in a broadcast transmission.
Multicast Transmission
Denition: Multicast transmission is a transmission method in which data is sent from a server to specic nodes that are predened as members of a multicast group. Network nodes not in the group ignore the data. Communication with nodes outside of a multicast group must be done through unicast or broadcast transmissions. Example: Television Signal Transmissions A video server transmitting TV signals is an example of multicast transmission. Example:
Multicast Transmission
Figure 2-5: Data transfer in a multicast transmission.
41
LESSON 2
Serial Data Transmission
Serial Data Transmission
With serial data transmission, the transmission of bits occurs as one per clock cycle, across a single transmission medium. Transmission of synchronization, start/stop, and error correction bits occurs along with data bits, thus limiting the overall throughput of data. Serial data transmission does not use DC pulses for transmission. Serial transmission can delineate bytes by using either synchronous or asynchronous techniques. Many common networking systems, such as Ethernet, use serial data transmission. Keyboards, mice, modems, and other devices can connect to your PC over a serial transmission port.
A clock cycle refers to the processing speed of a CPU.
Figure 2-6: Serial transmission being sent in sequence bitwise. Synchronous vs. Asynchronous Communications The receiver of an analog signal must have a way of delineating between bytes in a stream of data. This can be done using either asynchronous or synchronous techniques. With asynchronous communications, a sender inserts special start and stop bit patterns between each byte of data. By watching for these bit patterns, the receiver can distinguish between the bytes in the data stream. With synchronous communications, a byte is sent after a standardized time interval. The receiver assumes that one byte is transmitted every interval. However, the two devices must start and stop their reckoning of these intervals at precisely the same time. Synchronous devices include a clock chip. A special bit pattern is inserted at specic intervals in the data stream, enabling the receiving device to synchronize its clock with the sender. After synchronizing the clocks, a receiver can use the predetermined time interval as a means to distinguish between bytes in the data stream.
Parallel Data Transmission

Parallel Data Transmission
With parallel data transmission, transmission of multiple bits takes place by using multiple transmission lines. Many bitseven multiple bytescan be transferred per clock cycle. Transmission of synchronization, start/stop, and error correction bits does not occur along with data bits. They are often sent over additional transmission lines, thus improving the overall throughput of data. Parallel transmission is commonly used on the parallel port on your computer, to which you can connect printers or scanners. Other uses include the system bus inside your PC, the Small Computer System Interface (SCSI) data bus, and the PC Card bus.
42
LESSON 2
Figure 2-7: Parallel transmission occurs simultaneously across separate channels.
Baseband Transmission
In baseband transmissions, digital signals are sent via direct current (DC) pulses over a single, unmultiplexed signal channel. As all devices share a common transmission channel, they can send and receive over the same baseband medium, but they cannot send and receive simultaneously. Multiple baseband signals can be combined and sent over a single medium using a communication channel that is divided into discrete time slots.
Baseband Transmission
Figure 2-8: Data transfer in baseband transmission.
Broadband Transmission
Broadband transmission uses analog signaling to send data over a transmission medium using the complete bandwidth of the medium. Devices cannot send and receive over the same broadband channel; thus signals travel unidirectionally. Multiple broadband signals can be combined and sent over multiple frequencies, or channels, over a single network medium.
Broadband Transmission
Figure 2-9: Data transfer in broadband transmission.
43
LESSON 2
Broadband over Powerlines Broadband over Powerlines (BPL) is a technology that allows broadband transmission over domestic power lines. This technology aims to use the existing power infrastructure to deliver Internet access to remote areas at a rapid pace. BPL is yet to gain widespread acceptance because of the potential signal interference with other data signals such as wireless transmission and radio waves. The interference of BPL signals with radio waves affects radio operations, which are the main source of communication during times of natural disaster. In addition, there are concerns about the security of data when it is transmitted as plaintext using BPL, because it is easy to detect and intercept data when the signal travels using a common power source. Accepting and implementing BPL will require enhanced encryption and other security measures.
Interference and encryption are covered in detail in subsequent lessons.
ACTIVITY 2-1
Identifying Data Transmission Methods
Scenario: In this activity, you will identify the primary data transmission methods.
44
LESSON 2
1. Identify the transmission method depicted in the graphic.
a) Unicast b) Broadcast c) Multicast 2. True or False? Multicasting is more efficient in the use of network media than unicast transmission when many clients need to receive communications from a server. True False 3. Match the transmission method to its description.
b a c
4.
Unicast Broadcast Multicast
a. Transmission of data to all nodes. b. Transmission of data to the intended receiving device. c. Transmission of data to a subset of nodes.
Which transmission method allows digital signals to be sent as DC pulses over a single, unmultiplexed signal channel? a) Broadband b) Parallel c) Baseband d) Serial
45
LESSON 2
5. Which of these devices use serial data transmission? a) Keyboard b) Mouse c) USB hard drive d) Internal bus 6. Match the data transmission method with its description.
Serial
a.
Parallel
b e d
Baseband Broadband Digital
Utilizes additional transmission lines to improve the overall data throughput. b. Combines multiple digital signals to be sent over a single medium using a time slot divided communication channel. c. Delineates bytes by using either synchronous or asynchronous techniques. d. Uses voltage differences to directly represent the data as 1s and 0s. e. Uses analog signaling to send data using the mediums entire bandwidth.
TOPIC B
Media Access Methods
In the previous topic, you identied the primary data transmission methods. The next component of network communication is media access. In this topic, you will identify common media access methods. Human communications follow unwritten rules that help everyone involved to hear and be heard. Computers on a network must also follow rules so that every node has a fair chance to communicate. As a network technician, you need to understand these media access methods so you can choose the best one for your network, and also ensure that every node follows the same access method.
Types of Media Access

Types of Media Access
Depending upon the traffic on the network media, a node can transmit data on a network. The media access method determines whether or not a particular node can transmit data on the network at a given time. Media access methods fall into two categoriescontention-based and controlled. With contention-based or competitive media access, the nodes themselves negotiate for media access time. With controlled or deterministic media access, a central device or system controls when and for how long each node can transmit.
46
LESSON 2
Figure 2-10: Contention-based and controlled media access deployed on networks. Comparing Media Access Categories Deterministic access methods are benecial when network access is time critical. For example, in an industrial setting, key control and safety equipment, such as owshutoff sensors in chemical storage facilities, must have guaranteed transmission time. Deterministic systems ensure that a single node cannot saturate the media; all nodes get a chance to transmit data. However, they require additional hardware and administration to congure and maintain. Contention-based systems are simpler to set up and administer, but timely media access is not guaranteed for any node.
Multiplexing
Denition: Multiplexing is a controlled media access method in which a central device combines signals from multiple nodes and transmits the combined signal across a medium. To carry multiple signals, the medium or channel is separated logically into multiple, smaller channels. Signals can be multiplexed using Time-Division Multiplexing (TDM) or Frequency-Division Multiplexing (FDM). Both multiplexing techniques rely on a central device, called a multiplexer, or mux, to manage multiplexing from the sending end. At the receiving end, a demultiplexer, or demux, separates the signals. TDM In TDM, a communication channel is divided into discrete time slots. Each node on a network is assigned a time slot, and each sender is given exclusive access to the medium for a specic period of time. Nodes have exclusive access to the connection between themselves and a mux for that period of time. The mux combines each nodes signal, and in turn, sends the resulting combined signal over the primary network medium. Using TDM, multiple baseband signals can be combined and sent over a single medium.
Multiplexing
47
LESSON 2
FDM In FDM, data from multiple nodes is sent over multiple frequencies, or channels, using a network medium. Nodes have exclusive access to the connection between themselves and a mux. The mux includes each nodes signal onto its own channel, sending the resulting combined signal over the primary network medium. Using FDM, multiple broadband signals can be combined and sent over a single medium. Example:
Figure 2-11: The multiplexed media access method.
Polling
Polling
Denition: Polling is a controlled media access method in which a central device contacts each node to check whether it has data to transmit. Each node is guaranteed access to the media, but network time can be wasted if polling nodes have no data to transmit. The polling process is repeated by giving each node access to the media until the media reaches the node that needs to transmit data. Example: Demand Priority Demand priority is a polling technique in which nodes signal their stateeither ready to transmit or idleto an intelligent hub. The hub polls the state of each node and grants permission to transmit. Additionally, a node can signal that its data is high priority. The hub will favor high-priority transmission requests. Safeguards in the protocol prevent nodes from assigning every transmission request as high priority. This is done by ensuring that each node has an equal opportunity to transmit and a node is not allowed second normal transmission unless all nodes have completed their rst normal transmission.
The Institute of Electronic and Electronics Engineers (IEEE), which is an organization dedicated to advancing theory and technology in the electrical sciences, has not standardized polling in general. However, the IEEE 802.12 standard denes 100VG-AnyLAN, which uses a specic polling technique called demand priority to control media access.
48
LESSON 2
Figure 2-12: The polling media access method. Managed Hubs A managed hub is a type of hub that includes functions that enable you to monitor and congure its operation. Typically, you connect to the hub using special software or via a dedicated management port. Managed hubs are also called intelligent hubs.
CSMA/CD
CSMA/CD is the access method for Ethernet formalized in the 802.3 standard, a specication issued by IEEE to standardize Ethernet and expand it to include a wide range of cable media. CSMA/CD
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a contention-based media access method used in Ethernet LANs to provide collision free data transfer over a medium. Nodes can transmit whenever they have data to send. However, they must take steps to detect and manage the inevitable collisions that occur when multiple nodes transmit simultaneously. The busier a network becomes, the greater the probability of collisions, and the lower the CSMA/CD efficiency. There are ve steps involved in the CSMA/CD process.
49
LESSON 2
Figure 2-13: The CSMA/CD media access method.
Step
Step 1: Data to transmit Step 2: Check network Step 3: Transmit
Description
A node has data to transmit. The node determines if the media is available by polling. If available, the node transmits data. After transmission, it waits for an acknowledgement from the receiving node, which indicates whether or not the transmission was successful. The node checks the packet size to detect data fragments that indicate the occurrence of a collision. If a collision occurs, both transmitting devices wait for a random backoff period (in milliseconds), before retransmitting data. The nodes then repeat the process until successful.
Step 4: Collision Step 5: Wait
Power Over Ethernet (PoE) Power over Ethernet (PoE) has been nalized as the 802.3af standard. The PoE standard species a method for supplying electrical power over Ethernet connections. PoE species two device types: power sourcing equipment (PSE) and PDs (powered devices). PSEs provide the power and PDs are those devices that receive the power from the PSE. PoE requires CAT 5 or higher copper cable.
50
LESSON 2
CSMA/CA
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is a contention-based media access method that is primarily used in 802.11based wireless LANs (WLANs). In CSMA/CA, nodes can transmit whenever they have data to send. However, they take steps before they transmit data to ensure that the media is not in use.
CSMA/CA
WLAN is covered in more detail in subsequent lessons.
Figure 2-14: The CSMA/CA media access method.

The 802.11 standard is a family of specications developed by the IEEE for wireless LAN technology.
Step
Step 1: Data to transmit Step 2: Check network Step 3: Jam signal Step 4: Wait Step 5: Transmit Step 6: Monitor for jam signal
Description
A node has data to transmit. The node determines if the media is available by polling. If available, the node transmits a jam signal, advertising its intent to transmit data. The node waits until all nodes have had time to receive the jam signal. The node transmits data. During transmission, the node monitors the media for a jam signal from any other node that may already be transmitting data. If a jam signal is received, it stops transmitting and retries after a random delay.
51
LESSON 2
Contention Domains
Contention Domains
Denition: A contention domain, also called a collision domain, is a contention-based network on which a group of nodes are allowed to compete with each other for media access. This competition results in collisions caused by frames that are transmitted simultaneously by two or more nodes. Networking devices such as switches dene the size of the contention domain. Dividing a large network of many nodes into smaller contention domains reduces collisions, thus improving network performance. Example:
Figure 2-15: Contention domains on a network. Broadcast Domain A broadcast domain is a logical area in a computer network where any node connected to the network can directly transmit to any other node in the domain without having to go through a central routing device. A broadcast domain refers to the set of devices that receive a broadcast data frame originating from any device within a LAN segment or subnet. Switches cannot determine the size of the broadcast domain. Routers can determine the size of the broadcast domain. Broadcast Domain vs. Collision Domain Collision and broadcast domains primarily differ from the perspective of the size of the domains. Multiple collision domains can make up a broadcast domain, but a broadcast domain associates itself only with a single collision domain. Broadcast and collision domains also differ in the way they affect performance on a network. All devices in a broadcast domain receive broadcasts sent on the network. On a collision domain, an increase in traffic results in a higher probability of collisions on the network. As broadcast domains generate a lot of network traffic, they work best in smaller domains.
52
ACTIVITY 2-2
Identifying Media Access Methods
Scenario: In this activity, you will identify the main types of media access methods.
LESSON 2
1.
Match the media access method with its description.
Polling
Multiplexing
CSMA/CD
c b
2.
CSMA/CA Token-based
Devices check if the media is available and transmit; collisions are detected. b. Devices that possess a special packet transmit, while all other devices wait their turn. c. Devices check media availability and transmit a blocking signal before transmitting data. d. A central device asks each node, in turn, if it has data to transmit. e. Combines data from multiple devices into a single signal.
a.
Which of these statements describe contention-based media access? a) Controls when a node can place data on a network. b) Negotiates with devices for network access. c) Performs better in smaller segments. d) Performs predictable access of the network.
3.
What is the correct sequence of data transmission in the CSMA/CD media access method? 2 Transmits the data. 4 Waits for a random backoff period. 3 Determines occurrence of a collision. 1 Determines if the media is available.
4.
Which statements are true of a contention domain? a) Reduces the number of nodes that contend for media access. b) Defines a group of nodes to be polled by a hub. c) Groups nodes logically. d) Eliminates collisions within the domain.
53
LESSON 2
5. Which statements are true of multiplexing? a) Both TDM and FDM rely on a demux, to manage multiplexing from the sending node. b) A central device combines signals from multiple nodes. c) The medium or channel is separated logically into multiple, smaller channels. d) Signals can be multiplexed using TDM or FDM. e) At the receiving node, a mux separates signals. 6. True or False? CSMA/CA is a contention-based media access method primarily used in 802.11-based wireless LANs. True False
TOPIC C
Signaling Methods
In the previous topic, you identied common media access methods used in networks. Now that you are aware of the media to be used, you need to investigate the different types of signaling. In this topic, you will identify the different signaling methods used in networks. As a network professional, you will encounter different types of signals on the network. The different signaling methods used have various advantages and limitations that will affect the signaling on your network. You can choose the correct signal type for your requirements only if you are aware of the characteristics of each signal type that you can use on networks. This will ensure that you get the optimum result when using the signal type that you select.
Analog Signals
Analog Signals
Denition: A signal is data transmitted as electromagnetic pulses across a network medium. An analog signal carries information as continuous waves of electromagnetic or optical energy. In computer networking, electrical current commonly generates analog signals, the intensity of which is measured in volts. An analog signal oscillates between maximum and minimum values over time and can take any value between those limits. The size, shape, and other characteristics of the waveform describe the analog signal and the information it carries.
54
LESSON 2
Example:
Figure 2-16: An analog signal.
Analog Signal Characteristics

The characteristics of an analog signal can be described or categorized using some specic terms.
Analog Signal Characteristics
Figure 2-17: Characteristics of an analog signal.
Term
Amplitude
Description
The distance of the crest or trough of a wave from the midpoint of the waveform to its top or bottom. The amplitude is one half of the overall distance from the peak to the trough of the wave. One complete oscillation of an analog signal. The number of complete cycles per second in a wave. It is measured in hertz, which is one cycle per second. Frequency is also called the period of the wave. Is where a waves cycle begins in relationship to a xed point. Thus, two waves of the same frequency that begin at the same time are said to be in phase. Two waves that either start at an offset from each other or have different frequencies are out of phase. The distance between two successive crests or troughs in a waveform.
Cycle Frequency
Phase
Wavelength
55
LESSON 2
Oscilloscope An oscilloscope is a device that plots the amplitude of an analog signal as a function of time. Oscilloscopes display analog signals as sine wave-shaped plots. Typically, it displays the output on a monitor, letting you view the shape of the signal in real time. Originally, oscilloscopes used Cathode Ray Tube (CRT) monitors, but modern oscilloscopes use Liquid Crystal Display (LCD) and Light Emitting Diode (LED) monitors. Sine Waves A sine wave is a smoothly oscillating curve that is the result of calculating the sine of the angles between zero and 360 and plotting the results. A sine wave can vary in amplitude, phase, or frequency. A wave that follows a sine curve is said to be sinusoidal.
Digital Signals
Digital Signals
Denition: A digital signal, unlike an analog signal that can have many possible values, can have combinations of only two valuesone and zero. These values represent the presence and the absence of a signal, respectively. Digital data, which is a sequence of ones and zeroes, can be translated into a digital waveform. In computer systems and other digital devices, a waveform can switch between two voltage levels: zero at the ground, or a zero voltage state, and one at a positive or negative voltage level. Example:
Figure 2-18: Waveform of a digital signal. Binary Data and Digital Signals Digital signals can hold just two values, and they are well-suited for encoding digital data, which is simply a sequence of ones and zeros. Every pulse in a digital signal represents one binary digit, or bit. Eight bits constitute one byte. Logical State Digital data is transmitted as electrical pulses, which have either a high or low power voltage levels. To represent the different voltage levels for mathematical reasons and to describe the working of digital devices, digital data is represented as binary 1s and 0s, also known as logical states.
56
LESSON 2
Digital Data Units Units of digital data are given specic names, as described in this table. Unit
Bit Nibble Byte Word
Description
A single 1 or 0 Four bits Eight bits Depends on the processor. For a 16-bit processor, a word is 16 bits For a 32-bit processor, a word is 32 bits For a 64-bit processor, a word is 64 bits
Data Measurement Units Exponential prexes are commonly used when measuring data in bits and bytes.
Prex
kilo (k) mega (M) giga (G) tera (T) peta (P)
Value
1000 1000000 (1000^2) 1000000000 (1000^3) 1000000000000 (1000^4) 1000000000000000 (1000^5)
Analog Signal Modulation and Demodulation

Analog signals generally transmit voice at low frequencies. Transmitting low frequency signals directly may lead to information loss and interference from other signals. To overcome these problems, analog signals are superimposed by a high frequency signal known as a base or carrier signal using a modulator. The lower frequency analog signal is superimposed over the carrier signals waveform. In modulation, upon adding a data signal, it modies one of the properties of the carrier signaleither the amplitude, frequency, or phase. The carrier signal is constant, but after its superimposition, it is shaped to represent the analog signal, resulting in a new signal that includes properties of both the carrier and data signals. When the modulated signal reaches its destination, the receiver decodes the signal by removing data from the carrier, using a process called demodulation.
Analog Signal Modulation and Demodulation
57
LESSON 2
Figure 2-19: Analog data signal modulation. Advantages of Modulation High frequency signals transmit well over long distances. In contrast, low frequency signals degrade quickly with distance. By combining a low frequency data signal with a high frequency carrier signal, data can be sent over longer distances with minimal signal degradation. Codecs and DACs/ADCs A codec is software or hardware that encodes and decodes digital data to and from the analog format. A modem is a type of codec; the specic chips that perform the digitalto-analog and analog-to-digital conversion are called Digital-to-Analog Codecs (DACs) and Analog-to-Digital Codecs (ADCs), respectively.
Digital Signal Modulation and Demodulation

Digital Signal Modulation and Demodulation
Digital data cannot be directly transmitted through a medium over a long distance. Digital signal modulation or encoding is the process of representing digital data in the form of an analog signal for transmission of data between different digital devices. Digital data has only two states represented as either 0 or 1. For example, a characteristic of the signal, such as frequency, is set to represent both 0 and 1. More frequency could be set for 1 and less for 0 or vice versa. For demodulation, the receiving digital device compares the modulated analog signal it received with the preset frequency or amplitude of the signal and uses the comparison results to reconstruct digital data. For example, if the receiving digital device encounters a high frequency and a low frequency signal, it reconstructs the signal as 1 and 0 in the digital format.
58
LESSON 2
Figure 2-20: A reconstructed Digital Signal. Modems A modem is a device that modulates and demodulates digital data to an analog signal that can be sent over a telephone line. Its name is a combination of modulate and demodulate. Digital Signal Modulation Techniques There are various techniques to modulate digital data, and each of these techniques is described in the following table.
Modulation Technique
Amplitude Shift Key (ASK) modulation Frequency Shift Key (FSK) modulation Binary-Phase Shift Key (BPSK) modulation Quadrature-Phase Shift (QPSK) Key modulation Quadrature Amplitude Modulation (QAM)
Description
Changes the amplitude of the analog signal depending on the logical state of digital data. The logical state of data can be either 0 or 1. Changes the frequency of the analog signal depending on the logical state of digital data. Changes the phase of the analog signal depending on the logical state of digital data. Changes the phase of the analog signal to represent two logical states at a time. The logical states can be 00, 01, 10, and 11. Combines both amplitude and phase shift key modulations. This helps represent more than two logical states at a time.
Digital Signal Reference Methods

To demodulate a digital signal, you must have a reference to determine the condition of the signal. This demodulation can be done using one of two methods. In the rst method, called differential, a modem compares the modulated and demodulated digital signals; and the difference in output becomes the resulting data. With the second method, called single-ended, the modem compares the signal on one line to ground. The difference from ground then becomes the data output.
Digital Signal Reference Methods
59
LESSON 2
Figure 2-21: Differential and single-ended demodulation.
ACTIVITY 2-3
Identifying Signaling Methods
Scenario: In this activity, you will identify the major signaling methods used in data communication.
1.
Which numbering system are digital signals based on? a) Hexadecimal b) Binary c) Decimal d) Alphanumeric
2.
Which statements are true of digital signal modulation? a) Digital data can be transmitted through over a long distance. b) Digital data can have only two logical states. c) Represents digital data in the form of analog signals. d) Modifies a characteristic of the signal.
3.
True or False? In the single-ended reference method for demodulating a digital signal, the demodulated signal is compared to ground and the difference becomes the output data. True False
60
LESSON 2
4. What are the characteristics of analog signal modulation and demodulation? a) Enables long distance data transmission. b) Leads to information loss and interference from other signals. c) Superimposes an analog signal and removes it from a high frequency analog carrier. d) Modifies all properties of the data signal. 5. Match the characteristic of an analog signal with its description.
d a b e c
Amplitude Cycle Frequency Phase Wavelength
a. b. c. d. e.
One complete analog signal oscillation. The period of the wave. The distance between two successive crests or troughs in a waveform. The distance from the crest or trough of a wave to its top or bottom. The beginning of a waves cycle in relationship to a xed point.
Lesson 2 Follow-up
In this lesson, you learned about the methods networking devices use to communicate to ensure the proper functioning of your network. Now that you are cognizant of the methods nodes use to transmit data to each other, you are well-positioned to choose the correct communication method for your network.
1. What are the factors to consider when you need to use unicast, broadcast, or multicast transmissions in your networking environment? Answers will vary, but may include: the mode of transmission to be used will depend upon whether or not data needs to be sent to individual nodes, or to multiple nodes simultaneously. 2. In your opinion, what is the importance of knowing different signal types? Answers will vary, but may include: not all networking is done from scratch. To build upon existing networks, you need to know the signaling methods devices use currently to communicate, so that you know which signal type will be compatible with the existing setup.
61
NOTES
62
LESSON 3
LESSON 3
Network Media and Hardware
In this lesson, you will describe network media and hardware components. You will: Identify the common types of bounded network media. Identify the common types of unbounded network media. Identify noise control methods used in network transmissions. Identify different network connectivity devices.
Lesson 3: Network Media and Hardware
63
LESSON 3
Introduction
In the previous lesson, you identied network data delivery methods. The network media and hardware carry data packets from a source to a destination, and they need to function without interruptions for data to travel reliably across the network. In this lesson, you will identify the different types of media and networking devices that transmit data. Networking media are like the highways and subways of a city. Without roads and rails, people cannot move through a city to work or home. Without networking media and the devices that support them, you cannot transmit data from one computer to another. For data to travel successfully across your network, you must verify that the network media and devices are compatible with one another and set up correctly for your particular network implementation. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.1 Categorize standard media types and associated properties. 3.2 Categorize standard connector types based on network media. 3.4 Categorize WAN technology types and properties. 3.8 Identify components of wiring distribution. 2.2 Given a scenario, install and congure a wireless network. 2.4 Given a scenario, troubleshoot common wireless problems. 3.4 Categorize WAN technology types and properties. 5.1 Given a scenario, implement appropriate wireless security measures. 2.2 Given a scenario, install and congure a wireless network. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.4 Explain the purpose and properties of routing and switching. 1.9 Identify virtual network components. 2.1 Given a scenario, install and congure routers and switches. 2.5 Given a scenario, troubleshoot common router and switch problems. 3.2 Categorize standard connector types based on network media.
Topic B:
Topic C: Topic D:
64
TOPIC A
Bounded Network Media
In this lesson, you will identify various types of network media and devices. The network media that carry data across your network can be bounded or unbounded. In this topic, you will identify the most widely implemented network mediabounded. Bounded media are the most basic networking media type and consist of different types that can be chosen to suit the needs of your network. You are likely to work with bounded media on a daily basis as part of your duties as a network professional. Understanding the characteristics of bounded media and the equipment used will enable you to properly install and service your networks.
LESSON 3
Network Media
Network media, the conduit through which signals ow, can be either bounded or unbounded. Bounded media use a physical conductor. This conductor can be a metal wire through which electricity ows, or a glass or plastic strand through which pulses of light ow. Unbounded media do not need a physical connection between devices, and can transmit electromagnetic signals through air using radio waves, microwaves, or infrared radiation.
Network Media
Figure 3-1: Types of network media.
Copper Media
Denition: Copper media is a type of bounded media that uses one or more copper conductors surrounded by an insulated coating. The conductors can be made from a solid wire or from braided strands of wire. Sometimes shielding, in the form of a braided wire or foil, is wrapped around one or more conductors to reduce signal interference from nearby sources of electromagnetic radiation.
Copper Media
65
LESSON 3
Example: Types of Copper Media Two of the most prevalent types of copper media used in networks are twisted pair and coaxial cable.
Twisted Pair Cables

Twisted Pair Cables
Denition: A twisted pair cable is a type of cable in which two conductors or pairs of copper wires are twisted around each other and clad in a color-coded, protective insulating plastic sheath or jacket to form a pair. All pairs are encased in a plastic sheath or jacket. The number of pairs within a cable will vary depending on the type of twisted pair cable. Twisted pair cables typically use shielding around pairs of wires. Example:
Figure 3-2: Constituents of a twisted pair cable. RJ-45 Connectors RJ-45 is an eight-pin connector used by twisted pair cables in networking. All four pairs of wires in the twisted pair cable use this connector.
The RJ in RJ-11 or RJ-45 is an abbreviation for registered jack. An RJ-45 connector can also be called an 8P8C connector.
RJ-45 Wiring Schemes There are two standard wiring schemes for RJ-45: T568A and T568B. It is important that you use the wiring scheme that matches the devices on your network even though all cables are the same.
Pin
1 2 3 4 5 6
T568A
White/green Green White/orange Blue White/blue Orange
T568B
White/orange Orange White/green Blue White/blue Green
66
LESSON 3
Pin
7 8
T568A
White/brown Brown
T568B
White/brown Brown
Figure 3-3: Twisted pair connectors RJ-45 wiring schemes. The RJ-11 Connector The RJ-11 connector is used with Category 1 cables in telephone system connections and is not suitable for network connectivity. However, because the RJ-11 connector is similar in appearance to the RJ-45 connector, they are sometimes confused. RJ-11 connectors are smaller than RJ-45 connectors, and have either four or six pins.
Twisted Pair Cable Types

A twisted pair cable can be of two types: Unshielded Twisted Pair (UTP) or Shielded Twisted Pair (STP).
Twisted pair cables are available in 2pair, 4pair, 6pair, 25pair, 100pair, and larger bundles.
Cable Type
UTP
Description
There are different characteristics of UTP: Does not include shielding around its conductors Typically contains four pairs of stranded or solid conductors Is inexpensive and reliable Supports transmission distances of up to 100 meters Supports data transfer rates of up to 1 Gbps
STP
There are different characteristics of STP. Includes foil wrapper shielding around its conductors to improve the cables resistance to interference and noise. Typically contains four pairs of stranded or solid conductors More expensive than UTP Supports transmission distances of up to 100 meters Supports data transfer rates of 10 to 100 Mbps.
67
LESSON 3
Color Schemes The conductors in older twisted pair cables used a solid color scheme. Old telephone cables used black, green, red, and yellow wires. The current color scheme uses striped colors. Wire colors are standardized. The industry standard for twisted pair is one solid color and the same color with white. Consider the blue pair of wires: one wire will be mostly blue with white stripes. It will be identied on wiring diagrams as the blue/ white wire. The corresponding wire in the pair will be mostly white with blue stripes, and be identied as the white/blue wire. The rst four standard color pairs are listed in the table.
Primary Wire
White/blue White/orange White/green White/brown
Secondary Wire
Blue/white Orange/white Green/white Brown/white
In the solid color scheme, red corresponds to blue/white, green to white/blue, yellow to orange/white, and black to white/orange.
Twisted Pair Cable Categories

Twisted Pair Cable Categories (2 slides)
A twisted pair cable comes in different grades, called categories, which support different network speeds and technologies.
Ethernet will be covered in more detail in subsequent lessons.
Category
1
Specications
Network Type: Voice transmission Maximum Speed: 1 Mbps CAT1 is not suitable for networking. Network Type: Digital telephone and low-speed networks Maximum Speed: 4 Mbps CAT2 is not commonly used on networks. Network Type: Ethernet Maximum Speed: 10 Mbps CAT3 is currently used for telephone wiring. Network Type: IBM Token Ring Maximum speed: 16 Mbps CAT4 may also be used for 10 Mbps Ethernet. Network Type: Fast Ethernet Maximum Speed: CAT5 supports a signaling rate of 100 Mbps. Network Type: Gigabit Ethernet Maximum Speed: CAT5e supports a signaling rate of 350 Mbps. Network Type: Gigabit Ethernet Maximum Speed: 1 Gbps CAT6 supports a signaling rate of 250 MHz.
5 5e 6
68
LESSON 3
Category
6a
Specications
Network Type: Gigabit Ethernet Maximum Speed: 1 Gbps CAT6a supports a signaling rate of 500 MHz. Network Type: Gigabit Ethernet Maximum Speed: 1+ Gbps CAT7 supports a signaling rate of 1 GHz.
A twisted pair cables category is typically printed on the cable itself, making identication easier.
Coaxial Cables
Denition: A coaxial cable, or coax, is a type of copper cable that features a central conducting copper core surrounded by an insulator and braided or foil shielding. The dialectric insulator separates the conductor and shield and the entire package is wrapped in an insulating layer called a sheath or jacket. The data signal is transmitted over the central conductor. A coaxial cable is so named because the conductor and shield share the same axis, or center. They share a common axis or are co-axial. This arrangement helps prevent electromagnetic interference from reaching the conductor. Example:
Coaxial Cables
Figure 3-4: Layers of a coaxial cable.
Coaxial Cable Types

Many varieties of coax cables are available not all of which are used in computer networking.
Coaxial Cable Types
Cable Type
RG58/U RG58A/U
Characteristics
A 5 mm (0.25 inch) coax cable with a solid core and 50 ohms impedance. RG58/U is used for Ethernet networking. A 5 mm (0.25 inch) coax cable with a stranded core and 50 ohms impedance. RG58A/U is used for Ethernet networking. A 10 mm (0.5 inch) coax cable with a solid core and 50 ohms impedance. RG8 is used for Ethernet networking.
RG8
69
LESSON 3
Cable Type
RG9
Characteristics
A 10 mm (0.5 inch) coax cable with a stranded core and 51 ohms impedance. RG9 is used for cable television transmission and cable modems. A 5 mm (0.25 inch) coax cable with a solid core and 93 ohms impedance. RG62 is used for ARCNET networking. A 6 mm (0.25 inch) coax cable with 75 ohms impedance. RG59 is used for low-power video connections such as digital receivers. A coax cable with 75 ohms impedance. RG6 is preferred over RG59. This type of cable is often used in routing cable television signals.
RG62 RG59 RG6
Attached Resource Computer Network (ARCNET) is a LAN protocol widely used in microcomputers. It is similar to other major LAN technologies such as Ethernet, token ring, and FDDI.
Solid and Stranded Cores The wires used in networking can be of two types: solid core and stranded core. A solid core wire is made of a single metal or a single strand. A stranded core wire consists of multiple strands or solid cores. ThinNet ThinNet is the name given to Ethernet networking over RG58/U or RG58A/U cabling. ThinNet is wired in a bus conguration in which segments can be up to 185 meters (607 feet) long. ThinNet connections are made with a BNC connector. Devices connect to the network with T-connectors and each end of the cable must be terminated with a 50-ohm resistor. ThickNet ThickNet is the name given to Ethernet networking over RG8 cabling. ThickNet is not commonly used today, but was popular as a network backbone because ThickNet segments can be up to 500 meters (or 1640 feet) long. Networking devices are not directly connected to the ThickNet cable. Instead, transceivers are connected to the cable with vampire taps, which is a clamshell-like device that pierces an RG8 cable, to make contact with its conductors. This permits a networking device to connect to the ThickNet segment. Transceivers can be installed as needed at intervals of 2.5 meters along the length of the cable. The networking device connects to the transceiver via a 15-pin Attachment Unit Interface (AUI) connector and a short section of cable called a drop cable. An AUI connector is also known as a DIX connector, which gets its name from the three companies that invented it: Digital Equipment Corporation (DEC), Intel, and Xerox. Connections between ThickNet segments are made with a screw-type connector called an N-connector. ThickNet segments must be terminated with a 50-ohm resistor.
Coaxial Connector Types

Coaxial Connector Types
Connectors are metal devices that are located at the end of a wire. Coaxial connectors are used to connect video equipment and network nodes in a LAN. Signals ow from the wire to network devices through connectors. All connectors are metal plated and some of the metals used are gold, silver, rhodium, nickel, or tin.
70
LESSON 3
Two broad categories of connectors are typically used in coax cables: F and BNC connectors. Connector Type
F
Characteristics
A coax connector type used with a 75-ohm cable to connect cable TV and FM antenna cables. It comes in a secure screw-on form or as a nonthreaded slip-on connector. A cable connector used to terminate a coaxial cable. It is usually used with the RG58/U cable. A Bayone-Neill-Concelman (BNC) connector has a center pin connected to the center cable conductor and a metal tube connected to the shield of the cable. A rotating ring outside the metal tube locks the cable to the connector. The types of BNC connectors include: T-connectors Barrel connectors
BNC
Coax cables are assigned a combination alphanumeric identity that indicates the size and electrical characteristics of that type of cable.
The RG specication codes come from their page numbers in the Radio Guide manual, the original military specication (Mil-Spec) for coax cables, which are no longer in use. For example, the RG8 specication appeared on page 8.
Termination Coax network segments must be terminated to prevent signal reections off the ends of the cable. Cables are terminated by installing a resistor of an appropriate rating, typically 50 ohms, at either end of the cable.
Network Media Performance Factors

Several factors can affect the performance of network media.
Network Media Performance Factors
Factor
Noise Attenuation
Description
Electromagnetic interference that disrupts the signal. The signal to noise ratio decreases as the transmitting distance increases. The progressive degradation of a signal as it travels across a network medium. This is usually caused by an increase of noise or a decrease in the strength of the signal. The susceptibility to noise and attenuation depends on the types of media used; some media types are more susceptible to attenuation. Attenuation can also occur when the cable length exceeds the recommended length up to which signals can travel without distortion. The opposition to the ow of electricity in an AC circuit. Impedance is measured in ohms (). An ohm is the value of electrical resistance through which one volt will maintain a current of one ampere.
Impedance
71
LESSON 3
Media Converters
Media Converters (2 slides)
A media converter enables networks running on different media to interconnect and exchange signals. Technically, a media converter is considered a transceiver because it transmits and receives signals. To install a media converter, simply connect terminated ends of the two media you want to bridge to the converter. You may need to provide electrical power to the converter, but may not need any additional conguration. Many converters are available that allow you to convert from one media type to another. Different types of converters are available in market.
Converter Type
Multimode ber to Ethernet Fiber to Coaxial Singlemode to multimode ber
Description
Used to extend an Ethernet network connection over a multimode ber backbone. Used to convert signals on ber to a coaxial cable. Used to transmit multimode ber signals over singlemode ber devices and links. It supports conversion between multimode segments on a network that spans a wider coverage area. Used to extend an Ethernet network connection over a singlemode ber backbone.
Singlemode ber to Ethernet
Structured Cabling
Structured Cabling (3 slides)
The Telecommunications Industry Association (TIA) and the Electronic Industries Association (EIA) developed the 568 Commercial Building Telecommunication Cabling standard. This standard denes the regulations on designing, building, and managing a cabling system that utilizes structured cabling according to specied performance characteristics to create a system of unied communications. Structured cabling is based on a hierarchical design that divides cabling into six subsystems.
Subsystem
Entrance facilities
Description
Contains the telecommunication service entrance to the building, campus-wide backbone connections, and the interconnection to the local exchange carriers telecommunication facilities. The network demarcation point is usually a foot away from where the carriers facilities enter the building, but the carrier can designate a different measurement, depending on the needs of the facility. Provides connections between equipment rooms and telecommunication closets. Backbone cabling runs through the oors of the building via risers or across a campus. The allowed distance measurements of this cabling depend on the type of cable and the facilities it connects. Provides the main cross-connection point for an entire facility. Also provides a termination point for backbone wiring connected to telecommunication closets. Houses the connection equipment for cross-connection to an equipment room along with workstations in the surrounding area. It contains horizontal wiring connections, and entrance facility connections. In an office building with multiple oors, depending on the oor plan, there can be as many telecommunications closets as needed.
Backbone wiring
Equipment room Telecommunications closet
72
LESSON 3
Subsystem
Horizontal wiring
Description
Runs from each workstation outlet to the telecommunication closet. The maximum allowed distance from the outlet to the closet is 295 feet. If patch cables are used, an additional 20 feet is allowed both at the workstation and the telecommunication closet, but the combined length cannot be more than 33 feet. Horizontal cabling specications include: Four-pair 100 ohms UTP cables Two-ber 62.5/125 mm ber-optic cables Multimode 50/125 mm multimode ber-optic cables Consists of wallboxes and faceplates, connectors, and wiring used to connect work area equipment to the telecommunications closet. It is required that a data and voice outlet be available at each wallbox and faceplate.
Work area
TIA/EIA-568 Telecommunications Industry Association/Electronic Industries Association (TIA/EIA) releases recommendations for how network media may best be installed to optimize network performance. They include: 568 C: This current release is the third in the 568 series. 568C denes the standards for commercial building cabling. It covers the exceptions and allowances related to the commercial building cabling. It recognizes CAT6a as a media type. It also denes the minimum bend radius for twisted-pair cables, both shielded and unshielded. In addition, it species the maximum untwist value for the CAT6a cable termination. 568 B: This earlier standard, in which some sections are now obsolete, denes the standards for preferred cable types that provide the minimum acceptable performance levels including: 100 ohm twisted pair STP Optical ber
568 A: This obsolete standard dened the standards for commercial buildings and cabling systems that support data networks, voice, and video. It further dened cable performance and technical requirements.
Premise Wiring
Premise wiring is dened as a hierarchical cable system architecture in which a Main CrossConnect (MCC) is connected via a star topology across backbone cabling to Intermediate Cross-Connects (ICC) and Horizontal Cross-Connects (HCC). Telecommunications design traditions have used a similar topology, and many people refer to the cross-connects of premise wiring by such nonstandard terms as distribution frames, Main Distribution Frames (MDFs), Intermediate Distribution Frames (IDFs), and wiring closets.
Premise Wiring (2 slides)
73
LESSON 3
Figure 3-5: Components used in premise wiring. Many components are used in premise wiring.
Premise Wiring Component

Drop cable Patch panel
Description
The wire that runs to a PC, printer, or other device connected to a network. A connection point for drop and patch cables. Typically, a patch panel has one or more rows of RJ-45 or other connectors. Drop cables are connected to the connectors. Cables run between the connectors to connect drop cables as needed. A cable that is plugged into the patch panel to connect two drop cables. A patch cable might or might not be a crossover cable, where the transmit conductor at one end is connected to the receive conductor at the other. Individual wires that connect two drop cables to a patch panel. Crossconnects are rarely used in modern networks because they are built in the network components. However, they are still frequently used in telephone wiring. A cable rack that interconnects the telecommunications wiring between itself and any number of IDFs. A cable rack that interconnects the telecommunications wiring between an MDF and any workstation devices. A small room in which patch panels are installed. Drop cables radiate out from the wiring closet to the components on the network.
Patch cable
Cross-connects
MDF IDF Wiring closet
74
LESSON 3
Horizontal Cross-Connects Horizontal cross-connects provide a point for the consolidation of all horizontal cabling, which extends in a star topology to individual work areas, such as cubicles and offices. Fiber optic horizontal cabling is limited to 90 meters. Optional consolidation points or transition points are allowable in horizontal cables, although many industry experts discourage their use. Vertical Cross-Connects Vertical cabling or vertical cross-connects are generally recognized as cables that run vertically between oors in a building, or vertically between equipment in an equipment rack. They are not dened as part of the Structured Cabling standards.
Plenum and PVC Cables

A plenum cable is a network cable that is jacketed tightly around conductors so that re cannot travel within the cable. The jacket of the plenum cable does not emanate poisonous gases when it burns. Fire codes require that you install this special grade cabling in the plenum, an air handling space, including ducts and other parts of the Heating, Ventilating, and Air Conditioning (HVAC) system in a building, between the structural and suspended ceilings, and under raised oors, as well as in rebreak walls. Unlike non-plenum cables, plenum cables can run through the plenum and rebreak walls. Polyvinyl chloride (PVC)-jacketed cabling is inexpensive and exible. The PVC cable is also referred to as the non-plenum cable. However, when PVC burns, it gives off noxious or poisonous gases. Additionally, PVC jacketing is not formed tightly to the conductors it contains. Tests show that re can travel within a PVC cable, passing through rebreaks.
Plenum and PVC Cables (2 slides)
Figure 3-6: Plenum and PVC cables used in an office environment.
75
LESSON 3
Fiber Optic Cables
Fiber Optic Cables
Denition: A ber optic cable is a network cable that has a core surrounded by one or more glass or plastic strands. In addition, it contains extra ber strands or wraps, which are surrounded by a protective outer jacket. The core is the thin glass center through which light travels transmitting data. The core is between 5 and 100 microns thick with cladding made from optical materials such as silica. The cladding reects light back to the core in patterns determined by the transmission mode. A buffer, often made of plastic, surrounds the cladding and core. To add strength to the cable, strands of synthetic ber surround the buffer. An outer jacket, sometimes called an armor, wraps and protects the whole assembly. Light pulses from a laser or high intensity LED are passed through the core to carry the signal. The cladding reects the light back into the core, increasing the distance the signal can travel without a need for regeneration. Example:
Figure 3-7: Layers in a fiber optic cable.

Fiber optic cables are the least sensitive of any cable type to electromagnetic interference.
You should not look into the end of an operating ber optic cable. The intensity of light leaving the end of a singlemode ber is strong enough to cause temporary or permanent damage to the eye.
Fiber Optic Cable Modes

Fiber Optic Cable Modes (2 slides)
Two modes of ber optic cables are available in market: multimode and singlemode. Both modes of ber optic cables have an outer diameter of 125 microns; that is, 125 millionths of a meter or 5 thousandths of an inch, which is just larger than a single human hair. The multimode ber allows light to travel through its core in multiple rays or modes. Its core of 50 or 62.5 microns works with LED sources for slower networks and with laser for faster networks. At only 9 microns, the singlemode ber is much less in diameter than the multimode ber. Within the singlemode ber, light travels unidirectionally. The singlemode ber is used with laser to process telephony and cable TV transmissions. Singlemode and multimode bers have different characteristics.
76
LESSON 3
Fiber Optic Cable Mode
Singlemode ber
Description
Carries an optical signal through a small core, which allows only a single beam of light to pass. A laser, usually operating in the infrared portion of the spectrum, is modulated in intensity to transmit the signal through the ber. It provides a bandwidth of up to 30 MHz. Contains a core surrounded by cladding, each with its own uniform index of refraction. When light from the core enters the cladding, a step down occurs due to the difference in the refractive indices. Step-index ber uses total internal reection to trap light. Possesses variations in the core glass to compensate for differences in the mode path length. Provides up to 2 GHz of bandwidth, which is signicantly more than step-index ber.
Step-index multimode ber
Graded-index multimode ber
Refraction Refraction occurs when a light ray passing from one transparent medium to another, bends due to a change in velocity. The change in velocity occurs due to the differences in the density of the two mediums. The angle of incidence is the same as in reection. The angle between the normal and the light ray as light enters the second medium is called the angle of refraction.
Fiber Connectors
Various connectors are used with ber optic cables.
It often takes a specially trained and certied technician, plus specialized equipment, to install ber optic connectors. This is because the installation requires in-depth knowledge about ber optic communication systems and ber optic cables. Additionally, the installation involves various testing processes, which can be done only by a knowledgeable or certied technician. Fiber Connectors (2 slides)
Fiber Optic Connector

Straight Tip (ST)
Description
ST connectors are similar in appearance to BNC connectors and are used to connect multimode bers. They have a straight, ceramic center pin and bayonet lug lockdown. They are often used in network patch panels. ST connectors are among the most popular types of ber connectors.
77
LESSON 3
Subscriber Connector or Standard Connector (SC)
Description
SC connectors are box-shaped connectors that snap into a receptacle. They are often used in a duplex conguration where two bers are terminated into two SC connectors that are molded together. SC is used with a singlemode ber.
Face Contact (FC)
FC connectors use a heavy duty ferrule in the center for more mechanical stability than SMA or ST connectors. A ferrule is a tubular structure made of ceramic or metal that supports the ber. These connectors are more popular in industrial settings where greater strength and durability is required.
FDDI
FDDI connectors are used for multimode ber optic cable and are a push/pull-type, two-channel snap-t connectors. Also called a Media Interface Connector (MIC).
Biconic
The biconic connector is a screw-on type connector with a tapered sleeve that is xed against guided rings and screws onto the threaded sleeve to secure the connection. When the connector is inserted into the receptacle, the tapered end of the connector locates the ber optic cable into the proper position. The biconic connector is one of the earliest connector types.
78
LESSON 3
Local Connector (LC)
Description
LC connectors are used for both singlemode and multimode ber and a small form factor ceramic ferrule. It is about half the size of a SC or ST connector. LC connectors use an RJ-45-type latching and can be used to transition installations from twisted pair copper cabling to ber.
Sub Multi Assembly or Sub Miniature type A (SMA)
SMA connectors are similar to ST connectors, and use a threaded ferrule on the outside to lock the connector in place. It is typically used where water or other environmental factors necessitate a waterproof connection, unlike a bayonet-style connector.
Mechanical Transfer Registered Jack (MT-RJ)
The MT-RJ connector, also called a Fiber Jack connector, is a compact snap-to-lock connector used with multimode ber. Because the MT-RJ connector is compact, it is easy to use. It is similar in size to the RJ-45 connector. Two strands of ber are attached with the MT-RJ connector.
Cable Properties
Twisted pair, coaxial, and ber optic cables have different properties with regard to transmission speed, distance, duplex, noise immunity, and frequency.
Cable Properties (2 slides)
79
LESSON 3
Cable Type
Twisted pair
Properties
Transmission Speed: CAT 3 UTP at 10 Mbps CAT 5 Up to 100 Mbps CAT 6 Up to 155 Mbps Distance: 1800 ft. Duplex: Supports full-duplex transmission Noise Immunity (security, EMI): 30 MHz Frequency: Up to 600 MHz
Coaxial
Transmission Speed: 10 Mbps Distance: Star topology 2000 ft. Bus topology 1000 ft. Duplex: Supports both half-duplex and full-duplex transmission Noise Immunity (security, EMI): High Frequency: 1 GHz to 10 GHz Transmission Speed: 40,000 Mbps Distance: Multimode ber is typically used for shorter runs of up to 500 meters, and singlemode for longer runs. The ultra high-quality of some ber cables allows runs of 62 miles or more between repeaters, which are rarely used now. Duplex: Supports full-duplex transmission as it consists of two bers that can be used for simultaneous, bi-directional data transfer. Noise Immunity (security, EMI): High Frequency: Normally the frequency is very high and its range depends on the bandwidth and the device that you use.
Fiber optic
Other Cable Media Types

Other Cable Media Types
Although twisted pair, coax, and ber optic cables are the most prevalent types of cable media used in network installations, you might also encounter several other types of cables.
Cable Type
Serial cable
Description
A serial cable is a type of bounded network media that transfers information between two devices using serial transmission. Information is sent one bit at a time in a specic sequence. A serial cable most often uses an RS-232 connector. In networking, serial cables are often used to connect routers. Null modem serial cables are also used by networking professionals. While not as common as other bounded network media, IEEE 1394, commonly known as FireWire, can be used to connect up to 63 devices to form a small local network. FireWire cables use a shielded cable similar to STP with either four or six conductors. Connections to devices are made with either a six- or four-pin connector. A USB connection is a personal computer connection that enables you to connect multiple peripherals to a single port with high-performance and minimal device conguration. USB connections support two-way communications.
IEEE 1394 (FireWire)
USB
80
LESSON 3
IEEE 1394 is commonly called FireWire, a name given to the standard by Apple, Inc. Sony names the same standard i.LINK, which is often written as iLink.
Cables Used in Serial and Parallel Data Transmissions The difference between serial and parallel cable is primarily the method that data is transmitted with. In parallel transmission, data (typically 8 bits) is transmitted simultaneously over several channels or wires. USB Standards USB 3.0 is the current standard that can transmit data at rates of up to 5 Gbps. USB 2.0 was the earlier standard that supported communication at up to 480 Mbps. It can communicate at up to 12 Mbps. A USB 2.0 device connected to a USB 1.1 hub or port will only communicate at USB 1.1 speeds, even though it might be capable of faster speeds. Windows will inform you of this when you connect the device. FireWire vs. USB FireWire predated USB and was faster than the original USB 1.1 standard. USB 3.0, with its increased speed, has largely superseded FireWire 3200. However, although USB 3.0 is faster than FireWire 3200 by the numbers, FireWire 3200 has better throughput, making it ideal for video or audio le transfers and external storage devices. A le transfer of 100 separate documents might be slightly faster on USB than FireWire, but a le transfer of a single 2 GB video le will be much faster in FireWire. Also, while USB provides a device with up to 5V power, FireWire maintains an edge in power management and provides up to 12V power on the wire.
ACTIVITY 3-1
Identifying Bounded Network Media
Scenario: In this activity, you will identify the major types of bounded network media.
1.
Match the media type with its definition.
IEEE 1394
Fiber optic
a d
Twisted pair Coaxial
Multiple insulated conductors clad in a protective and insulating outer jacket carry the signal. b. A shielded cable that is used to connect up to 63 devices to form a small local network. c. Light pulses from a laser or LED carry the signal through a core. d. A central copper conductor carries the signal, surrounded by braided or foil shielding.
a.
81
LESSON 3
2. Identify the type of network cabling shown in the graphic.
a) Twisted pair b) Coax c) Fiber optic 3. Match the network media with the connector typically used with it.
c a b
4.
Coaxial cable Twisted pair cable Fiber optic cable
a. RJ-45 b. MT-RJ c. BNC
Identify the type of network cabling shown in the graphic.
a) Unshielded twisted pair b) Shielded twisted pair c) Coax d) Fiber optic
82
LESSON 3
5. Why is a plenum cable commonly used in air handling spaces and run through firebreaks? a) It does not give off poisonous gases when burning. b) Fire cannot travel through the cable because of the insulated metal shield that surrounds the conductors. c) Fire cannot travel through the cable because the jacket is closely bound to the conductors. d) It is more durable than using a PVC cable.
ACTIVITY 3-2
Identifying Network Media
Scenario: In this activity, you will identify the network media used on your local classroom network.
Ensure that you have the media and connector samples you will use in class for this activity ready before you start with the activity.
1.
Identify the cable types used to connect devices in the classroom. The cable types used will vary, but may include the most common type of bounded mediathe twisted pair cable. Other possible cable types are coax and fiber optic.
2.
Identify the types of connectors used in the classroom network. The connector types used will vary, as it depends on the cables used on the network. For example, if the cable type is twisted pair, the connectors will be RJ-45.
3.
Your instructor will provide samples of a variety of media and connector types. Identify each of the media and connectors. Answers will vary depending upon the media samples provided.
83
LESSON 3
TOPIC B
Unbounded Network Media
In the previous topic, you identied bounded network media. With more and more wireless network implementations, you will need different types of media to meet the needs of your wireless network. In this topic, you will identify unbounded network media. Unbounded media technologies have two distinct advantages for businesses over bounded media: rst, they are generally easier to install and congure; and second, they afford clients a lot of mobility. They are usually not as secure as bounded media, as the signals are subject to interception. Wireless technologies implementations offer various advantages and you need to understand their limitations to compensate for their disadvantages in your network environments.
Wireless Communication
Wireless Communication
Denition: Wireless communication is a type of communication in which signals are transmitted over a distance without the use of a physical medium. Information, data or voice, is transmitted as electromagnetic waves, such as radio and microwaves, or as light pulses. Wireless communication enables users to move around while remaining connected to the network. Wireless communication can be broadly classied as point-to-point communication such as cellular phones, multipoint communication such as wireless computer networks, and broadcast communication such as radio services.
Wireless media are also referred to as unbounded network media, where data signals are transmitted through the air instead of cables.
Wireless communication permits connections between areas where it would be difcult or impossible to connect using wires, such as in hazardous areas, across long distances, or inside historic buildings.
Example:
Figure 3-8: Communication on a wireless network. Point-to-Point, Multipoint, and Broadcast Communications Wireless connections can be point-to-point, multipoint, or broadcast.
84
LESSON 3
Point-to-point communication is a direct connection between two nodes. Data transmitted by one node goes directly to the other. Cellular communications are point-to-point communications. Typically, point-to-point wireless connections are used to link distant buildings or networks as part of a CAN, a MAN, or a WAN. Multipoint communication involves connections between many nodes. Each multipoint connection has more than two endpoints. A signal transmitted by any device through a medium is not private. All devices that share the medium can detect the signal but cannot receive it. Wireless computer networks are an example of multipoint communication. Broadcast communication is a communication method in which data goes from a source node to all other nodes on a network. Each node receives and acts on the data. Radio communication is an example of a broadcast communication.
Radio Networking
Denition: Radio networking is a form of wireless communications in which signals are sent via Radio Frequency (RF) waves in the 10 KHz to 1 GHz range. Radio networking is subject to electrical interference from power lines, a buildings metal structural components, and atmospheric conditions.
U.S. regulatory agencies dene the limits on which frequencies and how much power can be used to transmit radio signals. In the United States, the Federal Communications Commission (FCC) regulates radio transmission. Radio Networking
Example:
Figure 3-9: Communications on a radio network.
Broadcast Radio
Denition: Broadcast radio is a form of RF networking that is non-directional, uses a single frequency for transmission, and comes in low- and high-power versions. Low-power RF transmission travel a short distance, often no more than 70 meters, but are inexpensive and relatively easy to install. High-power RF transmission travel longer distances; however, specially-trained technicians are often required to install this more expensive type of system.
Broadcast Radio
85
LESSON 3
Example:
Figure 3-10: Communications using broadcast radio.
Spread Spectrum
Spread Spectrum
Denition: The spread spectrum is a form of radio transmission in which the signal is sent over more than one frequency. Because signals are transmitted over different frequencies, it is more difficult to eavesdrop and capture the signals. Additionally, distinguishing between the signal and background noise is often easier. Example:
Figure 3-11: Spread spectrum radio.
Types of Spread Spectrum

Types of Spread Spectrum
The spread spectrum uses either frequency hopping or direct sequencing techniques to distribute the signal across the radio spectrum.
86
LESSON 3
Spread Spectrum Type
Frequency Hopping Spread Spectrum (FHSS)
Description
FHSS sends signals on one channel at a time. The channel changes at xed predetermined intervals. Both the sender and receiver use the same selection and order of frequencies so that communication is possible even as the frequency changes. FHSS does not signicantly reduce noise or improve the signalto-noise ratio. DSSS uses multiple channels simultaneously to send data. Additionally, Error Detection And Correction (EDAC) techniques are used to reduce data transmission errors. In DSSS, a data signal is converted into multiple data signals called chips. The set of chips is sent across a wide band of adjacent channels. Upon receiving the data, the receiver combines and converts the signals back into the original. Because of the included EDAC information, the signal can often be reconstructed only if some of the channels are received clearly.
Direct Sequence Spread Spectrum (DSSS)
Eavesdroppers are less likely to be successful at listening in on an FHSS transmission than a normal radio transmission. It is unlikely that parties other than the sender and the receiver would know the selection and order of frequencies being used to communicate.
Infrared Transmission
Denition: Infrared transmission is a form of wireless transmission over unbounded media in which signals are sent as pulses of infrared light. Infrared signals transmit at frequencies between 300 GHz and 300,000 GHz. Infrared frequencies transmit in the range just below visible light in the electromagnetic spectrum. Receivers need an unobstructed view of the sender to successfully receive the signal, though the signal can reect off hard surfaces to reach the recipient. Many infrared-compatible devices follow the standards set forth by the Infrared Data Association (IrDA).
Infrared Transmission
87
LESSON 3
Example:
Figure 3-12: Infrared transmission receiver. Infrared Transmission Rates Infrared wireless networking offers transmission rates between 10 and 16 Mbps. Infrared compatible devices, such as a wireless mouse and keyboard, are limited to distances of approximately three feet and for that reason such devices are often used in Wireless Personal Area Networks (WPANs). Direct transmission and short distances between devices virtually eliminate eavesdropping and signal tampering, a key feature that makes IrDA the chosen standards for securing the transmission medium.
Infrared Specication
Serial Infrared (SIR) Fast Infrared (FIR)
Description
Discovery and negotiation of data connections is performed at 9.6 Kbps and speeds vary from 9.6 to 115.2 Kbps An obsolete term, but still used to describe 4 Mbps data transmission rates. FIR is also an informal reference to all speeds above SIR. Supports data transmission speeds of up to 16 Mbps. An unofficial reference to data transmission speeds between 0.576 and 1.152 Mbps.
Very Fast Infrared (vFIR) Medium Infrared (MIR)
IrDA Data transfer Support for IrDA functions is included with, or can be added to, many current operating systems including Windows, Mac OS X, and Linux. The IrDA specications dictate a wide range of functions: File transfer: The IrDA Object Exchange (IrOBEX) protocol enables le transfer between IrDA devices. Printing: The IR Line Printer (IrLPT) protocol enables printing between IrDA devices such as laptops and IrDA printers. Image transfer: The IR Transfer Picture (IrTran-P) protocol enables easy image transfer between digital cameras and Windows devices. Dial-up networking: The IR Communications (IrCOMM) protocol enables dial-up Internet access through IR-enabled cell phones.
88
LESSON 3
LAN access and peer-to-peer networking: The IR Network (IrNET) protocol enables network access through IR-enabled access points.
Bluetooth
Bluetooth 1.1 is a wireless technology that facilitates short-range wireless communication between devices such as personal computers, laptops, cellular phones, and gaming consoles, thus creating a WPAN. A maximum of eight Bluetooth devices usually less than 30 feet apart can be connected to each other at a point in time. Bluetooth establishes a link using an RF-based media and does not need line-of-sight to make connections. Bluetooth uses the 2.4 GHz spectrum to communicate a 1 Mbps connection between two devices for both a 232 Kbps voice channel and a 768 Kbps data channel. Bluetooth 2.0 will increase the overall speeds to a data rate of 2.1 to 3 Mbps. The latest version of Bluetooth version 2.0 allows for communicating devices to be as far as 30 meters or 100 feet apart.
The Bluetooth technology is named in memory of a Danish king named Harald Bluetooth. Bluetooth
Figure 3-13: Bluetooth communications.

Although Bluetooth is used often in a WPAN, a small personal ofce or even a desktop allows you to connect other Bluetooth-enabled devices effectively.
Microwave Transmission
Denition: Microwave transmission is a form of point-to-point wireless transmission over unbounded media in which signals are sent via pulses of electromagnetic energy in the microwave region of the electromagnetic spectrum. It transmits signals at a frequency range of 1 GHz to 300 GHz. Receivers need an unobstructed view of the sender to successfully receive the signal, and depending on the frequency in use, transmission can be affected by environmental conditions. Signals can be reected off satellites to increase the transmission distance. Microwave transmission technologies are often used in WANs and MANs.
Microwave Transmission
89
LESSON 3
Example:
Figure 3-14: Microwave transmission using satellites.
Wireless Access Points

Wireless Access Points
Denition: A Wireless Access Point (WAP) is a device that provides a connection between wireless devices and can connect to wired networks. It has a network interface to connect to the wired network and an antenna or infrared receiver necessary to receive wireless signals. The Service Set Identier (SSID) is a 32-bit alphanumeric string that identies a WAP and all devices attached to it. Wireless connectivity devices such as the WAP or wireless routers come with a default SSID. Many access points include security features that enable you to specify which wireless devices can make connections to the wired network.
IEEE 802.11 does not specify how two WAPs should communicate. To ensure compatibility, it is best to use WAPs from the same manufacturer.
Example:
Figure 3-15: A wireless access point connecting to a wired network. Enable and Disable SSIDs Wireless connectivity devices such as a WAP or wireless routers come with a default SSID. An administrator can accept a devices default SSID or specify an SSID manually to more clearly identify the device.
90
LESSON 3
Another method of securing a wireless connection is by disabling the broadcast of the SSID of the wireless device. Disabling the broadcast causes the wireless device to not appear on the network. Therefore, when a client device scans the network, it will not be able to locate the disabled SSID. Though disabling the broadcast of SSID is comparatively an easy task to do, this method is not very effective because hackers can still access the WLAN using sniffing software. SSID Mismatches A client device uses its SSID to identify itself to the wireless network. An SSID mismatch can occur when a device receives a packet that contains a different SSID than its own. Devices need to be congured with the same SSID as the WAP in order to communicate with it. A mismatch of SSIDs can block communication between the device and the WAP. Steps to Install a WAP
How to Install a Wireless Access Point

Procedure Reference: To install a WAP:
1. 2.
Select and purchase a WAP that meets your needs. Determine placement for the WAP: Where are the nodes you wish to connect to the router located? How long will the cable connects the WAP to the wired network be? Is there access to a power outlet? Will the device be physically secure? Do you need access to a wired network drop? Consider wireless networking characteristics such as avoiding interference, signal range, and signal degradation.
3.
Using a laptop, or a workstation at a desk or workbench, congure the WAP prior to deployment: a. Connect a network cable to the WAPs uplink port. b. c. d. Power on the WAP. Connect to the WAP via the built-in web interface, or by using manufacturer supplied conguration software. Congure the desired settings: e. f. Consult your network documentation for conguration parameters such as the WAPs SSID, DHCP settings, and security settings. Consult the device manufacturers documentation for information on how to congure and use the devices capabilities and settings.
Save the settings once congured. Test the WAPs functionality by connecting a wireless client to it: Ping or use traceroute to test the connection to other computers and observe the results.
91
LESSON 3

4. 5.
Use software tools to monitor the clients wireless signal strength and the WAPs behavior. Connect to internal network shares. Connect to the Internet.
Place the WAP in the chosen location. If necessary, run the appropriate type of cabling from the wired network to the WAP. Label the cable or drops on both ends so that there is no confusion as to where the cables go. Power on the WAP. Test the WAPs functionality in the live environment by repeating the tests from earlier installation. Document your actions and their results, including any exceptions along the way.
6. 7. 8.
ACTIVITY 3-3
Identifying Wireless Transmission Technologies
Scenario: In this activity, you will identify and distinguish between the various types of unbounded media used to create wireless links between network nodes.
1.
Select the characteristic(s) of unbounded media. a) Use a physical medium b) Transmit both voice and data signals c) Use electromagnetic energy d) Operate only within a 10 mile radius
2.
At what radio frequency does Bluetooth operate? a) 5 GHz b) 2.4 GHz c) 300 GHz d) 100 GHz
3.
Which form of wireless transmission transmits signals in the 10 KHz to 1 GHz frequency range? a) Radio b) Infrared c) Microwave
92
LESSON 3
4. What statements are true of data signaling in FHSS? a) Consist of multiple chips transmitted across a different frequency. b) Sent over a single, high-frequency RF transmission band. c) Transmitted across a single frequency, and later sent over a randomly selected frequency. d) Less likely to be intercepted, but not significantly less susceptible to noise. 5. Which forms of wireless media operate only when there are no obstacles in the transmission path? a) Infrared b) Radio c) Microwave 6. Which unbounded media transmission method uses multiple frequencies to reduce interference and the likelihood of eavesdropping? a) Infrared b) Microwave c) Spread spectrum d) Broadcast radio
TOPIC C
Noise Control
You have identied both bounded and unbounded transmission mediathe conduits over which network communications ow. This ow of communications can be impaired by interference such as noise. In this topic, you will describe noise and noise control techniques used on your network media. Any number of things can cause interference with the transmission on your networkradio, TV, cell phones, and radar to name a few. The one constant is that noise always slows a networks performance and reduces its reliability. When the receiving node has to try to make sense of a mix of different signals, it ends up asking the sending node to resend data multiple times. In order to reduce noise on your network, you need to understand the sources of noise and how to protect your network against them.
Electrical Noise
Denition: Electrical noise refers to unwanted signals that are present in the network media. Noise interferes with the proper reception of transmitted signals. Noise can come from natural sources, such as solar radiation or electrical storms, or from man-made sources, such as electromagnetic interference from nearby motors or transformers.
Electrical Noise
93
LESSON 3
Example:
Figure 3-16: Electrical noise on a signal transmission.
Sources of Electrical Noise

Sources of Electrical Noise
A variety of sources contribute to electrical noise.
Noise Source
Ambient noise
Description
Ambient noise can come from many sources, including solar disturbances that affect the Earths magnetosphere, or nearby radio broadcasting towers. These forms of noise affect both bounded and unbounded media, with longer network segments being affected more than shorter ones. High-tension power lines or a buildings own electrical wiring can create electrical noise. Network cables that run parallel to electric wires are more susceptible to electrical noise than those that run perpendicular. Electric motors, such as those used in elevators, refrigerators, water fountains, and HVAC equipment, create noise while running, but this is more when they start up. Motors require a huge amount of electricity to start up, causing a burst of noise. These bursts can create temporary outages that resolve themselves when the motor reaches full speed or stops. Like electric motors, electric heating elements use a lot of electricity and cause a signicant amount of electrical noise while running. Fluorescent, neon, and High-Intensity Discharge (HID) lighting devices produce a large amount of electrical noise, generally due to the transformers and ballasts required to make these lights work. Interior overhead lights, building security lights, and decorative lighting can create enough noise during operation to interfere with networking signals traveling over either bounded or unbounded media.
Power wires
Electric motors
Electrical heatgenerating devices Fluorescent, neon, and HID lights
Other Effects of Noise In addition to the noise that affects data networking media, noise can affect the electricity that powers computing devices. Surges or dips can result in the electric current, which can damage equipment, cause application or operating system software crashes, or even system restarts. Electric motors, heating elements, solar disturbances, or natural disasters can cause transient power problems. Most devices include power conditioning components that handle at least some of these power uctuations. However, sensitive equipment should be protected through the use of specialized power conditioning devices, such as an Uninterruptible Power Supply (UPS) or a surge protector.
94
LESSON 3
Grounding
Grounding is the connection of a shield or conductor to an electrical ground point, such as a pipe or wire that is in contact with the ground. Grounding at one point in a segment helps prevent noise on the data conductor by shunting noise signals to ground. Connecting to ground at multiple points can introduce noise onto the line, degrading network performance.
Grounding
Figure 3-17: Grounding using a rack frame. Grounding for Safety Electrical devices often must be connected to a ground point for safety. In these situations, the ground connection serves as a way to direct high voltages safely away from humans and other devices, sending them instead into the ground. Isolated Grounds You should ground networking and other sensitive electronic equipment to dedicated ground points rather than to pipes and conduits. Electricians refer to this sort of ground connection as an isolated ground and will use an orange socket for such circuits.
Shielding
Denition: Shielding is the method of placing the grounded conductive material around the media. This prevents the introduction of noise into the media by deecting the noise to the ground. Because of this, the connection between the ground and the shield is called a drain. Shields are drained in only one location to prevent a ground loop, a phenomenon in which the shield introduces noise in the data signal.
Shielding
95
LESSON 3
Example:
Figure 3-18: Shielding used in Coax.
Differential Signaling
Differential Signaling
Denition: Differential signaling is a noise reduction technique in which signals from two inputs are compared; signals that are identical on both inputs are ignored, while those that are different on the inputs are accepted. Quite often, noise is constant on both inputs of a network cable. With differential signaling, such noise can be easily canceled out. Example:
Figure 3-19: Flow of signal in differential signaling.
Noise Control with Twisted Pair

Noise Control with Twisted Pair
The twists in the twisted pair cable determine how resistant the cable will be to noise. When noise is introduced into a twisted pair cable in which pairs are closely wound, noise is deected, minimizing the effect on the signal. When noise is introduced into a twisted pair cable in which pairs are loosely twisted, noise impinges on the conductor, adversely affecting the signal.
The tightness of the twists in twisted pair is called the twist ratio.
96
LESSON 3
Figure 3-20: Noise impact of different twists. Twists and Connectors The primary difference between Category 3 and Category 5 twisted pair cables is the number of twists per inch, with Cat 5 being more tightly wound. However, to fully support the network speeds for which they are rated, you must take care when adding connectors to these cables. You should not unwind the pairs too much or you will eliminate the noise-canceling benets of the twists. The more twists per foot and the more consistently the twists arranged are, the more resistant to noise a cable will be. As a rule, you should not unwind to more than 3/8 of an inch (about 10 mm) for a Category 5 cable. A Category 3 cable is more tolerant to unwinding of twists. A Category 6 cable requires special connectors that maintain the twists inside the connector.
Termination
Termination is the application of a resistor or other device to the end of a cable. Adding such a terminator ensures that the ends of the cable do not represent an abrupt change in impedance, causing signal reections and noise. The electrical characteristics of a terminator must match those of the cable and other components.
Termination
Figure 3-21: Terminators used in a bus network.

In legacy networking equipment, you had to install terminators yourself. They are now typically built into the networking devices you use.
97
LESSON 3
Matching Impedance Generally, you must match the impedance of all devices and cables to achieve proper signal ow. Signals can reect off the points where impedance changes, such as at a connector between devices or cable segments of mismatched impedance. Signals ow smoothly across connections when impedances match.
A cables impedance is typically marked on its outer jacket. If such a measure is a concern for a particular networking device, you will nd markings on its case or in its manual stating the devices impedance.
Noise Reduction Considerations

Noise Reduction Considerations
The installation techniques you follow can affect the amount of noise introduced into a network cable. There are several considerations that you can use to limit the impact of noise on your network.
Consideration
Separate data and electric cables
Description
Do not run data and electricity cables in the same trays, raceways, and conduits. Avoid running network cables parallel to each other when you can, because crosstalk is worst when cables run parallelly. Keep network cables at least 20 inches from uorescent lights as it can cause electromagnetic interference. If you must run data cables across or near these lights, do so in such a way that exposes the smallest length of cable to the light. Make sure to ground all equipment and electrical circuits according to the manufacturers instructions and local building codes. Follow standards, specications, and manufacturers directions when installing network cables. Do not unwind conductor pairs any more than required or allowed. Make sure connectors are rmly attached and connected to power outlets.
Fluorescent lights
Power ground
Connector installation
98
ACTIVITY 3-4
Identifying Electrical Noise Control Measures
Scenario: In this activity, you will identify methods for controlling electrical noise.
LESSON 3
1.
Choose the statement that defines electrical noise. a) Solar radiation or man-made sources of data signals. b) Extraneous signals introduced onto network media. c) The reception of transmitted signals from a source. d) Extraneous signals that enhance the quality of received transmission.
2.
Select the items that are sources of electrical noise. a) Fluorescent lights b) Solar storms c) Wind storms d) HVAC equipment
3.
True or False? Differential signaling reduces electrical noise by distinguishing between the signals on two different inputs. True False
4.
What is the process of installing a resistor on the end of a cable to prevent signal reflections called? a) Draining b) Grounding c) Terminating d) Shielding
5.
Match the source of noise with the means by which you can lessen or eliminate its impact.
Fluorescent lights
a c
Power ground Separate data and electric cables Connector installation
Ensure that all equipment and electrical circuits follow the manufacturers instructions and local building codes. b. Do not unwind conductor pairs any more than required or allowed. c. Avoid running network cables parallel to each other when you can to avoid cross talk. d. Keep cables at more than 20 inches distance from this source to avoid electromagnetic interference.
a.
99
LESSON 3
TOPIC D
Network Connectivity Devices
You are familiar with how network media, both bounded and unbounded, carry data across a network. Network connectivity devices transmit this data from one end to another. In this topic, you will identify the network connectivity devices and their purpose. Network connectivity devices are the base connections upon which the structure of a network is established. Network connectivity devices connect clients to the network and assist in transfer of data on a network. Network devices can also boost the data signal to increase the distance your data transmission can travel and to ensure that they are usable at the destination.
NICs
NICs
Denition: A Network Interface Card (NIC), also called a network adapter or network card, is a device that serves as an interface between a computer and the network. To connect to a network, a computer must have a NIC installed. NICs can be built into the motherboard of the computer, or can be connected using a USB, PC Card, CompactFlash or FireWire port; or it can also be an internal adapter card that is installed on one of the computers expansion slots. NICs can connect to either wired or wireless networks. Example:
Figure 3-22: A NIC on a computer. NIC Installation Specic installation procedures for network cards might vary depending on the type of hardware used and its software features. You will need to customize the generic installation procedure to suit your specic situation. To install a NIC you need to: 1. Ensure that you take anti-static precautions by using an anti-static wrist strap or similar gear.
100
LESSON 3
2. 3. 4. 5. 6. 7. 8. 9. Power down the PC. Disconnect the power and other cables. Open the case for the CPU. Locate the PCI or PCIx slot you want to install the card into. Install the card into the slot and secure it with a screw. Close the case and reconnect the cables. Connect a network cable to the newly installed card. Power on the PC.
10. Install the manufacturer provided drivers. The operating system may identify and install the driver automatically or you may have to install the driver manually. 11. Test the cards functionality. Observe the cards LED lights to verify that it is operational. Ping other computers on the network. Connect to internal network share folders to check local network access. Connect to the Internet.
12. Document the steps for the installation for future reference. Full Duplex Support Full Duplex is a feature of NIC that allows multiple devices to send and receive data simultaneously without data collision. Because a switch forms a miniature network between a node and itself, there is no chance of data collision. Thus, it does not need to use a conventional media access method, such as CSMA/CD. Instead, providing the nodes NIC is properly congured, the switch can support a full duplex connection with each node over which data can be sent and received simultaneously. Full duplex operation may not be enabled by default on your NICs and switches. Taking the time to enable this feature using the NICs properties can improve performance by doubling throughput on your network.
101
LESSON 3
ACTIVITY 3-5
Identifying the Local Network Card
There is a simulated version of this activity available on the CD-ROM that shipped with this course. You can run this simulation on any Windows computer to review the activity after class, or as an alternative to performing the activity as a group in class. The activity simulation can be launched either directly from the CD-ROM by clicking the Interactives link and navigating to the appropriate one, or from the installed data le location by opening the C:\Data\Simulations\Lesson#\Activity# folder and double-clicking the executable (.exe) le.
The instructor user name is Child100\Administrator.
Before You Begin: Your user name is Child##\Administrator (where ## is your assigned student number). Your password is !Pass1234. The classroom main domain is named CLASSNET. Scenario: In this activity, you will identify the local network adapter card.
What You Do 1. Log on to Windows Server 2008 R2. How You Do It a. Press Ctrl+Alt+Delete to log on. b. In the log on screen, click Switch User and then click Other User. c. In the User name text box, type Administrator and press Tab. In the Password text box, enter !Pass1234 d. Close the Server Manager window.
102
LESSON 3
2. Verify your log on identity. a. Click Start. b. Observe that your user name is displayed at the top of the Start menu.
c. Choose Control Panel and, in the Control Panel window, click User Accounts. d. In the User Accounts window, in the right pane, click the User Accounts link. e. Click the Manage User Accounts link. f. Verify that your user name is selected and click Properties.
g. Observe your domain user name in the title of the dialog box. Close the CHILD##\Administrator Properties and User Accounts dialog boxes. 3. Identify the network card type. a. In the User Accounts window, click the Control Panel Home link. b. In the Control Panel window, click the Hardware link. c. In the Devices and Printers section, click the Device Manager link. d. In the Device Manager window, in the objects list, double-click Network adapters to expand it.
Your card type might be different from the one displayed in the graphic of Step 2e. Assist the student with differentiating between the physical hardware adapter and a loopback adapter.
103
LESSON 3
e. Identify the network card type and then close all open windows.
Transceivers
Transceivers
Denition: A transceiver is a device that has both a transmitter and a receiver integrated into it and, as a result, can both send and receive data. Most modern transceivers are built into the network card. In networking, the transceiver supports the NIC in allowing data transmission through the medium. Example:
Figure 3-23: A transceiver on a network card. Example: GBIC A Gigabit Interface Converter (GBIC) is a transceiver used to convert electrical signals into optical signals and vice versa. It is used as an interface for high-speed networking and to upgrade the network, without needing to replace all components in the motherboards. For instance, if different optical technologies are used, GBICs can be used to specically congure that link on the network. Based on the wavelength of laser light generated within the GBIC generator, GBICs can be categorized into shortwave GBICs and long-wave GBICs. The short-wave GBIC is used for connecting devices that are between 0.5 meters and 500 meters apart. Meanwhile, the long-wave GBIC is used for connecting devices that are between 2 meters and 6 miles apart.
104
LESSON 3
Example: SFP A Small Form Factor Pluggable (SFP) transceiver is most commonly used in 2 Gbps and 4 Gbps ber channel components to interconvert electrical signals and optical signals. SFPs are similar to GBICs in their architecture, but they allow higher port density than GBICs.
Switches
Denition: A switch is a network device that acts as a common connecting point for various nodes or segments. Switches work with pairs of ports, connecting two segments into an isolated contention domain as needed. Switches check the MAC address of each packet before they forward the packet to one or more ports for transmission. Most switches can work with multiple pairs of ports simultaneously to improve performance. Switches are responsible for forwarding data from the source to the destination, but switches forward data packets only to nodes or segments to which they are addressed. Because switches forward each packet only to the required port, the chances of collision are greatly reduced, increasing performance.
Switches
Example:
Figure 3-24: Switches in a network. Managed Switches A managed switch, also called an intelligent switch, is one that includes functions that enable you to monitor and congure its operation. Typically, you connect to the switch using special software or via a dedicated management port. Port Mirroring Port mirroring is the practice of duplicating all traffic on one port in a switch to a second port, effectively sending a copy of all the data to the node connected to the second port. Port mirroring is useful as a diagnostic tool when you need to monitor all traffic going to a particular port or node with minimal impact on the network performance. Channel Bonding Channel bonding is the process of increasing throughput as it uses channels to bind multiple NICs to a MAC address. Channel bonding is performed on the Data Link layer. Channel bonding is also referred to as NIC bonding.
Lesson 3: Network Media and Hardware 105
LESSON 3
Trunking Trunking involves combining multiple network connections to increase bandwidth and reliability. Trunking is also known as link aggregation, port teaming, and NIC bonding, among other names. While there are a variety of manufacturer implemented techniques, IEEE 802.1AX-2008 denes a standard for link aggregation and resolves some issues with earlier denitions. Linking two 1 Gbps ports on a server to two 1 Gbps ports on a switch can result in 2 Gbps aggregate throughput. Depending on the implementation, this can result in a redundant connection in case one of the cables or ports fails. However, this still leaves the possibility of the entire switch failing, so some hardware vendors provide proprietary methods for trunking ports across two physically separate switches. Trunking can be used to connect a variety of network hardware, including switch to switch, server to switch, server to server, or switch to router. Steps to Install and Congure a Switch
Virtual Switches
Virtual Switches
A virtual switch is a software-based switch that provides functionality similar to physical switches. Used to connect systems on a virtual network, a virtual switch contains a core forwarding unit that forwards packets to the correct virtual systems. Virtual switches check the MAC address of each packet like a physical switch, and forwards the packet to one or more virtual ports for transmission. It also contains a VLAN tagging unit, a packet ltering unit, and a security unit. Traffic cannot directly ow from one virtual switch to another in the same host network. All network traffic from external virtual networks is routed through a physical switch to its destination. Two virtual switches or VLANs cannot communicate directly, and you need to congure a router to forward packets.
Switch Installation and Conguration

Procedure Reference: To install and congure a switch:
1. 2.
Purchase a switch that will meet your network requirements. Determine the placement for the switch. You will need to consider: Where are the devices you wish to connect to the switch located? How long will the cable run between the switch and each node be? Is there access to a power outlet? Will the switch need to be physically secured? Do you need access to a wired network drop?
3.
Run the appropriate cabling from each node to the switch. Ensure that you properly terminate the cables at both ends. Label the cables or drops on both ends so that there is no confusion as to how the cables need to be connected.
4. 5.
Plug the ends of the cables into the ports on the nodes and the switch. Use an appropriate network cable to connect the switch to the rest of the network.
106
LESSON 3
If you are connecting to another network device rather than an individual workstation and the switch has an uplink port, use it. You may need to use a crossover cable to make the connection.
6. 7.
Power on the switch. Unmanaged switches do not need to be congured. If it is a managed switch, congure the desired settings: Consult your network documentation for conguration parameters. Consult the device manufacturers documentation for information on how to congure and use the devices capabilities and settings. Check LED lights on the front of the switch to make sure it is operational and the necessary ports are active. Ping other computers attached to both the switch and other portions of the network. Use software tools to monitor the signal strength, packet loss, and connection speed. Connect to internal network shared folders to check network access. Connect to the Internet.
8.
Test the switchs functionality:
9.
Document your actions and results, including any exceptions for future reference.
Routers
Denition: A router is a networking device that connects multiple networks that use the same protocol. Routers send data between networks by examining the network addresses contained in the packets they process. Routers can work only with routable protocols, which are network protocols that provide separate network and node addresses. A router can be a dedicated device, incorporated into a multi-function device, or can be implemented as software running on a node, typically with two NICs, with one NIC being the nodes primary network adapter and the other NIC acting as the router. Example:
Routers
Figure 3-25: Router on a network.
107
LESSON 3
Rollover Cables A rollover cable is a cable used to connect a computer to a router. It is often necessary to use a rollover cable to perform initial setup and conguration, or troubleshooting of routers. The rollover cable connects to the routers console port on one end, and to a computers serial port on the other. The term rollover is used because the wires are reversed at one end; going from one to eight on end A and from eight to one on end B. Rollover cables are usually differentiated by being at instead of round, and their outer jacket is often a unique color such as yellow or light blue. Some rollover cables have Ethernet connectors on both ends and will need a DB-9 (RS-232) or RJ-45 adapter to connect to a serial port. Steps to Install and Congure a Router
Router Installation and Conguration

Procedure Reference: To install and congure a router:
1. 2.
Ensure that you purchase a router that will meet the needs of your network. Determine the correct placement for the router. You need to consider: Where are the nodes you wish to connect to the router located? How long will the cable run between the router and each node be? Is there access to a power outlet? Is the router physically secured? Do you need access to a wired network drop? Do you need to make considerations for wireless networking?
3.
Run the appropriate type of cabling from each node to the router. Ensure that all cables are properly terminated at both ends. Label the cables or drops on both ends so that there is no confusion as to where the cables go.
4.
Use an appropriate network cable to connect the router to the rest of the network.
If you are connecting to another network device rather than an individual workstation and the router has an uplink port, use it. You may need to use a crossover cable to make the connection.
5. 6.
Power on the router. Congure the desired settings: Consult the network documentation for conguration parameters such as subnetting parameters, routing protocol conguration, and router connection settings. Consult the device manufacturers documentation for information on how to congure and use the devices capabilities and settings.
7.
Test the routers functionality: Ping other computers attached to both the router and other portions of the network.
108

8.
LESSON 3
Run a traceroute command from your node to other nodes that you know the new router should be servicing. Use software tools to monitor the signal strength, packet loss, and connection speed. Connect to internal network shared folders to check network access. Connect to the Internet.
Document your actions and their results, including any exceptions for future reference.
Gateways
Denition: A gateway is a device, software, or a system that converts data between incompatible systems. This function differentiates it from the router, which can interconnect networks that use similar protocols only. Gateways can translate data between different operating systems, or email formats, or between totally different networks. A gateway can be implemented as hardware, software, or both. You can also install gateways as software within a router, allowing the router to act as a gateway when required, and eliminating the need for separate hardware.
It is important not to confuse a gateway with the default gateway in TCP/IP, which just forwards IP data packets. Gateways
Example:
Figure 3-26: A gateway connecting a LAN to a WAN.
Virtual Servers
A virtual server is remote software that can run its own operating systems or applications, similar to a physical server. A virtual server is composed of only software components and behaves similar to a real computer. A virtual server has characteristics similar to a physical computer and contains its own virtual software-based CPU, RAM, hard drive, and NIC. An operating system will behave in the same manner on both virtual and physical servers because
Virtual Servers
109
LESSON 3
it cannot differentiate between the two. Similarly, there will not be any major functionality changes in the way applications or computer networks behave in a virtual server environment. Virtual servers offer distinct advantages over physical servers such as the ability to perform administrative tasks remotely and at lower costs. Virtual Desktop Virtual desktop is a feature of the operating system that allows multiple desktops to be open instead of the default single desktop. On the supported operating system, users can specify the default number of desktops. Virtual desktop is supported on most Linux distributions. Windows require additional software to be installed for enabling virtual desktop. Virtual desktop will be useful when a user needs to have multiple windows open without cluttering their desktop.
Virtual PBX
Virtual PBX
A virtual PBX is a private communications service provider that provides low cost PBX service. Traditionally, businesses use PBX technology to manage phone-based tasks such as voicemail, faxing, conference calling, and call routing. A physical PBX system involves a very high cost investment with expensive hardware that only large businesses could afford. Virtual PBXs allow smaller businesses to utilize PBX services without the need to purchase, install, or maintain a physical PBX. Virtual PBX utilizes the traditional Public Switched Telephone Network (PSTN) with Voice over IP (VoIP) technology. PBX Parachute Virtual PBX provides a service named the PBX parachute that acts as a disaster recovery capability and keeps the phone service running even in case of power failure.
NaaS
NaaS
Organizations can purchase networking infrastructure. However, when they do not need it, they can lease the network as a service to a client. In this method, service providers lease resources on the network such as communication services and infrastructure. Network as a Service (NaaS) includes offerings such as Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). PaaS includes infrastructure and tools from the service provider so that the client does not need to manage them. They can, however, modify the applications deployed and the conguration parameters. IaaS includes network resources such as storage systems. The client can deploy software and add network components such as rewalls. Wireless service providers provide their services to subscribers, which is also an implementation of NaaS.
Figure 3-27: NaaS Infrastructure.
110
LESSON 3
Legacy Network Connectivity Devices
Due to technological advancements in the eld of networking, some of the network connectivity devices have become outdated. While some of them are no longer available as separate devices, their functionality is built into devices such as routers and switches.
Legacy Network Connectivity Devices
Network Device
Repeater
Description
A repeater is a device that regenerates a signal to improve signal strength over transmission distances. By using repeaters, you can exceed the normal limitations on segment lengths imposed by various networking technologies. Repeaters are used frequently with coax media, such as cable TV, and were also deployed in networks that used coax cabling. Most networks today use twisted pair cabling, and repeaters are not commonly needed. Wireless network repeaters and bridges are frequently used to extend the range of a WAP. A hub is a networking device used to connect the nodes in a physical star topology network into a logical bus topology. A hub contains multiple ports to which the devices can be connected. When a data packet from the transmitting device arrives at a port, it is copied and transmitted to all other ports so that all other nodes receive the packets. However, only the node to which it is addressed reads and processes the data while all other nodes ignore it. Two common types of hubs used were passive and active. A passive hub simply receives data transmitted from a device to one port and broadcasts it out to the devices connected on all other ports. An active hub performs the same receive then broadcast action as a passive hub, and also regenerates or boosts the signal much like a repeater. A bridge is a network device that divides a logical bus network into segments. Bridges examine the MAC address of each packet. If the packet is destined for a node connected to a different port, the bridge forwards the packet. If the packet is addressed to a node on its own segment, the bridge does not forward the packet. This arrangement reduces traffic between segments and improves overall network performance.
Hub
Bridge
111
LESSON 3
ACTIVITY 3-6
Identifying Network Connectivity Devices
Scenario: In this activity, you will identify the primary types of network connectivity devices.
1.
You need to connect multiple networks that use the same protocol. Which networking device would best meet your needs? a) Router b) Bridge c) Gateway d) Switch
2.
Which of these network devices is a common connecting point for various nodes or segments? a) Hub b) Router c) Gateway d) Switch
3.
True or False? A gateway subdivides a LAN into segments. True False
4.
Which statements are valid for a gateway? a) It can connect networks with dissimilar protocols. b) It can be implemented in a router. c) It can be implemented only as a computer program. d) It can be implemented as hardware or software.
112
Lesson 3 Follow-up
In this lesson, you identied network media and networking devices. These components form the infrastructure of your network. Just as people do not commute without a road, train, or subway, your data cannot move from computer to computer without media and devices. Knowledge of the media and devices will help you better understand the ow of data, and detect and troubleshoot transmission issues as they arise on your network.
1. Which will you use more frequently in your networks: bounded or unbounded media? Answers will vary, but may include: the media used on the network will vary according to the requirements of the network and the technologies used. Bounded (wired) media is more commonly used than unbounded (wireless) media. 2. Of the various networking devices, which offers you the best mix of features and functionality? Answers will vary, but may include: routers and switches. Routers can be customized and configured to suit the needs of each network, and can perform the functions of different devices depending upon the specifications used. Switches can support a different number of devices, and offer different specifications to suit the requirements of the network.
LESSON 3
113
NOTES
114
LESSON 4
LESSON 4
Network Implementations
In this lesson, you will identify the major types of network implementations. You will: Identify the components of an Ethernet network implementation. Identify the components of a wireless network implementation.
Lesson 4: Network Implementations
115
LESSON 4
Introduction
In the previous lesson, you identied the different types of transmission media, noise control, and the various network connectivity options. All of these network connectivity methods are used in different types of network implementations. In this lesson, you will identify the major types of network implementations. Networking is a fundamental aspect of all computer infrastructure. The ability to link and communicate between clients, servers, and mainframes is vital for the dissemination of voice and data traffic. As a network engineer, you will need to handle different types of networks. You need to be aware of the characteristics of the different types of networks to implement the most suitable network such that its performance is fully optimized. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.3 Explain the purpose and properties of IP addressing. 3.7 Compare and contrast different LAN technologies. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.2 Given a scenario, install and congure a wireless network. 2.4 Given a scenario, troubleshoot common wireless problems. 3.3 Compare and contrast different wireless standards.
Topic B:
TOPIC A
Ethernet Networks
In this lesson, you will identify major types of standard network implementations. The most pervasive standard in the majority of todays LAN implementations is Ethernet. In this topic, you will learn how devices and resources are connected using the Ethernet technology. Ethernet continues to dominate the wired LAN scenario, and is known for its simplicity and wide applicability. Its popularity can be owed to its ease of installation and upgradability. Networks both large and small utilize the Ethernet technology to provide both backbone and enduser services. Due to the wide deployment of Ethernet today, you will be required to manage and troubleshoot Ethernet networks.
Ethernet
Ethernet
Ethernet is a set of networking technologies and media access methods specied for LANs. Ethernet allows computers to communicate over small distances using a wired medium. Ethernet has evolved as the most widespread technology for wired LANs. Most Ethernet networks use twisted pair cables in their subnetworks and optical bers or coaxial cables in the network backbone. IEEE has dened the 802.3 specications and standards for Ethernet implementations.
116
LESSON 4
Figure 4-1: An Ethernet network implementation.
Switched Ethernet
Switched Ethernet is a LAN technology that connects computers using switches. The switch enables the device to utilize the full bandwidth of the medium. In switched Ethernet, switches recognize the destination address and route the packet only to the destination node. Thus, a switch can route multiple packets to different destinations simultaneously.
Switched Ethernet
Figure 4-2: Switches on an Ethernet network.
Ethernet Frames
An Ethernet frame is a data packet that has been encoded on the Data Link layer for transmission from one node to another on an Ethernet network. The basic Ethernet frame is broken down into seven elds as shown in the graphic.
Ethernet Frames
Figure 4-3: Fields in an Ethernet frame.
117
LESSON 4
Ethernet Frame Field
Preamble (PRE)
Description
(7 bytes) A pattern of ones and zeros used to signal the start of the frame and provide synchronization and timing information. The preamble noties all nodes that there is data to follow. (1 byte) The SFD identies the beginning of the data eld. (6 bytes) This is the MAC address of the computer to which the frame is being transmitted; it can be a unicast, multicast, or broadcast address. (6 bytes) This is the MAC address of the computer transmitting datathe SA is always a unicast address. (2 bytes) This is the length of the entire Ethernet frame in bytes, or the frame type ID of the frame. This eld can hold a value between 0 and 65,534, but the maximum value is usually less than 1500. (n bytes) The payload of the frame (or the information being sent). It must be a minimum of 46 bytes long and can be a maximum of 1500 bytes. If the length of data is less than 46 bytes, the data eld must be extended by adding a ller to increase the length to a minimum of 46 bytes. (4 bytes) The FCS checks the frame using a 32bit Cyclic Redundancy Check (CRC) value. The FCS allows the receiving device to detect errors in the Ethernet frame and reject it if it appears damaged.
Start-of-Frame Delimiter (SFD) Destination Address (DA) Source Address (SA) Frame type
Data
Frame Check Sequence (FCS)
MAC Addresses
MAC Addresses
Denition: A MAC address, also called a physical address, is a unique, hardware-level address assigned to every networking device by its manufacturer. MAC addresses are six bytes long. The rst three bytes uniquely identify the manufacturer and are referred to as the Organizationally Unique Identier (OUI). The remaining three bytes identify the device itself and are known as the Universal LAN MAC address. MAC addresses make use of an IEEE standard called the Extended Unique Identier (EUI). A host computer implemented with EUI-64 can assign to itself a 64-bit IPv6 interface identier automatically.
The OUI may also be called the Block ID and the Universal LAN MAC address may also be called the Device ID.
Example:
Figure 4-4: A MAC address.

118 CompTIA Network+ (Exam N10-005)
ACTIVITY 4-1
Identifying the Local MAC Address
LESSON 4
Before You Begin: You are logged in as the administrator for the domain Child##.Classnet. Your password is !Pass1234. Scenario: In this activity, you will identify your computers MAC address.
What You Do 1. Open the Local Area Connection Status dialog box. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, click the Network and Internet link. c. In the Network and Internet window, click the Network and Sharing Center link. d. In the Network and Sharing Center window, on the left pane, click Change adapter settings. e. In the Network Connections window, right-click Local Area Connection and choose Status. 2. Identify your computers MAC address. a. In the Local Area Connection Status dialog box, click Details. b. In the Network Connection Details dialog box, identify the Physical Address value to determine your computers MAC address. c. Close all open dialog boxes and windows.
Let the students know that the other status information will be discussed in subsequent activities. At the instructor computer, you are logged on as Child100\ Administrator.
119
LESSON 4
Networking Standards
Networking Standards
Denition: A networking standard is a set of specications, guidelines, or characteristics applied to network components to ensure interoperability and consistency between them. Standards determine all aspects of networking such as the size, shape, and types of connectors on network cables as well as the number of computers that can connect to the network. Example: The IEEE 802.3 standard is used to standardize Ethernet network implementations by providing networking specications and characteristics. Formalization of Standards Standards can be de facto, meaning that they have been widely adopted through use, or de jure, meaning that they are mandated by law or have been approved by a recognized body of experts.
To help recall which is which, you can think of words like jury and jurisdiction, which are words related to the legal system. These words, and the term de jure, come from the same Latin root.
Standards Organizations
Standards Organizations
Standards organizations issue standards that are important in the eld of computer networking.
Standards Organization
ISO
Description
International Organization for Standardization, ISO, is the largest standards-development body in the world, comprising the national standards institutes of 162 countries. It is a non-governmental organization issuing voluntary standards in elds from agriculture to textiles. Of most signicance for networking, in 1984, the ISO developed a reference model called the Open Systems Interconnection (OSI) model. The OSI model is a seven-layered framework of standards and specications for communication in networks. The short name ISO is not an abbreviation for the name of the organization in any particular language, but was derived from the Greek word isos, meaning equal. Website: www.iso.org Institute of Electrical and Electronics Engineers, IEEE, is an organization dedicated to advancing theory and technology in electrical sciences. The standards wing of IEEE issues standards in areas such as electronic communications, circuitry, computer engineering, electromagnetics, and nuclear science. Website: www.ieee.org
IEEE
120
LESSON 4
Standards Organization
ANSI
Description
American National Standards Institute, ANSI, is the national standards institute of the United States that facilitates the formation of a variety of national standards, as well as promoting those standards internationally. Individually accredited standards bodies perform the standards development under ANSIs guidance. The best-known ANSI standard in the computer world is a method for representing keyboard characters by standard four-digit numeric codes. Website: www.ansi.org Telecommunications Industry Association, TIA, and Electronic Industries Alliance, EIA, are two trade associations accredited by ANSI to develop and jointly issue standards for telecommunications and electronics. Website: www.tiaonline.org and www.eia.org The Internet Engineering Task Force, IETF, an international open committee, consists of working groups, committees, and commercial organizations that work together to develop and maintain Internet standards and contribute to the evolution and operation of the Internet. All published Internet standards documents, known as Requests For Comments (RFCs), are available through the IETF. Website: www.ietf.org
TIA and EIA
IETF
IEEE 802.x Standards

The 802.x standards are a family of networking standards developed by the IEEE in 1980 to address the rapid developments in the networking technology. The 802.x standards are divided into subcategories to address different networking requirements. 802.2 and 802.3 are two of the most commonly used IEEE standards in the 802.x series.
IEEE 802.x Standards
IEEE Standard
802.2
Description
The 802.2 standard was developed to address the need for MAC-sub-layer addressing in switches. The 802.2 standard species the frame size and transmission rate. Frames can be sent over Ethernet and Token ring networks using either copper or ber media. The original Ethernet network implementation was developed by Xerox in the 1970s. The IEEE issued the 802.3 specication to standardize Ethernet and expand it to include a wide range of cable media. In addition to the media type, 802.3 also species transmission speeds and the signaling method. This type of network is most efficient in a physical star/logical bus topology.
802.3
The 10Base Standards

The 10Base standards describe the media type and the speeds at which each type of media operates. The cable standard specication contains three components: a number indicating media speed, the signal type in baseband or broadband, and a code for either copper or ber media.
The 10Base Standards
121
LESSON 4
Figure 4-5: Media types and the transmission speeds of the 10Base standard. 10 Mbps Ethernet There are several standards and specications for 10 Mbps Ethernet.
Standard
10Base-2 10Base-5 10Base-T 10Base-F 10Base-FB 10Base-FL 10Base-FP
IEEE Specication
802.3a 802.3 802.3i 802.3j 802.3j 802.3j 802.3j
Medium
Thinnet coax Thicknet coax CAT5 UTP Fiber Fiber Fiber Fiber
Distance (meters)
185 500 100 2000 2000 2000 500
Fast Ethernet
Fast Ethernet
Fast Ethernet is an Ethernet technology that can transmit data at speeds of 100 Mbps. The maximum length of the cable is limited to 250 meters and can use either coaxial cables or optical bers. It is used as a backbone network to interconnect several LANs. Fast Ethernet Standards There are several standards and specications for 100 Mbps or Fast Ethernet. In copper, 100Base-TX is the most widely used medium for Fast Ethernet. It uses two pairs of category 5 cables. 100Base-T2 uses two copper wire pairs. In ber, 100Base-FX implements Fast Ethernet over optical ber. It uses two strands of the ber, one to transmit and the other to receive.
Standard
100Base-T 100Base-T4
IEEE Specication
802.3u 802.3u
Medium
CAT5 UTP CAT3, 4, or 5 UTP
Distance (m)
100 100
122
LESSON 4
Standard
100Base-TX 100Base-FX
IEEE Specication
802.3u 802.3u
Medium
CAT5 UTP Multimode or single mode ber
Distance (m)
100 412 (half duplex), 2000 (full duplex), 15,000 20,000 (full duplex)
Gigabit Ethernet
Gigabit Ethernet is an Ethernet technology that can transmit data at speeds of 1000 Mbps and primarily uses optical bers for transmission. It can be used for distances ranging from 500 to 5000 meters depending on the type of optical ber used. The hardware required for Gigabit Ethernet is very expensive when compared with other types of Ethernet. Gigabit Ethernet Standards There are several standards and specications for 1000 Mbps or Gigabit Ethernet.
Gigabit Ethernet
Standard
1000Base-T 1000Base-X 1000Base-CX 1000Base-SX
IEEE Specication
802.3ab 802.3z 802.3z 802.3z
Medium
CAT5 CAT6 UTP Shielded Balanced coax Shielded Balanced coax Multimode ber Wavelength: 850 nm Single mode ber Wavelength: 1300 nm Multimode ber Wavelength: 1300 nm Single mode ber Wavelength: 1300 nm Multimode ber Wavelength: 1300 nm
Distance (m)
100 25 to 5000 25 550 in practice (220 per specication) 5000 550 10,000 550
1000Base-LX 1000Base-LX 1000Base-LH 1000Base-LH
802.3z 802.3z 802.3z 802.3z
10 Gigabit Ethernet 10 Gigabit Ethernet is currently the highest speed at which Ethernet operates. It can achieve speeds of 10 Gbps, which is 10 times faster than Gigabit Ethernet. Still an emerging technology, it is also compatible with WAN. There are several standards and specications for 10 Gbps or 10 Gigabit Ethernet.
123
LESSON 4
Standard
10GBase-X 10GBase-SR 10GBase-SW 10GBase-LR
IEEE Specication
802.3ae 802.3ae 802.3ae 802.3ae
Medium and Characteristics

Multimode ber Wavelength: 850 nm Multimode ber Wavelength: 850 nm Multimode ber Wavelength: 850 nm Single mode ber Wavelength: 1310 nm Dark ber Single mode ber Wavelength: 1310 nm Synchronous Optical Network (SONET) Single mode ber Wavelength: 1550 nm Dark ber Single mode ber Wavelength: 1550 nm SONET CAT5e, 6, or 7 UTP Four thin twin-axial cables
Speed (in Gbps)

9.9 10.3 9.9 10.3
Distance (m)
65 300 300 10,000
10GBase-LW
802.3ae
9.9
10,000
10GBase-ER
802.3ae
10.3
40,000
10GBase-EW
802.3a
9.9
40,000
10GBase-T 10GBase-CX4
802.3an 802.3ak
10 4 x 2.5
100 25
SONET is described in greater detail in the subsequent lessons.
A nanometer (nm) is one trillionth of a meter (10-9).
Ring-Based Networks
Ring-Based Networks
Token ring and Fiber Distributed Data Interface (FDDI) are commonly used ring-based LAN technologies deployed on Ethernet networks.
Ring-Based Network Types

Token ring
Description
Token ring is a type of technology used on ring networks in which computers pass a special sequence of bits called a token between them. Only the node holding the token can transmit on the network. If it has no more data to transmit, the node passes the token to the next computer on the network. Standards dictate how long a node can hold a token and what happens if the token is damaged or lost. The damaged or lost tokens are renewed automatically every seven seconds.
124
LESSON 4
Ring-Based Network Types
FDDI
Description
The Fiber Distributed Data Interface (FDDI) is a type of technology used on ring networks and uses single mode or multi mode ber that transmits data at a rate of 100 Mbps. Although FDDI has dual ber rings, only one ring carries data under normal conditions; the second ring is either idle or carries control signals. When the second ring is not needed for backup, it can carry data, extending the carrying capacity to 200 Mbps.
ACTIVITY 4-2
Describing Ethernet Networks
Scenario: In this activity, you will describe the different types of Ethernet networks.
1.
On which networks is Ethernet implemented? a) WANs b) MANs c) PANs d) LANs
2.
True or False? The 802.2 standard specifies the frame size and transmission rate of the Ethernet technology. True False
3.
Which field of the Ethernet frame provides error detection information? a) PRE b) FCS c) SFD d) SA
4.
Match the field of an Ethernet frame with its description.
b a d c
Preamble Destination address Source address Frame type
a.
The MAC address of the computer receiving data. b. Signals the start of a frame. c. The length of the Ethernet frame in bytes. d. The MAC address of the computer transmitting data.
125
LESSON 4
5. You have a fiber-based ring network with dual fiber rings. Which technology have you implemented? a) Token ring b) FDDI c) Switched Ethernet d) Fast Ethernet
TOPIC B
Wireless Networks
In the previous topic, you identied various types of wired LANsthat is, networks that use different types of cabling to connect the various nodes. There are also wireless networks that connect without using a physical media. In this topic, you will identify the components of a wireless LAN implementation. Wireless networks are the network of choice in most environments today because they are relatively easy to install and are exible. Even more importantly, with users increasingly needing to connect on the move using different devices, roaming users in both business and leisure environments want the freedom to use their computers for work or recreation wherever they are, without a physical connection to the network. With its increasing popularity and widespread appeal, you will undoubtedly be faced with installing, managing, or troubleshooting a wireless network.
WLANs
WLANs
Denition: A Wireless LAN (WLAN) is a self-contained network of two or more computers connected using a wireless connection. A WLAN spans a small area, such as a small building, oor, or room. A typical WLAN consists of client systems such as a desktop, laptop, or PDA and wireless connectivity devices such as access points. The access points interconnect these client systems in a wireless mode or can connect to a wired network. WLANs allow users to connect to the local network or the Internet, even on the move.
126
LESSON 4
Example:
Figure 4-6: Devices connected in a WLAN.
WLAN Architecture
A WLAN architecture comprises several components.
WLAN Architecture
WLAN Architecture Component

Station (STA)
Description
A device that connects an IEEE 802.11 conformant MAC interface to a wireless medium with an Ethernet-like driver interface. A wireless STA contains an adapter card, a PC card, or an embedded device to provide wireless connectivity. A device or software that facilitates communication and provides enhanced security to wireless devices. It also extends the physical range of a WLAN. The AP functions as a bridge between wireless STAs and the existing network backbone for network access. A wired connection between a BSS and a premise-wide network that enables mobility to devices and provides access to available network resources. The service set denes the way a WLAN is congured. There are three ways to congure a WLANBSS, IBSS, and ESS. A set of devices with an AP connected to a wired network and one or more wireless stations or clients. A BSS can effectively extend the distance between wireless endpoints by forwarding signals through the WAP. A conguration of multiple BSSs used to handle mobility on a wireless network. BSSs are connected to a common distribution system such as a wired network. ESS enables users to move their mobile devices, such as laptop computers, outside of their home BSS while keeping their connection. It also enables data to be forwarded from one BSS to another through the network backbone. A peer-to-peer network where each wireless station acts as both a client and a wireless AP. Each wireless station can both transmit and receive data.
Access Point (AP)
Distribution System (DS)
Basic Service Set (BSS)
Extended Service Set (ESS)
Independent Basic Service Set (IBSS)
127
LESSON 4
Wireless Antennas
Wireless Antennas
Denition: A wireless antenna is a device that converts high frequency signals on a cable into electromagnetic waves and vice versa. In wireless communication, an antenna is used to receive or transmit radio waves. The frequency at which an antenna can send or receive radio waves depends on the physical dimensions of the antenna. The larger the size of the antenna, the higher the frequency of the wave that antenna can transmit. You can choose different antenna types to use in different wireless networking situations. Different styles of antennas vary in their gain or signal strength, and the shape or the radiation pattern of the transmission beam. Example:
Figure 4-7: A wireless antenna converts high frequency signals on a cable into electromagnetic waves. Gain Gain is an increase in the amplitude of a radio wave. Gain can occur due to the use of external sources such as ampliers that amplify a radio signal. It has both positive and negative effects. Typically, high gain is advantageous but there may be situations where the amplitude of a radio wave is already very close to the legal value and added power could be a serious problem.
Wireless Antenna Types

Wireless Antenna Types
Antennas can be grouped into one of two broad categories.
128
LESSON 4
Antenna Category
Directional antenna
Description
A type of antenna that concentrates the signal beam in a single direction. They have a relatively narrow, focused transmission beam and a relatively high gain. Since they transmit primarily in a single direction, the sending and receiving stations must be precisely aligned. The high gain provides for good signal quality and the narrow beam ensures that only a narrow transmission area needs to be clear of interference.Directional antennas are used in a point-to-point network to connect one station to another. Directional antennas include the parabolic dish antenna, backre antenna, yagi antenna, and panel antenna. Omni-directional antenna
A type of antenna that radiates the signal beam out in all directions and has lower gain but a wider coverage area. The transmission radiates from the antenna in all directions, generally in a single horizontal or vertical plane, so that the sending and receiving stations do not need to be as precisely aligned. However, a wider coverage zone means there are more potential sources of interference, and there is lower gain because the signal power is not as focused.Omni-directional antennas are used in multipoint and distributed networks. Omni-directional antennas include the ceiling dome or blister antenna, blade antenna, and various rod-shaped antennas.
Wireless Antenna Performance Factors

It is important to consider various performance factors before installing antennas for infrared, radio, or microwave wireless technologies.
Wireless Antenna Performance Factors
129
LESSON 4
Wireless Technology Type
Infrared
Performance Factors
The maximum transmitting distance of an infrared wireless installation is affected by these factors: Bright sunlight Obstacles Smoke, dust, or fog The maximum transmitting distance of a radio wireless installation is affected by all of these factors: Signal characteristics of the antenna Environmental conditions Ambient electrical noise Conductive obstacles in the path Presence of other electrical equipment Data transmission rate
Radio
Microwave
The maximum transmitting distance of a microwave wireless installation is affected by all of these factors: Signal characteristics of the antenna Line of sight Distance between transmitting stations
The IEEE 802.11 Standard

The IEEE 802.11 Standard
The 802.11 standard is a family of specications developed by the IEEE for the wireless LAN technology. 802.11 species an over-the-air interface between a wireless client and a base station or between two wireless clients. 802.11 denes the access method as CSMA/CA. It species spread spectrum radio devices in the 2.4 GHz band for reliability. The 802.11b standard also denes a multichannel roaming mode and automatic data rate selection. 802.11 Standards The 802.11 standards provide specications for different wireless technologies.
Standard
802.11 802.11a 802.11b 802.11g 802.11n
Transmission Speed in Mbps

2 54 11 54 150
Frequency in GHz
2.4 5 2.4 2.4 2.4 or 5
Geographic Range in meters

20 20 100 100 70
MIMO Streams
1 1 1 1 4
The 802.11a standard is not cross-compatible with 802.11b and g.
130
LESSON 4
Latency Latency is the time taken by a data packet sent through a wireless connection from a requesting device to the receiving device and back. Latency includes the time taken for checking the data packets, correcting errors, and resending data lost in transit. Some of the 802.11 specications have higher latency when compared to Gigabit Ethernet. Channels in 802.11b/g Implementations The 802.11b and g specications dene a number of distinct channels within the 2.4 GHz band. Due to the way these channels are implemented, there is substantial overlap in the radio signals. This overlap can cause interference between adjacent APs and clients, resulting in reduced performance. The immediate result is that there are only three channels that are truly usable when you want to get the best possible performance out of your WLAN. These are channels 1, 6, and 11. In a single AP conguration, the choice of channel does not matter. When dealing with an implementation that requires multiple APs to ensure sufficient coverage, best practice is to set adjacent APs to use different channels, choosing from 1, 6, and 11.
802.11 Modes
The 802.11 standard supports two modes: the infrastructure mode and the ad-hoc mode.
802.11 Modes
Mode
Infrastructure mode
Description
The infrastructure mode utilizes one or more WAPs to connect workstations to the cable backbone. Infrastructure mode wireless networks use either BSS or ESS.
131
LESSON 4
Mode
Ad-hoc mode
Description
The ad-hoc mode, also referred to as IBSS, utilizes a peer-to-peer conguration in which each wireless workstation talks directly to other workstations.
802.11 Beacon Frames

802.11 Beacon Frames
Beacon frames are management frames that are 50 bytes long and used to start and maintain wireless communications. They contain information about the communication process, such as the SSID, channel number, and security protocol information. Beacon frames are periodically sent by APs in 802.11 infrastructure networks, and can be congured to be sent at various intervals.
Basic Wireless Network Implementation

Basic Wireless Network Implementation
By considering several key factors of wireless network installation along with the cost of implementing and maintaining a secure wireless network, a network professional both demonstrates the proper installation methods and ensures maximum network functionality. Guidelines: To implement a basic wireless network, follow these guidelines: Choose the appropriate 802.11 technology for your needs, such as 802.11a, b, g, or n. Choose the appropriate AP placement locations for your network. Obtain a scale drawing of the building. This will assist you in all areas of AP placement. Determine the range of the AP for the wireless technology you have chosen. This will help you to better determine how many APs you will need to ensure adequate coverage for the space. Balance the number of users who will have access to the AP, and ensure that the AP can cover all employees in the range of the AP. More employees in a given area means more APs.
132
LESSON 4
Tour the area in the range of the AP and check to see if there are any devices that will interfere with the wireless network. This can include devices such as microwave ovens, Bluetooth-enabled devices, or an existing wireless networkwhether from a community network, a neighboring building, or another oor of your companys building. These devices or networks can possibly interfere with your new implementation. Consider whether the AP will be exposed or concealed in the ceiling or placed in a secure room. Ensure that there are no obstacles in the path of the AP, such as doors, closed windows, walls, and furniture, that the wireless signal will need to pass through on its way to a client. If there are too many obstacles in the path, adjust the placement of your AP accordingly.
Install the APs. The specic steps for installing the AP will vary by vendor, but the common steps may include: Connecting the AP to a router. Conguring the DHCP service as appropriate. Conguring the appropriate encryption schemes. Conguring channels and frequencies. Setting the ESSID and an 802.11 beacon. If necessary, creating an Access Control List (ACL). The ACL contains a list of users who have access to the wireless network. Conguring the network adapters of the devices that will connect to the AP.
Test to ensure that the installation is appropriately-sized, secure, and operational. Document the steps and establish a baseline for future installations.
How to Install Wireless Clients The specic installation procedure for installing wireless clients might vary depending on the hardware and software features of the device. The procedure for installing wireless clients will need to be customized to the requirement of the situation. To install a wireless client on a computer:
Some computers are pre-installed with a wireless client. In such computers, manual installation of a wireless client is not necessary.
1. 2. 3. 4. 5. 6.
Observe necessary anti-static precautions such as using an anti-static wrist strap to remove a buildup of static charges. Power off the PC and disconnect the power and other cables. Open the PC case and insert the wireless NIC into a PCI, PCIx, or USB slot. Close the PC case and reconnect the cables. Power on the PC. Install the manufacturer-provided drivers and software. The operating system may identify and install the necessary drivers automatically; if not, you may need to install the drivers manually.
7.
Connect to the wireless network with the operating systems built-in utilities (such as ZeroConf) or the manufacturer provided utility.
133
LESSON 4
You may also need some access information in order for you to be able to use the wireless client to connect to the wireless network. The details include: 8.
IP addresses are covered in detail in subsequent lessons.
The SSID of the wireless access point. A pre-shared password to access the wireless network. The MAC address of the wireless adapter you wish to add to connect to the access point. The login information for the administrative interface of the WAP. A pre-assigned static IP address.
Test the Wireless NICs functionality. You can do this by performing one or more of these checks: Check the adapters LED lights to verify that it is connected and is operational. Ping other computers on both the wireless and wired portions of the network. Use software tools to monitor the signal strength, packet loss, and connection speed. Connect to shared folders on the internal network, if available. Connect to the Internet.
The Ping utility is covered in more detail in subsequent lessons.
9.
Document the steps for installing the wireless clients on a PC for future reference.
Wireless Access Point Placement While deciding on placement of WAPs, you need to consider several important factors.
Factor
Building layout
Description
The building layout is a very important factor when deciding on the positions at which to place WAPs. A scaled building layout of the coverage area will help in deciding on the areas where you require wireless access. Also, the layout helps in locating strategic spots where you can place the WAPs. The area covered by an access point is called a cell. If the cell area is large, then you need to consider increasing the number of WAPs. Overlapping cells with multiple access points provide continuous access for devices. The number of clients accessing the WAP plays a major role in deciding on the placement of the WAP. Depending on the number of clients, you need to decide on the number of WAPs to install. Obstacles in the path of transmission of RF waves sometimes absorb the signals when they pass through, resulting in signal loss. Avoiding obstacles such as doors, walls, and windows between access points and devices can considerably reduce signal loss. Radio frequency interference from other devices can affect signals from WAPs. Removing other devices that can cause radio frequency interference will signicantly reduce signal interference.
Coverage area
Clients
Obstacles
Interference
How to Install a Wireless Repeater To install a wireless repeater, consider the following guidelines:
134
LESSON 4
1. Determine the placement for a repeater. 2. Physically, where does performance drop off on the existing wireless network? Is there access to a power outlet? Will the device be physically secure? If necessary, is there access to a wired network drop?
Set up the repeater to work with your wireless network. If your repeater has a wired network port: a. b. c. d. e. a. b. c. Connect one end of an Ethernet cable to an active network drop and connect the other end to a repeater. Plug-in and power-on the repeater. Enter the setup utility (usually on a ROM or through the devices built-in web interface). Congure the appropriate WLAN settings. Save the conguration.If your repeater does not have a wired network port: Make sure that the repeater is within range of the WLAN you wish to expand. Plug-in and power-on the repeater. Initiate the repeaters auto-setup functionality. Ping other computers and observe the round-trip latency. Monitor the clients wireless signal strength using software tools. Connect to shared internal network locations. Connect to the Internet.
3.
Test the repeaters functionality by connecting a wireless client to the WLAN:
4.
In case performance of the repeater does not improve, reassess its placement and conguration.
Example: Implementing a Wireless Network As a network administrator, Matt is concerned with the proper implementation of his companys wireless network to ensure maximum company-wide efficiency. He has read through several reference materials related to wireless network installation, and has gathered the appropriate tools. The company has many different available locations for access points, and Matt has decided where the best access points for the wireless network will be. The installation of the access point covers several tasks including conguring the appropriate wireless encryption standards, as well as conguring all wireless channels and frequencies, along with setting the ESSID and beacon interval for the network. Once the wireless network installation and implementation is complete, it needs to be veried. Matt accesses the network from both inside and outside the building, he attempts to log on using a non-corporate laptop, and he tries to capture data packets from the parking lot. He also wanders around the building with a laptop and notes where he loses the signal.
135
LESSON 4
ACTIVITY 4-3
Identifying a Wireless Network Implementation
Scenario: In this activity, you will identify the components of a wireless network implementation.
1.
True or False? Infrastructure mode wireless networks use either BSS or ESS. True False
2.
Select the characteristics of directional antennas. a) Used in point-to-point networks b) Have low gain c) Transmit narrow and focused beams d) Are prone to interference
3.
Your company has installed a wireless network. There are ceiling dome transmitters at various locations in your building, and you have upgraded the users laptops with wireless NICs. There is one wireless antenna to serve the warehouse area. The coverage area is adequate; however, users in the warehouse report intermittent connectivity problems as they move in and out of the tall metal storage shelving. What problem do you suspect? The metal in the shelves is interfering with the omni-directional radio signals from the transmitter. If you need complete coverage in the warehouse area, you might need to install additional antenna stations in the areas between the shelving units.
Lesson 4 Follow-up
In this lesson, you identied the major types of network implementations. The knowledge of major network implementations and the advantages and disadvantages of these will allow you to choose the right implementation when you set up a network.
1. What are some of the challenges that you might face when implementing a wireless network and how do you plan to overcome these challenges? Answers will vary, but may include: varying connection speeds, distance between devices, and environmental factors influencing the wireless connections. These challenges can be overcome by avoiding hard obstacles, reducing ambient electrical noise, removing conductive material that act as obstacles in the path of the devices, and blocking smoke, dust, and fog.
136
LESSON 4
2. In your opinion, what is the significance of Ethernet standards on networks today? Answers will vary, but may include: the various Ethernet standards define the rules for configuring LANs and are the protocols that allow computers to communicate. Knowledge of the types of Ethernet will allow you to choose the Ethernet implementation that best suits your network requirements.
137
NOTES
138
LESSON 5
LESSON 5
Networking Models
In this lesson, you will identify the components of a TCP/IP network implementation. You will: Identify the constituent layers and purpose of the OSI model. Identify the constituent layers and purpose of the TCP/IP model.
Lesson 5: Networking Models
139
LESSON 5
Introduction
You are familiar with major types of network implementations. All networks follow a common network model to communicate and transmit data. In this lesson, you will identify the Open Systems Interconnection (OSI) and TCP/IP network models. Data communication over a network is a structured process and is governed by certain models. The OSI model breaks the data communication process into simpler stages, which will help you learn it in a step-by-step manner for better understanding. The OSI model is the simplest model of its type, and understanding it will enable you to understand other models such as the TCP/IP network model. Being able to identify the various layers of network models and their purpose will enable you to design and troubleshoot different types of networks effectively and quickly. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: 1.1 Compare the layers of the OSI and TCP/IP models. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.6 Explain the function of common networking protocols.
TOPIC A
The OSI Model
In the previous lesson, you identied the various network types of network implementations. These implementations are built on common network standards and models of networking to understand how these devices and protocols interconnect. In this topic, you will identify how these devices utilize an important common standard, the OSI model. Data communication over a network is a structured process and is governed by certain models. The OSI model breaks the data communication process into denite stages with each stage corresponding to one of its layers. The OSI model has been implemented in many types of networks. Being able to identify the OSI layers and their purpose will enable you to plan the implementation of a network according to the devices, protocols, and transmission methods needed.
The OSI Reference Model

The OSI Reference Model
The Open Systems Interconnection (OSI) reference model is a network model developed by the ISO for communication in open system networks. The OSI reference model divides the data communication process into seven tasks, which are grouped into different layers. Each layer is a collection of related functions, protocols, and devices that work at that layer. Every layer is designed to link the layers above it. While a layer provides services to the layer above, it requests service from the layer below. The seven layers of OSI, from lowest to highest, are the Physical layer, the Data Link layer, the Network layer, the Transport layer, the Session layer, the Presentation layer, and the Application layer.
It can be difcult to remember the correct sequence of the OSI layers, it is easy to remember them from the top down, using the mnemonic All People Seem To Need Data Processing.
140
LESSON 5
Figure 5-1: Layers in the OSI reference model.

The OSI model was developed by the ISO in the early 1980s and the organization continues to maintain the standard.
Open System Networks An open system network is a network that supports multiple communication protocol suites that different vendors develop. Prior to open system networks, communication protocols were largely vendor-specic and proprietary applications, such as Systems Network Architecture (SNA) by IBM, Appletalk by Apple, and Internetwork Packet Exchange (IPX) by Novell. Due to the lack of common communication protocols, the devices of one vendor were not compatible with those of another and so communication was not possible on a network that contained devices from different vendors. Open system networks were developed to create a common network standard and provide a common protocol suite to all the devices. OSI Functional Blocks The layers in the OSI reference model can be classied into two functional blocks: application support and network support.
Functional Block
Application support
Description
The application support block consists of the upper three layers: Application, Presentation, and Session. Connecting software programs to the network is the primary responsibility of this functional block. The network support block is made up of the lower four layers: Transport, Network, Data Link, and Physical. Moving data on the network is the primary responsibility of this functional block.
Network support
141
LESSON 5
Layer 1: The Physical Layer
Layer 1: The Physical Layer
The Physical layer provides the means for transmitting data packets over a physical medium. It species the electrical and mechanical characteristics, such as the voltage, frequency, and transmission medium of the network. The Physical layer receives fully formatted data packets from the Data Link layer and places them on the media. Network adapters and WAPs are some of the devices that operate at this layer. Therefore, the Physical layer determines the mode and medium of data transmission, which are factors that affect transmission speeds. Technologies that function at this layer include Ethernet, Fast Ethernet, Asynchronous Transfer Mode (ATM), token ring, and FDDI. Transmission of Data Packets A packet is a unit of data transmitted on a network. All packets contain three parts: header, data, and footer or trailer. If a sender transmits a packet and the recipient is busy, the sender sits idle until it receives the acknowledgment, after which it sends the next packet. Design Considerations at the Physical Layer The Physical layer affects some of the network design considerations including: Bandwidth of the transmission medium Type of transmission medium Switching technologies Mode of transmission (wired or wireless) Analog or digital transmission Modulation
Multilayer Devices Some network devices can perform tasks dened by more than one layer and function across layers. Such devices are known as multilayer devices. Some of the multilayer devices are WAPs and gateways. Hubs and repeaters were also multilayer devices.
Layer 2: The Data Link Layer

Layer 2: The Data Link Layer (2 slides)
The Data Link layer is responsible for transferring data packets between adjacent network nodes without any errors. After sending the packets, the Data Link layer waits for an acknowledgment from the receiving devices. It performs many functions on the network and is responsible for: Grouping data bits into frames and attaching the address of the receiving node to each frame, thus forming a data packet. Error-free transfer of data packets between nodes on the network. After transmitting data packets, the Data Link layer awaits an acknowledgment from receiving devices to accomplish this. Adding error correction and detection codes to frames to perform error checks and corrections.
Switches operate at the Data Link layer. The Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) are protocols that operate at this layer. The Data Link layer can be divided into two sub-layers: the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sub-layer.
142
LESSON 5
Sub-Layer
LLC
Description
The LLC sub-layer is responsible for identifying Network layer protocols and for encapsulating those protocols so that multiple upper-layer protocols can share the same media. It controls how frames are placed on the media by controlling the Physical layer device. The LLC sub-layer checks the CRC of the frame, and either ACKs or NACKs the data. It also controls data ow so that at any point, data transmission does not exceed the bandwidth of the network medium. An LLC header tells the Data Link layer how to handle the frame it receives. The MAC sub-layer denes how packets are placed on the media. In a contention-based network, the MAC sub-layer is responsible for the carrier sense to detect collision; in a token passing network, it is responsible for the token. For example, in an Ethernet network, which uses contention-based media access, the MAC sub-layer controls elements of addressing such as error notication, the frame delivery sequence, and ow control.
MAC
Do not confuse the MAC sub-layer with the MAC address. While the MAC sub-layer denes how packets are transferred on the media, MAC address is a unique physical address that is assigned by the network manufacturer to each network device.
Network Acknowledgments A network acknowledgment is a signal used by a communication protocol between nodes on a network to acknowledge the receipt of data. Typically, two types of acknowledgment notications are sent on a network. Acknowledgment notications can either be positive (ACK) to indicate successful receipt sent from the receiving node to the sending node once the token reaches its destination; or negative (NACK) that can indicate a bad transmission. Alternatively, a node can also send an REJ signal to indicate rejection of data or an Automatic Request for Retransmission (ARQ).
Layer 3: The Network Layer

The Network layer of the OSI model is responsible for addressing data packets, routing the packets from a source to the destination through the network, and ensuring data delivery. This characteristic differentiates the Network layer from the Data Link layer, which deals with the transmission of data only between adjacent nodes. The presence of too many packets on the network simultaneously may lead to collisions. Routers and some switches operate at the Network layer. The responsibility of controlling congestion on the network by taking proper routing decisions belongs to this layer. It also denes protocols for interconnecting two or more similar networks such as: IP, Address Resolution Protocol (ARP), Dynamic Host Conguration Protocol (DHCP), Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Internet Group Management Protocol (IGMP).
There are two main types of switches. Layer 2 switches operate at the Data Link layer of the OSI model. Layer 3 switches operate at the Network layer of the OSI model. Layer 3: The Network Layer
These protocols will be covered in more detail in subsequent lessons.
143
LESSON 5
Layer 4: The Transport Layer
Layer 4: The Transport Layer
The Transport layer accepts data from upper layers, and breaks it into smaller units known as segments. It then passes these segments to the lower layers, and ensures that all segments arrive correctly at the receiving end. Because the segments may not be transmitted in sequence, they may arrive out of sequence. The Transport layer adds a sequence number to each segment, which helps reconstruct the original sequence of segments in case of out of order sequencing. The Transport layer is also responsible for error correction and sending acknowledgments at the network level. The Transport layer also denes protocols for interconnecting networks that use different protocols. Gateways operate at this layer and at higher layers of the OSI model. Examples of protocols that function at this layer include TCP, User Datagram Protocol (UDP), IP Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Remote Desktop Protocol (RDP), and Layer Two Tunneling Protocol (L2TP).
Network- and Transport-Layer Protocols

Network- and Transport-Layer Protocols
The Network and Transport layers contain several protocol families that are categorized based on functions they perform.
Protocol Family
Reliability protocols
Function
Provide a method of ensuring reliable data transfer. For example, a header or trailer might contain a Checksum value or request that you need to acknowledge received data by sending an acknowledgment message back to the sender. Establish and maintain a connectionless or connection-oriented service for the upper layers. In a connection-oriented service, the sending and receiving nodes maintain constant communication to mediate the transfer of data. Sequencing, ow control, and reliability are monitored at both ends. In a connectionless service, the message is packaged, delivered, and sent. The message is transferred only if communication exists between the two nodes. Provide a method of ensuring data transfer to the correct destination. In an unswitched network, routing is virtually unnecessary because the nodes are directly connected. In a switched network, however, the routing protocol determines the path a packet will take to reach its destination. This function is particularly important and complex in a packet-switched network, because there can be many possible paths to a destination and many intermediary devices such as routers along the path. Routing protocols determine the strategies used to transmit data through the network.
Connection protocols
Routing protocols
TCP can t into any of the three categoriesreliability protocols, connection protocols, or routing protocols.
Checksum The Checksum value lets the receiver test the integrity of received data. If the Checksum value is corrupted, the receiver res back an error message to the sender, which then immediately retransmits the data.
144
LESSON 5
Layer 5: The Session Layer
The Session layer establishes connections between devices and applications, maintains the connection, and then terminates or reestablishes it when required. This layer controls how, when, and for how long a device can transmit or receive data, and species procedures for the connection, termination, and reestablishment of sessions. It also species the procedures for synchronizing data transfer between two devices with different data transmission rates. Sockets and session establishment in TCP function at this layer.
Layer 5: The Session Layer
Layer 6: The Presentation Layer

The Presentation layer is responsible for encoding data into a standard network-compatible format. Most programs contain data such as names, identication numbers, and passwords. These items may be represented as characters, integers, or oating numbers, and each device on a network may use a different code to represent the same data. Moreover, standard data formats are used to enable devices with different representation techniques to communicate with each other. This translation is only an intermediary format, and will change at the lower layers. The Presentation layer also adds services such as data compression and encryption. Examples of technologies and protocols that function at this layer include Mesh Made Easy (MME), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Tagged Image File Format (TIFF). Technologies at the Presentation Layer The protocols and le formats that work at the Presentation layer perform different functions. They include: MME is a protocol used for routing in wireless networks. GIF is a graphic interchange format primarily used on the Internet. JPEG is a compressed graphical le format that reduces the le size. TIFF is a digital format used to handle images used in publishing and photography.
Layer 6: The Presentation Layer
Layer 7: The Application Layer

The Application layer provides utilities and services that allow applications to access the network and its resources. This layer denes protocols for tasks such as transferring les, sending emails, and saving data to a network server. It also advertises itself to the server resources available in each system for usage on the network. This is the only layer with which the user directly interacts. Examples of technologies, protocols, and services that function at this layer include HTTP, Domain Name Service (DNS), File Transfer Protocol (FTP), Gopher, Network File System (NFS), Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), and Telnet.
Layer 7: The Application Layer
Sockets, SSL, TLS, DNS, FTP, NFS, NTP, SNMP, and Telnet will be covered in more detail in subsequent lessons.
Application-, Presentation-, and Session-Layer Protocols

The Application, Presentation, and Session layers contain several protocol families.
Application-, Presentation-, and Session-Layer Protocols (2 slides)
145
LESSON 5
Protocol Family
Terminal-emulation protocols
Functions
Enable computers to act as standard terminals so that they can access hosts. This usually involves translation of keystrokes and videodisplay codes. Enable nodes to access les on the network. Different clients might use different le- and path-naming conventions. File access protocols provide a common means to access network les. File transfer protocols enable copying of les between network storage and other storage, such as a computers local disk drive. Provide for email delivery and handling of messages. Determine whether processes should be performed remotely on a client node or directly by a server. RDP is an example of the remoteaction protocol. These protocols are required for setting up a clientserver relationship. Multiple-session protocols enable multiple network links to be established. TCP is an example of a multiple-session protocol. Provide tools for setting up and maintaining the network. As networks interconnect with other networks and become more complex, more sophisticated network management tools are necessary. SNMP is an example of a network management protocol. Enable software processes to communicate over the network. Dene the representation of data. These protocols translate data for nodes that use different coding schemes.
File access and le transfer protocols
Email protocols Remote-action and multiplesession protocols
Network management protocols
Task-to-task protocols Codeset and data structure protocols
The OSI Data Communication Process

The OSI Data Communication Process
Data transmission through the OSI reference model involves the following stages: 1. During transmission, data is added to the Application layer of the OSI reference model. 2. 3. 4. It is then forwarded to the lower layers in the OSI stack until the Physical layer transfers the data to the network media. In the data reception process, data is rst added to the Physical layer of the OSI reference model. Data is then forwarded to the layers above it in the OSI stack until it reaches the Application layer. Each layer removes the information it needs before transmitting the remaining data to the next layer.
146
LESSON 5
Figure 5-2: Data communication through the OSI reference model.
ACTIVITY 5-1
Identifying the Layers in the OSI Model
Scenario: In this activity, you will identify the layers in the OSI model.
1.
Match each layer of the OSI model with a description of its function.
f e a g c b d
2.
Application Presentation Session Transport Network Data Link Physical
a. b. c. d. e. f. g.
Establishes, maintains, and terminates connections between network devices. Ensures reliable data transmission by error detection. Addresses and delivers packets across a network. Moves bits of data on and off the cabling media. Translates data so that it can be moved on the network. Enables applications to access a network and its resources. Ensures reliable data transmission by decreasing the packet size.
At which OSI layer is the MAC address applied to a data packet? a) Physical b) Network c) Transport d) Data Link
147
LESSON 5
3. In which layer of the OSI model does Telnet operate? a) Data Link b) Physical c) Application d) Presentation e) Session 4. Which OSI layer is responsible for establishing connections between two devices? a) Session b) Presentation c) Application d) Physical e) Data Link 5. Which layer divides the data received from the Network layer into frames that are capable of being transmitted by the Physical layer? a) Presentation b) Session c) Transport d) Data Link e) Application
TOPIC B
The TCP/IP Model
You have identied the layers in the OSI model. Another common networking model is the TCP/IP model. In this topic, you will identify the layers in the TCP/IP model. The protocols and services dened by the TCP/IP model are more suitable for practical use than those dened by OSI. To ensure that you are able to utilize the benets of the TCP/IP model in your network, you rst need to know the protocols and services dened by TCP/IP layers.
The TCP/IP Protocols

The TCP/IP Protocols
The Transmission Control Protocol/Internet Protocol (TCP/IP) is a network protocol suite that is routable and allows computers to communicate across all types of networks. The native protocol of the Internet, TCP/IP is nonproprietary and used for Internet connectivity.
148
LESSON 5
Figure 5-3: The TCP/IP protocol used in networks. The TCP/IP protocol suite includes a network/node address structure, tools for static and dynamic address assignment, name resolution services, and utilities for testing and conguration.
The TCP/IP Network Model

The TCP/IP model is a four-layer model developed by the United States Department of Defense. To some extent, it is similar to the OSI model. The TCP/IP model was developed to allow the addition of new technologies and create a more exible architecture which can easily allow the modication of existing protocols. This architecture later became known as the TCP/IP model after two of its most important protocols: TCP and IP.
All these concepts are covered in more detail in subsequent lessons.
The TCP/IP Network Model
Figure 5-4: The layers in the TCP/IP network model.
Layers in the TCP/IP Network Model

The TCP/IP model denes four layersthe Application layer, the Transport layer, the Internet layer, and the Network Interface layer, which is also called the Link layer. Each layer in the TCP/IP model performs a specic function.
Layers in the TCP/IP Network Model
TCP/IP Layer
Application
Functions
Provides denition of protocols for le, email, and hypertext transfer. It also handles the encoding of data, controls the sessions, and denes socket services and other utilities over TCP/IP.
149
LESSON 5
TCP/IP Layer
Transport
Functions
Provides connection establishment and communication services. It also denes protocols for end-to-end transfer of data, along with error and ow controls. In the TCP/IP model, there are two transport layer protocols: TCP and UDP. Provides addressing and routing services. It also controls congestion on the network. This layer involves transferring data from a source to a destination network when multiple networks are connected together. Provides services to send and receive data packets on the network. It denes protocols for moving data frames between adjacent nodes, and for accessing the medium by the devices. It denes the protocols for encoding and transmitting data over the network media.
Internet
Network Interface
Data Terminologies Each layer uses different terminologies for a unit of information.
Layer
Application Transport Internet Network Interface
Terminology Used
Data Segment Datagram or packets Frames
Comparison of the OSI and TCP/IP Models

Comparison of the OSI and TCP/IP Models (2 slides)
In the TCP/IP model, the Application layer maps to the Application, Presentation, and Session layers of the OSI model. The Transport layer maps to the Transport layer in the OSI model. The Internet layer maps to the Network layer in the OSI model, and the Network Interface layer maps to the Data Link and Physical layers in the OSI model. Similar to the OSI model, each layer of the TCP/IP model denes a set of functions and protocols and is designed to provide services to the layer above it. The data communication process through the TCP/IP layers is similar to the data communication process through the OSI layers. When data is transmitted on a network, it is added to the Application layer and then forwarded to the Network Interface layer. Data reception on the TCP/IP layers is the reverse process of transmission.
150
LESSON 5
Figure 5-5: The TCP/IP and OSI network models. There are several similarities and dissimilarities between the OSI and TCP/IP models.
Category
Similarities
Description
Both models have a similar architecture. Both models have an Application, Transport, and Network layer. Both models have their lowest layer connected to the physical network. OSI was developed to standardize networking. However, TCP/IP was specically developed to execute Internet-related tasks such as remote login, email, and resource sharing. The OSI reference model consists of seven architectural layers whereas the TCP/IP only has four layers. The TCP/IP model does not have a Session or a Presentation layer. The Application layer in TCP/IP handles the responsibilities of Application, Presentation, and Session layers in the OSI reference model. The TCP/IP model combines the OSI Data Link and Physical layers into the Network Interface layer. The OSI reference model did not account for different protocols, and therefore the functionality of each layer is not clearly dened and optimized. In the TCP/IP model, the protocols dene the functionality of each layer for optimal performance.
Dissimilarities
Flexibility of the TCP/IP Model The functions and protocols dened in the TCP/IP model are more exible than those in the OSI model. It has overshadowed the OSI model in its implementation on TCP/IP networks. The OSI model is now used to describe the concept of network models; most networks today, such as the Internet, follow the TCP/IP model.
151
LESSON 5
Data Encapsulation
Data Encapsulation
Encapsulation is the process of adding delivery information to the actual data transmitted on each layer. Encapsulation takes place in the transmission end as data is passed down the layers. At the receiving end, the reverse process of removing the added information is done as data passes to the next higher layer. This process is called de-encapsulation. The added information is called a header if it is before the data, or a trailer if it is added after the data. If an application is initiated on the TCP/IP network, data is sent from the Application layer to the Transport layer. The Transport layer adds a header to the datagram and moves the datagram to the Internet layer. In the Internet layer, another header is added to the datagram and passed to the Network Interface layer, which adds a header and a trailer. The entire packet with the header and trailer information is sent to ensure its proper delivery. Upon receiving the data, the computer removes the corresponding header and trailer from the data and moves it to the Application layer.
Protocol Binding
Protocol Binding
Assigning a protocol to a NIC is referred to as protocol binding. As protocols govern data transmission, it is critical to bind the protocol to the network interface as it creates a path for the ow of data. Multiple protocols can be bound to a NIC, and the NIC can use any of the protocols that are bound to it to communicate with other nodes on the network.
Figure 5-6: Protocols bound to a NIC. Binding Order In a scenario where a network interface is bound with multiple protocols, it attempts to connect to a receiving node by sequentially testing the available protocols until it gets a response from the receiving node using a protocol. This carries an inherent risk that the protocol that the node responds to might not be the most efficient oneit is simply the rst compatible protocol in the senders protocol list that the two nodes have in common. In Windows, you can specify the binding order in which to bind protocols to a network interface. When you set the binding order to prefer the protocol you most frequently use on your network, your system does not attempt to use other protocols to access the network, thus increasing the efficiency of the connection.
152
ACTIVITY 5-2
Identifying the Layers of the TCP/IP Network Model
Scenario: In this activity, you will identify the layers of the TCP/IP network model.
LESSON 5
1.
Match the OSI layers with the TCP/IP layers.
c b d a
2.
Application, Presentation, Session Transport Network Data Link, Physical
a.
Network Interface
b. Transport c. Application d. Internet
Which TCP/IP layer provides addressing and routing services? a) Application b) Internet c) Transport d) Network Interface
3.
Which layers of the OSI model are included in the Network Interface layer of the TCP/IP model? a) Physical b) Network c) Data Link d) Transport
4.
At which TCP/IP layer is information called a datagram or packet? a) Application b) Network Interface c) Internet d) Transport
5.
Match each layer with its corresponding data terminology.
a c d b
Application Transport Internet Network Interface
a. Data b. Frame c. Segment d. Datagram
153
LESSON 5
ACTIVITY 5-3
Identifying Protocol Binding on a NIC
Scenario: In this activity, you will verify that the TCP/IP protocol is currently bound to your NIC.
154
LESSON 5
What You Do 1. Verify that the TCP/IP protocol is bound to your NIC. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, click the Network and Internet link. c. In the Network and Internet window, click the Network and Sharing Center link. d. In the Network and Sharing Center window, in the left pane, click the Change adapter settings link. e. In the Network Connections window, right-click the Local Area Connection object and choose Properties. f. In the Local Area Connection Properties dialog box, verify that the Internet Protocol Version 4 (TCP/IPv4) check box is checked and then select the Internet Protocol Version 4 (TCP/IPv4) option.
g. Read the protocol description and then click OK to close the Local Area Connection Properties dialog box. h. Close the Network Connections window.
155
LESSON 5
Lesson 5 Follow-up
In this lesson, you identied the two main network models that are used in computer networksthe OSI model and the TCP/IP model. Your ability to identify the various layers of the TCP/IP and OSI models will enable you to plan the implementation of a network according to the devices, protocols, and transmission methods needed for your network.
1. What are the Physical layer devices that you have come across in your network? Answers will vary, but may include: network adapters and WAPs are common Physical layer devices. 2. What are the similarities and differences between OSI and TCP/IP models? Both models break up data communication into individual components. They have a different construct of layers although they perform similar functions on each layer. The TCP/IP model has four layers that match with the seven layers of the OSI model. The OSI model is more a theoretical concept while the TCP/IP model is a much more practical concept that can be implemented.
156
LESSON 6
LESSON 6
TCP/IP Addressing and Data Delivery
In this lesson, you will identify TCP/IP addressing and data delivery methods. You will: Identify the key protocols in the TCP/IP protocol suite. Identify data addressing on TCP/IP networks. Identify a default IP addressing scheme. Create custom IP addressing schemes. Implement IP version 6. Identify techniques to ensure reliable network data delivery.
Lesson 6: TCP/IP Addressing and Data Delivery
157
LESSON 6
Introduction
You are familiar with the TCP/IP model of networking. As a Network+ technician, apart from the network model, you need to be aware of TCP/IP addressing and data delivery methods to implement TCP/IP on your network. In this lesson, you will identify the addressing and data delivery methods of TCP/IP. As a Network+ technician, you must be able to identify each individual system that is connected, and the addressing scheme and data ow on the network. This knowledge will become necessary to perform fault management and zero in on the faulty node. It will also allow you to isolate the system from the network, and recognize and troubleshoot the problem while ensuring that the network is fully functional. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.4 Explain the purpose and properties of routing and switching. 1.6 Explain the function of common networking protocols. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.3 Explain the purpose and properties of IP addressing. 1.6 Explain the function of common networking protocols. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.3 Explain the purpose and properties of IP addressing.
Topic B:
Topics C, D, and E:
TOPIC A
The TCP/IP Protocol Suite
In this lesson, you will learn about TCP/IP addressing and data delivery, which is performed by the TCP/IP protocol suite. TCP/IP consists of a suite of complementary protocols and standards that work together to provide the functionality on TCP/IP networks. In this topic, you will identify the protocols that are in use on a TCP/IP network. The TCP/IP protocol suite includes many services that made TCP/IP the universal de facto standard networking protocol. The TCP/IP protocol suite denes how applications on separate nodes establish a connection and track communications. To ensure that your network is receiving the benets that the TCP/IP suite of protocols and standards provide, you need to learn what those protocols are, and how they can benet your network.
158
LESSON 6
TCP
The TCP/IP protocol suite includes two Transport-layer protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is a connection-oriented, guaranteeddelivery protocol used to send data packets between computers over a network such as the Internet. It is part of the Internet protocol suite along with the Internet Protocol (IP). TCP is responsible for breaking up data into datagrams, reassembling them at the other end, resending data lost in transit, and resequencing data. It sends data, waits for an acknowledgement, and xes erroneous data. TCP Analogy Mr. TCPs boss gives him a letter to send to a client. TCP sends it via certied mail with delivery conrmation and waits by the mailbox. In a few days, he gets a notice in the mail that the letter is delivered. However, if the notice does not come in a timely manner, Mr. TCP knows he has to resend the letter. Connection-Oriented and Connectionless Protocols Protocols can be divided into two categories depending upon the types of connections they establish. They are connection-oriented and connectionless protocols. Connectionoriented protocols require a logical connection before transfer of data. Connectionless protocols, however, do not establish a connection between devices. Connection-oriented protocols operate in three phases. In the rst phase, a connection is established and the devices negotiate the parameters for the connection. During the second phase, the devices transfer data. And in the third phase, the connection held by the devices is released and is torn down as it is no longer required. Connectionless protocols do not have any explicit setup or release phases, and are always in the data transfer phase. If a device has data to be sent to the other, it just sends it. Connection-oriented systems can function only in bidirectional communication environments. Connectionless communication is achieved when information is transmitted from a source to a destination without checking to see if the destination is prepared to receive the information. In environments where it is difficult to transmit data to a destination, the sender may have to retransmit the information multiple times before the destination receives the complete message.
TCP
IP
Internet Protocol (IP) is a Network-layer protocol that is responsible for routing individual datagrams and addressing. Responsible for packet formats and the addressing scheme, IP is a connectionless protocol and acts as an intermediary between higher protocol layers and the network. It makes no guarantees about packet delivery, corruption of data, or lost packets. IP usually works in concert with TCP, which establishes a connection between a source and the destination. TCP/IP not only enables computers to communicate over all types of networks but also provides network addressing and naming, and data delivery. TCP/IP is the native protocol of the Internet and is required for Internet connectivity.
IP
The IP Data Packet Delivery Process

IP assigns the correct destination IP address to a data packet. The process of delivering a data packet by IP consists of three steps:
The IP Data Packet Delivery Process
159
LESSON 6
1. 2. 3. When a service establishes a connection to the receiving node at the Transport layer, it resolves the name of the receiving node to that nodes IP address. The IP address is then passed from the Transport layer to the Internet layer. IP uses a subnet mask to determine if the receiving node is on the same subnet or a remote network, and delivers the packet.
Figure 6-1: The process of IP data packet delivery.
UDP
UDP
The User Datagram Protocol (UDP), also known as the Universal Datagram Protocol, is a connectionless Transport-layer protocol in the Internet protocol suite. A connectionless, besteffort delivery protocol, UDP is used with IP like TCP. It transmits data and ensures data integrity as TCP does. UDP, however, lacks reliability, ow-control, and error-recovery functions. It is less complex than TCP, and since it is a connectionless protocol, it provides faster service. UDP Analogy Ms. UDPs boss gives her a letter to send, which she sends via regular mail. She does not wait by the mailbox or give the letter a second thought. She assumes that it reached its destination. If Ms. UDPs letter does not reach its destination, the receiving party has to call UDPs boss and ask for the letter to be resent. Ms. UDP has done her best job and is out of the picture. Store and Forward Because UDP is connectionless, it can send data using the store and forward method. For example, if a network is congested and data is sent via UDP to a router, the router may store the data until the next router or hop becomes available. When data reaches a router, that is considered a hop. So, if data passes through three routers on its way to its destination, it has made three hops.
ARP
ARP
The Address Resolution Protocol (ARP) maps an IP address to a physical or MAC address recognized within a local network. ARP resides on the Data Link layer of the Network Interface layer, encapsulated by an Ethernet header. Because the MAC address of a network device is 48 bits long and an IP address is only 32 bits, ARPs protocol rules help make suitable correlations.
160
LESSON 6
Address resolution in ARP is performed in the following three steps: 1. 2. 3. ARP receives an IP address from IP. If ARP has the MAC address in its cache, it returns it to IP. If not, it issues a broadcast to resolve the IP address. A target node with the corresponding IP address responds with a unicast that includes its MAC address. ARP adds the MAC address into its cache and then sends it to IP as requested.
ARP supports IP by resolving IP addresses to MAC addresses. MAC Address Resolution ARP plays a critical role in address resolution. If IP needs to deliver a packet to an IP address on the local subnet, it needs to obtain the MAC address of the destination node directly from ARP. However, if IP needs to deliver a packet to an IP address on a remote subnet, it needs only the MAC address of the default gateway, and not of the destination node. Once IP sends the packet to the default gateway, the default gateway will undertake its own MAC address resolution process to locate the MAC address of the next hop, and then forward the packet to other routers and networks as needed. Because the rst step in the route to the destination is always on the local network, ARP resolution broadcasts can be conned to the local subnet. Reverse Address Resolution Protocol The Reverse Address Resolution Protocol (RARP) allows a node on a LAN to discover its IP address from a routers ARP table or cache. With RARP, a network administrator creates a table on the LANs router that maps each nodes MAC address to its corresponding IP address. When a node is added to the network, its IP address is requested by the RARP client program from the RARP server on the router. The IP address is returned to the node by the RARP server if the router table has set up that entry, so that it is stored for future use. RARP is available for Ethernet, FDDI, and Token Ring LANs.
ICMP
The Internet Control Message Protocol (ICMP) is used with IP that attempts to report on the condition of a connection between two nodes. ICMP messages notify a sender of network conditions by reporting on errors. If a node is sending data so fast that the receiving nodes buffers ood, the receiving node sends an ICMP source quench message to slow down data transmission from the sending node.
ICMP
161
LESSON 6
Figure 6-2: ICMP reports on the condition of a connection between two nodes.
IGMP
IGMP
The Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite that supports multicasting in a routed environment. It is used to inform all systems on a network as to what host currently belongs to which multicast group. The routers need to support IGMP and multicast packet routing. Routers use IGMP to periodically send out queries to hosts enquiring about group membership. IGMP on the node responsible for multicast traffic sends a message to the router informing it of the multicast session in progress. The router uses IGMP to poll its interfaces for members of the multicast group, and then forwards the multicast transmission to group members. Hosts send out notications, called host membership reports, as response to the query. Upon receiving the response from hosts, routers forward the multicast transmission to group members.
Routing is covered in more detail in subsequent lessons.
Figure 6-3: IGMP directs multicast traffic to members of the multicast group.
162
ACTIVITY 6-1
Identifying Protocols on a TCP/IP Network
Scenario: In this activity, you will identify the protocols that are in use on TCP/IP networks.
LESSON 6
1.
Which protocol lets systems on the network know which host belongs to which multicast group? a) IP b) TCP c) ICMP d) IGMP
2.
Which is a function of ICMP? a) Controls multicast sessions b) Controls data transfer speeds c) Resolves IP addresses to MAC addresses d) Provides best-effort data delivery
3.
Arrange the following phases of the working of ICMP on an IP network. 1 Data transmission 3 ICMP source quench message 2 Buffer flood
4.
True or False? ARP uses a multicast session to resolve an IP address to a MAC address it does not have in its cache. True False
5.
What are the functions of TCP? a) Breaking up data b) Routing data c) Reassembling data d) Addressing e) Resending lost data
163
LESSON 6
TOPIC B
IP Addressing
You are familiar with different protocols and their functions on a TCP/IP network. To ensure that a network request arrives at its intended destination, you need to ensure that it follows the correct data addressing scheme. There is an addressing scheme followed on TCP/IP networks. In this topic, you will identify the methods used for packaging and addressing of data so that it can be accurately delivered to its intended destination. Data, while being sent or received on a TCP/IP network, is packaged with the addresses of the sending and receiving nodes. Packaging data for delivery so that it can be routed to the correct destination is the cornerstone of networking. Incorrectly packaging or addressing data will result in users experiencing symptoms of network communication problems. If you understand how a client packages data and then addresses it to travel to its destination on your network, you can use this information to detect causes of network communication problems.
Data Packets
Data Packets
Denition: A data packet is a unit of data transfer between computers that communicate over a network. In general, all packets contain three parts: a header, data, and a trailer or footer. The header part contains the destination and source addresses. The footer part contains an error checking code. The data part contains the actual information or data that is to be transmitted. Typically, a sender transmits a data packet and waits for an acknowledgement of its receipt from a recipientan ACK signal. If the recipient is busy, the sender waits until it receives an ACK, after which it transmits the next packet. Throughput can increase if data is sent as larger packets, with the recipient needing to send fewer acknowledgements. The contents of a packet depend on the network protocol in use. Frames, Packets, and Datagrams The terms frame, packet, and datagram are sometimes used interchangeably when referring to data being transmitted over a network. With reference to the OSI model, frames occur at Layer 2 and packets are a feature of Layer 3. A datagram is a selfcontained, independent piece of data with enough information to move from a source to a destination. The terms packet and datagram are used interchangeably in IP networks, but a packet refers to any message formatted as a packet; datagrams usually work with an unreliable service, such as UDP, that does not require an acknowledgement of delivery. Example:
Figure 6-4: Parts of a data packet.
164
LESSON 6
Network Addresses
Denition: A network address is a protocol-specic identier assigned to a node. A network address typically includes two parts: the rst part identies the network, and the second identies a node on the network. A network address can be a number that maps to the MAC address by software running on nodes. The combination of the network address and host address is called an IP address. Example:
Network Addresses
Figure 6-5: A network address contains the network and node portions.
Network Names
Denition: A network name is a name assigned to a node to help users and technicians recognize the device more easily. A naming service, enabled by software running on one or more nodes, maps a network name to a network address or MAC address. Example:
Network Names
Figure 6-6: Network names allow users to recognize the device. Naming Services Naming services map network names to network addresses.
Naming Service
Domain Name System (DNS)
Description
The naming service used on the Internet and many TCP/IP-based networks. For example, the IP address 209.85.165.99 might map to www.google.com. In an organizations network, the IP address 128.4.20.100 might map to Server1. A simple, broadcast-based naming service. A NetBIOS name can be any combination of alphanumeric characters excluding spaces and the following characters: / : * ? ; \ | The length of the name cannot exceed 15 characters. The 16th character is reserved.
NetBIOS
165
LESSON 6
Naming Service
Windows Internet Naming Service (WINS)
Description
An older type of naming service used on Windows-based networks.
IP Addresses
IP Addresses (2 slides)
An IP address is a unique 32-bit binary address assigned to a computer so that it can communicate with other computers and devices on a TCP/IP network. An IP address consists of two portions: the network address portion common to all hosts and devices on a physical network, and the host address portion unique to the network host. All devices on a TCP/IP network, such as computers, routers, and printers, each have a unique IP address. Two types of IP addresses are available: classful or default IP addresses, and classless or custom IP addresses. IP addresses belonging to the rst type are grouped into ve different classes ranging from Class A to Class E.
Figure 6-7: An IP address enables a computer to connect with other devices. Depending upon the number of hosts a transmitting terminal addresses, an IP address can be further classied as unicast, multicast, or broadcast. You can easily recognize an IP address by its dotted decimal notation.
Figure 6-8: Decimal notation of an IP address.

The technique of assigning IP addresses is called IP addressing.
IPv4 Addresses A 32-bit binary IPv4 address is usually separated by dots into four 8-bit octets for readability, and each octet is converted to a single decimal value. Each decimal number can range from 0 to 255, but the rst number cannot be 0. In addition, all four numbers cannot be 0 (0.0.0.0) or 255 (255.255.255.255).
166
LESSON 6
For more information on IP address assignments, see www.iana.org/assignments/ ipv4-address-space/.
The Dotted Decimal Notation TCP/IP addresses are usually displayed in the dotted decimal notation rather than in binary. The dotted decimal notation consists of four decimal numbers separated by three dots. Each decimal number is called an octet and represents eight binary bits. When pronouncing a dotted decimal number, include the separator dots. For example, the IP address 208.123.45.18 is pronounced two oh eight dot one twenty-three dot forty-ve dot eighteen. ARIN The Regional Internet Registry (RIR) is an organization that supervises how Internet numbers are allocated and registered in a particular geographical region. There are ve RIRs in operation now and the American Registry for Internet Numbers (ARIN) is responsible for the United States, Canada, and parts of the Caribbean. The services provided by ARIN include: IP address allocation. Registration transaction information with the help of WHOIS, a query/response protocol that is used to query an official database to determine the owner of a domain name, or an IP address on the Internet. Routing information with the help of RIRs that manage, distribute, and register public Internet number resources within their respective regions.
Mailing Address Analogy Some of the numbers in an IP address identify the network segment on which a computer resides, just as a persons mailing address uses a street name to identify the street on which he or she lives. The rest of the numbers in the IP address uniquely identify the computer on a network, just as the house number portion of the mailing address uniquely identies a specic house on a street.
Subnets
Denition: Subnetting is the process of logically dividing a network into smaller subnetworks or subnets, with each subnet having a unique address. The conventional addressing technique has IP addresses with two hierarchical levels, namely the network ID and host ID. However, in subnet addressing, the host portion is further subdivided into the subnet ID and host ID. Therefore, subnet addressing is designed with three hierarchical levels: a network ID, subnet ID, and host ID. To create subnets, a network administrator congures each node with an IP address and a subnet mask, which is used to identify the subnet to which the node belongs in order to divide the network into subnetworks. Routers and switches act as border devices for each subnet and manage traffic within and between subnets on a network. The subnet can be on a separate physical segment, or it can share segments with other logical subnets.
Subnets
167
LESSON 6
Analogy: The three address parts of a subnet address can be compared to a telephone number, which consists of an area code, an exchange number, and the customer code. Example:
Figure 6-9: A network divided into two subnets. Benets of Subnets Two main benets of creating subnets are to improve network performance and to provide a more secure network environment. For performance enhancement, an administrator would most likely divide the network into groups of devices that frequently interact with each other, and for security enhancement, the administrator might divide the network based on servers that have restricted applications or sensitive data.
Subnet Masks
Subnet Masks
A subnet mask is a 32-bit number assigned to each host for dividing the 32-bit binary IP address into network and node portions. This segregation makes TCP/IP routable. A subnet mask uses the binary AND operation to remove the node ID from the IP address, leaving just the network portion. Default subnet masks use the value of eight 1s in binary, or 255 in decimal, to mask an entire octet of the IP address.
Figure 6-10: The subnet mask of an IP address. Subnet Mask Values The rst number of a subnet mask must be 255; the remaining three numbers can be any of the following values: 255, 254, 252, 248, 240, 224, 192, 128, and 0.
LESSON 6
Default Subnet Masks Groups of IP addresses have specic default subnet masks, based on the range of values of the rst octet of the IP address.
Default Subnet Mask

255.0.0.0 255.255.0.0 255.255.255.0
Value of the First Octet of IP Address

1126 128191 192223
ACTIVITY 6-2
Identifying TCP/IP Information
Scenario: As the network administrator, you need to identify the IPv4 and MAC addresses of few computers to create a subnet. You also need to identify the names of a few computers so that you can join them to the domain on your network. You need to reassign the computers to a different subnet on your organizations network and you have been asked to gather information such as the subnet mask and default gateway. You need to check this TCP/IP information on each computer.
What You Do 1. Display system properties. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, click the System and Security link. c. In the System and Security window, click the System link to display the system properties.
Your computers full name might differ from the name displayed in the graphic.
169
LESSON 6
d. In the System window, in the Computer name, domain, and workgroup settings section, in the Full computer name field, identify your computers full name.
e. Close the System window.
170
LESSON 6
2. View the TCP/IP information assigned to your NIC. a. Choose StartControl Panel. b. In the Control Panel window, click the Network and Internet link. c. In the Network and Internet window, click the Network and Sharing Center link. d. In the Network and Sharing Center window, click the Change adapter settings link. e. Right-click Local Area Connection and choose Status. f. In the Local Area Connection Status dialog box, click Details.
g. In the Network Connection Details dialog box, in the properties list, identify the physical address, IPv4 address, subnet mask, DHCP server, and DNS server information.
h. Close all open dialog boxes and windows.
Subnet Mask Structure

To conform to TCP/IP standards, subnet masks must follow a set of rules: The ones in the mask always start at bit 32, to the left of the mask. The zeros in the mask always start at bit 1, to the right of the mask. The ones in the mask must be contiguous, with no zeros interspersed between the ones.
Subnet Mask Structure
171
LESSON 6
Figure 6-11: Structure of a subnet mask.
IP Address Assignment Rules

IP Address Assignment Rules
While assigning IP addresses to nodes in a network, certain rules are to be followed: Each node that connects to the network must have a unique IP address. If the network has subnets, each node connected must be assigned to a subnet on the network. Each subnet must have a unique network ID. All devices on a subnet must share the same network ID. Nodes on a local subnet must have unique node IDs. Nodes on different subnets can have the same node IDs if the network IDs are different. The node address cannot be all ones or all zeros. The IP address 127.0.0.1 is reserved for testing and cannot be used as a node ID.
Figure 6-12: IP addressing on subnets.
Binary and Decimal Conversion

Binary and Decimal Conversion
Binary is a base 2 numbering system in which any bit in the number is either a zero or a one. Each bit has a weight, or place value, which is a power of two. The place value is determined by the bits location in the binary number. The value of a binary number is the sum of the place values of all one bits in a number.
172
LESSON 6
Figure 6-13: Binary and decimal equivalents. Binary Exponents For a given value of n ranging from zero to two, the decimal values of 2n vary accordingly.
Exponent Value
2
0 1 2 3 4 5 6 7
Decimal Value
1 2 4 8 16 32 64 128
2 2 2 2 2 2 2
Binary to Decimal Equivalents 8-bit binary numbers can be converted to their decimal equivalents using powers of two.
Binary Number
00000001 00000011 00000111 00001111 00011111 00111111 01111111 11111111
Conversion
0+0+0+0+0+0+0+2
1 2 1 0 0 0 0 0 0 0 0
Decimal Value
1 3 7 15 31 63 127 255
0+0+0+0+0+0+2 +2
3 2 1
0+0+0+0+0+2 +2 +2
4 3 2 1
0+0+0+0+2 +2 +2 +2
5 4 3 2 1
0+0+0+2 +2 +2 +2 +2
6 5 4 3 2 1
0+0+2 +2 +2 +2 +2 +2
7 6 5 4 3 2 1
0+2 +2 +2 +2 +2 +2 +2
2 +2 +2 +2 +2 +2 +2 +2
173
LESSON 6
Windows Calculator The Calculator accessory that is built in to Windows operating systems can be very useful when converting decimal and binary numbers. Switch the calculator to the Scientic view, type a number, and use the Dec and Bin radio buttons to convert the number from one format to another.
Binary ANDing
Binary ANDing
To apply a subnet mask, both the IP address and subnet mask are converted to binary. The two binary numbers are ANDed together. The zeros in the subnet mask convert all bits in the node portion of the IP address to zeros, leaving the network portion of the address intact. The binary AND operation involves two rules: Zero AND any value equals zero. One AND one equals one.
Figure 6-14: Applying a subnet mask. Custom Subnetting Because the binary value of 255 is all ones (11111111), you can easily identify the network portion of an IP address with any of the three default subnet masks applied without converting to binary. However, you can subdivide your IP network address by borrowing a part of your networks host addresses to identify subnet addresses. In these cases, the network portion of the IP address is not so easily identied, and it may be necessary to convert to binary to determine the network and node portions of the IP address.
174
ACTIVITY 6-3
Identifying IP Addressing
Scenario: In this activity, you will identify IP addressing concepts.
LESSON 6
1.
Match a component of a data packet with its contents.
b c a
2.
Header Data Footer
a. An error checking code. b. Destination and source addresses. c. Data to be transmitted.
Select the example of an IP address. a) webserver1 b) 201.183.100.2 c) 00-08-02-D4-F6-4C d) M123-X7-FG-128
3.
Match the binary value with its decimal equivalent.
b d e a c
4.
01100100 11100000 11111111.11111111. 11110000.00000000 01100100.01100100. 00000010.00000001 01111111.00000000. 00000000.00000001
a. 100.100.2.1 b. 100 c. 127.0.0.1 d. e. 224 255.255.240.0
Which is the default subnet mask value for the addresses whose first octet ranges from 192 to 223? a) 255.255.0.0 b) 255.255.255.0 c) 255.0.0.0 d) 254.255.0.0
5.
True or False? Default subnet masks use the value of eight 0s in binary. True False
175
LESSON 6
TOPIC C
Default IP Addressing Schemes
In the previous topic, you identied the addressing schemes for the protocols and standards that can be used on a TCP/IP network. Now that you are aware of the protocols, you can identify the ways by which IP addresses are assigned. In this topic, you will identify the default addressing schemes used in TCP/IP networks. On the Internet, TCP/IP addresses must be regulated with a common scheme to ensure that there are no duplicate addresses worldwide. Companies and Internet Service Providers (ISPs) often lease addresses for their networks and customers to gain Internet access as it is expensive for a company to lease IP addresses for every client that needs Internet access. To lease the required IP addresses easily, you need to rst understand the default IP address classes, their reserved purposes, and where to lease the IP addresses you need.
ICANN
ICANN
The IP address of every node on the Internet must be unique. An international organization called the Internet Corporation for Assigned Names and Numbers (ICANN) controls the leasing and distribution of IP addresses on the Internet. Companies lease their IP addresses from ICANN to ensure that there are no duplicate IP addresses.
In 1993, an international organization called the Internet Assigned Number Authority (IANA) was established to govern the use of Internet IP addresses. Today, that function is performed by ICANN.
Figure 6-15: ICANN leases IP addresses on the Internet.
IP Address Classes
IP Address Classes
The TCP/IP suite consists of ve blocks of addresses, called address classes, for use on specic networks based on their size.
176
LESSON 6
Address Class
Class A
Description
Class A addresses provide a small number of network addresses for networks with a large number of nodes per network. Used only by extremely large networks, Class A addresses are too extensive for use by most organizations. Address range:1.0.0.0 to 127.255.255.255 Number of networks:126 (The IP address 127.0.0.1 is reserved.) Number of nodes per network:16,777,214 Network ID portion:First octet Node ID portion:Last three octets Default subnet mask:255.0.0.0
Example of a Class A address: 10.28.220.19 Class B Class B addresses provide a balance between the number of network addresses and the number of nodes per network. Most organizations lease Class B addresses for use on networks that connect to the Internet. Address range:128.0.0.0 to 191.255.255.255 Number of networks:16,382 Number of nodes per network:65,534 Network ID portion:First two octets, excluding Class A addresses Node ID portion:Last two octets Default subnet mask:255.255.0.0 Example of a Class B address: 155.128.20.106 Class C Class C addresses provide a large number of network addresses for networks with a small number of nodes per network. Address range:192.0.0.0 to 223.255.255.255 Number of networks:2,097,150 Number of nodes per network:254 Network ID portion:First three octets, excluding Class A and Class B addresses Node ID portion:Last octet Default subnet mask:255.255.255.0 Example of a Class C address: 201.208.120.86 Class D Class D addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. A multicast server assigns a single Class D address to all members of a multicast session. There is no subnet mask. Class D addresses are routable only with special support from routers. Address range:224.0.0.0 to 239.255.255.255 Example of a Class D address: 230.43.160.48 Class E addresses are set aside for research and experimentation. Address range:240.0.0.0 to 255.255.255.255 Example of a Class E address: 250.217.39.190
Class E
177
LESSON 6
Special Addresses in Default Address Classes Because neither the node portion nor the network portion of an IP address can be all 1s or all 0s, certain host addresses in each address class are invalid for individual hosts. For example, in Class A only, the host address 10.0.0.0 is not valid because the host portion is all 0sthe address is identical to the network address. Similarly, the Class A address 120.255.255.255 is not valid because the host portion is all 1s. A host address with all 1s has a special purpose; it is used as a broadcast address. The address 127.255.255.255 would be used for broadcasts to the local subnet. Available Host and Network Addresses The number of host addresses or network addresses available on networks in each class depends upon how many bits are in the network portion or host portion of the address. The formula to calculate available host addresses is 2x-2, where x is the number of host bits. Two addresses in each block are unavailable because host addresses cannot be all ones or all zeros. Similarly, the formula to calculate available network addresses is 2y-2, where y is the number of network bits. Restricted IP Addresses Some IP addresses have special uses and cannot be assigned to networks and hosts. For example, IP address 127.0.0.1 is reserved for testing. It identies your network and host on the Internet.
Restriction
A network address of 0 is not permitted.
Reason
Example
When the network address is set to 0, The 0.0.0.22 address TCP/IP interprets the IP address as a identies host 22 on local address, meaning that the data the local network. packet does not need to be transmitted through a router. When the node address is set to 0, TCP/IP interprets the address as a network address and not a node address. Messages addressed to a network address of 127 are not transmitted out onto the network; instead, these messages are sent back to the transmitting node. The address of 127 is used to test the conguration of TCP/IP. The 255 address is reserved for broadcasts. The address 122.0.0.0 identies the network whose address is 122. 127.0.0.1 is referred to as the loopback address. It is a shorthand way for any host to refer to itself. 255.255.255.255 is a broadcast address. Data packets will be sent to all hosts on all networks. 187.205.255.255 is also a broadcast address and data packets will be sent to all hosts on network 187.205.
A node address of 0 is not permitted.
The network address of 127 is reserved.
Neither the network address nor the host address can be just 255.
178
LESSON 6
Restriction
Network address 1.1.1.1 is not permitted.
Reason
TCP/IP identies all hosts with that address.
Example
1.1.1.1 refers to every host.
To test your node, enter ping 127.0.0.1, ping loopback, or ping localhost to check if TCP/IP is functioning on your node.
Private IP Addresses
Private IP addresses are addresses that organizations use for nodes within enterprise networks requiring IP connectivity and not external connections to the Internet. IP addresses in each of the Classes A, B, and C are reserved as private IP addresses. When an Internet router receives a data packet bound for one of these reserved IP addresses, it recognizes the address as nonroutable and does not forward it outside the network. Private IP addresses can be used freely on internal networks. Because they are not routable, private IP addresses do not cause duplicate IP address conicts on the Internet. An organization can use private IP addresses without contacting an Internet registry or the ICANN. These addresses are not injected into the global Internet routing system. Therefore, different organizations can use the address space simultaneously. Problems arising due to the shortage of IP addresses are partly resolved by private IP addresses.
In order for a computer with an assigned nonroutable IP address to access Internet resources or other external networks, the private IP address needs to be converted to a routable address. This is usually accomplished through a gateway or by a router. Private IP Addresses
Private IP Address Ranges The private, nonroutable IP address ranges are: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
The Local and Remote Addressing Process

In the local and remote addressing process: 1. A network node uses a subnet mask to determine whether a data packet is bound for the local subnet or must be routed to a remote subnet. 2. 3. 4. 5. 6. The node applies the subnet mask to its own IP address to determine its own network ID. It then applies the subnet mask to the packets destination address to determine the destination network ID. Once the node has applied the subnet mask, it compares the two network IDs. If they are the same, then the two nodes are on the same subnet and the node can deliver the packet. If the two networks are different, then the two nodes are remote to each other and the data is routed to the remote network.
The Local and Remote Addressing Process
179
LESSON 6
The process of determining local and remote addresses based on IP addresses falls under the Network layers routing protocol function.
Figure 6-16: Steps involved in local and remote addressing process.
Default Gateways
Default Gateways
Denition: A default gateway is the IP address of a router that routes remote traffic from the computers local subnet to remote subnets. Typically, it is the address of the router connected to the Internet. A TCP/IP host does not need a default gateway address if the computer does not need to communicate with computers outside its local subnet. You need to congure a node with an IP address, a subnet mask, and a default gateway to communicate on the Internet. You will need only an IP address and a subnet mask to communicate with other nodes on your network.
You can enter ipconfig on your command prompt to view the TCP/IP parameters on your computer.
180
LESSON 6
Example:
Figure 6-17: The default gateway routes traffic to remote subnets.
ACTIVITY 6-4
Identifying Default IP Addressing Schemes
Scenario: In this activity, you will identify the characteristics of default IP addressing schemes.
1.
Match the IP address range with its class.
a b d c e
2.
Class A Class B Class C Class D Class E
a. b. c. d. e.
1.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 224.0.0.0 to 239.255.255.255 192.0.0.0 to 223.255.255.255 240.0.0.0 to 255.255.255.255
Select the IP address classes that can be assigned to hosts. a) Class A b) Class B c) Class C d) Class D e) Class E
3.
What is the term used to denote the IP address of a router that routes remote traffic from the computers local subnet to remote subnets? a) Subnet mask b) Default gateway c) Private IP address d) Loopback address
181
LESSON 6
4. True or False? A TCP/IP host needs a default gateway address to communicate with computers within its local subnet. True False
TOPIC D
Create Custom IP Addressing Schemes
In the previous topic, you identied the various IP addressing schemes. Administrators can also create customized IP address schemes. In this topic, you will learn how to construct custom IP addressing schemes. Because of the xed number of default networks and hosts on Class B and Class C networks, many companies were forced to either lease Class B networks and then divide them up into multiple subnetworks within their company, or combine multiple smaller subnets into one highly subnetted network using Class C networks to facilitate the total number of nodes. As a network administrator, you will need to know how to create subnets that meet the requirements of the current IP addressing scheme and are fully functional on any IP network.
Custom TCP/IP Subnets

Custom TCP/IP Subnets
Denition: A custom TCP/IP subnet is a class of leased addresses that are divided into smaller groups to serve a networks needs. A custom TCP/IP subnet has a custom subnet mask ANDed to the IP address, so that what the node sees as its local network is a subset of the whole default network address block. A default gateway is congured for each subnet to route traffic between subnets.
182
LESSON 6
Example:
Figure 6-18: A custom subnet mask ANDed to the IP address.
Custom Subnet Masks

You can use a custom subnet mask to divide a single IP address block into multiple subnets. A custom subnet mask borrows node bits in a contiguous block from the left side of the node portion of the address, and uses them as network bits. This divides a single network address into multiple networks, each containing fewer nodes.
Custom Subnet Masks
Figure 6-19: A custom subnet mask borrows node bits in a contiguous block. Custom Subnet Masks on Class C Networks There are different possible combinations of custom subnet masks on a Class C network.
Last Octet of New Mask (Binary)

10000000 11000000 11100000 11110000 11111000 11111100
New Mask (Decimal)

255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252
Number of Added Networks

2 4 8 16 32 64
Nodes per Network

126 62 30 14 6 2
183
LESSON 6
Last Octet of New Mask (Binary)
11111110 11111111
New Mask (Decimal)

255.255.255.254 255.255.255.255
Number of Added Networks
Nodes per Network
Not allowed in Class C Not allowed in Class C
Determining Available Host Addresses The number of host addresses on a custom subnet is a function of the total number of address bits available for host addressing. The formula is 2x-2, where x is the number of host bits. Two addresses in each block are unavailable because host addresses cannot be all ones or all zeros. So, with a subnet mask of 255.255.255.248 (11111111.11111111.11111111.11111000 in binary), three bits available for host addresses (23=8), less two unavailable addresses leaves a total of six available host addresses per network.
Variable Length Subnet Masks

Variable Length Subnet Masks
Denition: A Variable Length Subnet Mask (VLSM) can be used for creating subnets that have different numbers of nodes. In a standard subnet, the number of addresses is identical within each subnet. The custom subnet mask must accommodate the subnet with the greatest number of nodes. However, such a scheme can waste addresses on smaller subnets. A VLSM applies the custom subnet mask, which provides the number of nodes required for each subnet.
The downside of carefully tailoring a subnet mask to each subnet is that you limit your capacity for future node growth on each subnet. Ideally, you want some room for future growth, but predicting how much growth you need is more of an art than an exact science.
Example: Variable Subnet Masks on a Network A Class C network might contain 3 subnets, with 5 hosts on subnet 1, 12 hosts on subnet 2, and 28 hosts on subnet 3. You could use a custom subnet mask of 255.255.255.224 to allow each subnet to have 30 addresses. However, applying this subnet mask would waste 25 IP addresses on subnet 1, 18 IP addresses on subnet 2, and 2 IP addresses on subnet 3. By applying a variable subnet mask of 255.255.255.248 to subnet 1, 255.255.255.240 to subnet 2, and 255.255.255.224 to subnet 3, you only waste one IP address on subnet 1, and two IP addresses each on subnets 2 and 3.
184
LESSON 6
Figure 6-20: VLSM creates subnets containing different numbers of nodes.
Classless Inter Domain Routing

Classless Inter Domain Routing (CIDR) is a classless addressing method that considers a VLSM as a 32-bit binary word. Mask bits can move in one-bit increments to provide the exact number of nodes and networks required. The CIDR notation combines a network address with a number to represent the number of one bits in the mask. With CIDR, multiple class-based networks can be represented as a single block.
Classless Inter Domain Routing
Figure 6-21: A classless addressing method that considers a VLSM as a 32-bit binary word.
CIDR can also be referred to as classless routing or supernetting. Because of its efciencies, CIDR has been rapidly adopted, and the Internet today is largely a classless address space.
CIDR Subnet Masks There are different values possible for each CIDR subnet mask. The /24, /16, and /8 CIDR masks correspond with the classful ranges of Class C, Class B, and Class A, respectively.
CIDR Mask (Number of Network Bits)

/32 /31 /30
Number of Possible Nodes

N/A N/A 2
Standard Subnet Mask in Dotted Decimal

255.255.255.255 255.255.255.254 255.255.255.252
185
LESSON 6
CIDR Mask (Number of Network Bits)
/29 /28 /27 /26 /25 /24 /23 /22 /21 /20 /19 /18 /17 /16 /15 /14 /13 /12 /11 /10 /9 /8 /7 /6 /5 /4 /3 /2 /1
Number of Possible Nodes

6 14 30 62 126 254 510 1,022 2,046 4,094 8,190 16,382 32,766 65,534 131,070 262,142 524,286 1,048,574 2,097,150 4,194,304 8,386,606 16,777,214 33,554,430 67,108,862 134,217,726 268,435,544 536,870,910 1,073,741,824 N/A
Standard Subnet Mask in Dotted Decimal

255.255.255.248 255.255.255.240 255.255.255.224 255.255.255.192 255.255.255.128 255.255.255.0 255.255.254.0 255.255.252.0 255.255.248.0 255.255.240.0 255.255.224.0 255.255.192.0 255.255.128.0 255.255.0.0 255.254.0.0 255.252.0.0 255.248.0.0 255.240.0.0 255.224.0.0 255.192.0.0 255.128.0.0 255.0.0.0 254.0.0.0 252.0.0.0 248.0.0.0 240.0.0.0 224.0.0.0 192.0.0.0 N/A
A CIDR Application The CIDR address 192.168.12.0/23 applies the network mask 255.255.254.0 to the 192.168.0.0 network, starting at 192.168.12.0. On a VLSM-enabled router, this single routing entry can dene a supernet that includes the address range from 192.168.12.0 to 192.168.13.255. Compare this to traditional class-based networking, where this range of addresses would require separate routing entries for each of two Class C networks192.168.12.0 and 192.168.13.0each using the default Class C subnet mask of 255.255.255.0.
186
LESSON 6
How to Create Custom IP Addressing Schemes
Procedure Reference: Calculate the Base Network ID of a Custom Subnet To calculate the base network ID of a custom subnet:
1. 2. 3. 4.
How to Create Custom IP Addressing Schemes
Isolate the octet that has shared network and node bits. This is the only octet you need to focus on. The other octets will be either all network bits or all node bits. Convert the shared octet for the IP address to binary. Apply the mask from the shared octet of the subnet mask to the shared octet of the IP address to remove the node bits. Convert the shared portion of the IP address back to decimal.
Example: Calculate a Network ID To determine the network ID of the IP address 206.234.120.87/20: 1. Isolate the octet that has shared network and node bits. The subnet mask for /20 is 11111111 11111111 11110000 00000000 The third octet is shared between nodes and networks. 2. Convert the shared octet for the IP address to binary; add leading zeros as needed to create an 8-bit number. The third octet is 120; the binary equivalent is 1111000. Add a leading zero to create an 8-bit number. 206.234.01111000.87 3. Apply the mask from the shared octet of the subnet mask to the shared octet of the IP address to remove the node bits. Because the fourth octet involves node bits, all of it will change to zeros. The rst and second octets are totally network bits and will drop through the mask. 206.234.01111000.87 255.255.11110000.0 ____________________ 206.234.01110000.0 4. Convert the shared portion of the IP address back to decimal. 01110000 = 112 The base network ID is 206.234.112.0.
187
LESSON 6
DISCOVERY ACTIVITY 6-5

Creating Custom IP Addressing Schemes
Scenario: You have been asked to implement TCP/IP on a divided network. There are three subnets separated by two Layer 3 network devices and no Internet connection. Subnet 1 has 120 nodes, Subnet 2 has 1,350 nodes, and Subnet 3 has 240 nodes. You need to create a custom addressing scheme by selecting the appropriate network IDs.
1.
How many individual network IDs do you need? a) One b) Two c) Three d) Four
2.
If you were going to use default subnet masks for the networks, which default subnet would be applied to each network? Subnets 1 and 3 would use 255.255.255.0 and subnet 2 would use 255.255.0.0.
3.
Which is a valid example of an appropriate IP address and subnet mask for subnet 1? a) IP address: 192.168.10.0; subnet mask: 255.255.255.0 b) IP address: 172.16.0.0; subnet mask: 255.255.0.0 c) IP address: 192.168.10.0; subnet mask: 255.255.0.0 d) IP address: 172.16.0.0; subnet mask: 255.255.255.0
188
TOPIC E
Implement IPv6 Addresses
In the previous topics, you learned about IPv4, which is the original version of the TCP/IP protocol and is in use on thousands of networks. In contrast, IP version 6 (IPv6) is a new standard that is currently being implemented on networks and is expected to replace IPv4 very shortly. In this topic, you will implement IPv6 addresses. As a network professional who supports TCP/IP networking, you will be aware of the limitations of the IPv4 addressing scheme. IPv6 is an addressing scheme available to network administrators who need to overcome these limitations. If you support or congure networks that include this new IP addressing scheme, you will need to understand its characteristics as well as how it can interoperate with existing IPv4 implementations.
LESSON 6
IPv4 Address Space Limitations

Limitations of the IPv4 address space include: The 32-bit IP address space itself, which provides only a theoretical maximum of 232, or approximately 4,295 billion, separate addresses. The division of the address space into xed classes, with the result that node addresses falling either between classes or between subnets are unavailable for assignment. The fact that IP address classes provide a small number of node addresses, leading to difculty matching IP address leases to a companys needs and IP addresses being wasted. The depletion of Class A and Class B IP address assignments. Unassigned and unused address ranges within existing Class A and Class B blocks.
IPv4 Address Space Limitations
IPv6
IP version 6, or IPv6, the successor to IPv4, is an addressing scheme that increases the available pool of IP addresses by implementing a 128-bit binary address space. IPv6 also includes new features, such as simplied address headers, hierarchical addressing, support for timesensitive network traffic, and a new structure for unicast addressing. IPv6 is not compatible with IPv4, so at present it is narrowly deployed on a limited number of test and production networks. Full adoption of the IPv6 standard will require a general conversion of IP routers to support interoperability.
For more information on IPv6, see the IETFs IP Version 6 Working Group charter at www.ietf.org/html.charters/ ipv6-charter.html. IPv6
Simplied Headers One of the goals of IPv6 is to keep the IP headers as small as possible, to make access to the address more efficient and quicker. Non-essential information in IPv6 headers is moved to optional extension headers.
189
LESSON 6
Hierarchical Addressing In IPv6, address blocks are automatically assigned hierarchically by routers. Top-level routers have top-level address blocks, which are automatically divided and assigned as routers, and segments are added to them. This divides the address space logically instead of randomly, making it easier to manage. Time-Sensitive Data Support A new eld in the IP header of IPv6 packets enables IP to guarantee the allocation of network resources when requested by time-dependent services such as voice and video transmission. Unicast Address Structure IPv6 replaces classful addresses with a more exible and logical unicast addressing structure. There are different categories of unicast addresses that serve different functions. Each network interface on a typical IPv6 host will be logically multihomed, which means that it will have more than one type of unicast address assigned.
Unicast Address Type

Global addresses
Description
Globally routable public addresses. Also known as aggregatable global unicast addresses, they are designed in such that they can be summarized for efficient routing. Global addresses are the equivalent of the entire IPv4 public address space. Addresses used for internal networks that are not routable on the Internet. The equivalent of the IPv4 private, nonroutable address blocks. Addresses that are used to communicate and automatically assigned on private network segments with no router. The equivalent of APIPA addressing in IPv4. Addresses are used on mixed networks to support routing of IPv6 data across IPv4 networks. This class will be phased out when all routers convert to IPv6.
Site-local addresses
Link-local addresses
IPv6 transitional addresses
IPv6 Addresses
IPv6 Addresses
An IPv6 address is a 128-bit binary number assigned to a computer on a TCP/IP network. Some of the bits in the address represent the network segment; the other bits represent the host itself. For readability, the 128-bit binary IPv6 address is usually separated by colons into eight groups of four hexadecimal digits: 2001:0db8:85a3:0000:0000:8a2e:0370:7334. While all eight groups must have four digits, leading zeros can be omitted: 2001:db8:85a3:0:0:8a2e:370:7334 and groups of consecutive zeros replaced with two colons: 2001:db8:85a3::8a2e:370:7334. To avoid ambiguity, the double-colon substitution can only be performed once per address.
A 128-bit address provides 2128 potential address combinations.
IPv4 vs. IPv6 IPv4 addresses differ from IPv6 addresses in several ways. IPv4 addresses use 32 bits as opposed to the 128 bits used in IPv6 addressing.
190
LESSON 6
While implementing IPv4 addresses, IPSec is optional. However, IPSec is not optional in IPv6 addresses. The header information structure is different between IPv4 and IPv6 addresses.

IPv6 has many advanced features that are not available in IPv4. Although IPv6 is being implemented in test and production networks, IPv4 is implemented on a larger scale. As there are many IPv4 networks, when implementing IPv6 on a network, you need to follow these guidelines to ensure backward compatibility with IPv4. Guidelines: To implement IPv6 on an IPv4 network, follow these guidelines: Implement IPv6 in phases throughout the organization. Ensure interoperability between IPv4 and IPv6 during the initial phase of the transition from IPv4 to IPv6, rather than trying to replace IPv4 completely with IPv6. Avoid using subnet masks while migrating your network to IPv6 as it is not necessary to use subnet masks in networks that implement IPv6. In case the existing IPv4 network uses subnet masks, they can be avoided. Remember that the network classes used in IPv4 will not apply to IPv6. Congure AAAA DNS records for IPv6 although IPv4 DNS services make use of A records. Upgrade the necessary hardware to support IPv6. This includes all nodes, hosts, and routers on the network. Ensure that the IPv6 environment, once implemented, is scalable to support the future requirements of your network. Ensure that IPv6 packets that are sent on an IPv4 network are encapsulated. This can be done by tunneling.
Tunneling and DNS records will be covered in more detail in subsequent lessons.
Example: Jason Smith is the network administrator in OGC Technologies. His team was recently involved in migrating the IPv4 address space to IPv6. In the deployment planning meeting, the team agreed to implement IPv6 progressively to ensure that any issues that came up during transition could be resolved. As most of the hardware, such as routers, needed to be replaced before the actual implementation, Jason placed procurement orders for all IPv6compatible hardware that would be needed. The team also updated current A records in the DNS to AAAA which IPv6 supported. As the network classes used in the IPv4 environment no longer applied to IPv6, he created new network classes to suit IPv6. Since OGC had planned to progressively migrate to IPv6, a considerable part of the network was still working on IPv4. The IPv6 data packets were also encapsulated so that they could be transmitted on the IPv4 network.
191
LESSON 6
ACTIVITY 6-6
Implementing IPv6 Addressing
Scenario: In this activity, you will identify components of the IPv6 protocol.
1.
Which is not a limitation of IPv4? a) 128bit address space. b) Depletion of Class A and B network addresses. c) Unassigned and unused address ranges. d) Division of the address space into fixed classes.
2.
True or False? IPv6 data packets cannot be sent on IPv4 networks. True False
3.
What are the factors that an organization may need to consider before upgrading to IPv6? Answers will vary, but may include: the cost of replacement of required hardware, cost of training the IT staff, and amount of time required for upgrading to IPv6.
4.
True or False? DNS A records are compatible with IPv6. True False
5.
What will be the reasons for the widespread future deployment of IPv6? Answers will vary, but may include: one of the critical factors that would trigger the widespread deployment of IPv6 includes a deficit of IPv4 address space with the increasing number of Internet users, and government policies.
192
TOPIC F
Delivery Techniques
In terms of network data delivery, you have identied two pieces of the puzzledata addressing and network connection mechanisms. Once you have the data properly packaged and addressed, and a functional network connection established between the source and destination computers, you are ready to transmit data across the network. In this topic, you will identify the techniques that ensure that data is transmitted completely and accurately across a network. Data that is sent through a network can encounter several variables that can delay or even alter the data before it is received. The challenge for network administrators is to implement delivery techniques within the network to ensure the integrity of data transmission across the network. When implemented, these delivery techniques can detect errors in data transmissions and recover from the errors using recovery mechanisms.
LESSON 6
Connections
A connection is a virtual link between two nodes established for the duration of a communication session. Connections provide ow control, packet sequencing, and error recovery functions to ensure reliable communications between nodes. Connection Services Connection services ensure reliable delivery by detecting and attempting to correct transmission problems.
Connections
Connection Service
Unacknowledged connectionless Acknowledged connectionless Connection-oriented
Description
This service provides no acknowledgement of successfully transmitted data. The application must provide its own reliability checks. Simplex communications use this type of service. Nodes do not establish a virtual connection. However, they do acknowledge the successful receipt of packets. Web (HTTP) communications use this type of connection service. Nodes establish a virtual connection for the duration of the session. Nodes negotiate communication parameters and typically share security information to establish a connection. This connection service provides the means for ow control, packet sequencing, and error recovery functions. Traditional, nonweb-based networking applications often use connection-oriented services.
Connection Modes There are three commonly used connections modes.
193
LESSON 6
Connection Mode
Simplex
Description
The simplex mode of communication is the one-way transmission of information. There is no return path. Because the transmission operates in only one direction, simplex mode can use the full bandwidth of the medium for transmission. Radio and television broadcasts are simplex mode transmissions. The half duplex mode of communication permits two-way communications, but in only one direction at a time. When one device sends, the other must receive; then they can switch roles to transfer information in the other direction. Half duplex mode can use the full bandwidth of the medium because the transmission takes place in only one direction at a time. The full duplex mode of communication permits simultaneous two-way communications. A device can both send and receive data simultaneously. Sending and receiving can occur over different channels or on the same channel. Generally, neither the sender nor the receiver can use the full bandwidth for their individual transmission because transmissions are allowed in both directions simultaneously. Full duplex mode also may be called a bi-directional transmission. If someone speaks about duplex transmissions, they likely are referring to the full-duplex mode. Telephone systems are full duplex devicesall persons involved can talk simultaneously. Many modern networking cards support the full duplex mode.
Half duplex
Full duplex
There are full bandwidth transmissions in some network environments, namely full-duplexed switched Ethernet.
Flow Control
Flow Control
Flow control is a technique for optimizing data exchange between systems. If too much data is sent at once, the receiving node can become overwhelmed, dropping packets that arrive too quickly to process. If too little data is sent, the receiver sits idle waiting for more data to arrive. Buffering and data windows are two ow control techniques commonly used in computer networking.
Buffering
Buffering
Denition: Buffering is a ow control technique in which data received is stored on a temporary high-speed memory location, called a buffer, until the main system components are ready to work with the data. In a networking situation, the network card itself handles buffering so that the processor does not have to become involved. Buffering is also used when reading information from the disk or RAM, in which case the buffer is more often called a cache.
194
LESSON 6
Example: Cache Controller A cache controller, a specialized processor chip, manages caching so that the processor does not have to. Flooding Even with a high-speed buffer, data can sometimes arrive too quickly to be handled. This situation is called ooding. To avoid ooding, receiving devices typically send a squelch signal to the sender when the buffer is approximately 75 percent full. Upon receiving a squelch signal, the sender will slow or halt further data transmissions until the receiver catches up.
Data Windows
Data windows constitute a ow control technique in which multiple packets are sent as a unit called a block or a window. The recipient acknowledges each window rather than each packet, resulting in higher throughput. Two types of data windows are available: xed length and sliding. Data windows dene how much data can be sent without waiting for an acknowledgment. The ow control window, whose size is set by the receiver, ensures that packets are sent in the same speed as the receivers processing. The size of a data window is set by a sender. In the simplest case, a sender transmits one packet and then waits for an acknowledgement from the recipient, an ACK signal. If the recipient is busy, the sender sits idle until it receives the ACK, after which it sends the next packet. Throughput can be increased if data is sent in larger packages, with the recipient sending fewer acknowledgements.
Data Windows
Figure 6-22: Multiple packets sent as a block.
Figure 6-23: Data window sizes can be fixed or variable.
195
LESSON 6
Fixed Length and Sliding Windows The data window size can be xed or variable. With xed length windows, every block contains the same number of packets. To avoid ooding the buffers of some devices, xed length windows are typically small. So, while xed length windows are more efficient than sending individual packets, they are less efficient than sliding windows. Sliding windows use variable block sizes. The rst block sent contains a small number of packets. Each subsequent block is a bit larger, until the sender oods the buffers of the recipient. Upon receiving the squelch signal, the sender reduces the window size and resumes transmission. The window size is continually reevaluated during transmission, with the sender always attempting to send the largest window it can to speed throughput.
Error Detection
Error Detection
Error detection is the process of determining if transmitted data has been received correctly and completely. Typically, the sender attaches extra bits in the form of an Error Detection Code (EDC) to the footer of the transmitted data to indicate its original contents. The receiver generates an EDC and compares it with the transmitted EDC to determine if the data has been altered en route. If the EDCs match, the receiver processes the data. If the receiver nds an error, it requests retransmission of data. Error detection can also include a correction component, Error Detection and Correction (EDAC), wherein if data has an error, the receiver can rebuild the data.
Figure 6-24: The error detection process.
Parity Check
Parity Check
Parity check is a process used to detect errors in memory or data communication. In this process: 1. A computer checks the data sent and received on a word-by-word basis. 2. 3. The sender adds one bit to each word of the data and then transmits to the receiver. The receiver compares the number of ones within a transmitted byte to those received.
196
LESSON 6
4. If the count matches, the data is assumed to be valid. If a word is determined to be corrupt, the receiver requests retransmission of the data.
Figure 6-25: Parity check detects errors during data communication.
Cyclic Redundancy Check

Cyclic Redundancy Check (CRC) is an error detection method in which a predened mathematical operation is used to calculate a CRC code. In this error detection process: 1. The sender attaches the CRC to a block of data and transmits it to a receiver. 2. 3. The receiver calculates its own CRC value for the data block and compares it to the transmitted CRC. If the values match, the receiver assumes the data was unaltered during transmission.
Cyclic Redundancy Check
Figure 6-26: CRC used to detect errors in transmitted data. CRC Considerations Typically, CRC checks are applied to large blocks of data, such as all the data sent in a packet. Thus, fewer error detection bits must be transmitted with the data in a packet. However, if a CRC check fails, the entire block must be retransmitted. In general, though, CRC checking uses less network bandwidth than parity checking.
197
LESSON 6
ACTIVITY 6-7
Identifying Data Delivery Techniques
Scenario: In this activity, you will identify the characteristics of reliable data delivery techniques.
1.
Which are techniques for error detection? a) Sliding windows b) Parity checking c) CRC d) EDAC
2.
True or False? Parity checking adds overhead to network transmissions. True False
3.
Which statement is true of sliding and fixed length windows? a) Sliding windows are groups of packets selected at random from transmitted data, whereas fixed length windows always include the same sequence of packets. b) Fixed length windows always contain the same number of packets, while sliding windows contain 8, 16, or 32 packets. c) Sliding windows contain a variable number of packets in a block, while fixed length windows always contain the same number. d) Fixed length windows contain a variable number of packets in a block, while sliding windows always contain the same number.
4.
Buffer flooding is the process of: a) Sending data at a speed the receiver can handle. b) Corrupting the buffers in the receiver. c) Filling the buffer of the receiver with padding (empty) packets. d) Overfilling the buffers in the receiver.
5.
Match the error detection technique with the amount of data that it checks.
c b a
Parity check CRC EDAC
a. Packet b. Block c. Byte
198
Lesson 6 Follow-up
In this lesson, you learned how data is delivered to its intended destination reliably and unaltered by using data addressing, connection mechanisms, and techniques that ensure the reliable delivery of data. Using this knowledge, you can ensure that when users make a request for a network service or send data across your network, their request or data arrives at the intended destination.
1. In your opinion, which class of IP address will suit your organization? Answers will vary, but may include: Class A, B, C, D, or E depending upon the number of nodes present on the network. 2. Which delivery techniques will you implement most often on your network? Answers will vary, but may include: error detection, parity check, flow control, and variable length windows depending on the characteristics of the network implementation.
LESSON 6
199
NOTES
200
LESSON 7
LESSON 7
TCP/IP Services
In this lesson, you will identify the major services deployed on TCP/IP networks. You will: Assign IP addresses statically and dynamically. Identify host name resolution methods on a TCP/IP network. Identify common TCP/IP commands and their functions. Identify the common protocols and services in use on a TCP/IP network. Identify various TCP/IP interoperability services.
Lesson 7: TCP/IP Services
201
LESSON 7
Introduction
In the previous lesson, you learned how the TCP/IP protocol suite uses IP addressing on networks to enable communication. The TCP/IP protocol suite also includes services that aid in managing your TCP/IP network. In this lesson, you will learn how the services that are part of the TCP/IP protocol suite can be used on your network. To manage a TCP/IP network, you need to understand IP addressing methods. But you also have to be able to implement an addressing scheme, and support it on an ongoing basis. To do that, you will need to understand and use TCP/IP services and tools that enable you to congure, monitor, and troubleshoot your TCP/IP network. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.3 Explain the purpose and properties of IP addressing. 1.5 Identify common TCP and UDP default ports. 1.6 Explain the function of common networking protocols. 2.3 Explain the purpose and properties of DHCP. 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.6 Explain the function of common networking protocols. 1.7 Summarize DNS concepts and its components. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues. 1.6 Explain the function of common networking protocols. 1.6 Explain the function of common networking protocols. 5.2 Explain the methods of network access security.
Topic B:
Topic C:
Topic D: Topic E:
202
TOPIC A
Assign IP Addresses
You have learned that each node needs an IP address to communicate on a TCP/IP network. An administrator can manually assign these IP addresses or the assignment can be done automatically without manual intervention. In this topic, you will learn the different methods for assigning IP addresses to your nodes, and how to use the tools that support IP address assignment. Depending on the scope and size of your network, it may be just as easy to manually assign IP addresses to all your nodes as it is to install and maintain a service to do it for you dynamically. By understanding the different methods available to you for assigning IP addresses, you can choose the method that best suits your network.
LESSON 7
Static and Dynamic IP Addressing

On a TCP/IP network, you can assign IP address information statically to nodes by manually entering IP addressing information on each individual network node. Or, you can assign IP addresses dynamically, by using the Dynamic Host Conguration Protocol (DHCP) service.
Static and Dynamic IP Addressing
Figure 7-1: Static and dynamic IP addresses assignment.
Static IP Address Assignment

Conguring TCP/IP statically on a network requires that an administrator visit each node to manually enter IP address information for that node. If the node moves to a different subnet, the administrator must manually recongure the nodes TCP/IP information for its new network location. In a large network, conguring TCP/IP statically on each node can be very time consuming, and prone to errors that can potentially disrupt communication on the network. Static addresses are typically only assigned to systems with a dedicated functionality, such as router interfaces, network-attached printers, or servers that host applications on a network.
Static IP Address Assignment
203
LESSON 7
Figure 7-2: Static IP address assignment using the Internet Protocol (TCP/IP) Properties dialog box.
DHCP
DHCP
DHCP is a network service that automatically assigns IP addresses and other TCP/IP conguration information on network nodes congured as DHCP clients. A DHCP server allocates IP addresses to DHCP clients dynamically, and should be congured with at least one DHCP scope. The DHCP server is congured with IP addresses that it can use, called a scope. When a DHCP server enables the scope, it automatically leases TCP/IP information to DHCP clients for a dened lease period. The scope contains a range of IP addresses and a subnet mask, and can contain other options, such as a default gateway and DNS addresses. A scope also needs to specify the duration of the lease, and usage of an IP address after which the node needs to renew the lease with the DHCP server. The DHCP server determines this duration, which can be set for a dened time period or for an unlimited length of time.
Figure 7-3: A DHCP server dynamically assigns IP addresses to clients.
204
LESSON 7
DHCP Options DHCP options allow you to enable and congure specic values and their assignment and distribution to DHCP clients based on the different parameters such as the scope, server, class or client-specic levels. DHCP options allow you to specify the names of DNS servers and domain suffixes. This will be useful when there are a number of DNS servers on the same network and you want to specify a particular DNS server or a specic domain for your DHCP client. The DHCP options can be modied from the DHCP Options Properties dialog box. There are different categories of options for DHCP. These options will always apply to all clients unless overridden by other settings at the clients end.
Category
Global options Scope options Class options Reserved client options
Description
Includes options that are applicable globally for all DHCP servers and their clients. Includes options that are applicable to clients that obtain leases within a particular scope. Includes options that are applicable to clients that specify a class when obtaining a scope lease. Includes options that are applicable to any client with a scope reservation for its IP address.
DHCP Reservations Reservations are lease assignments in DHCP that allow you to congure a permanent IP address for a particular client on the subnet. Reserved IP addresses differ from statically congured IP addresses; in case of any changes in network parameters on the DHCP server, IP addresses receive the changes when they renew their lease.
The DHCP Lease Process

The DHCP lease process comprises several steps.
The DHCP Lease Process (2 slides)
Figure 7-4: Steps in the DHCP lease process.
205
LESSON 7
Step
Step 1: Node comes online Step 2: DHCP discovery
Description
A node congured to use DHCP comes online and loads a simple version of TCP/IP. After a node comes online and is ready to communicate with a DHCP server, it transmits a Bootstrap Protocol (BOOTP) broadcast, called a DHCP discover, to the networks broadcast address of 255.255.255.255 to check if any DHCP servers are online, and request an IP address. DHCP servers that are online respond with a directed lease offer packet that contains an IP address that the node can lease. The node accepts the rst offer it receives, and returns a request to lease the IP address from the DHCP server, called a DHCP request. The DHCP server acknowledges the request from the node with a DHCP ACK, that has the IP address and settings required for the leasing time and starts the lease. The DHCP server also updates the IP address in its database as being in use to avoid reassigning the address.
Step 3: DHCP offer Step 4: DHCP request Step 5: DHCP ACK
Step 6: Unused DHCP offers When the unused offers expire, all the other DHCP servers return the expire offered IP addresses to the common pool in their DHCP scopes.
Use the acronym DORA to remember the steps in DHCP lease process: Discover, Offer, Request, Acknowledge.
All DHCP servers respond to clients the same way despite which vendor they are manufactured by because the process follows a standard methodology.
BOOTP Any device on the network will need to know its IP address before it can communicate. Although usually a host can read this information from its internal disk, some devices do not have storage, so they need other devices on the network to provide them with an IP address and other information so that they can become IP hosts. This process is called bootstrapping, and to provide this capability, BOOTP was created. BOOTP is a UDP network protocol. BOOTP servers assign IP addresses from a pool of available addresses. BOOTP enables diskless workstation computers to obtain an IP address prior to loading an advanced operating system. DHCP Relay Agent A DHCP relay agent is a service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to the DHCP server on another subnet. BOOTP uses a local broadcast that cannot be sent through routers on the network. As an administrator of a TCP/IP network using DHCP, you must either have a DHCP server on each subnet and congure the router to forward the broadcasts, or congure a DHCP relay agent. Having multiple DHCP servers also ensures a higher degree of fault tolerance as the unavailability of a DHCP server on a subnet does not prevent nodes from requesting or renewing their leases.
206
LESSON 7
The DHCP server returns an offer to the relay agent, which in turn presents the offer to the client. Once the client has its lease, it also has the DHCP servers IP address, so it does not need to use the relay agent to renew the lease. An important factor you need to consider on a network with multiple subnets is that the routers on the network must be RFC 1542compliant to allow a DHCP server to receive the broadcast message from a node. IP Addresses Recovery The DHCP lease process is important to the overall performance of a DHCP system. By leasing addresses to clients instead of permanently assigning them, a DHCP server can recover addresses leased to offline clients that no longer need the addresses.
APIPA
Automatic Private IP Addressing (APIPA) is a service that enables a DHCP client computer to congure itself automatically with an IP address in the range of 169.254.0.1 to 169.254.255.254, in case no DHCP servers respond to the clients DHCP discover broadcast. In case of a DHCP server failure, when the clients on the network cannot obtain IP addresses, the clients can use APIPA to assign themselves an IP address in the 169.254.x.x address range to enable communication with other clients. Thus, APIPA enables DHCP clients to initialize TCP/IP and communicate on the local subnet even in the absence of an active DHCP scope. APIPA addresses are not routable, so computers with APIPA addresses cannot communicate outside of the local subnet.
APIPA
Figure 7-5: Automatic assigned private IP addresses.

If a client cannot reach destinations outside of the local subnet, check the machines IP address. If the client shows an APIPA address, it signals that the DHCP server is unavailable.
APIPA Support APIPA is available on client systems including: Windows XP, and Windows 7 and server operating systems including: Windows 2008 and Windows 2008 R2. Because APIPA requires no administrative conguration, APIPA addressing can be used for small offices where local subnet communication is all that is required.
207
LESSON 7
IP Conguration Utilities
IP Conguration Utilities
You can use the IP conguration utility for your operating system to see TCP/IP conguration information.
Utility
ipconfig
Description
Displays connection-specic DNS suffix, IP address, subnet mask, and default gateway information. Must be run from a command line. To display additional information about the IP conguration, use the ipconfig /all parameter with the command. Supported on server systems including Windows Server 2008 and Windows Server 2008 R2, and client systems including Windows 7, Windows XP, Windows NT, and Novell NetWare. Displays the status of currently active network interface devices. Using options, you can dynamically change the status of the interfaces and their IP address. Supported on Linux and UNIX. Allows you to congure and manage DHCP settings on the network interfaces of a computer. Supported on Linux and UNIX.
ifconfig
dhclient
ipcong Options for DHCP The Windows ipconfig utility provides options for managing dynamic address leases: ipconfig /release forces the release of an IP address used by a client. ipconfig /renew requests the renewal of an IP address for a client. The system rst attempts to obtain a DHCP address, and if a DHCP server fails to respond, it will switch to APIPA addressing.
The ping Command

The ping Command
The ping command is used to verify the network connectivity of a computer, and also to check to see if the target system is active. It veries the IP address, host name, and reachability of the remote system by using and listening for echo replies. ping uses ICMP to check the connections with remote hosts by sending out echo requests as ICMP ECHO_REQUEST packets to the host whose name or IP address you specify on the command line. ping listens for reply packets.
ping is an acronym for packet Internet groper.
Figure 7-6: Using ping tests the connectivity between two hosts.
208
LESSON 7
Syntax of ping command The syntax of the ping command is:
ping target
The target variable species the IP address or DNS name of a computer on the network. Ping uses the DNS setting to resolve the DNS name into an IP address. ping Options You can ping a computer or an IP address. You can also ping the loopback address (127.0.0.1) to test whether TCP/IP has initialized on an individual system. If the computer has a default gateway, you can ping remote systems. To list other options for the ping command, enter ping/? at the command prompt. Some of the options include setting the packet size, changing the Time To Live (TTL) value, and specifying how many times to ping the host. Packet size: By default, data packets are sent as 32 bytes. You can specify a larger size to test response time, the maximum size being 65,500 bytes. To change the packet size, use the -l option followed by the packet length.
ping target [-l size]
TTL: A value that determines how many hops an IP packet can travel before being discarded.
ping target [-i TTL]
Packet Count: Species the number of packets with which a remote host is pinged. The default is four packets. You can specify a higher number of packets with the -n option.
ping target [-n packet count]
ping Blocking As a security measure, some public Internet hosts and routers might be congured to block incoming packets that are generated by the ping command. (They might also block packets from other TCP/IP diagnostic utilities such as the tracert command.) Pinging these hosts will fail even if the host is online. Keep this in mind when you try to ping large public Internet sites; if you are trying to determine if one of these sites is up and running, a better method is simply to use a web browser to connect to the site directly.
Ports
Denition: In TCP and UDP networks, a port is the endpoint of a logical connection. Client computers connect to specic server programs through a designated port. All ports are assigned a number in a range from 0 to 65,535. The IANA separates port numbers into three blocks: well-known ports, which are preassigned to system processes by IANA; registered ports, which are available to user processes and are listed as a convenience by IANA; and dynamic ports, which are assigned by a client operating system as needed when there is a request for service. Three well recognized blocks of port numbers are available for use in DHCP.
Ports
209
LESSON 7
Block
Well-known ports
Description
Port range: 0 to 1,023 These ports are preassigned for use by common, or well-known services. Often the services that run on these ports must be started by a privileged user. Services in this range include HTTP on TCP port 80, IMAP on TCP port 143, and DNS on UDP port 53. Port range: 1,024 to 49,151 These ports are registered by software makers for use by specic applications and services that are not as well-known as the services in the well-known range. Services in the registered port range include SOCKS proxy on TCP port 1080, Kazaa peer-to-peer le sharing on TCP port 1214, and Xbox Live on TCP and UDP port 3074. Port range: 49,152 to 65,535 These ports are set aside for use by unregistered services, and by services needing a temporary connection.
Registered ports
Dynamic or private ports
Example: Well-Known TCP Port Numbers The commonly used TCP port numbers are listed in the table along with the services run using the ports.
Port Number
7 20 21 22 23 25 53 67 68 80 110 137 143 194 389 443 546 547 3389
Service Name
echo ftp-data ftp ssh telnet smtp dns bootps bootpc http pop3 netbios imap irc ldap https dhcpv6-client dhcpv6-server rdp
Service
Ping File Transfer [Default Data] File Transfer [Control] SSH Telnet SMTP DNS DHCP (BOOTP) server DHCP (BOOTP) client HTTP POP3 NetBIOS naming service IMAP Internet Relay Chat (IRC) LDAP HTTP-secure DHCPv6 client DHCPv6 server RDP
210
LESSON 7
The complete list of well-known TCP ports and other port number assignments is available online at www.iana.org/assignments/port-numbers
Well-Known UDP Port Numbers The commonly used UDP port numbers are listed in the table along with the services run using the ports.
Port Number
7 22 23 53 67 68 69 123 137 143 161 389 546 547 3389
Service Name
echo ssh telnet dns bootps bootpc tftp ntp netbios imap snmp ldap dhcpv6-client dhcpv6-server rdp
Service
Ping SSH Telnet DNS DHCP (BOOTP) server DHCP (BOOTP) client TFTP NTP NetBIOS naming service IMAP SNMP LDAP DHCPv6 client DHCPv6 server RDP
The complete list of well-known UDP ports and other port number assignments is available online at www.iana.org/assignments/port-numbers
Sockets
Denition: A socket is a communication endpoint in an IP-based network. In TCP/IP, a socket links an IP address with the port number of a service. Sockets help in delivering data packets to the appropriate application process running in the target node. A socket address is the combination of the protocol, IP address, and port number. Socket Format Used to identify the target node, a socket employs the format:
{protocol, ip address, port number}
Sockets
211
LESSON 7
Example:
Figure 7-7: Format of an IP address socket.
How to Assign IP Addresses

Procedure Reference: Assign IP Addresses To assign IP addresses:
1. 2. 3. 4. 5. 6.
Choose StartNetwork. In the Network window, on the toolbar, click Network and Sharing Center. In the Network and Sharing Center window, in the left pane, click the Change adapter settings link. Right-click your Local Area Connection object and choose Properties. In the Local Area Connection Properties dialog box, in the This connection uses the following items section, select Internet Protocol Version 4 (TCP/IPv4). Click Properties, and in the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, on the General tab, assign an IP address to your system. To use automatic IP addressing for the IP address, subnet mask, and default gateway, select the Obtain an IP address automatically option. To manually congure a static IP address, subnet mask, and default gateway. a. b. Select the Use the following IP address option. In the IP address, Subnet mask, and Default gateway text boxes, enter the TCP/IP information for your network.
7.
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, congure the IP address of your DNS server. To automatically congure the IP address for a DNS server, select the Obtain DNS server address automatically option. To manually congure a static DNS server address. a. b. Select the Use the following DNS server addresses option. In the Preferred DNS server and Alternate DNS server text boxes, enter the DNS server addresses for your network.
8. 9.
Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box. Click Close to close the Local Area Connection Properties dialog box for your selected network connection.
212
ACTIVITY 7-1
Assigning IP Addresses Manually
LESSON 7
Before You Begin: Your computer is currently congured to lease an IP address from the classroom DHCP server. Scenario: You are a network administrator for a start-up company with leased addresses from their ISP in the range of 192.168.1.25 to 192.168.1.95. The subnet mask is 255.255.255.0, and the IP address of the DNS server is 192.168.1.200. The DNS server is also the default gateway on the network. You have been assigned the task of conguring their computers to use the IP addresses provided to them by their ISP.
This activity uses internal IP addresses in the 192.168.1.x range for demonstration purposes. An ISP would not allocate addresses in this range.
213
LESSON 7
What You Do 1. Configure your computer with a static IP address. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, in the Adjust your computers settings section, click the Network and Internet link. c. In the Network and Internet window, click the Network and Sharing Center link. d. In the Network and Sharing Center window, in the left pane, click the Change adapter settings link. e. Right-click Local Area Connection and choose Properties. f. In the Local Area Connection Properties dialog box, in the This connection uses the following items section, select Internet Protocol Version 4 (TCP/IPv4). and click Properties.
IP address = 192.168.1.##, where .##, is your student number. Subnet mask = 255.255.255.0 Default gateway = 192.168.1.200 DNS server = 192.168.1.200
g. In the Internet Protocol Version 4 (TCP/ IPv4) Properties dialog box, on the General tab, select the Use the following IP address option. h. In the IP address text box, click and type 192.168.1.##, where ## is your student number.
If your router is using IP address 192.168.1.1, assign computer 01 a different static IP address.
i. j.
Click the Subnet mask text box. Observe that the default subnet mask for the IP address is auto populated.
At the instructor computer, enter 192.168.1.100.
k. In the Default gateway text box, click and type 192.168.1.200
214
LESSON 7
l. Verify that the Use the following DNS server addresses option is selected and in the Alternate DNS server text box, 192.168.1.200 is entered.
m. Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box. n. Click Close to close the Local Area Connection Properties dialog box. Close the Network Connections window. 2. Verify your IP information. a. Choose StartCommand Prompt to open the Command Prompt window. b. At the command prompt, enter ipconfig /all to view the network details. c. Verify that, in the Command Prompt window, the Ethernet adapter Local Area Connection section displays the IP address, subnet mask, default gateway, and DNS server information you entered.
215
LESSON 7
3. Test your ability to communicate over TCP/IP with the DNS server. a. At the command prompt, enter ping 192.168.1.200
b. Observe that the ping command returns four replies indicating that the connection to the server was successfully established. c. Close the Command Prompt window.
ACTIVITY 7-2
Assigning IP Addresses Using APIPA
Before You Begin: Instructor Only Steps (to be performed only on the DC) To deactivate the DHCP scope: 1. Log in as Administrator with !Pass1234 as the password. 2. 3. 4. 5. 6. 7. Choose StartAdministrative ToolsDHCP. Expand your DHCP server object for IPv4. Select and then right-click the scope object. Choose Deactivate. In the DHCP dialog box, click Yes. Minimize the DHCP window.
Scenario: You have been notied that there is a problem with the DHCP server and it will be unavailable for several hours. You need to use a TCP/IP addressing scheme so your client workstations can still communicate with one another using APIPA while the DHCP server is down.
216
LESSON 7
What You Do 1. Configure your computer to use APIPA. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, in the Adjust your computers settings section, click the Network and Internet link. c. In the Network and Internet window, click the Network and Sharing Center link. d. In the Network and Sharing Center window, in the left pane, click the Change adapter settings link. e. Right-click Local Area Connection and choose Properties. f. In the Local Area Connection Properties dialog box, in the This connection uses the following items section, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
g. In the Internet Protocol Version 4 (TCP/ IPv4) Properties dialog box, select the Obtain an IP address automatically option and click OK. h. In the Local Area Connection Properties dialog box, click Close. i. Close Network Connections and the Network and Sharing Center windows.
2.
Verify your IP information.
a. Choose StartCommand Prompt to open the Command Prompt window. b. At the command prompt, enter ipconfig /all
APIPA conguration can take a moment because the system rst attempts to contact a DHCP server before self-assigning the APIPA address. If ipconfig /all shows your IP address and subnet mask as null (all zeros), wait a minute and run ipconfig /all again or type ipconfig /renew.
217
LESSON 7
c. Verify that the Ethernet adapter Local Area Connection section displays the IP address and subnet mask from the 169.254.0.0 APIPA network.
3.
Test your ability to communicate over TCP/IP with the DNS server.
a. At the command prompt, enter ping 192.168.1.200 b. Verify that the destination is unreachable and the error message PING: transmit failed. General failure is displayed. Because you are using a nonroutable APIPA address, you cannot communicate with the DNS server.
4.
Test your ability to communicate with another computer on the APIPA network.
a. At the command prompt, enter ping 169.254.#.# , where #.# is a part of the address of another computer in the classroom.
b. Observe from the results that you are able to communicate with the other system on the APIPA network. c. Close the Command Prompt window.
218
ACTIVITY 7-3
Assigning IP Addresses with DHCP
LESSON 7
Before You Begin: Instructor Only Steps (to be performed only on the DC) To activate the DHCP scope: 1. 2. 3. 4. Maximize the DHCP window. Right-click the scope object. Choose Activate. Close the DHCP window.
Scenario: Your company has been experiencing problems with the DHCP server and it has been offline for several hours. You have just been notied that the server is back up and you can change the APIPA addressing back to DHCP addressing.
What You Do 1. Force your computer to lease an IP address from the DHCP server. How You Do It a. Choose StartCommand Prompt to open the Command Prompt window. b. In the Command Prompt window, enter ipconfig /renew c. Observe that the IPv4 address 192.168.1.## is obtained from the DHCP server. 2. Test your ability to communicate over TCP/IP with the DNS server. a. At the command prompt, enter ping 192.168.1.200 to ping the DNS server. b. Observe that you are able to communicate with the DNS server. Enter exit to close the Command Prompt window.
DNS is covered in the next topic. This command will take some time to execute.
219
LESSON 7
TOPIC B
Domain Naming Services
Each node that has an IP address assigned to it also has a descriptive name that is more commonly used to identify it on the network. These descriptive names are easier for users to remember and use than their 32-bit IP addresses. In this topic, you will identify methods for host name resolution for TCP/IP networks. Without host name resolution services, you have to connect to other computers and websites using their numeric IP addresses. However, for a user, it is easier to remember a descriptive name like www.ourglobalcompany.com, than its assigned 32-bit IP address: 74.43.216.152. When you congure host name resolution services on your network, you can connect to other computers and websites using their names rather than a string of numbers.
Host Names
Host Names
Denition: A host name is a unique name given to a node on a TCP/IP network. A host name combined with the hosts domain name forms the nodes Fully Qualied Domain Name (FQDN). A name resolution service maps the FQDN of the node to its IP address so that users can use names instead of IP addresses to communicate with other network nodes and the Internet. Example:
Figure 7-8: A host name is a part of the FQDN of a server.
Figure 7-9: Components of a domain name.
220
LESSON 7
FQDN FQDNs are written using standard dot-delimited notation, and a dot separates each section of the name. The maximum length of an FQDN is 255 characters; each dotdelimited section can be up to 63 characters long. A network node can have more than one host name assigned to it. Its primary name is its host name; the other names are called canonical names (CNAMEs), also known as aliases. Domains A domain is a grouping of computers on the Internet based on the nature of their operations. A domain enables communication between its systems as a unit and other networks on the Internet, instead of maintaining individual connections for each of its systems. Although there are several types of domains, some of the common ones are commercial, governmental, and educational domains. Domains are identied by their unique names; for example, com, gov, and edu. Domain Names A domain name is a unique name that identies an entity on the Internet. Also known as site names, domain names appear as part of the complete address of a web resource. They are usually registered by organizations as their website address. A period is used to separate domain name labels, which can have no more than 63 characters. Domain names are not case sensitive and they can be up to 255 characters in length. Domain Names vs. Host Names A domain name identies a collection of computers and devices on the network of a particular domain. A host name is a unique name that identies a specied computer or device in a network. Therefore, host names are subsets of domain names.
ACTIVITY 7-4
Identifying the Local Host Name
Scenario: In this activity, you will use different tools to identify your computers host name.
221
LESSON 7
What You Do 1. Identify the host name and FQDN by using System Properties. How You Do It a. Choose StartControl Panel. b. In the Control Panel window, in the Adjust your computers settings section, click the System and Security link. c. In the System and Security window, in the right pane, in the System section, click the See the name of this computer link. d. In the System window, in the Computer name, domain, and workgroup settings section, identify the computers name. e. In the Full computer name section, identify the computers FQDN.
f.
Identify the host name from the first portion of the FQDN.
2.
Identify the host name by using the hostname command.
a. Choose StartCommand Prompt to open the Command Prompt window. b. In the Command Prompt window, enter hostname to display the host name of the system. c. Observe the host name that is displayed.
3.
Identify the FQDN by using the ipconfig command.
a. Enter ipconfig /all | more to view the first page of the network details.
222
LESSON 7
b. Identify the host name and press the Spacebar to view the next page of the network details.
c. In the Ethernet adapter Local Area Connection section, in the Connectionspecific DNS Suffix section, identify the DNS suffix. d. Close the Command Prompt and System windows.
DNS
The Domain Name System (DNS) is a TCP/IP name resolution service that translates FQDNs into IP addresses. It consists of a system of hierarchical databases that are stored on separate DNS servers on all networks that connect to the Internet. These servers list IP addresses and related computer names. Because DNS servers store, maintain, and update databases, they respond to DNS client name resolution requests to translate host names into IP addresses. All these servers work together to resolve FQDNs. On internal networks, a local DNS service can resolve host names without using external DNS servers.
DNS
Figure 7-10: DNS server domains. DNS Components The DNS database is divided logically into a hierarchical grouping of domains. It is divided physically into les called zones. The zone les contain the actual IP-to-host name mappings for one or more domains. The zone le is stored on the DNS server that is responsible for resolving host names for the domains contained in the zone. For example, a zone might be responsible for mapping host names to IP addresses within the ourglobalcompany domain within the .com namespace. Each network node in that domain will have a host record within the domains zone le. The record includes the nodes host name, FQDN, and assigned IP address.
223
LESSON 7
For example, a host named 2008srv in the ourglobalcompany.com domain might have an IP address of 74.43.216.152. That host would have a host record that maps the 2008srv.ourglobalcompany.com name to the IP address of 74.43.216.152. That host record will appear in the ourglobalcompany.com zone le on the DNS server that is responsible for the ourglobalcompany.com domain. Static vs. Dynamic Records Records can be entered into a DNS database either statically or dynamically. A static record is entered manually by an administrator and does not change unless the administrator manually updates it. A network node can request to add a dynamic DNS record that can change dynamically. For example, if a client is using DHCP to get its IP address, each time it leases a new address, it can request an update of its DNS host record.
Types of DNS Records

Types of DNS Records
Different types of DNS records are available that serve specic purposes.
Record Type
Address (A) IPv6 address (AAAA) Canonical name (CNAME) Mail Exchange (MX) Name Server (NS) Pointer (PTR) Start of Authority (SOA) Service Locator (SRV)
Purpose
Maps a host name to its IP address using a 32-bit IPv4 address. Maps a host name to its IP address using a 128-bit IPv6 address. Maps multiple canonical names (aliases) to an A record. Maps a domain name to a mail exchange server list. Assigns a DNS zone to access the given authoritative name servers. Maps an IP address to the host name for the purpose of reverse lookup. Species authoritative information about a DNS zone. Species a generic service location record for newer protocols.
Authoritative Name Servers An Authoritative Name Server (ANS) is a name server that responds to name-related queries in one or more zones. The most important function of the ANS is delegation, which means that part of a domain is delegated to other DNS servers. SOA is the rst resource recording the zone.
The DNS Hierarchy

The DNS Hierarchy
DNS names are built in a hierarchical structure. This allows DNS servers on the Internet to use a minimum number of queries to locate the source of a domain name. The top of the structurerepresented by a periodcontains root name servers. Below that is the top-level domain name, then the rst-level domain name, and so on, until the FQDN for an individual host is complete.
224
LESSON 7
Figure 7-11: Hierarchical structure of a DNS.
The DNS Name Resolution Process

In the DNS process, DNS servers work together as needed to resolve names on behalf of DNS clients.
The DNS Name Resolution Process (3 slides)
Figure 7-12: Steps in the DNS name resolution process.
Step
Step 1: Client request
Description
When a client needs to resolve a DNS name, it sends a name resolution request to the DNS resolver. A DNS name resolution request message is generated by the resolver, which is transmitted to the DNS server address specied during conguration.
225
LESSON 7
Step
Step 2: Preferred DNS server
Description
The DNS server, upon receiving the request, checks if the requested name is in its DNS cache entries or its local DNS database, and returns the IP address to the client. If there is no match for the requested name, the DNS server forwards the request to a root name server asking which DNS server has the entries for the appropriate top-level domain. Upon receiving the request, the root name server, reads the top-level domain of that name and sends a message that contains the IP address of the server for that top-level domain. The root name server then sends a reply to the clients DNS server. The clients DNS server contains the IP address of the top-level domain of the requested name. The DNS server then contacts the top-level domains DNS server to resolve the name. The top-level domain server reads the second-level domain of the requested name, and if it can resolve the name, it sends the desired IP address back to the clients DNS server. If the top-level domain cannot resolve the name because of additional levels in the FQDN, it sends the IP address to the second-level DNS server. This communication between DNS servers continues until it reaches the level in the DNS hierarchy where a DNS server can resolve the host name. The preferred DNS server provides the client with the IP address of the target host.
Step 3: Root name server
Step 4: Top-level domain server
Step 5: Other domain servers Step 6: Host name resolution Step 7: Host address
Recursive and Iterative Name Queries There are two kinds of DNS queries: recursive and iterative. A recursive query is when the client requests that its preferred DNS server nd data on other DNS servers. A recursive request starts with the client requesting a name to be resolved to an IP address of its preferred DNS server. If the preferred server cannot resolve the name, it sends a request, on behalf of the client, to another DNS server. An iterative query occurs when the client requests only the information a server already has in its cache for a particular domain name. If the receiving server cannot resolve the request, it noties the client, but does not forward the request on to any other server. Recursive queries usually take place between end-user client systems and their preferred DNS servers. Once the recursive query is in process, queries between DNS servers are usually iterative. Primary and Secondary DNS Servers When conguring a clients DNS settings, it is common to specify both a primary and a secondary DNS server to provide a more reliable name resolution process. When two DNS servers are listed, the client queries the primary server rst. If the primary server does not answer, the client queries the secondary server. If the primary server returns a Name Not Found message, the query is over and the client does not query the secondary server. This is because both DNS servers can do recursive and iterative queries, and both primary and secondary servers should be able to contact the same resources. If one cannot access the resource, the other will not be able to either.
226
LESSON 7
The HOSTS File
A HOSTS le is a plaintext le congured on a client machine containing a list of IP addresses and their associated host names, separated by at least one space. Comments may be included after the host name if preceded by the # symbol and separated from the host name by at least one space. The HOSTS le provides an alternative method of host name resolution. An external client can use a HOSTS le to resolve names on your internal network without accessing your internal DNS server. You have to manually congure each host name entry in a HOSTS le.
The HOSTS File
Figure 7-13: Entries in a HOSTS file. HOSTS File Usage The HOSTS le, however, requires a lot of maintenance, so it is recommended that you use it only when other methods of host name resolution are not supported, or temporarily unavailable for troubleshooting purposes.
227
LESSON 7
ACTIVITY 7-5
Creating a DNS Record
Scenario: As a networking professional, you need to protect your server from external attacks. As the rst step in protecting your DNS server, you decide to hide the actual server name from being displayed anywhere on the network by creating aliases to confuse the attacker.
What You Do 1. Display the New Host dialog box. How You Do It a. Choose StartAdministrative Tools DNS. b. If necessary, in the DNS Manager window, in the left pane, expand the server object. c. Expand the Forward Lookup Zones object and select Child##.Classnet.com, where ## is the student number. d. Choose ActionNew Host (A or AAAA) to display the New Host dialog box.
228
LESSON 7
2. Add a new host entry for your server with an associated pointer record. a. In the New Host dialog box, in the Name text box, type Server## and press Tab two times. b. In the IP address text box, type 192.168.1.## to specify the IP address of your server. c. Check the Create associated pointer (PTR) record check box. d. Check the Allow any authenticated user to update DNS records with the same owner name check box. e. Click Add Host to add the new host entry for your server. f. In the DNS message box, observe that The host record Server##.Child##.Classnet.com was successfully created. message is displayed, and click OK.
g. In the New Host dialog box, click Done. 3. Check the connectivity with your server. a. Choose StartCommand Prompt to open the Command Prompt window. b. At the command prompt, enter ping Server## c. Observe that you are able to communicate with the server and get four successful responses. Enter exit to close the Command Prompt window.
d. Close the DNS Manager window.
229
LESSON 7
ACTIVITY 7-6
Discussing DNS Name Resolution
Scenario: In this activity, you will identify components of DNS and the name resolution process.
1.
Which are fully qualified domain names? a) www.everythingforcoffee.com b) \\fs001\data\new\accounts.mdb c) data1.ourglobalcompany.dom.\users\home d) citizensinfo.org
2.
What is the name of the top of the DNS hierarchy? a) Host record b) Zone c) Root d) First-level domain
3.
True or False? If a preferred DNS server cannot resolve a clients name request, it contacts the DNS server immediately above it in the hierarchy. True False
4.
True or False? An advantage of using a HOSTS file for DNS name resolution services is that updates to the file are automatic. True False
5.
Which DNS record type is used to map a host name to its IP address for name resolution? a) Name Server b) Pointer c) Canonical name d) Address e) Start of Authority
230
TOPIC C
TCP/IP Commands
You have learned about host name resolution for TCP/IP networks. The TCP/IP protocol suite provides commands you can use to troubleshoot and congure connectivity and name resolution. In this topic, you will identify the commands in the TCP/IP protocol suite that can help you ensure smooth connectivity in your TCP/IP network. TCP/IP commands allow you to gather information about how your systems are communicating over a TCP/IP network. When used for troubleshooting, these commands can provide critical information about communication lapses and their causes.
LESSON 7
The tracert Command

The tracert command determines the route data takes to get to a particular destination. The ICMP protocol sends out Time Exceeded messages to each router to trace the route. Each time a packet is sent, the TTL value is reduced before the packet is forwarded, thus allowing TTL to count how many hops it is away from the destination.
traceroute is the Linux equivalent of the tracert command, which is Windows-based. The tracert Command (2 Slides)
If you run the tracert command repeatedly for the same destination, you will normally see different results. This is because TCP/IP is auto-correcting and takes the fastest route possible across the global network of Internet routers.
Figure 7-14: tracert output of everythingforcoffee.com.
231
LESSON 7
Network Firewalls If a network rewall is congured to not allow a tracert or ping through, you might not be able to trace the route all the way to the end; it might appear to end at the rewall. If you get the message Destination Unreachable, a router is not able to gure out how to get to the next destination. Even though it does not tell you what is wrong, it alerts you to the router where the problem is occurring. tracert Options You can use various options with the tracert command.
Option
-d
Description
If you are having trouble resolving host names when using tracert, use the -d option to prevent tracert from trying to resolve host names. It also speeds up response time since it is not spending time resolving host names. The default number of hops tracert will attempt to reach is 30. Using the -h option, you can specify more hops or fewer for it to check.
-h max_hops
-j [router] With loose source routing, you specify the destination router and your [local_computer] local computer using the -j option. It lets you trace the round trip rather than the default, which is to get to the destination. -w timeout If many of your responses on the tracert are timing out, using the -w option, you can increase the number of milliseconds to wait before continuing. If, after increasing the value, destinations are then reachable, you probably have a bandwidth issue to resolve.
The pathping Command

The pathping Command (2 slides)
The pathping command provides information about latency and packet loss on a network. pathping combines the functionality of the ping and tracert commands. Similar to ping, pathping sends multiple ICMP echo request messages to each router between two hosts over a period of time, and then displays results based on the number of packets returned by each router. It is similar to tracert as it identies the routers that are on the path. In the output, it also displays the path to the remote host over a maximum of 30 hops. In addition, it displays details of packet transfer between the hosts in a time span of over 25 seconds, and the system names and their IP addresses. pathping can be used to isolate a router or subnet with issues as it can display the degree of packet loss at any given router or link.
232
LESSON 7
Figure 7-15: pathping output for everythingforcoffee.com pathping Options The pathping command can be used with different options that allow you to customize the results of the command to your network requirements.
Option
-h maximum hops -i address -n -4 address -6 address
Description
Specify the maximum number of hops to locate a destination. Specify a source IP address. Specify that host name resolution can be skipped. Specify the IPv4 addresses that are to be used. Specify the IPv6 addresses that are to be used.
The MTR Utility

The My traceroute (MTR) utility combines ping and traceroute into a single function. MTR displays the routers traversed, the average time taken for round trip, and packet loss of each router. This utility helps network administrators identify latency or packet loss between two routers. MTR is used on Unix-based systems.
The General Public License (GNU) is responsible for licensing and distributing MTR. The MTR Utility
233
LESSON 7
ACTIVITY 7-7
Using TCP/IP Commands
Scenario: A node on the network has problems communicating with the DNS server. As the network administrator, you have recongured the network setting on the node. You want to ensure that the connectivity is successful before you reassign the system to a user.
What You Do 1. Use the ping command to verify that the DNS server is available. How You Do It a. Choose StartCommand Prompt to open the Command Prompt window. b. In the Command Prompt window, enter ping DC c. Observe that the results display the DNS servers IP address as 192.168.1.200.
234
LESSON 7
2. Use the tracert command to trace the route from your system to the DNS server. a. In the Command Prompt window, enter tracert /? to view the syntax of the tracert command. b. Observe the syntax of the command displayed in the Usage section and the various options of the command along with their description.
c. In the Command Prompt window, enter tracert -d 192.168.1.200 d. Verify that there was only one hop because it is on the same local network as your system.
e. Enter cls to clear the screen. 3. Use the pathping command to display statistics related to network traffic. a. At the command prompt, enter pathping DC b. Observe that the results display the IP address and the system name. Verify that there are no packet errors.
c. Close the Command Prompt window.
235
LESSON 7
TOPIC D
Common TCP/IP Protocols
You have identied the common TCP/IP commands and their functions. The TCP/IP protocol suite also includes protocols that work at different layers of the protocol stack. In this topic, you will identify the common TCP/IP protocols and services and the functions they provide on your network. Once network communication has been established at the lower layers of the protocol stack, users will deploy applications to complete tasks using that communication link. These tasks can include transferring and sharing les, reading and sending email, reading and posting messages on a newsgroup, and browsing the web. The TCP/IP upper-layer protocols and services make accomplishing these tasks possible. By understanding the function of each of the TCP/IP protocols, you can choose the appropriate protocol for the desired user task.
FTP
FTP
The File Transfer Protocol (FTP) is a TCP/IP protocol that enables the transfer of les between a users workstation and a remote host. With FTP, a user can access the directory structure on a remote host, change directories, search for and rename les and directories, and download and upload les. The FTP daemon or service must be running on the remote host and an FTP utility may need to be installed on the client. FTP commands must be entered in lowercase and are available both as DOS and UNIX commands. It works on the Application layer of the OSI and TCP/IP models.
Figure 7-16: The FTP utility enabling a client to access the FTP server. FTP works on two TCP channels: TCP port 20 for data transfer and TCP port 21 for control commands. These channels work together to allow users to execute commands and transfer data simultaneously. A server-based program answers requests from FTP clients for download. A command line utility allows users to connect to an FTP server and download les. You can initiate an FTP session by entering:
ftp FQDN/IP address of remote host.
Daemons A daemon is a background process that performs a specic operation. Daemon is a UNIX term, though daemons are supported on other operating systems. Daemons on Windows are referred to as system agents or services. FTP Options You can use several options with the FTP command line utility.
LESSON 7
Option
-v -n -i -d -g -s: [filename] -a -w: [windowsize]
Used To
Prevent remote server command responses being shown. Suppress auto-logon at initial connection. Disable interactive prompting when transferring multiple les. Enable debugging, displaying all commands passed between the FTP client and server. Disable wildcard character support. Run all the FTP commands contained in the [filename] le. Allow use of any local interface during data connection binding. Override the default transfer buffer size.
TFTP Trivial File Transfer Protocol (TFTP) is a simple version of FTP that uses UDP as the transport protocol, and does not require log on to the remote host. As it uses UDP, it does not support error correction but provides for higher data integrity. It is commonly used for bootstrapping and loading applications and not for le transfer. Internet Browsers and FTP Most Internet browsers can support FTP in a GUI mode. A connection to an FTP site can be made by browsing the Internet, logging on, and connecting. Once connected, you can drag les on and off the FTP site the same way you would from Windows Explorer. There are also a number of third-party FTP utilities that can be used for connecting and loading les to your FTP site. Troubleshooting FTP Access To access most FTP servers, the client needs to connect using a valid user name and password. Some FTP servers allow limited access through an anonymous connection. If anonymous access is disabled on the remote host, users will need login credentials. To use this option, log on using the user name anonymous, and enter your email address for the password. When connecting to an FTP server, logging on poses the biggest problems. You need to provide the correct credentials to log on to the FTP server. Most users are only granted read permissions, and to upload les you need to ensure that you have the necessary permissions.
NTP
The Network Time Protocol (NTP) is an Internet protocol that synchronizes the clock times of computers in a network by exchanging time signals. It works on the Application layer of the TCP/IP and OSI models. Synchronization is done to the millisecond against the U.S. Naval Observatory master clocks. Running continuously in the background on a computer, NTP sends periodic time requests to servers to obtain the server time stamp and then adjusts the clients clock based on the server time stamp received.
NTP
237
LESSON 7
Figure 7-17: Clocks synchronized using NTP.

The master time clocks are located in Washington, D.C., and Colorado Springs, Colorado.
SMTP
TCP/IP has two services that operate in the Application layer of the OSI model and support the sending and receiving of emailSimple Mail Transfer Protocol (SMTP) and Post Offce Protocol version 3 (POP3).
SMTP
SMTP is a communications protocol used to format and send email messages from a client to a server or between servers. It uses a store-and-forward process. In SMTP, the sender starts the transfer. SMTP can store a message until the receiving device comes online. At that point, it contacts the device and hands off the message. If all devices are online, the message is sent quickly. An SMTP message consists of a header and a content section. The header, or envelope, contains the delivery information of the message and uses a colon (:) as a separator character. The content portion contains the message text, which is a sequence of ASCII characters.
Figure 7-18: Sending email messages using SMTP. Using SMTP on Unreliable WAN Links Because of SMTPs store and forward capability, it is used to send data through unreliable WAN links if delivery time is not critical. Data is sent to the endpoint and continues to hop from server to server until it eventually reaches its destination.
238
LESSON 7
Limitations of SMTP SMTP has a few limitations. The rst one is related to the size of messages. Messages that are more than 64 Kb cannot be handled by some older implementations. Another limitation involves timeouts. If the client and server timeouts are different, one of the systems may give up when the other is still busy, resulting in termination of the connection unexpectedly. Sometimes SMTP may also trigger innite mail storms. For example, consider host 1 with Mailing List A containing a few entries and host 2 with Mailing List B containing both its own entries and that of Mailing List A. In such a case, email sent to Mailing List A and copied to Mailing List B could trigger sending multiple copies of the same email to the same set of recipients. Furthermore, if host 1 fails when mail is being forwarded, host 2 will try resending it to host 1. This generates a heavy amount of traffic on the network. Extended SMTP (ESMTP) extends the capabilities of SMTP and helps to overcome some of these limitations.
POP3
POP3 is a protocol used to retrieve email messages from a mailbox on a mail server. With POP3, email messages wait in the mailbox on the server until the client retrieves them. The client can start the transfer on a set schedule, or transfer messages manually. Once the client retrieves and downloads the messages, the server deletes them unless the client congures options to leave the messages on the server. The client then works with the locally cached email messages.
POP3
Figure 7-19: Retrieving email message using POP3. POP3 and Multiple Computers Because POP3 is designed by default to download messages to the local computer and delete them from the email server, it is not the best email protocol to use when users need to access their email from multiple computers. This is because when they use POP3, they end up with their email messages downloaded and split among the computers they use instead of having all their messages in one central location. Or, if they leave their messages on the server, they will have to delete old messages manually to avoid exceeding mailbox size limits, which may also lead to messages being split across multiple computers.
239
LESSON 7
IMAP4
IMAP4
Internet Message Access Protocol version 4 (IMAP4) is a protocol used for retrieving messages from a mail server. Though it is similar to POP3, IMAP4 is more powerful and offers several functions. They include: A user can check an email header and also look for a specic string of characters in the contents of an email before downloading it. Messages can also remain on the server while the client works with them as if they were local. Users can search through messages by keywords, and to choose which messages to download locally. Messages in the users mailbox can be marked with different status ags, such as deleted or replied to. The messages and their status ags stay in the mailbox until explicitly removed by the user. An email message containing multimedia les can be partially downloaded, saving bandwidth. A user can create, rename, or delete mailboxes on a mail server, and also arrange mailboxes in a hierarchical manner in a folder for email storage. Unlike POP3, IMAP4 enables users to access folders other than their mailbox.
Figure 7-20: Retrieving email messages using IMAP4.

Because IMAP4 is designed to store messages on the server, it is much easier for users to access their email messagesboth new and savedfrom multiple computers.
IMAP was developed at Stanford University in 1986.
NNTP
NNTP
The Network News Transfer Protocol (NNTP) is a protocol used to post and retrieve messages from the worldwide bulletin board system called USENET, which is a global bulletin board. It contains more than 14,000 forums, called newsgroups. Users use newsgroups to post queries relating to a particular topic. NNTP only submits and retrieves new or updated news articles from the server. With NNTP, postings to newsgroups are stored in a database, from which individual users, called subscribers, can select only those items they wish to read. RSS feeds, which allow users to subscribe to and receive updates made to web pages, are based on NNTP.
240
LESSON 7
USENET is an acronym for Users Network.
HTTP
The HyperText Transfer Protocol (HTTP) is a network protocol that works on the Application layer of the OSI and TCP/IP models. HTTP enables clients to interact with websites by allowing them to connect to and retrieve web pages from a server. It denes the format and transmission of messages, as well as what actions web servers and clients browser should take in response to different commands. A stateless protocol where each command executes independently of any prior commands, HTTP not only supports persistent connections to web resources to reduce reconnection times, but also pipelining and buffering to help in the transfer process.
HTTP
Figure 7-21: Web clients using HTTP to access a website.

Because HTTP is stateless, it is difcult to implement websites that react intelligently to user input. This limitation can be overcome with a number of add-on technologies, such as ActiveX, Java, JavaScript, and cookies.
HTTPS
HTTP Secure (HTTPS) is a secure version of HTTP that provides a secure connection between a web browser and a server. HTTPS uses the Secure Sockets Layer (SSL) security protocol to encrypt data. Not all web browsers and servers support HTTPS, though.
HTTPS
SSL will be covered in more detail in subsequent lessons.
241
LESSON 7
Figure 7-22: Websites that use HTTPS for secure transactions.

HTTPS is also referred to as HTTP over SSL.
ACTIVITY 7-8
Identifying Common TCP/IP Protocols
Scenario: In this activity, you will identify common TCP/IP protocols.
1.
What are the differences between accessing email from multiple systems using IMAP4 and POP3? a) POP3 does not maintain a copy of the email once it is downloaded from a mail server. b) POP3 does not maintain a copy of the outgoing email. c) Accessing email using POP3 is faster than IMAP4. d) IMAP4 is the messaging protocol used to access email.
2.
Your sales department wants to sell supplies over the Internet and wants to make sure that the transactions are secure. Which protocol should be configured on the web server? a) FTP b) HTTPS c) NNTP d) SMTP
242
LESSON 7
3. Your company has a production floor with several shared computers. The production staff needs to be able to check their email from whichever computer is free. Which email protocol should you use? a) POP3 b) NTP c) IMAP4 d) NNTP 4. True or False? NTP is a protocol that allows users to connect to a USENET system and read newsgroup messages. True False 5. Your sales force needs to retrieve sales prospective documents and upload completed sales order forms to corporate headquarters while they are on the move. What service should you use? a) HTTP b) NNTP c) NTP d) FTP
TOPIC E
TCP/IP Interoperability Services
In the previous topic, you identied various TCP/IP protocols. The TCP/IP protocol suite includes services for the purpose of providing interoperability between dissimilar systems. In this topic, you will identify the different TCP/IP interoperability services and the functions they can provide on your network. Networks are established so that individual devices can communicate with each other and share resources. Most networks are made up of devices that are not natively compatible. When these devices are running TCP/IP, you can use the interoperability services that run on TCP/IP to create a network where dissimilar systems can securely communicate and share resources.
NFS
The Network File System (NFS) is a client/server application that enables users to access shared les stored on different types of computers, and work with the les as if they were stored locally. It also allows a user to share local les and act as a le server for other client computers. The functioning of NFS is independent of the type of computer, operating system, network architecture, and transport protocol on which it is deployed. Part of the TCP/IP protocol suite, NFS works on the Application layer of the OSI model and enables you to share printers on the network.
NFS
243
LESSON 7
Figure 7-23: NFS on UNIX and Windows systems.

On TCP/IP networks, NFS uses an interface known as Virtual File System (VFS) that runs on TCP/IP.
SSH
SSH
Secure Shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage les. It creates a shell or session with a remote system, and offers strong authentication methods and ensures that communications are secure over insecure channels. It replaces UNIX-based remote connection programs that transmit unencrypted passwords. With the SSH slogin command, the login session, including the password, is encrypted and protected against attacks. Secure Shell works with many different operating systems, including Windows, UNIX, and Macintosh.
Figure 7-24: An SSH session that uses slogin.

SSH is a replacement for the UNIX-based rlogin command, which can also establish a connection with a remote host, but transmits passwords in cleartext.
244
LESSON 7
SSH1 and SSH2 There are two versions of Secure Shell available: SSH1 and SSH2. They are two different protocols and encrypt different parts of a data packet. To authenticate systems, SSH1 employs user keys, to identify users; host keys, to identify systems; session keys, to encrypt communication in a single session; and server keys, which are temporary keys that protect the session key. SSH2 is more secure; it does not use server keys. SSH2 includes a secure replacement for FTP called Secure File Transfer Protocol (SFTP). Because they are different protocol implementations, SSH1 and SSH2 are not compatible with each other.
Note that the acronym SFTP is used both for Secure File Transfer Protocol as well as for the now obsolete Simple File Transfer Protocol.
Network Protection with SSH All traffic (including passwords) are encrypted by SSH to eliminate connection hijacking, eavesdropping, and other network-level attacks, such as IP source routing, IP spoong, and DNS spoong. When you implement SSH with encryption, any attacker manages to gain access to your network can neither play back the traffic nor hijack the connection. They can only force SSH to disconnect.
SCP
The Secure Copy Protocol (SCP) is a protocol that uses SSH to copy les securely between a local and a remote host, or between two remote hosts. SCP can also be implemented as a command-line utility that uses either SCP or SFTP to perform secure copying.
SCP
Figure 7-25: SCP transfers using SSH.
Telnet
Telecommunications Network (Telnet) is a terminal emulation protocol that allows users at one site to simulate a session on a remote host as if the terminal were directly attached. It performs this simulation by translating keystrokes from the users terminal into instructions that the remote host recognizes, and then carrying the output back and displaying it in a format native to the users terminal. You can connect to any host that is running a Telnet daemon or service. Connection-oriented, Telnet handles its own session negotiations and assists network administrators in remote administration such as connecting to a remote server or to a service such as FTP.
Telnet
245
LESSON 7
Figure 7-26: A Telnet session. Telnet on Server Systems Many systems, such as a UNIX host or an IBM mainframe running TCP/IP, include Telnet daemons. There is also a Telnet server service in Windows XP and Windows Server 2003. Telnet is not installed by default in Windows Server 2008 R2. Microsoft provides directions for installing Telnet; you can view them by visiting the URL: http://technet.microsoft.com/en-us/library/cc770501(WS.10).aspx Windows Telnet Client Windows includes a basic Telnet client utility. It is installed when you install TCP/IP on your Windows system. It includes VT100, VT52, and TTY terminal emulation. It does not include the Telnet daemon or service, but the Telnet service can be enabled on Windows Server computers. Telnet Defaults Telnet is dened in RFC 854, and uses the following defaults: Uses TCP Port 23; however, you can specify a different port if the host to which you are connecting is congured to use a different port. Uses 25 lines in the buffer, but you can congure it for up to 399 lines. Uses Video Terminal 100 (VT100) as the default terminal emulation, but some versions allow you to congure your system with VT220, VT52, and TeleTYpe (TTY) terminal emulation support.
SMB
SMB
The Server Message Block (SMB) is a protocol that works on the Application layer and helps share resources such as les, printers, and serial ports among computers. In a TCP/IP network, NetBIOS clients, such as Windows systems, use NetBIOS over TCP/IP to connect to servers, and then issue SMB commands to complete tasks such as accessing shared les and printers.
246
LESSON 7
Figure 7-27: Resource sharing using SMB. Samba Samba is a well-known open-source product that uses SMB to enable UNIX and Windows machines for sharing directories and les. Although the SMB protocol is primarily used in Microsoft networks, there are products using SMB to facilitate le sharing across different operating system platforms.
LDAP
The Lightweight Directory Access Protocol (LDAP) is a protocol that denes how a client can access information, perform operations, and share directory data on a server. It was designed for use over TCP/IP networks in general, and on the Internet in particular. In most implementations, LDAP relies on DNS that enables clients to locate servers that host the LDAP directory, and then the LDAP servers enable clients to nd the directory objects.
LDAP
Figure 7-28: LDAP on a network.

Microsofts Active Directory directory service implements LDAP and supports LDAP versions 2 and 3. The Novell directory services NDS and eDirectory and Apples Open Directory are also LDAP-compliant.
247
LESSON 7
Zeroconf
Zeroconf
Zero Conguration Networking (Zeroconf) is a set of standards that provides for automatic conguration and IP address allocation on both Ethernet and wireless networks. Used as alternatives, Zeroconf networks can exist without central control or conguration services such as DHCP or DNS. Protocols supporting Zeroconf can use conguration information if available, but do not require it. Zeroconf typically uses MAC addresses as parameters because they are unique and available on most network devices. Networks implementing Zeroconf must include methods for four functions: Network-layer address assignment. Automatic address assignment using multicast. Translation between network names and network addresses. Location or discovery of network services by name and protocol.
Universal Plug and Play (UPnP) is another technology that facilitates automatic conguration and IP address allocation on networks.
Zeroconf Implementations Microsofts APIPA addressing and the Rendezvous product from Apple Inc., use addresses in the 169.254.0.0 /16 address range for automatic conguration. For more information, visit www.zeroconf.org
ACTIVITY 7-9
Identifying TCP/IP Interoperability Services
Scenario: In this activity, you will identify the TCP/IP interoperability services.
1.
Which service states what a client should do to access information, perform operations, and share directory data on a directory server? a) Zeroconf b) LDAP c) SMB d) NFS
2.
Which services work together to securely transfer computer files between a local and a remote host, or between two remote hosts? a) SMB and NFS b) SCP and SSH c) NFS and LDAP d) NFS and SSH
248
LESSON 7
3. Which service enables users to access shared files stored on different types of computers? a) NFS b) SCP c) LDAP d) SSH 4. Match the TCP/IP interoperability service with its description.
NFS
SSH
SMB
LDAP
Enables sharing resources, such as les, printers, and serial ports, between computers. b. Enables users to access shared les stored on other computers and work with them as if they are stored locally. c. States client actions to access information, perform operations, and share directory data on a server. d. Enables a user or an application to run commands on a remote machine, and transfer les from one machine to the other.
a.
Lesson 7 Follow-up
In this lesson, you identied how you can use the services that are part of the TCP/IP protocol suite on your network. By implementing the TCP/IP services and utilities that match your network, you will be able to manage the network and optimize its functionality.
1. 2. What TCP/IP services and utilities do you currently implement in your organization? Answers will vary, but might include: DHCP, DNS, FTP, SMTP, POP3, and IMAP4. Which TCP/IP command will you use commonly on your network? Answers will vary, but might include: tracert to determine the route of data transfer, ping to check connectivity of a computer with the network, or pathping to check the latency on a network.
249
NOTES
250
LESSON 8
LESSON 8
LAN Infrastructure
In this lesson, you will identify the components of a LAN implementation. You will: Describe the functions of switches and switching technologies. Enable static routing. Implement dynamic IP routing. Identify the components and functionalities of a VLAN implementation. Plan a SOHO network.
Lesson 8: LAN Infrastructure
251
LESSON 8
Introduction
In the previous lessons, you have learned about components and technologies that can be used on different networks. These technologies can be deployed both in LANs and WANs. In this lesson, you will identify the components of a LAN implementation. Any organization, however small it may be, will need to have its computers and resources interconnected. LANs are the simplest and most common network type used to provide communication over a small area. Understanding LANs and the technologies that make them functional will enable you to choose and implement the right type of LAN for your organization. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.4 Categorize WAN technology types and properties. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.1 Given a scenario, install and congure routers and switches. 3.4 Categorize WAN technology types and properties. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.4 Explain the purpose and properties of routing and switching. 2.1 Given a scenario, install and congure routers and switches. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.1 Given a scenario, install and congure routers and switches. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.6 Given a set of requirements, plan and implement a basic SOHO network.
Topic B:
Topic C:
Topic D:
Topic E:
252
TOPIC A
Switching
In the previous lesson, you learned about the services of the TCP/IP protocol suite that can be used on your network. Before you start setting up a network, you need to be aware of the devices that you need on a network. In this topic, you will identify switching technologies and the functions of switches. Switches are fundamental network connectivity devices, so you are likely to encounter them in the network environments that you support. In addition, switches provide features and functions that make them slightly more complex to implement and manage. Understanding the capabilities of these devices will prepare you to support switching in your network environments.
LESSON 8
Switches and Network Performance

Switches are designed to add functionality and increase performance on networks. The main purpose of a switch is to optimize performance by providing users with higher bandwidth for transmission. Switches inspect data packets as they receive them from a source device and forward packets only to the port of a destination device. The traffic between two devices can be streamlined to allow the switch port and destination device to operate in the full duplex mode. Because a switch forwards data directly to the intended destination, it signicantly increases network performance. Broadcast transmissions, however, do not gain from the performance advantages because they must be repeated on all other ports.
Switches and Network Performance
Figure 8-1: An eight-port switch connecting several devices.
Types of Switches
There are several types of switches available for your network.
Basic or traditional switches operate at the Data Link layer of the OSI model (Layer 2). However, modern switches include more complex capabilities and can operate at the Network (Layer 3), and Transport layers (Layer 4). Higher layer switches are often called application or routing switches. Types of Switches
253
LESSON 8
Switch Type
Cut-through
Description
A cut-through switch forwards a data packet as soon as it receives it; no error checking or processing of the packet is performed. This switch performs the address table lookup immediately upon receiving the destination address eld in the packet header. The rst bits in a packet are sent out of the outbound port on a switch immediately after it receives the bits. The switch does not discard packets that are corrupt and fail error checking. A fragment-free switch scans the rst 64 bytes of each packet for evidence of damage by a collision. If no damage is found, it forwards the packet; otherwise, it discards it. Thus a fragment-free switch reduces network congestion by discarding fragments. It is similar to the cut-through switching method, but the switch waits to receive 64 bytes before it forwards the rst bytes of the outgoing packet. A store-and-forward switch calculates the CRC value for the packets data and compares it to the value included in the packet. If they match, the packet is forwarded. Otherwise, it is discarded. This is the slowest type of switch. The switch receives the entire frame before the rst bit of the frame is forwarded. This allows the switch to inspect the Frame Check Sequence (FCS) before forwarding the frame. FCS performs error checking on the trailer of an Ethernet frame. A multilayer switch performs both routing and switching. This type of switch is relatively new, and there is no industry standard to dene what qualies as a multilayer switch. A multilayer switch is also called a Layer 2 router, Layer 3 switch, IP switch, routing switch, switching router, and wirespeed router. But, the term multilayer switch is the most prevalent. A content switch is used for load balancing among server groups and rewalls, and web cache and application redirection. Content switches are often referred to as 4-7 switches as they primarily work on Layers 4 and 7 of the OSI model. They make intelligent decisions about data by analyzing data packets in real time, and understanding the criticality and type of the request. Content switching supports load balancing for servers by directing traffic to assigned server groups that perform the function. This increases the response time for requests on the network. Although complex to implement, a content switch can perform many critical functions on a network and increase throughput.
Fragment-free
Store-and-forward
Multilayer
Content
Circuit Switching Networks

Circuit Switching Networks
Denition: Switching is a technique used for transmitting information over a network to the destination network device. The two types of switching are circuit switching and packet switching. In circuit switching, one end point creates a single path connection to another, depending on the requirement. In circuit switching, the word circuit refers to the connection path between endpoints. Once the circuit is established, data is transmitted through that path until the circuit is active. Bandwidth is dedicated to the connection until it is not needed any more. There is no guarantee that data will be transmitted through the same path through the network in different sessions.
254
LESSON 8
Figure 8-2: Transfer of data in a circuit switching network. Example: PSTN PSTN is an example of a circuit switching network.
Packet Switching Networks

In packet switching networks, data to be transmitted is broken into small units known as packets that move in sequence through the network. Each packet takes the best route available at any given time rather than following an established circuit path. Each data packet contains all of the routing and sequencing information required to transmit it from one endpoint to another, after which the data is reassembled. Packet switching assumes that a network is constantly changing and adjustments need to be made to compensate for network congestion or broken links.
Packet Switching Networks
Figure 8-3: Transfer of data in a packet switching network. Streaming Media and Live Video Packet switching is not the best choice for streaming media such as live video and audio feeds. Because all packets do not necessarily arrive at the destination in order, or soon after each other, time-sensitive applications can end up stuttering or delayed, or a streaming connection may drop entirely.
255
LESSON 8
Virtual Circuit Switching
Virtual Circuit Switching
Virtual circuit switching is a switching technique to transfer packets on logical circuits that do not have physical resources, such as frequencies or time slots allocated. This technique merges both packet and circuit switching techniques to its advantage. These logical paths are assigned to identities rather than physical locations and can be either permanent or switched. Each of the packets carries a Virtual Circuit Identier (VCI) that is local to a link and updated by each switch on the path, from the source to the destination of the packet.
Figure 8-4: Packets flow in a virtual circuit using VCI. There are two types of virtual circuits: Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs).
Virtual Circuit Type

Permanent
Description
PVCs are usually associated with leased lines. They connect two endpoints and are always on, which is why they are referred to as permanent. When a PVC is established, it is manually built and maintained by a telephone company (telco). The telco identies the endpoints with a Data Link Connection Identier (DLCI). PVCs provide a fast, reliable connection between endpoints because the connection is always on. Customers pay a xed monthly fee per connection. SVCs are associated with dial-up connections. SVCs provide more exibility than PVCs and allow a single connection to an endpoint to be connected to multiple endpoints as needed. When a network device attempts to connect to a WAN, an SVC is requested and the carrier establishes the connection. Customers typically pay by connection time (like a long-distance phone call) and the monthly charge is less than that of a PVC. SVCs are useful when you need a part-time connection. But keep in mind that connection time can be slow, and if usage increases, so can an SVCs cost.
Switched
Cell Switching Networks

Cell Switching Networks
Cell switching networks are very similar to packet switching networks except that data is transmitted as xed-length cells instead of variable-length packets. If data does not ll up an entire cell, the remainder of the space is lled with blank or ller data until the cell reaches its xed size. The advantage of cell switching over packet switching is its predictability. Cell switching technologies make it easy to track how much data is moving on a network.
256
LESSON 8
Figure 8-5: Cell switching uses fixed-length cells instead of variable-length packets.
ACTIVITY 8-1
Describing Switching
Scenario: In this activity, you will identify switches and switching technologies.
1.
Match the switch type with its description.
c a b
2.
Store-and-forward Multilayer Content
Performs both routing and switching functions. b. Performs load balancing among server groups. c. Calculates CRC for data and compares it to the value in the packet.
a.
True or False? The difference between cell switching and packet switching networks is that in cell switching data is divided into fixed-length packets. True False
3.
In which type of switching is a single path from one endpoint to another built when a connection is needed? a) Cell b) Circuit c) Packet
257
LESSON 8
4. Which switching techniques use the same path for all data traffic between two endpoints in a single session? a) Packet b) Circuit c) Virtual circuit d) Cell
TOPIC B
Enable Static Routing
In the previous topic, you identied switches and their role in networks. Switches function well in many networking situations, but in most large TCP/IP networks, you will need the advanced traffic-control capabilities of a router. In this topic, you will identify the components of a static IP routing implementation. It is not enough to just know how millions of networks across the globe connect to form a single network. You should also know how these interconnected networks talk to each other, share data, and how information is transferred from a source to a destination almost instantaneously. Because routers are the workhorses of all internetworks, including the Internet, you will need to understand routing basics no matter what kind of network you support.
Routing
Routing
Denition: Routing is the process of selecting the best route for transferring a packet from a source to its destination on a network. A router applies appropriate algorithms to generate and maintain an information base about network paths. It considers various routing metrics such as the bandwidth and reliability of the path, and communication costs while evaluating available network paths to determine the optimal route for forwarding a packet. Once the optimal route for a packet is assigned, packet switching is done to transport the packet from the source host to a destination host.
258
LESSON 8
Example:
Figure 8-6: A router selects the best path for transferring packets. Route Route is the path used by data packets to reach the specied destination using the gateway as the next hop. Routes are added in the routing table that store information about connected and remote networks. Connected networks are directly attached to one of the routers interfaces, which are the gateways for the hosts on different local networks. Because remote networks are not directly connected to the router, routes to these networks must be manually congured on the router by the network administrator or set automatically using dynamic routing protocols. Software-Based Routing in Windows Server Although not as common as hardware-based routers, Windows Server computers with two or more NICs installed can use the Routing and Remote Access software to function as routers. For testing purposes, instead of installing two NICs, you can install a software-based interface called the Microsoft Loopback Adapter on your Windows system, which can simulate the presence of an additional NIC.
Static Routing
Static routing uses table mappings that the network administrator established manually in the router prior to routing. Static route mappings do not change unless the network administrator alters them. Static routes remain in a routing table, and traffic is forwarded regardless of whether the destination is active or inactive.
Static Routing
259
LESSON 8
Figure 8-7: Static routes can be altered only by a network administrator.
Types of Routers
Types of Routers
Routers can be classied into three main categories: access, distribution, and core.
Router Type
Access routers Distribution routers
Description
Routers used in SOHO networks. They are located at customer sites and are inexpensive. Routers that collect data from multiple access routers and redistribute them to an enterprise location such as a companys headquarters. The routing capabilities of a distribution router are greater than those of access routers. Core routers are located at the center of network backbones. They are used to connect multiple distribution routers located in different buildings to the backbone.
Core routers
Routers vs. Switches

Routers vs. Switches
When computers communicate with different networks through switches, they are limited to adjacent networks because switches use the MAC address of a device to locate it. Routers, on the other hand, are designed to interconnect multiple networks and support connectivity to distant networks. They use a map of the network to make decisions on where to forward data packets. Routers primarily determine the next hop for data. Another advantage that a router has over a switch is that it can read the port number and determine not only the datas destination using the IP address but also what kind of data it is transmitting. Broadcasts can either be forwarded or dumped based on the settings of the router.
260
LESSON 8
Unmanaged vs. Managed Switches Unmanaged switches are devices that perform switching without user intervention. In other words, the functions of an unmanaged switch cannot be controlled. On the other hand, a managed switch provides complete control over how the device functions. It has its own IP address and a web interface through which the congurations can be managed. Managed switches allow users to create VLANs within the network.
Routing Tables
Denition: A routing table is a database created manually or by a route-discovery protocol that contains network addresses as perceived by a specic router. Routers refer to this table to determine where to forward packets. If a router attached to four networks receives a packet from one of them, it would have to determine which of the three other networks is the best route to transfer the packet to its destination. Each router uses its routing table to forward a packet to another network or router until the packet reaches its destination. The action of forwarding a packet from one router to the next is called a hop. You can specify the number of hops packets can take from a sender to a receiver. Example:
Routing Tables
Figure 8-8: A routing table. Route Cost The number of hops along a route between two networks constitutes that routes cost. However, a cost can also consist of other specications such as the transmission speed. Typically, a router maintains the most cost-effective route in its table. Static Routing Tables Static routing tables are manually congured on a router. They are easy to set up and are sometimes used on a small network. Also, as long as a network is relatively unchanging, static routing tables are ideal for an extranet where the border router of an Autonomous System (AS) is pointed toward the border router of an external network. The advantage of static routing is that it does not cause additional network traffic by sending routing table updates to other routers. It provides extra security from other systems rogue routers sending information to the AS routers. Also, the routing table can be congured to cover only the necessary portion of the network. That way, the router does not expend resources for maintaining its routing table.
261
LESSON 8
The biggest disadvantage of static routing tables is that it requires manual maintenance. Network changes need to be updated manually on all routers affected by the change. Because of this, static routing is prone to conguration errors, and is less efficient than dynamic routing. However, if using static routing tables, it is crucial to maintain detailed documentation.
Routing Table Entries

Routing Table Entries
Routing table entries fall into four general categories: Direct network routes, for subnets to which the router is directly attached. Remote network routes, for subnets that are not directly attached. Host routes, for routes to a specic IP address. Default routes, which are used when a better network or host route is not found.
Figure 8-9: A routing table with entries. All IP host computers have a routing table with default entries so that the host can deliver packets to common destinations.
Entry
Default gateway (destination: 0.0.0.0)
Description
The default gateway entry appears if the local host has been congured with a default gateway address.
Local loopback (destina- The local loopback entry provides a delivery route for packets addressed to tion: 127.0.0.1) the local loopback address (127.0.0.1). Local subnet (destination: network portion of local IP address plus host address of all 0) Network interface (destination: local IP address) Subnet broadcast address (destination: network portion of local IP address plus host address of all .255) The local subnet entry identies the route to the local network. An example of a destination address can be 140.125.0.0.
The network interface entry identies the route to the hosts local network card. An example of a destination address can be 140.125.10.25. The subnet broadcast entry identies the route for broadcasts on the local subnet. An example of a destination address can be 140.125.255.255.
262
LESSON 8
Entry
Multicast broadcast address (destination: 224.0.0.0) Internetwork broadcast address (destination: 255.255.255.255)
Description
The multicast broadcast entry identies the address for sending multicast transmissions. The internetwork broadcast entry identies the route for broadcasts to the entire network. However, most routers will not pass these broadcasts.
When reading routing tables, it can be helpful to think of each row as a single routing table entry, and each column as a characteristic of that route.
Routing Entry Components

Routing entries are entries in routing tables that provide routing information to a router. There are several components to each entry in a routing table.
Routing Entry Components
Figure 8-10: Components of a routing table entry.
Routing Entry Component

Network destination or network address
Description
The destination eld contains the network ID of a destination address and is the search point when processing the routing table. It can be listed as a complete address, but the router will be more efficient if destination entries are listed as network IDs. This way, only one entry is added to the routing table for an entire subnet, no matter how many nodes are on it. A network mask is specic to a routing entry. It determines to what extent does a packets destination address need to match the network destination eld of a routing entry before that route is used to deliver the packet. The gateway eld indicates the address to which the packet is delivered on its rst hop. It can be the local loopback address, a local IP address, the hosts own default gateway address, or the address of an adjacent router. The interface is the IP address of the local port that a host uses to send data. Once a destination entry is found, data is sent to the interface entry listed in the same line as the destination. A metric is the cost of the route, and it is determined by the number of hops. The metric is used to determine which route to use when there are multiple routes to a destination.
Network mask
Gateway
Interface
Metric
263
LESSON 8
The route Command
The route Command
Routes to destinations that are not in the default routing table must be added manually. On Windows Server 2008 R2, you can use the route command to manage the static routing table.
Command
route print route add route delete route change route -p route -f
Used To
Display the routing table entries. Add static entries. Remove static entries. Modify an existing route. Make the specied route persistent across reboots, when used in conjunction with the add command. Clear a routing table off all entries.
The Routing Process

The Routing Process
There are three steps in the routing process: 1. A router receives data, reads its destination IP address and tries to nd the shortest path to the destination. 2. 3. The router reads its routing table, which lists the locations of other routers on the network. Once it decides on a route, it removes the old destination MAC address and attaches the MAC address of the next hop in the datas path. The packets ultimate destination IP address never changes. By enabling the router to change the MAC address, the data moves through multiple local networks.
Figure 8-11: Steps in the routing process.
264
LESSON 8
Autonomous Systems
Denition: An Autonomous System (AS) or a routing domain is a self-contained network or group of networks governed by a single administration. All the routers in an AS share and conform to a single routing policy. An AS can connect to other networks or other autonomous systems, but does not share routing information outside of the AS. Each AS has a unique identication number assigned by the IANA. Depending on whether routing takes place within an autonomous system or among different autonomous systems, it is referred to as intra-domain routing or inter-domain routing. Each autonomous system may choose different routing algorithms for intra-domain routing, but only one algorithm can be used for inter-domain routing. Example: Company As routers are owned, congured, and managed by the company itself. Each router in Company A is address-aware within the network that it serves as well as of the best output interface (port). Example:
Autonomous Systems
Figure 8-12: Routing in an autonomous system. Classication of Autonomous Systems Autonomous systems can be classied as transit and stub autonomous systems.
Autonomous System Description

Transit The source or destination node does not reside within an autonomous system. The autonomous system allows the traffic to reach another network. ISPs are examples of transit autonomous systems. Either the source node or destination node must exist within an autonomous system. The stub autonomous system does not allow transit traffic.
Stub
265
LESSON 8
Router Roles in Autonomous Systems
Router Roles in Autonomous Systems
Routers can play three different roles in autonomous systems.
Figure 8-13: Router roles in an autonomous system.
Router Role
Interior router
Description
Interior routers are arranged inside an AS and the AS administrator controls them. All interfaces on an interior router connect to subnets inside the AS. Interior routers do not provide connections to external networks. Exterior routers are entirely outside of an AS. These routers only matter to the AS if they handle data from the AS. Routers that operate on the Internet backbone are exterior routers. Border routers are situated on the edge of an AS. They have one or more interfaces inside the AS and one or more interfaces that provide a connection to remote networks. Border routers are usually managed by the administrator of an AS and can be placed between two private networks or between a private network and its ISP to direct requests to the Internet.
Exterior router Border router
IGP vs. EGP Interior Gateway Protocol (IGP), as the name suggests, is the protocol responsible for exchanging routing information between gateways within an AS. In contrast, Exterior Gateway Protocol (EGP) exchanges routing information between two neighboring gateways. EGP can also utilize IGP to resolve a route within the AS.
Routing Methods in Autonomous Systems

Routing Methods in Autonomous Systems
There are different methods for routing inside an autonomous system, between adjacent networks, and between distant networks.
266
LESSON 8
Routing Method
Inside an autonomous system
Description
When routing inside an autonomous network, data transmission begins at a workstation and does not leave the AS. That means that when any node sends data, it can send it only to a node on the same local network. Nodes use ARP to obtain the local destinations MAC address. When a node needs to send data to a remote network, it sends it to the IP address congured as the nodes default gateway. When a node sends data to an address on its own subnet, it sends it directly to the address. When a node needs to send data to a node anywhere inside the AS, all routers in the AS should be aware of the path to the destination node. Adjacent networks share border routers, and because any router inside an AS knows a direct path to the adjacent network, it knows how to deliver data to the correct border router. That border router then passes the data on to the appropriate network. This conguration gives an AS a single point of contact between adjacent networks. Distant networks are not directly aware of the location of a destination network. You have accessed a distant network if you have sent a request to the Internet for a web page. An AS router cannot know all of the details in the path to a website. In this situation, the routers send the data to a default gateway. If the router serving as the default gateway does not know the destination, it transmits the packet to its own default gateway. Data moves from default gateway to default gateway until it either reaches a router that knows a route to the destination, or the TTL expires and the packet expires on the network.
Between adjacent networks
Between distant networks
How to Congure Routing and Remote Access

Procedure Reference: Congure Routing and Remote Access To congure routing and remote access:
1. 2. 3. 4. 5. 6.
Choose StartAll ProgramsAdministrative ToolsServer Manager. In the Server Manager window, under Roles, add the role Network Policy and Access Services. From the Roles Service list, check the Routing and Remote Access Services check box and install the role. In the Server Manager window, expand RolesNetwork Policy and Access Services. In the Routing and Remote Access Server Setup Wizard, set the required routing and remote access settings. Close the Server Manager window.
267
LESSON 8
ACTIVITY 8-2
Enabling Static Routing
Scenario: You work for a startup that plans to implement software-based routing by using Windows Server 2008 R2 routing features. You are going to test a router in a lab environment to simulate the production router. You need to enable routing on the server that you will be testing.
Let students know that the loopback adapters are being used for testing purposes only. Routing and Remote Access is installed on Windows Server 2008 R2 by default.
What You Do 1. Enable routing and remote access.
How You Do It a. Choose StartAll Programs Administrative ToolsServer Manager. b. In the Server Manager window, right-click Roles and choose Add Roles. c. In the Add Roles Wizard, click Next. d. In the Roles list, check the Network Policy and Access Services check box and click Next. e. On the Network Policy and Access Services page, click Next. f. On the Select Role Services page, in the Role services list, check the Routing and Remote Access Services check box and click Next.
g. Click Install and then click Close.
268
LESSON 8
2. Verify that routing and remote access is enabled. a. In the Server Manager window, in the left pane, expand RolesNetwork Policy and Access Services and select Routing and Remote Access. b. Choose ActionConfigure and Enable Routing and Remote Access. c. In the Routing and Remote Access Server Setup Wizard, click Next. d. Verify that the Remote access (dial-up or VPN) option is selected and click Next. e. Check the VPN check box and click Next. f. From the Network interfaces list, select the Loopback Adapter option and click Next.
g. Verify that the Automatically option is selected, and click Next to assign IP addresses automatically to remote clients. h. Verify that the No, use Routing and Remote Access to authenticate connection requests option is selected and click Next. i. j. Click Finish and if necessary, click OK. Observe that the Routing and Remote Access service has been enabled, indicated by the green upward pointing arrow next to the Routing and Remote Access object on the left pane. Close the Server Manager window.
269
LESSON 8

Identifying Routing Entries
Scenario: You want to identify the default routing entries on the Windows Server 2008 R2 computer that you have enabled as a router. Refer to the IPv4 route table shown below to complete this activity.
1.
Which route determines the destination for packets to the 172.16.0.0 network? What adapter will they be delivered to? The fifth route in the table with a network destination of 172.16.0.0. These packets will be delivered to the 172.16.0.1 network adapter.
2.
Which interfaces will receive internetwork broadcasts? Both interfaces will receive internetwork broadcasts. This is because the last two routes in the table have a destination address of 255.255.255.255.
3.
Why is there no route to the 0.0.0.0 network destination on the 172.16.0.1 interface? Because there is no default gateway configured in the TCP/IP properties for this interface.
4.
If you wanted packets to a specific network to be routed to the 172.16.0.1 network interface instead of to the default gateway, what would you do? Use the route add command to create a static route to that network.
270
TOPIC C
Implement Dynamic IP Routing
In the previous topic, you identied the components of a static routing implementation. Routing can also be implemented dynamically. In this topic, you will implement dynamic routing. Dynamic routing, like dynamic IP addressing, is the technology of choice in larger network environments. As a network professional, you should understand dynamic routing technologies and how you can implement them so that you can support routed environments of all sizes and types. This will ensure that each device is properly identied on the network.
LESSON 8
Dynamic Routing
Routers that support dynamic routing perform route discovery operations to build and update routing tables themselves using specially designed software. Routers transmit data to adjacent routers providing information about the networks they are currently connected to and networks they can reach. In the dynamic routing process, routing entries are dynamically created. Dynamically built routing tables can show a more accurate picture of a network as it is updated more often than static tables because the routers, and not the administrator, update the tables. If the network suffers traffic congestion or device failures, a router running dynamic routing protocols can automatically detect the problem and calculate a different routing path. This feature is a huge advantage on large networks with many routers or multiple paths to each endpoint. Static Routing vs. Dynamic Routing In static routing, routing entries are created manually in conguration les. This le is loaded when the router starts. Static routing is used when there are fewer devices on the network. Dynamic routing uses special software designed for routing devices. This software automatically creates routing entries for the router to connect all devices on the network.
Dynamic Routing
Distance-Vector Routing
In distance-vector routing, each router passes a copy of its routing table to its neighbors. It also maintains a table of minimum distances to every node. The neighbor adds the route to its own table, incrementing the metric to reect the extra distance to the end network. The distance is given as a hop count; the vector component species the address of the next hop. When a router has two routes to the same network, it selects the one with the lowest metric, assuming that it is faster to route through fewer hops. Routing Information Protocol (RIP) implements distance-vector routing.
Distance-Vector Routing
271
LESSON 8
Figure 8-14: Routers maintain a table of minimum costs.

Distance-vector protocols use the Bellman-Ford algorithm to calculate route paths.
Link State Routing

Link State Routing
Link state routing oods routing information to all routers within a network. It attempts to build and maintain a more complex route database with more information about the network. Routers can exchange information about a route, such as its quality, bandwidth, and availability. This way, the routers can make a decision about sending data through the network based on more information than just the hop count. Link state algorithms broadcast small updates and converge quickly, a feature that makes them less prone to routing loops. However, link state algorithms are more expensive to implement because they require more power and memory. The Open Shortest Path First (OSPF) protocol implements link -state routing. Link State vs. Distance-Vector Routing To understand the difference between link state and distance-vector routing, consider a situation in which a single dial-up connection or two separate T1 links can deliver a packet. Distance-vector prefers dial-up based on the hop count alone; link-state prefers the two-hop route through the higher bandwidth connection. Also, link state is more complicated to set up and maintain than distance-vector. An administrator has to congure more information about the routers local routes. However, link state routers are a must in situations with multiple routes through different types of connections, such as border routers. Distance-Vector vs. Hybrid Routing Distance-vector routing uses hop counts and routing table updates to prevent routing loops. They also alert neighboring routers about broken routing paths. Hybrid routing uses both distance-vector and link state routing methods. In hybrid routing, various factors such as the link cost and network bandwidth are considered before deciding upon the best route.
272
LESSON 8
Path-Vector Routing
Path-vector routing is used in inter-domain routing, and a router keeps track of the route from itself to the destination. However, rather than recording every individual node, path-vector routing can treat entire autonomous systems as nodes. As the AS border or exterior routers pass routing information from one to the next, each adds its presence to the path and forwards the route to the next autonomous system in the chain. If the destination address is within an AS, the border router passes the packet on to interior routers.
Path-Vector Routing
Figure 8-15: The path vector routing table of different autonomous systems. Path-vector routing is enhanced by its inclusion of routing policies, which are implemented by administrators to enable routers to react to situations such as network congestion, offline nodes, and potentially duplicate routes. Path-vector routing has roots in distance-vector routing, but was designed to scale up to much larger networks. The Border Gateway Protocol (BGP) implements path vector routing.
Route Convergence
In dynamic routing, when the network topology or conditions change, each router must rst learn of the change and then calculate the effect and update its routing tables. Route convergence is the period of time between a network change and the router updates to reach a steady state once again. During route convergence, data delivery can be unreliable as the routing table may not be updated with the route information.
Route Convergence
273
LESSON 8
Figure 8-16: A router changes the route when a part of the network becomes unreachable.
Routing Loops
Routing Loops
Denition: A routing loop is a routing process in which two routers discover different routes to the same location that include each other, but have incorrect information and thereby never reach the endpoint. Data caught in a routing loop circles around until its TTL expires. Routing loops can be difficult to detect and to troubleshoot; the best prevention is proper router conguration.
Figure 8-17: A routing loop created between routers B and C. Example: Routers in a Loop For example, Routers A, B, and C are connected in a line. When the link between A and B goes down, it prompts B to update its routing table. But, this update does not reach C on time, and it sends its regular update to B. This leads B to assume that C has found an alternate path to reach A. An endless loop is created because B tries to send packets addressed to A via C, which redirects the packets to B. This routing loop continues until the TTL of the data expires.
274
LESSON 8
Count-to-Innity Loops
Denition: A count-to-innity loop can occur when a router or network goes down and one of the other routers does not realize that it can no longer reach the route. This loop results in the remaining routers broadcasting incorrect information and updating each others routing tables to create an endless cycle of hop count recalculation. This cycle continues to innity, which is congured as 16 hops in most routing implementations. Example: Routers in a Count-to Innity Loop A network contains four routers that connect ve networks. In calculating the cost to network E, router 3 gures its cost to be one hop, router 2 gures two hops, and router 1 gures three hops. If router 4 fails, router 3 must recalculate its routing table using information from other routers. However, router 3 still thinks that it can reach network E, and uses information advertised from router 2 to calculate its table. According to router 2, network E is still two hops away, so router 3 broadcasts that its cost to network E is three hops. Router 1 receives the new information from router 3, updates its table, and then broadcasts this information. Router B also recalculates accordingly and the innite loop continues. Split Horizon and Poison Reverse One workaround to the count-to-innity problem is the split horizon method, where a router does not include any routes to the router from which it discovered its own location in its broadcasts. Another workaround to the count-to-innity problem is called a poison reverse. Unlike in split horizon, routers using poison reverse broadcast routes back to the router from which they calculated their location, but instead of giving a true hop count, to discourage use of the route, the router broadcasts a hop count of 16, as a warning not to use the value specied and as an intimation that the route was learned from router 1. Split horizon and poison reverse are not used together. Split horizon is enabled when poison reverse is disabled, and vice versa.
Count-to-Innity Loops
Router Discovery Protocols

Router discovery protocols are used to identify routers on the network.
Router Discovery Protocols
Protocol
RIP
Description
RIP is a distance-vector routing protocol that is easy to congure, works well inside simple autonomous systems, and is best deployed in small networks with a fewer numbers of routers and in a non-dynamic environment. Most equipment that supports RIP is lower in cost than that that supports more complicated router discovery protocols. RIP broadcasts the entire routing table, including known routes and costs, every 30 seconds. This places a lot of router discovery traffic on the network. When RIP builds its routing table, it does not take into account network congestion or link speed and does not support multiple routes to the same network. A router records the route with the lowest metric to a location and removes the others. RIP is very stable, but convergence is slow. RIP is prone to count-to-innity loops and does not support many of the new features expected on modern networks such as multicast addressing or VLSMs. RIP has been replaced with RIP version 2 (RIP v2).
Students need not spend a lot of time on the details of RIP and OSPF. They just need to know distance-vector and link-state routing and examples of each (RIP and OSPF).
275
LESSON 8
Protocol
RIP v2
Description
RIP v2 enhances RIP by supporting the following features: Next Hop Addressing:Includes IP address information in routing tables for every router in a given path to avoid sending packets using additional routers. Authentication:Enables password authentication and the use of a key to authenticate routing information to a router. Subnet mask:Supports additional subnets and hosts on an internetwork by supporting VLSMs and including length information along with the routing information. Multicast addressing:Decreases the workload of nonRIP v2 hosts by communicating only with RIP v2 routers. RIP v2 packets use 224.0.0.9 as their IP multicast address. Most hosts and routers support RIP, so ensure that the RIP v2 mode you congure works with your current RIP conguration.
BGP
BGP is a path-vector routing protocol used to establish routing between ISPs. BGP is the routing protocol used to connect Internet backbones. BGP maintains a table of IP networks among autonomous systems. BGP was created as a fully decentralized routing protocol to replace EGP in order to decentralize the Internet. The current version since 1994 is BGP v4. Although BGP was created to replace EGP, BGP is considered an interautonomous routing protocol. When it is used to route information between ASs, it is called External BGP (EBGP), but when EGP is used to route information within an AS, it is referred to as Internal BGP (IBGP). Interior Gateway Routing Protocol (IGRP) is a distance-vector routing protocol developed by Cisco as an improvement over RIP and RIP v2. It was designed to be deployed on interior routers within an AS. IGRP introduced a composite metric, enabling an administrator to manually congure and add to the hop count up to six metric values to give extra value to the metric. Because of this, IGRP can support multiple routes to the same network and can even support load balancing across routes with identical metrics. Enhanced Interior Gateway Routing Protocol (EIGRP) is a proprietary routing protocol by Cisco and considered a hybrid protocol. It includes features that support VLSM and classful and classless subnet masks. Additional updates reduce convergence times and improve network stability during changes. To ensure that EIGRP is a viable solution for interior routing, EIGRP removed routing protocol dependence on the network protocol. This means that routing tables can be built for several different protocolseven protocols that have not been fully deployed yet, such as IPv6. On IP internetworks, link-state routing is usually accomplished by the OSPF protocol. Each OSPF router uses the information in its database to build the shortest possible path to destinations on the internetwork. Although OSPF uses less bandwidth than distancevector protocols, it requires more memory and CPU resources. OSPF uses Dijkstras algorithm for computing the best path through a network. Intermediate System to Intermediate System (IS-IS) is a link-state routing protocol that is natively an ISO network layer protocol. IS-IS is similar to OSPF (they both use Dijkstras algorithm) but IS-IS is able to support more routers than OSPF and does not support only a specic type of network address. This made IS-IS easily adaptable to support IPv6.
IGRP
EIGRP
OSPF
IS-IS
For more information on RIP v2, see RFC 1387 RIP Version 2 Protocol Analysis. You might also be interested in RFCs 1388 and 1389 for RIP II information.
276
LESSON 8
RIP vs. OSPF There are differences in characteristics of RIP and OSPF. Characteristic
Size of metric
RIP
16This means that a RIP network cannot be larger than 16 hops. This maximum is further reduced when costs other than 1 are used for certain routes.
OSPF
Limited only by the number of bits in the metric eld (64,000). Because OSPF does not suffer from the countto-innity problem, it can be the basis for much larger internetworks, and administrators can assign costs to optimize routing without limiting the size of the network. 65,535. This value is related to the allowable metric size. Supported by default; Because OSPF treats the subnet mask as part of the protocol information, the restrictions that affect RIP do not apply.
Maximum number of routers Variable-length subnets
15This value is related to the allowable metric size. Only with RIP v2; RIP treats subnets as part of the internal structure of the network and assumes that all subnets are of equal length. With RIP, all subnets must be contiguous, connected, and hidden from remote networks. Poison reverse or split horizon must be used to counteract the count-to-innity problem. RIP must calculate all routes before broadcasting the information.
Convergence
Link State Acknowledgements (LSAs) provide rapid convergence among tables; no count-to-innity problem arises. OSPF passes along LSAs as soon as they are received, meaning that nodes can adjust their routing tables at practically the same time. A partial routing table (Hello packet) is broadcast only to direct connections every 30 minutes.
Broadcast Traffic
The entire routing table is broadcast every 30 seconds.
STP
The Spanning-Tree Protocol (STP) is a Layer 2 protocol that is used for routing and prevents network loops by adopting a dynamic routing method. A network loop can occur when you have multiple switches on a network, and connect them to each other using different ports. STP establishes routes on the network by creating virtual circuits. It helps switches achieve a loop-free path by determining the ports that should be forwarding data and the ports that should be blocked to create a single loop-free path. The switch then switches frames from one port to another through the identied path. In a hierarchical tree network, a root node can communicate with lower level nodes only in a linear path. In case any node fails on the path, the lower level nodes become inaccessible. STP establishes a cross-linked structure between different branches of the hierarchical network thus providing shorter paths and higher link redundancy.
STP
277
LESSON 8
Figure 8-18: A loop-free path created by STP.
CARP
CARP
Common Address Redundancy Protocol (CARP) allows a number of computers to be grouped together to use a single virtual network interface between them. One of the computers acts as the master and it responds to all packets sent to that virtual interface address. All of the other computers just act as hot spares. If the master computer fails, one of the spares would immediately take over with virtually no downtime. It is also possible to have two different CARP groups using the same IP address. This allows for the load balancing of any traffic destined for that IP. The spreading of the load improves network performance.
ACTIVITY 8-4
Implementing Dynamic IP Routing
Scenario: Your company has grown and static routing no longer meets the needs of your network. You plan to implement dynamic routing and need to install the routing protocol on your Windows Server 2008 R2 router. Your company DHCP server is running on a Windows Server 2008 R2 system.
278
LESSON 8
What You Do 1. Add RIP v2 as the routing protocol. How You Do It a. Choose StartAdministrative Tools Routing and Remote Access. b. In the Routing and Remote Access window, expand COMPUTER## (local), expand IPv4 and select General. c. Choose ActionNew Routing Protocol. d. In the New Routing Protocol dialog box, select RIP Version 2 for Internet Protocol and click OK to add RIP v2 as the routing protocol. 2. Add the RIP interfaces. a. From the left pane, in the Routing and Remote Access window, under IPv4, select RIP. b. Choose ActionNew Interface. c. In the New Interface for RIP Version 2 for Internet Protocol dialog box, verify that Local Area Connection is selected and click OK. d. In the RIP Properties - Local Area Connection Properties dialog box, click OK to accept the default settings. e. Choose ActionNew Interface. f. Verify the Loopback Adapter is selected, and click OK.
g. Click OK to accept the default settings. 3. Examine the dynamic routes. a. With RIP selected, choose ActionShow Neighbors. b. Observe that you have neighbor routers running the RIP. Close the RIP Neighbors window. c. Close the Routing and Remote Access window.
279
LESSON 8
TOPIC D
Virtual LANs
In the previous topics in this lesson, you identied the functions of routers and switches in LAN implementations. Once you understand the basic operation of switches and routers, you are ready to start considering implementing some of their more advanced capabilities in a virtual LAN environment. In this topic, you will identify VLANs and their functionalities. There may be instances where you will have to handle LAN implementations in different locations without modifying or relocating the systems on the network. In such cases, breaking the network into smaller virtual LANs makes them easier to manage. VLANs also contribute to improving the overall network performance by grouping users and network resources that frequently communicate.
VLANs
VLANs
Denition: A virtual LAN (VLAN) is a LAN in which the network components can be connected even when they are not on the same LAN segment. It is a logical network without the physical characteristics of a LAN. Key hardware in a VLAN includes a congurable managed switch, known as a VLAN switch, which can build a logical network in any required conguration, even when computers are on different physical segments. Conguration management can be done through software and there is no need to relocate the devices physically. Each VLAN is logically a network in itself, and if there are packets that are meant for a node that does not belong to a VLAN, they must be forwarded by a routing device. Unlike the regular LAN that is limited by physical distances, VLANs can network irrespective of the physical distances involved and also can group individual networks that are based on different technologies. Example:
Figure 8-19: LAN segments forming a VLAN.
280
LESSON 8
IEEE 802.1q IEEE 802.1q is a networking standard that supports VLANs in an Ethernet-based network. When a switch assigns the VLAN identication information to a packet, through a process known as tagging. Two popular protocols for tagging are the Inter-Switch Link (ISL) and the IEEE 802.1q protocol. ISL is the Cisco proprietary protocol for tagging packets and associating them with a particular VLAN on legacy switches, while 802.1q is the IEEE standard for VLAN trunking. Newer Cisco and Juniper Networks switches use 802.1q for tagging. Uses of a VLAN VLANs can be used to separate groups from the larger network; for example, a group of users that design and test new software. Also, a VLAN can be used to restrict access to network resources from temporary employees or visitors. Advantages of a VLAN A VLANs biggest advantage is that once the physical network is built it is independent of the virtual network, which can be recongured for optimal performance by simply changing the VLANs conguration. The network does not have to be rewired. For example, if a given node sends most of its traffic to an endpoint in a separate subnet, that node can be removed from its current subnet and placed in the endpoints subnetall without changing a single cable and without the users knowledge. VLANs lend themselves to remote administration because an administrator can telnet into the VLAN device rather than physically visit it, as long as the physical point-topoint conguration does not change. Also, VLAN switches are relatively expensive but the advantages and improvements in network performance outweigh the cost.
Types of VLANs
VLANs can be broadly classied into three types depending upon the characteristics used for its segmentation.
Types of VLANs
Type
Port-based VLANs
Computers Are Congured to a VLAN Based On

The ports that are a part of the VLAN. For example, in a switch with ve ports, ports 1, 2, and 3 can be congured to belong to VLAN A and ports 4 and 5 to belong to VLAN B. The MAC address of the computers. Switches are congured to identify the MAC addresses of individual computers connected to it. These MAC addresses are grouped to form the VLAN. The IP subnets that they belong to. The IP addresses are used only as references to identify computers that are to be congured to the VLAN.
MAC address-based VLANs Subnet-based VLANs
VLAN Switch Functions

A VLAN switch is a manageable switch used on VLANs. It enables the network administrator to congure the network in a logical topology. All VLAN segments have equal dedicated connections to all nodes in the segment. The VLAN switch can tie any of its interfaces together into a logical subnet with all the characteristics of a physical subnet. This scheme enables an administrator to control IP addresses, MAC contention domains, and interior routing by using VLAN switch conguration parameters.
VLAN Switch Functions
281
LESSON 8
Figure 8-20: A VLAN switch ties its interfaces into logical subnets. VLAN Connections If it is necessary for users on different VLANs to communicate, you need to connect the VLANs using a Layer 3 network device, such as a router, or by using a higher layer switch. VLAN Switches vs. Routers When a VLAN switch receives data, it routes the data based on the destination IP address, just like a router. However, because all the routed subnets are congured in the VLAN, there are no local routes more than two hops away. Exterior routes are handled the same way as they are handled in a regular routed networkthey are sent to a default gateway and routed to distant networks.
VTP
VTP
The VLAN Trunking Protocol (VTP) is a messaging protocol used on VLANs developed by Cisco. All the changes made to a VLAN are documented as VTP congurations. The main function of VTP is to advertise the switching information and conguration changes on a VLAN through all the switches on a network. VTP eliminates the hassles involved in porting the same VLAN to another network, which is managed by different switches. It also allows conguring switches as a group for management in a VLAN.
282
LESSON 8
Figure 8-21: VTP advertises switching information to all switches on a network. VTP Modes There are three VTP modes that a switch can use: server, client, and transparent. Server mode: This is the default mode for VTP on a switch. In the server mode, a switch can modify VLANs. This information is then transmitted to all the other switches that are congured to the same group using VTP. Client mode: In the client mode, a switch cannot modify VLANs but will receive conguration information from other switches. Transparent mode: In the transparent mode, a switch receives conguration messages from other switches but does not process them. Conguration changes to the VLAN are not transmitted to other switches in the group.
283
LESSON 8
ACTIVITY 8-5
Conguring VLANs
This is a simulated activity available on the CD-ROM that shipped with this course. The activity simulation can be launched either directly from the CD-ROM by clicking the Interactives link and navigating to the appropriate one, or from the installed data le location by opening the C:\Data\Simulations\Lesson#\Activity# folder and doubleclicking the executable (.exe) le.
Scenario: You are the network administrator for OGC Technologies. You have been asked to separate the computers used in the R&D department from the computers used in the production environment. As you have a VLAN, you decide to recongure the network to separate the computers.
What You Do 1. Configure VLANs. How You Do It a. Browse to the C:\Data\Simulations\ Lesson8\Activity8-5 folder. b. Double-click the executable file. c. In the Open File - Security Warning message box, click Run. d. Follow the on-screen steps for the simulation. e. Close the C:\Data\Simulations\Lesson8\ Activity8-5 folder.
284
TOPIC E
Plan a SOHO Network
In the previous topic, you identied the components of a VLAN implementation. As Network+ certied professionals, you may need to set up a network that is similar to a VLAN but much smaller in magnitude with just a few systems interconnected. In this topic, you will implement a Small Office/Home Office (SOHO) network. Just as you design a large network, you need to be able to design smaller SOHO networks that suit the physical boundaries of a smaller location. By being aware of the best practices for setting up a small network, you will be able to accurately identify the requirements and resources that match the location.
LESSON 8
SOHO Networks
Denition: A Small Offce/Home Offce (SOHO) network is a small network that can comprise up to 10 nodes. SOHO networks can either be wired or wireless. It is necessary that all the computers in a SOHO network be present at the same physical location. A SOHO can include devices such as switches or routers.
Small Ofce/Home Ofce is sometimes referred to as Single Ofce/Home Ofce. SOHO Networks
Example:
Figure 8-22: Components of a SOHO network.
SOHO Network Hardware

The list of device types and other requirements to implement a SOHO network is: Computers and laptops: About 1 to 10 computers that are to be connected on the network. Specialized connectivity devices - SOHO hubs, switches, and routers. Peripheral devices: Printers, fax machines, access points, and biometric devices can also be added to the network. Modem: An ADSL modem to connect to the Internet.
SOHO Network Hardware
285
LESSON 8
And, Cable length: For a wired SOHO, you need connecting cable lengths of 100 to 200 meters.
How to Plan a SOHO Network

How to Plan a SOHO Network
SOHO networks require meticulous planning to set up. Planning a SOHO network is not the same as planning a regular enterprise network. There are specic requirements that need to be met to successfully set up a SOHO network. Guidelines: To plan a SOHO network: Connect up to 10 computers in the SOHO network.
Ensure that the access points are distributed strategically to maintain seamless connectivity, if your SOHO network is implemented using the wireless technology.
Conceal the cabling to avoid disruption or outages on wired SOHOs.
st ru In
286
Example: Thomas Lee is a network professional who is hired by OGC Technologies to set up a SOHO network for a small unit of staff in a remote location. Before planning the network, Thomas enquires about the number of employees who will be working in the facility. As the new facility will primarily act as a customer support center, it will have no more than 15 employees.
ct
Limitations of a SOHO Network There are some environment limitations in setting up a SOHO network. All the computers and peripheral devices should be over a short range as long distance networking is not supported. A SOHO setup has some equipment limitations and is recommended for a maximum of 10 devices that include workstations, printers, and fax machines with one hub, switch, or router. SOHO networks cannot support more devices. Segmentation of the network is also not possible.
DO
He decides that a wireless SOHO will suit the requirements, and requests that his client procure the required wireless equipment that include laptops for the employees, wireless routers that can handle a small network, access points and a wireless printer. Based on the number of access points required, he determines strategic locations to place them to ensure seamless connectivity. He also determines a suitable location for the printer.
NO T
DU P
LI
CA
Plan the connectivity and placement of other devices such as printers and fax machines if needed on your network.
or
TE
Use routers and switches that can scale up, to handle the data transmission requirements of the computers on the network. Personal use routers and switches may not support a SOHO.
Ed
iti o
Small Office Routers Routing in a SOHO network does not require routing hardware as large networks and the Internet. There are several popular, relatively inexpensive, and easy to implement router products that are designed to support both wired and wireless SOHO networks, available from D-Link, Linksys, and NETGEAR.
LESSON 8
Compatibility Requirements As SOHO is intended for smaller networks or domestic purposes, multiple devices and technologies such as switches, routers, VLANs, VPNs are not recommended. Switches and routers designed for medium-sized or larger networks are expensive to be used in SOHO environments.
ACTIVITY 8-6
Planning a SOHO Network
Scenario: In this activity, you will plan a SOHO network.
What You Do 1. How You Do It
What is the maximum number of computers that can be connected in a SOHO network? a) 10 b) 30 c) 50 d) 100
2.
True or False? Connectivity devices such as routers and switches meant for domestic purposes can be used on SOHO networks. True False
Lesson 8 Follow-up
In this lesson, you identied the components of a LAN implementation. Since a LAN is the fundamental unit of computer networking, all networking professionals will need a thorough understanding of LAN technologies and their components.
1. Of the LAN infrastructure technologies discussed in this lesson, which ones do you expect to work with the most? Why? Answers will vary, but may include: switching technologies, static and dynamic routing, SOHO networks, and VLANs. Students might also choose to discuss the most frequently occurring technologies in the industry, or what they believe are the most common. 2. What do you see as the pros and cons of implementing static routing over dynamic routing? Answers will vary, but may include: static routing is a simple process but it has to be configured manually whereas dynamic routing can be configured automatically using dynamic protocols. Static routing uses minimal memory; on the other hand, dynamic routing is a memory-intensive process.
287
NOTES
288
LESSON 9
LESSON 9
WAN Infrastructure
In this lesson, you will identify the infrastructure of a WAN implementation. You will: Identify the major transmission technologies used in WANs. Identify the major WAN connectivity methods. Identify voice over data transmission systems and technologies.
Lesson 9: WAN Infrastructure
289
LESSON 9
Introduction
In the previous lesson, you identied the components of a LAN implementation. There are other technologies that can be implemented on a WAN. In this lesson, you will identify the components of a WAN implementation. Many local networks these days have a wide area connection to a distant network. Moreover, virtually every network connects in one way or another to the biggest WAN of them all, the Internet. As a networking professional, you will need to understand the infrastructure of these WAN connections so that you can ensure connectivity in the networks that you support. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.4 Categorize WAN technology types and properties. 3.5 Describe different network topologies. 3.8 Identify components of wiring distribution. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.4 Categorize WAN technology types and properties. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.6 Explain the function of common networking protocols. 2.4 Given a scenario, troubleshoot common wireless problems. 4.6 Explain different methods for network performance optimization.
Topic B:
Topic C:
TOPIC A
WAN Transmission Technologies
You have identied the transmission technologies and characteristics of a LAN implementation. When there are multiple LAN implementations that need to communicate, the LANs connect to form the larger framework of a WAN that uses transmission technologies different from a LAN. In this topic, you will identify the transmission technologies used on a WAN implementation. Present day communications span the globe. A WAN covers a very large geographical area, and can connect multiple smaller networks. The transmission method used on your WAN might affect overall network performance and cost more than any other factor. From the slowest dial-up to the fastest ber-optic service, you will need to understand the capabilities of and limitations to your networks transmission method to choose the one best-suited for your network.
290
LESSON 9
ATM
Asynchronous Transfer Mode (ATM) is a cell-switching network technology that supports highspeed transfer of voice, video, and data in LANs, WANs, and telephone networks. ATM LAN implementations are uncommon because they are expensive and complex. However, ATM WAN implementations have become reasonably popular because of their versatility and high bandwidth availability. Information is transferred in xed-size packets, called cells, each consisting of 53 bytes. ATM networks are made up of switches, which transport data cells among networks. ATM is a connection-oriented protocol. In other words, if a node is going to send cells to another node, it will rst establish a connection. The connection is terminated only after all cells are sent. After connection establishment, ATM routes the cells using identiers rather than using source and destination addresses. ATM offers reliable Quality of Service (QoS), and is envisioned as the technology for providing broadband Integrated Services Digital Network (ISDN) services. ATM handles broadband applications efficiently, and at the same time, allows users to assign priority to traffic on the network. ATM is used for various applications such as video on demand, high-speed data transfer, teleconferencing, remote sensing, 3-D interactive simulations, and tele-instruction.
ATM
Figure 9-1: ATM provides high-speed data transfer. ATM Features The versatility of ATM can be attributed to a variety of features.
Feature
Bandwidth options
Description
Provides a wide range of high bandwidth options155 Mbps to 622 Mbps are commonly deployed, but ATM can support 51.84 Mbps to 2.488 Gbps. Allows the capability to carry data, voice, and video simultaneously on the same channel.
Types of traffic
291
LESSON 9
Feature
Fixed cell size
Description
The xed 53-byte cell size enables ATM to be implemented in hardware, reducing overhead and drain on resources required to move data on a network. Built-in QoS features in the design aid in the ow of data between endpoints of the ATM network. Traffic contracting assigns a set data rate to an endpoint. When an endpoint connects to an ATM network, it enters into a contract with the network for service quality. The ATM network will not contract more services than it can provide. Traffic shaping optimizes data ow on an ATM network. It includes control of bursts and optimizing bandwidth allocation. Real-time data support is used for time-sensitive data such as voice or video and travels at a higher priority than non real-time data.
QoS Traffic contracting and shaping
Real-time and non real-time data support
ATM Network Interface Types ATM network interfaces connect ATM devices and fall into two categories: User-toNetwork Interface (UNI) and Network-to-Network Interface (NNI). The UNI, as a user device, is an ATM border device that connects one ATM network to another ATM network or a LAN. NNI is a switch that is inside an ATM network. Individual devices can connect to an ATM network, but this is rare. ATM Connections ATM is not a channelized service and does not waste channels by assigning them to nodes that are not talking. In a situation when the device is offline, ATM does not hold the channel. It makes that bandwidth available to other nodes, exhibiting traffic contracting to allocate the necessary bandwidth without wasting it by reservation. An ATM switch makes virtual connections with other switches to provide a data path from endpoint to endpoint. Individual connections are called Virtual Channels (VCs). VCs support the connection-oriented transport between endpoints and are identied by a Virtual Channel Identier (VCI). VCs with a common path are tied together into Virtual Paths (VPs) and are identied by a Virtual Path Identier (VPI). You can form a Transmission Path (TP) by combining multiple VPs.
An ATM endpoint (or end system) contains an ATM network interface adapter.
Frame Relay
Frame Relay
Frame Relay is a WAN protocol that functions at the Physical and Data Link layers of the OSI model. It is a packet-switched technology that allows transmission of data over a shared network medium and bandwidth using virtual circuits. Frame Relay transmits data using virtual circuits. As virtual circuits consume bandwidth only when they transport data, each device can use more bandwidth and transmit data at higher speeds. Frame Relay provides reliable communication lines and efficient error-handling mechanisms that discard erroneous data frames.
292
LESSON 9
Figure 9-2: Frame Relay allows stations to share the network medium and bandwidth. Frame Relay Network Components Frame Relay uses Data Termination Equipment (DTE) and Data Communications Equipment (DCE) to connect to the appropriate Frame Relay network, referred to as the Frame Relay Bearer Service (FRBS). Inside the FRBSor frame relay network cloudis a network of switches that makes connections between endpoints. A virtual circuit is established between two DTE devices. DTE equipment can consist of a single network device such as a router. DCE typically is a Channel Service Unit/Data Service Unit (CSU/DSU) that sends signals to an Edge System (ES), a switch on the Frame Relay network. A CSU/DSU is a combination of two WAN connectivity devices that work together to connect a digital WAN line with a customers LAN. The DSU receives the signal from the LAN and passes it to the CSU. The CSU converts the signal format to make it compatible with the Digital Data Service (DDS) on the WAN line. The virtual circuits used in Frame Relay prevents you from seeing the complexity of communication inside the cloud. Keep in mind that you never see the complexity of communication happening inside the cloud because Frame Relay communicates using virtual circuits. There are two types of virtual circuits: permanent and switched. Permanent Virtual Circuits (PVCs) are created by service providers inside their devices and the circuit is constant. Switched Virtual Circuits (SVCs) are established during data transmission and when the data conversation is over, the connection is closed. Advantages and Disadvantages of Frame Relay The advantages of Frame Relay are: It offers facilities like that of a leased line, but at a signicantly lower cost. It delivers increased performance with reduced network complexity. It can be implemented over the existing technology. It can be easily congured to combine traffic from different networking protocols.
The disadvantages of Frame Relay are: Data transmission may exceed network capacity as clients use a common network, and this results in the slowing down of the network. Since Frame Relay uses variable-length packets, there is difficulty ensuring QoS.
293
LESSON 9
X.25 Switched Networks Like Frame Relay, X.25 is a legacy packet switching network technology developed in the 1970s to move data across less-than-reliable long-distance public carriers available at that time. X.25 emphasizes reliable delivery, so it involves a lot of overhead and compromises performance. X.25, like many switched network protocols, is implemented on top of leased lines or other local connection technologies. In an X.25 network, an endpoint is called Data Terminal Equipment (DTE). DTE can be a card installed in either a PC or a server that interfaces with a router, or it can be a standalone unit. DTE is connected to Data Circuit Equipment (DCE), which connects the customer to the X.25 backbone. The backbone of the network is made up of Packet Switching Equipment (PSE).
MPLS
MPLS
Multiprotocol Label Switching (MPLS) is a high-performance, multi-service switching technology in use in packet data networks. It is dened by a set of IETF specications that enable Layer 3 devices, such as routers, to establish and manage network traffic. It ensures faster switching of data as it follows label switching that helps save processing time of packets by the label-switching routers. In an MPLS network, routers add a label to each incoming data packet and forward the packet along a predened path, based on the label rather than the destination IP address. As a result, routing lookups performed on every router are reduced. MPLS can transport data from different technologies and protocols such as IP, ATM, Frame Relay, Synchronous Optical Network (SONET), and Ethernet over a common infrastructure. Therefore, the reference is called multiprotocol.
Figure 9-3: MPLS performs multi-service label switching using Layer 3 routers. Benets of MPLS With the evolution of converged networks, network developers face major challenges such as increased traffic demands. MPLS enables Class of Service (CoS) tagging and prioritization of network traffic, so network administrators can specify which applications should take priority on a network. This function makes an MPLS network important to applications such as Voice over IP (VoIP). MPLS carriers differ on the number of classes of service they offer and the pricing of these CoS tiers.
294
LESSON 9
DSL
A Digital Subscriber Line (DSL) is a point-to-point, public network access broadband Internet connection method that transmits digital signals over existing phone lines. Telephone companies use DSL to offer data, video, and voice services over these existing lines. DSL accomplishes this connection by transporting voice as low-frequency signals and data as highfrequency signals. It has become a popular way to connect small businesses and households to the Internet because of its affordability and high download speedstypically upward of 1.5 Mbps. However, distance and the quality of lines affect the total bandwidth available to a customer.
DSL
Figure 9-4: DSL transmits digital signals over phone lines. DSL is commonly referred to as xDSL, denoting the different types of DSL technologies.
DSL Technology
Asymmetric DSL
Description
ADSL is the most popular DSL technology. It allows residential customers to access the Internet and receive phone calls simultaneously. Provides high bandwidth, high-speed transmission over regular telephone lines. Called asymmetric as most of the bandwidth is used for information moving downstream. Widely used where users download more information than what they send. Offers speeds of up to 8 Mbps. Unlike ADSL, SDSL provides symmetric connectivity to users. Although it also uses telephone lines, it offers other services on the same line. It provides the same download and upload speeds. Offers speeds of up to 1.5 Mbps. HDSL was developed to carry high-speed data over T1 lines. It offers speeds of up to 1.5 Mbps. HDSL2 is a more recent version and offers the same rate over a single pair of copper wires. SHDSL improves on both SDSL and HDSL by offering high speed, symmetric DSL over a single copper line. Has speeds of up to 2.3 Mbps. RADSL adjusts the upstream speed of the connection to maintain higher downstream speeds, i.e., the upstream bandwidth is adjusted to create greater bandwidth for downstream traffic. VDSL provides very fast data transmission across short distances over a single pair of copper wires. It offers speeds of up to 55 Mbps for downstream, and 1.6 to 2.3 Mbps in the upstream direction.
Symmetric DSL
High bit rate DSL
Single-pair high-speed DSL Rate-adaptive DSL
Very high-speed DSL
295
LESSON 9
DSL Technology
ISDN DSL
Description
IDSL is a cross between ISDN and xDSL. Provides data communication channels at a speed of 144 Kbps. Was developed for customers who were not within the reach of DSL service providers. VoDSL adds voice channels to an existing DSL connection. VoDSL digitizes voice signals and transports them as data signals.
Voice over DSL
Dial-Up and Broadband Connectivity There are two common methods used to provide Internet connectivity to customers: dial-up and broadband.
Method
Dial-up lines
Description
Dial-up lines are local loop PSTN connections that use modems, existing phone lines, and long-distance carrier services to provide low cost, low bandwidth WAN connectivity, and remote network access. Dial-up lines are generally limited to 56 Kbps, and are sometimes used as backups for higher bandwidth WAN services. Broadband offers high-speed Internet access as it has a higher rate of data transmission. It has speeds of 256 Kbps or higher. It offers much higher speeds than dial-up connections and allows the simultaneous use of a telephone line.
Broadband
PSTN PSTN is an international telephone system that carries analog voice data. PSTN offers traditional telephone services to residences and establishments. PSTN includes telephones and fax machines that set up temporary but continuous connections. During a call, a circuit is established between two users and is kept open even during periods of silence. This provides guaranteed QoS but uses bandwidth inefficiently.
ISDN
ISDN
ISDN is a digital circuit switching technology that carries both voice and data over digital phone lines or PSTN wires. ISDN uses digital channels for data transmission over conventional telephone lines. But unlike telephone signaling, ISDN signals are not converted to analog and are transmitted as digital signals. Similar to a telephone number, ISDN uses identiers to establish a connection on-demand by dialing another ISDN circuits telephone number. ISDN uses ve identiers including the telephone number, a Service Prole Identier (SPID), and three dynamic connection identiers. ISDN is a channelized service and has two interface modes: Basic Rate Interface (BRI) or Primary Rate Interface (PRI), which includes more data channels to provide higher bandwidth.
296
LESSON 9
Figure 9-5: ISDN carries voice and data over digital phone lines or PSTN wires. Channels Channelized services use multiple communication channels, tied logically together within the set bandwidth, to form a single communication path of bandwidth equal to the sum of the individual channels bandwidth. In other words, they combine all of their individual bandwidths to make one channel with a lot of bandwidth. Channels that carry data are called bearer channels, or B channels, and the channel used to set up, control, and take down the connection is called the delta channel, or D channel. BRI uses two 64 Kbps B channels and one 16 Kbps D channel for a total bandwidth of 144 Kbps. BRI is a simpler service offering and allows users to use their existing cabling. BRI services have a span of about 3.4 miles from a service provider to the customers premises. PRI uses twenty-three 64 Kbps B channels and one 64 Kbps D channel for a total bandwidth of 1.5 Mbps. It is used primarily for multi-user WAN connections. As demand for higher bandwidth connections to the Internet grew, BRIISDN was deployed at many small businesses and homes. However, ISDN, for the most part, has been replaced by ADSL technology. ISDN Hardware ISDN hardware includes Terminal Equipment (TE), Terminal Adapters (TAs), Network Termination (NT) devices, Line Termination (LT) and Exchange Termination (ET) equipment. TEs are communications equipment that stations use to accomplish tasks at both ends of a communications link. TAs form the hardware interface between a computer and an ISDN line. NTs are devices that connect the local telephone exchange lines to a customers telephone or data equipment. ISDN lines terminate at a customers premises using an RJ-45 connector in a conguration called a U-interface, which usually connects to a Network Termination Unit (NTU). The NTU can directly connect to ISDN-aware equipment, such as phones or ISDN NICs in computers. This type of equipment is called Terminal Equipment type 1 (TE1).
297
LESSON 9
T-Carrier Systems
T-Carrier Systems
The T-carrier system is a digital and packet-switched system designed to carry multiplexed telephone connections. It makes communications more scalable than analog, circuit-switched systems. T-carrier systems use two twisted pairs of copper wires. The rst pair is used for transmission and the second pair for reception. Therefore, T-carrier systems support full-duplex communication. T1 and T3 are the two most common T-service levels. T-services can be used to support a point-to-point WAN where the service provider sets up a dedicated connection between two T-service endpoints.
Figure 9-6: T-carrier systems allow multiplexed telephone connections. T-services connect a customers office with the service providers network. The internal connection is over Frame Relay. The T-service can also connect an office to the telephone company for remote access. Individual remote clients dial in to a number and the service provider before routing them to the office through the T-service. This way, a server can service multiple dial-in connections without needing many modems. Digital Signal Services Digital Signal (DS) services are a hierarchy of different digital signals that transfer data at different rates. The T-carrier system is the most common physical implementation of the ANSI Digital Signal Hierarchy (DSH) specications. DSH is a channelized data transmission standard used to multiplex several single data or voice channels for a greater total bandwidth. It was established in the 1980s, primarily for use with digital voice phones. In T-carrier implementations, DSH systems have become the standard building block of most channelized systems in the United States today. DSH denes a hierarchy of DSx specications numbered DS0 to DS5. The basic DS0 level species a single voice channel of 64 Kbps. A DS1 signal bundles 24 DS0 channels and uses a T1 carrier line. The different types of DS services vary depending upon their data transmission rates. DS0: Carries data at the rate of 64 Kbps. T-Lines In order to implement a different DS service, telephone companies use T-lines whose carrying capacities match the data rates of DS services. DS1: Carries data at the rate of 1.5 Mbps. DS2: Carries data at the rate of 6.3 Mbps. DS3: Carries data at the rate of 44.4 Mbps. DS4: Carries data at the rate of 274.2 Mbps.
Type of T-Line
T1
Service
DS1
298
LESSON 9
Type of T-Line
T2 T3 T4
Service
DS2 DS3 DS4
E-Carrier Systems The E-carrier system is a dedicated digital line that transmits voice or data. It is used in Europe, Mexico, and South America. The different E carriers transmit data at different rates.
Carrier
E0 E1 E2 E3 E4 E5
Transmission Rate
64 Kbps 2 Mbps 8.4 Mbps 34.4 Mbps 139.3 Mbps 565 Mbps
Digital Network Hierarchies

Digital networks have two hierarchical structures that dene them: the Plesiochronous Digital Hierarchy (PDH) and the Synchronous Digital Hierarchy (SDH). PDH networks carry data over bre optic or microwave radio systems. In this type of network, the different parts are ready, but are not synchronized. They have largely replaced PDH for a synchronized network in which the movement of data is highly synchronized along different parts. In SDH, data moves on an optical ber using LEDs. Basic data transmission occurs at a rate of 155.5 Mbps.
Digital Network Hierarchies
SONET/SDH
The Synchronous Optical Network (SONET) is a standard for synchronous data transport over a ber optic cable. SONET is the U.S. version of the standard published by ANSI, while SDH is the European version of the standard published by the International Telecommunications Union (ITU). SONET has two specications: the OC specication for ber optic cabling and the STS specication for copper wire, although SONET over copper has severe limitations. SONET is deployed in a self-healing dual-ber ring topology, similar to FDDI. When one ring works, the other is a standby. Whenever the working ring fails, SONET recognizes the failure and switches over to the second ring. SONET is most widely used by inside service providers to act as a high-speed backbone for other systems, such as Frame Relay and ATM. SONET/SDH can be used on an ATM network, and connections to the lines can be made using single-mode or multi-mode optical ber. In such a setup, ATM would be the switching technology, and SONET/SDH would be the transmission technology on the network.
SONET/SDH
299
LESSON 9
SONET is divided into three areas. Each area is controlled by an integrated management system.
Figure 9-7: Divisions of a SONET.
Area
Local collector ring
Description
A local collector ring interfaces with users and comprises Digital Cross-connect Switches (DCSs) at the users location or connects to the users location by a T-carrier. The DCS acts as a concentrator to transmit signals from a user to the SONET ring. It supports connections from different technologies and from multiple users. The technologies that can connect to the ring include ATM, T1 or T3 lines, ISDN, or DSL voice. A regional network combines multiple collector rings by using Add/Drop Multiplexers (ADMs). The ADM allows data from collector rings to be added to the regional ring. The data that is not accepted by the service requestor is discarded or sent back to the ADM. By managing bandwidth on the regional network, it becomes more efficient. When data moves between two networks that the same regional network supports, the connection can be through the regional network. The broadband backbone network routes data between regional networks. It is capable of carrying a large amount of data simultaneously in the ring, and the requestor picks the data as it is transmitted.
Regional network
Broadband backbone network
Advantages of SONET The key advantages of SONET are its excellent bandwidth management, built-in fault recovery features, and support for data transfer speeds of up to 2.48 Gbps. A particular advantage to SONET deployments is its interoperability. The technology often is used to aggregate multiple lines (T1, T3 for example).
300
LESSON 9
SONET Transmission Bandwidth SONETs transmission bandwidth ranges from 51.84 Mbps to 2.48 Gbps. Its hardware actually operates at speeds in the 10 Gbps range, but the SONET standard has not been expanded to include it. ITU The International Telecommunication Union (ITU) is an international organization within the United Nations that denes global technical standards for telecommunications. ITU also coordinates the widespread use of the radio spectrum, ensuring interference-free wireless communications. ITU also sponsors exhibitions and forums to exchange ideas and discuss issues affecting international telecommunications. DWDM Dense Wavelength Division Multiplexing (DWDM) is a multiplexing technology that uses light wavelengths to transmit data. Signals from multiple sources using different technologies are carried simultaneously on separate light wavelengths. DWDM can multiplex up to 80 separate data channels into a lightstream for transmission over an optical ber. Data from different protocols and technologies such as IP, SONET, and ATM can all travel simultaneously within an optical ber. SONET is combined with WDM functions by sending SONET data streams out on different colors of light. The sending SONET multiplexer connects light streams to the WDM card. At the receiving end, the ber demultiplexes the light into a single color stream and sends it to SONET equipment.
The Optical Carrier System

The Optical Carrier x (OCx) standard species the bandwidth for ber optic transmissions. It is a channelized technology based on the same 64 Kbps channel as DSH but with a base rate of 810 channels. The OCx standard is open-ended, enabling manufacturers to add specications as they develop hardware that supports faster transmission speeds. OCx Specications OCx specications correspond with the data rates of SONET. As one OC channel corresponds to a data rate of 51.84 Mbps, using multiple channels increases the rate by 51.84 Mbps per channel.
The Optical Carrier System
OCx Specication
OC1 OC3 OC9 OC12 OC18 OC24 OC36 OC192
Description
1 OC channel with a data rate of 51.84 Mbps. 3 OC channels with a data rate of 155.52 Mbps. 9 OC channels with a data rate of 466.56 Mbps. 12 OC channels with a data rate of 622.08 Mbps. 18 OC channels with a data rate of 933.15 Mbps. 24 OC channels with a data rate of 1.24 Gbps. 36 OC channels with a data rate of 1.87 Gbps. 192 OC channels with a data rate of 9.95 Gbps.
301
LESSON 9
PON The Passive Optical Network (PON) is a point-to-multipoint optical network that is used for broadcast transmissions using optical systems. As the optical transmission requires no power or active electronic parts when the signal passes through the network it is referred to as passive. A PON contains a central office node, known as Optical Line Termination (OLT) and Optical Network Units (ONUs) near end users. An OLT can connect to up to 32 ONUs.
Satellite Transmission Systems

Satellite Transmission Systems (2 slides)
A satellite-based network offers immense geographical coverage, allowing for high-speed connections anywhere in the world to transmit data between endpoints. Satellite transmission systems are used as an alternative to conventional communications, and as a cost-effective method to transmit information to different locations globally. Satellite communications systems use Line-of-Sight (LoS) microwave transmission. A satellite system consists of two segments: space and ground.
Figure 9-8: A satellite-based network.
Segment
Space Ground
Description
A space segment contains one or more satellites organized into a constellation and a ground station that provides operational control of the satellites. A ground segment provides access from Earth stations to the satellite to meet the communication needs of users. The ground segment contains terminals that utilize the communication capabilities of the space segment. The ground segment contains three basic types of terminals. Fixed terminals access satellites while they are stationary. Transportable terminals are portable, but remain stationary during transmission. Mobile terminals can communicate with satellites even when they are in motion.
Satellite Services Satellites are used for a variety of purposes and each satellite service has different requirements.
302
LESSON 9
Satellite Service
Satellite Internet
Description
The satellite Internet is a method of connecting to the Internet using a satellite network. This method can be broadly classied as a one-way or two-way connection, based on how the request for an Internet connection reaches the satellite. In a one-way connection, the request for an Internet connection goes to the ISP via a phone line and is forwarded to the satellite. A satellite phone is a telephone system that relies on the satellite network to provide services, instead of the local telephone switch infrastructure. Satellite phones can be handheld or xed, usually connected to an antenna at the top of a building. When a call is made from a satellite phone to another satellite phone, the call is routed directly via the satellite. If a call is made to a regular phone, the satellite routes the call to the landline or cellular network via an Earth station known as the gateway. The gateway converts the signals so that the landline or cellular network can read them. Satellite phones work well in open spaces, but they do not have a good reception within buildings and enclosed spaces. Satellite television is a method of relaying video and audio signals directly to a subscribers television set using satellites. A satellite TV network consists of a programming source that provides the original program. The satellite TV provider, also known as the Direct Broadcast (DB) center, then broadcasts these channels to the satellites, which receive the signals and rebroadcast them to Earth. The subscribers dish antenna picks up the signals and sends them to the TV via a receiver, also known as the Set-Top Box (STB). The satellite TV technology overcomes the disadvantage of broadcast networks, where an LOS arrangement is necessary. A Very Small Aperture Terminal (VSAT) is a telecommunication Earth station that consists of an antenna to transmit and receive signals from satellites. The size of a VSAT ranges from 1.2 to 2.4 meters in diameter. A network of VSATs provides a cost-effective solution to users who need to connect several sites or offices that are dispersed geographically. VSATs support transmission of voice, data, and video. A typical VSAT network consists of an antenna placed on top of a building and connected to a transceiver and modem by a cable. The modem converts the signals from the satellite into data or voice signals, and vice versa. VSAT networks can be connected in a point-to-point, star, or mesh network. A Global Positioning System (GPS) is a navigational system that consists of a network of 27 satellites: 24 active and 3 in the standby mode. These satellites are arranged in such a pattern that at least four of them are visible from any part of the world. A GPS receiver receives the distance and time information from the four visible satellites and uses that information to calculate its current position. A GPS receiver needs an unobstructed view of the sky.
Satellite phone network
Satellite television
VSAT
GPS
303
LESSON 9
WWAN
WWAN
A Wireless WAN (WWAN) uses wireless network technology to allow users to check email, surf the web, and connect to corporate resources accessible within wireless network boundaries. Users connect to a WWAN using a WWAN card. WWANs use a number of technologies to transfer data and connect to the Internet. Each of these technologies, however, falls into one of three families: GSM/UMTS, cdmaOne/CDMA2000, and WiMAX. The GSM/UMTS and cdmaOne/CDMA2000 protocols started out as cell phone technologies but now support data transmission. WWAN technologies also use the Wireless Application Protocol (WAP), which enables you to access the Internet from your mobile device.
Wireless Application Protocol shares its acronym with Wireless Access Point.
Figure 9-9: WWAN allows users access within wireless network boundaries. Wireless LAN vs. Wireless WAN The following table compares speeds, security, coverage, and costs of WLANs and WWANs.
Factor
Coverage
WLAN
Used in a single building of an organization, a home, or a hotspot such as a coffee shop. Usually limited to 100 meters. Typically 1 to 4 Mbps depending on the number of users that share the connection. Susceptible to hacking and interoperability issues between WLANs. Operates on a globally allocated frequency that does not require a license. No cost for the wireless connection within the range but a cost to access the Internet via the WLAN access point.
WWAN
Used wherever a cellular network provider has coveragecan be regional, national, or even global. Typically 30 to 50 Kbps.
Speed
Security
Tightly regulated frequencies spectrum requiring licenses to operate within the frequency. WWANs incorporate military security technology with a high-level of authentication and encryption. The subscription fee is similar to a cell phone contract. Can be a monthly fee, per minute or per megabyte charge.
Cost
304
LESSON 9
LTE Long Term Evolution (LTE) is a radio technology for wireless broadband access. It has been introduced in 3GPP Release 8. LTE will be backward compatible with GSM and HSPA. This compatibility will enable users to make voice calls and have access to data networks even when they are in areas without LTE coverage. LTE will offer data rates about 100 times faster than 3G networks, a downlink rate that exceeds 100 Mbps, and an uplink rate of more than 50 Mbps. HSPA High Speed Packet Access (HSPA) refers to a family of technologies based on the 3GPP Release 5 specication, which offers high data rate services in mobile networks. HSPA offers a downlink speed of up to 14 Mbps and an uplink speed of up to 5.8 Mbps, making it possible for users to upload or download data at a high speed without having to wait for cellular service providers to upgrade their hardware. The HSPA family includes High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), and HSPA+. HSPA+ uses multicarrier technologies in which multiple 5 MHz carriers are aggregated and a bigger data channel is used for data transmission. This large data channel also decreases latency and provides an increased capacity for bursty traffic, such as web applications. Evolved HSPA also aims to use an all-IP architecture, where all base stations will be connected to the Internet via the ISPs edge routers.
WiMAX
Wireless Interoperability for Microwave Access (WiMAX) is a packet-based wireless telecommunication technology that provides wireless broadband access over long distances. Based on the IEEE 802.16 standard, it is intended for wireless MANs. WiMAX provides xed as well as mobile broadband access. It covers a range of about 30 miles for xed stations and 3 to 10 miles for mobile stations. WiMAX also provides LoS and NLoS communication, and can provide connection speeds of about 70 Mbps. WiMAX operates in the wireless frequency ranges of between 2 and 11 GHz of the wireless spectrum.
WiMAX was created by an organization known as the WiMAX Forum. WiMAX (2 slides)
Figure 9-10: Wireless broadband access using WiMAX.

Lesson 9: WAN Infrastructure 305
LESSON 9
WiMAX Services WiMAX offers two different services: LoS and NLoS. LOS: Signals travel over a direct path from a transmitter to a receiver. NLOS: Signals reach a receiver through reections and diffractions.
Types of WiMAX WiMAX is of two types: xed and mobile.
Type
Fixed
Description
Is optimized for xed applications in LOS and NLOS environments. The main disadvantage of xed WiMAX is its difficulty to compete with established wired technologies such as DSL in places where the wired telecommunication infrastructure is well developed. Is optimized for portable and mobile applications in an NLOS environment. Mobile WiMAX includes additional features such as power management, handoff, frequency reuse, channel bandwidth scalability, and better NLOS performance and indoor penetration.
Mobile
ACTIVITY 9-1
Discussing WAN Transmission Technologies
Scenario: In this activity, you will discuss WAN transmission technologies.
1.
On which type of network is ATM most commonly implemented? a) LAN b) MAN c) WAN d) PAN
2.
How many bytes of data can an ATM cell transfer? a) 56 b) 53 c) 52 d) 58
306
LESSON 9
3. Which technologies do OCx specifications match to? a) ATM b) SONET c) Frame Relay d) SDH e) T1 4. What are the channels used by BRI ISDN? a) Two D channels and one B channel b) Two B channels and one D channel c) Three B channels and one D channel d) Three B channels and two D channels 5. Which of these technologies allows for more downstream traffic than upstream? a) SDSL b) SHDSL c) ADSL d) VDSL 6. Which of these are features of a network with MPLS? a) Label switching b) Used with voice traffic c) Multiprotocol adaptability d) Not used with Frame Relay 7. Upon which of these OSI layers does Frame Relay operate? a) Transport b) Application c) Network d) Physical e) Data Link
307
LESSON 9
TOPIC B
WAN Connectivity Methods
In the previous topic, you identied different WAN transmission technologies. With the transmission technology in place, another important aspect of WANs is their connectivity methods. In this topic, you will identify major WAN connectivity methods. Once you have decided how you are going to transmit data on a WAN, you still have one last issue to deal with: how do you connect your self-contained LAN to a WAN that uses completely different technologies? Understanding the various WAN connectivity devices and methods will help you implement your WAN connection appropriately.
Cable Internet Access

Cable Internet Access
Cable Internet access uses a cable television connection and a cable modem to provide highspeed Internet access to homes and small businesses. Cable access is contention-based, with users arranged in contention groups of nodes that split television and data signals at the cable providers end. The speed of the network varies depending on the number of nodes in the contention group.
Figure 9-11: Cable providing high-speed Internet access.
Cable Modems
Cable Modems
Denition: Cable modems are hardware devices that connect subscribers to the service providers cable systems. Service providers use a cable modem to connect the subscribers computer to the Internet using twisted pair cabling and a 10/100 network port or USB connection. On the other end, the cable modem connects to the wall jack using coaxial cabling. Most cable companies provide access up to 10 Mbps and require a 10-MB network adapter. However, a cable modem can function reliably for speeds up to 27 Mbps. Cable modems operate at the Physical and Data Link layers of the OSI model.
308
LESSON 9
Example:
Figure 9-12: Cable modems provide connectivity to the providers cable systems.
Dial-Up Connections
Dial-up lines are PSTN connections that use modems, existing phone lines, and long-distance carrier services to provide low-cost, low-bandwidth WAN connectivity and remote network access. Generally limited to 56 Kbps, dial-up lines are sometimes used as backups for higherbandwidth WAN services. Dial-up lines have two major drawbacks: they are slow and they can have a considerable connection wait time. Despite these limitations, dial-ups are still used because they provide enough bandwidth for affordable basic Internet connectivity services over the existing telephone infrastructure.
Dial-Up Connections
Figure 9-13: Dial-up connections provide WAN connectivity.
Dial-Up Modems
Denition: A dial-up modem is a communication device that converts a computers digital signals into analog signals before transmission over telephone lines. The word, modem, represents modulation and demodulation because it converts digital signals into analog and analog signals into digital. A dial-up modem can be either internal or external. Internal dial-up modems exist as part of the motherboard and uses the PCs power supply, while external dial-up modems connect via the serial or USB port as separate expansion boxes. Unlike internal dial-up modems, external modems require separate power supply. The disadvantage of a dial-up modem is that it is slow when compared to broadband modems.
Dial-up Modems
309
LESSON 9
Example:
Figure 9-14: A dial-up modem.
Leased Data Lines

Leased Data Lines
A dedicated line is a telecommunication path that is available 24 hours a day for use by a designated user; dedicated lines and leased lines are essentially the same. With dedicated or leased lines, bandwidth availability varies with technology, but is usually between 56 Kbps and 2 Mbps. A company can lease the connection for a xed fee, typically based on the distance between endpoints. Leasing a line can be advantageous because it guarantees a xed bandwidth over a dedicated line.
Figure 9-15: Leased lines for communication.
ICS
ICS
Internet Connection Sharing (ICS) is a connectivity service for computer systems that connects multiple computers to the Internet by using a single Internet connection. The computer that is connected to the Internet is called an ICS host, and the other computers are ICS clients.
310
LESSON 9
Figure 9-16: ICS clients connect to the Internet via an ICS host. An ICS host must have two network connections: A local area connection, which you can create by installing a network adapter that connects computers in your network. And, an external connection, which links the home or small-office network and the Internet. ICS is enabled on this connection.
When you enable ICS, the LAN connection to the internal network is given a new static private IP address and conguration. The ICS host then assigns new dynamic private IP addresses to ICS clients. Additional ICS Implementation Requirements Other network conguration requirements are available for an ICS connection. Because the ICS host provides dynamic addressing and DNS proxy services to ICS clients, there must not be any other active DNS or DHCP servers on the network, and ICS clients must be congured for dynamic IP addressing. Also, the logon credentials for the Internet connection on the ICS host must be shared for all users.
Satellite Media
Satellite media provide for long-range, global WAN transmissions. A physical link transfers the signal to a satellite link at some point for transmission, and the satellite link then transmits the signal back to a physical link at the other end of the transmission for data delivery. Due to the greater distances the signal must travel, average latency is high, so satellite transmissions do not always work well for real-time applications. Weather conditions also affect the signal. Satellite services provide varying speeds depending on the service agreement.
Satellite Media
Figure 9-17: Signal transmission using a satellite.
311
LESSON 9
Satellite Internet Access Satellite Internet access is an example of direct, unbounded WAN transmissions. Depending upon the provider, satellite TV customers can choose to receive Internet access through the same satellite dish that receives their TV signals.
ACTIVITY 9-2
Discussing WAN Connectivity Methods
Scenario: In this activity, you will discuss WAN connectivity methods.
1.
Which statement is true of satellite media? a) Used for short-range transmissions b) Offers high-speed connections c) Has a low latency d) Transmits data at the same speed
2.
What are the configuration requirements for ICS? a) Clients must have two network connections. b) The host must have two network connections. c) Clients must be configured for dynamic IP addressing. d) The network should not use other methods for dynamic addressing.
3.
True or False? The bandwidth availability for a dedicated line is usually between 28 Kbps and 2 Mbps. True False
4.
Identify the functionality of each WAN connectivity method.
b c a d
Dial-up modem Cable modem Satellite media ICS
Provides long range global WAN transmissions. b. Converts a computers digital signals into analog signals and vice versa. c. Connects subscribers to the service providers cable systems. d. Connects multiple computers to the Internet using a single Internet connection.
a.
312
TOPIC C
Voice over Data Transmission
In the previous topics, you identied the data transmission technologies and connectivity methods used in WAN implementations. Another aspect of WAN implementations is the voice transmission technology. In this topic, you will identify major voice over data systems. A WAN implementation is valuable for moving data efficiently over long distances. But once your WAN is in place, you might nd that it is useful for moving other kinds of data as well, including voice that standard telephone systems currently transport. Most networks today implement some form of voice over data technology, so a knowledge of transmitting voice over a WAN is critical to ensure that your network can support this requirement.
LESSON 9
Converged Networks
Voice, video, and data are the three types of traffic carried over a network. Initially, there were different networks specically modeled to carry one type of traffic alone. Converged networks allow all three types of traffic to move over the same network. ATM was the rst technology that allowed this convergence over a WAN. More recently, VoIP is used in the convergence of data, voice, and video networks.
Converged Networks
Figure 9-18: Convergence of networks.
Voice over Data Systems

Denition: Voice over data systems are communication systems that replace traditional telephone links by transmitting analog voice communications over digital WAN technologies. Digital WANs provide more bandwidth than analog phone systems, and there is no long-distance service cost involved. Because voice communications are time-sensitive, the voice over data system must ensure that packets arrive complete and in sequence. In a voice over data system, voice software interfaces with an analog voice device, such as a microphone, to convert the analog voice into a data signal and to translate the dialing destination into a network address.
Voice over Data Systems
313
LESSON 9
Example:
Figure 9-19: Voice software converts analog voice into digital signals.
VoIP
VoIP
Voice over IP (VoIP) is a voice over data implementation in which voice signals are transmitted in real or near-real time over IP networks. In VoIP telephony, analog voice signals are converted into digital signals. As in a typical packet-switched network, digital signals are broken down into packets, to transmit voice as data. After reassembling the packets, the digital signals are reconverted into audio signals. When you make a telephone call, the network connection transmits signals over data networks, and transfers them to the standard phone system if the called party does not have a VoIP service. Conversely, when you dial a number that maps to a VoIP device, VoIP routes the call to the IP host. VoIP relies on the existing, robust infrastructure of IP networks and the nearuniversal implementation of IP. It also eliminates per-call costs, especially for long-distance calls, because it uses data channels to transmit voice signals.
Figure 9-20: VoIP transmits voice signals over IP networks. Benets of VoIP Compared to traditional circuit-switched telephony, VoIP telephony provides various benets for users and is thus gaining popularity.
314
LESSON 9
Benet
Cost reduction
Description
The most attractive benet of VoIP telephony is the cost savings it offers. You can make a call to anywhere in the world, yet pay at the rates of downloads. For a business, the savings are especially considerable. Depending on the setup, you can make a VoIP call from anywhere you have Internet access. With no need to provide for the cabling for a separate phone system, VoIP telephony reduces infrastructure and its inherent costs. As it is based on IP, some VoIP software integrates the transmission of not just voice data, but other forms of data. Thus, in addition to speaking with someone else, you can send image les and exchange video, such as through a webcam. VoIP service providers usually offer many features for free, such as the caller ID and call forwarding, which are typically charged by xed line service providers.
Mobility Reduced infrastructure
Integrated communication
Complementary features
Challenges to VoIP Although VoIP telephony is gaining in popularity, it has many issues that need to be addressed before replacing or even competing with traditional telephony.
Issue
Connectivity
Description
Connections to the Internet are still not completely reliable with most providers, and there are times when you are not able to go online or get disconnected often. An option would be to switch to a more reliable provider. As voice is delivered as packets, there may be periods of silence resulting from delays in packet delivery. This can not only be annoying, but also consume online time as a conversation may take longer to complete. During a power outage, you are not able to go online and therefore cannot make a VoIP call. This is usually not a problem with traditional telephony, as phone companies provide for reserve power. An option would be to install a backup system. With the increasing popularity of VoIP telephony, security vulnerabilities, though not a big concern presently, are bound to increase. Hackers could not only listen to and intercept sensitive data, but even break in to systems and accounts to utilize VoIP services illegitimately. An emergency call from a traditional phone, in the event the caller is unable to speak, can be traced. However, it is difficult to trace a VoIP call, as voice packets bear an IP address rather than a location address. The problem gets more complicated if the person is using a portable device.
Voice delivery
Power outage
Security
Emergency 911 calls
315
LESSON 9
VoIP Protocols
VoIP Protocols
A VoIP session may use one or more protocols, depending on session parameters.
Protocol
Session Initiation Protocol (SIP)
Description
Initiates, modies, and terminates a session. It is a signaling protocol for multimedia communication sessions. SIP must work with other protocols because it is only responsible for the signaling portion of a communication session.
Session Description Protocol Describes the content of a multimedia communication session. (SDP) Real-time Transport Protocol Transmits audio or video content and denes the packet for delivery (RTP) including the type of content, sequence numbering, time stamping, and delivery monitoring. Has no specic UDP or TCP port number; rather a dynamic range of port numbers, a feature that makes traversing rewalls difficult. Real-time Transport Control Protocol (RTCP) Monitors QoS in RTP transmissions. Acts as a partner to RTP to package and deliver data but does not transport data.
QoS on VoIP The quality of a voice service is affected by latency and jitter on a packet network. Therefore, there is a need to ensure QoS for protecting voice from data and to ensure that other critical data applications, which compete with voice, do not lose out on bandwidth. The QoS implementation should also take care of packet loss, delays, and efficient use of bandwidth. Latency is the time delay for a packet to go from the source to the destination and back to the source. Jitter is the variability of latency over time across a network. Jitter should be minimum for real-time applications using voice and video.
316
ACTIVITY 9-3
Discussing Voice over Data Systems
Scenario: In this activity, you will discuss the characteristics of voice over data systems.
LESSON 9
1.
What are the advantages of VoIP as compared to traditional telephone systems? a) Reduced long-distance call costs b) Increased bandwidth c) Portability d) Power independent
2.
Match the VoIP protocol with its description.
c d a b
3.
SIP SDP RTP RTCP
a.
Transmits audio or video content and denes the packet for delivery. b. Monitors QoS in voice over data transmissions. c. Initiates, modies, and terminates a session. d. Describes the content of a multimedia communication session.
Which statements are valid regarding voice over data systems? a) Transmits digital signals over WAN technologies. b) Voice communications are not time-sensitive. c) Voice software converts digital data to analog voice signals. d) Voice software translates a dialing destination to a network address.
Lesson 9 Follow-up
In this lesson, you identied the infrastructure and technologies used on a WAN implementation. As almost every LAN uses WAN technologies to connect to other networks, including the Internet, understanding the WAN infrastructure helps you ensure WAN connectivity on the networks you support.
1. Which WAN technologies do you expect to work with on your home and office networks? Why? Answers will vary, but may include: technologies such as ISDN because the connection is faster than telephone lines, Frame Relay because it provides high performance with significantly lower cost, and DSL because of the high-speed Internet connectivity it provides, WWAN because it allows users wide area mobility, WiMAX because of its wide coverage area and high-speed Internet connectivity.
317
LESSON 9
2. In your opinion, what is the future for the implementation of voice over data systems on conventional networks? Answers will vary, but may include: decrease in the cost of voice service, dual mode phones, and integration of voice over data systems into portable devices like personal digital assistants.
318
LESSON 10
LESSON 10
Remote Networking
In this lesson, you will identify the components of a remote network implementation. You will: Identify the architectures used for remote access networking. Identify various remote access networking implementations. Identify the major components of a VPN implementation. Identify various VPN protocols.
Lesson 10: Remote Networking
319
LESSON 10
Introduction
In the previous lessons, you have described the technologies for implementing networks where users have a computer with a direct connection to the network. Many wide area networks also include remote users, who connect to the network using indirect, remote-networking technologies. In this lesson, you will identify the components of a remote network implementation. Almost every organization needs to support remote users. Whether it is the employee who is always on the move, works from a home office, or connects to the organizations network from an occasional offsite conference, all your remote users need reliable, secure access to your network from their offsite locations. As a network professional, you will need to understand all components required for remote network implementations so that you can support your remote users effectively. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A, B, and D: 5.2 Explain the methods of network access security. 5.3 Explain methods of user authentication. 4.1 Explain the purpose and features of various network appliances. 5.2 Explain the methods of network access security.
Topic C:
TOPIC A
Remote Network Architectures
You are familiar with the common network implementations. Many remote network implementations have similar congurations, or architectures. In this topic, you will identify the different remote network architectures. The needs of remote users are often different than those of other network users. Several common implementation schemes have evolved to meet the most sophisticated remote user requirements. As a network professional, you may need to provide network connectivity to remote users. To provide remote users with the functionality they need, you need to understand the basics of remote networking.
Remote Networking
Remote Networking
Denition: Remote networking is a type of networking that enables users who are not at their physical locations to access network resources. The remote computer uses specic protocols for connectivity and an established connection mechanism to connect to the network. Remote networking can be used to enable a user to connect to a computer for basic access, or it can be a full-service connection with the same functionality that the user would expect to have at the office.
320
LESSON 10
Remote Networking Limitations The biggest limitations of remote networks are the available bandwidth, link latency, and security. Example:
Figure 10-1: Infrastructure in a remote networking environment.
Remote Access Networking

In remote access networking, a node uses a remote connection to connect to a network. Once connected, the node can access resources and function as if it is on the same physical network. There is a possibility of the connection being slower due to bandwidth constraints. The server that provides remote access also provides security and authenticates users to access the network. All network traffic to and from the remote node passes through the server.
Remote Access Networking
Remote Desktop Control

A remote desktop is a connection mode that enables users to access any network system from their workstation and perform tasks on the remote system as if they were working locally. Remote desktop control uses a special software package that enables a remote client to control a host computer on the network, or run applications from a server. Once connected, the remote client can send keyboard and mouse inputs and receive the resultant information on-screen. Remote desktop control can be used on a WAN or on a local network. Remote desktop control can be used for remote server administration and to enable help desk personnel to provide remote assistance. Unless there are sufficient servers to balance the load, remote desktop control requires expensive centralized hardware and software to manage use and maintenance. Remote Desktop Network Access Remote desktop control can be used by the host computer as an access point to a remote network. When a host computer is used to access a network, the host should be a dedicated system. Centralized Computing Traditional models of centralized computing are based on a central server that has attached terminals. Modern interpretations of centralized computing include remote desktop, hosted and web-based applications, and thin client computing, where most of the hardware resources reside on the server side.
Remote Desktop Control
321
LESSON 10
Benets of Remote Desktop Control
Benets of Remote Desktop Control
Remote desktop control has numerous benets for both administrators and end users.
Benet
Encryption will be covered in detail in subsequent lessons.
Description
Applications are installed on the terminal servers and clients access the applications from their desktops. Applications are not installed on each workstation, and have centralized upgradability and maintenance. Servers and clients can run on a wide variety of hardware congurations. These can be different hardware or multiple devices such as low conguration PCs or thin clients. Allows an administrator to connect to a server remotely and perform administrative tasks using the GUI of the server. Implements basic and advanced encryption schemes.
Centralized application deployment and access Multiple device support
Server administration and maintenance Enhanced security
RAS Servers
RAS Servers
Remote Access is a feature that allows an administrator to access client systems from any location on the network. Remote Access Services (RAS) servers are available from many sources. Microsofts remote server implementation is called Routing and Remote Access Services (RRAS). On Microsoft networks, using RRAS instead of a third-party remote access server means that the user can dial in and authenticate with the same account as he or she uses at office. With third-party remote access servers, there must be some mechanism in place to synchronize user names and passwords. RAS Server Vendors Microsoft, Apple, IBM, and many other UNIX and Linux vendors offer remote access server implementation either included with their server operating systems, or as separate software. In addition, there are several third-party software vendors that provide remote access solutions, including Cisco, EMC, Perle, Citrix, and Patton.
RADIUS
RADIUS
Authentication is covered in more detail in subsequent lessons.
Remote Authentication Dial-In User Service (RADIUS) is a protocol that enables a server to provide standardized, centralized authentication for remote users. When a network contains several remote access servers, you can congure them to be a RADIUS server and all of the others as RADIUS clients. The RADIUS clients will pass all authentication requests to the RADIUS server for verication. User conguration, remote access policies, and usage logging can be centralized on the RADIUS server. RADIUS is supported by VPN servers, Ethernet switches requiring authentication, WAPs, as well as other types of network devices.
322
LESSON 10
Figure 10-2: The architecture of a RADIUS network. RADIUS Implementation in Windows In Windows Server 2008 R2, RADIUS implementation is accomplished through the Network Policy server. Diameter Diameter is an authentication protocol that is an updated version of RADIUS and improves on some of its features. Diameter is not backward-compatible with RADIUS, but it does provide an upgrade path. Diameter is a stronger protocol that provides more advanced features, but is not as widespread in its implementation due to the lack of compatible products.
The name Diameter is a reference to the mathematical term that indicates that Diameter is twice as good as RADIUS.
AAA Authorization, Access Control, and Accountingcollectively referred to as AAA can be implemented on a system for authentication as they use RADIUS and TACACS+ to maintain a list of user names and passwords.
323
LESSON 10
ACTIVITY 10-1
Implementing RADIUS for Remote Access
Before You Begin: Open the Server Manager window. Scenario: You are a network administrator for OGC Financial Group, a mid-size company with a growing number of remote connectivity needs. You plan to implement RADIUS for remote authentication, and you want to use it in tandem with wireless authentication for an added layer of security on a wireless network that is mainly accessed by traveling employees. You want to test RADIUS in a lab environment before deploying it in production. On a test RRAS system, you will install a RADIUS server and recongure an RRAS server to use RADIUS authentication.
Normally, in organizations, administrators disable/block ports above 1024 as a security measure. They selectively enable ports above 1024 during the installation of the associated services that use the port number.
What You Do 1. View the current remote access authentication methods.
How You Do It a. In the Server Manager window, expand Roles, and then expand Network Policy and Access Services. UnderNetwork Policy and Access Services, right-click Routing and Remote Access and choose Properties. b. In the Routing and Remote Access Properties dialog box, select the Security tab and in the Authentication provider section, click Authentication Methods.
324
LESSON 10
c. In the Authentication Methods dialog box, observe the options selected by default.
d. Click Cancel to close the Authentication Methods dialog box. e. Click Cancel to close the Routing and Remote Access Properties dialog box.
325
LESSON 10
2. Install the Network Policy and Access Services. a. In the Server Manager window, right-click Network Policy and Access Services and choose Add Role Services to open the Add Role Services wizard. b. In the Add Role Services wizard, on the Select Role Services page, in the Role Services section, check the Network Policy Server check box and click Next. c. Confirm what you are about to install and then click Install.
d. Once the installation is complete, click Close to close the Add Role Services wizard and complete the installation.
326
LESSON 10
3. Configure a RADIUS client. a. In the Server Manager window, expand the Network Policy and Access Services and NPS (Local) objects. b. Select the RADIUS Clients and Servers folder. c. In the middle pane, click Configure RADIUS Clients. d. In the Actions pane, in the RADIUS Clients section, click New. e. In the New RADIUS Client dialog box, in the Name and Address section, in the Friendly name text box, click and type My RADIUS Client f. In the Address (IP or DNS) section, click Verify.
g. In the Verify Address dialog box, click Resolve. h. In the IP address list, select 192.168.1.XX , where XX is the IP address of the system, and click OK. i. In the Shared Secret section, select the Generate option and then click Generate. Observe that in the Shared secret text box, the key is automatically generated. Click the warning message icon next to the text box.
j.
327
LESSON 10
k. Observe the text displayed as a tool tip and click OK.
4.
Reconfigure the RRAS server to use RADIUS authentication.
a. In the Server Manager window, under the Network Policy and Access Services object, select the NPS (Local) object. b. In the Standard Configuration section, from the drop-down list, select the RADIUS server for 802.1X Wireless or Wired Connections option. c. Read the description and then click the Configure 802.1X link.
d. In the Configure 802.1X dialog box, in the Type of 802.1X connections section, select the Secure Wireless Connections option and click Next. e. Verify that My RADIUS Client appears in the RADIUS clients list, and click Next. f. On the Configure an Authentication Method page, from the Type (based on method of access and network configuration) drop-down list, select the Microsoft: Secured password (EAPMSCHAP v2) option and click Next.
g. On the Specify User Groups page, click Next. h. On the Configure Traffic Controls page, click Next and click Finish.
328
LESSON 10
5. Verify the RADIUS port settings. a. In the Server Manager window, under the Network Policy and Access Services object, right-click the NPS (Local) object and choose Properties. b. In the Network Policy Server (Local) Properties dialog box, select the Ports tab. c. Verify that 1812, the default port for RADIUS, is listed in the Authentication text field. After examining the other port settings, click Cancel. d. Close the Server Manager window.
Remote Control Protocols

There are several remote control protocols that can be used depending on the remote networking needs.
Remote Control Protocols
Remote Control Protocol Description

Remote Desktop Protocol (RDP) RDP is the backbone of Microsofts Remote Desktop system. Its capabilities include data encryption, remote audio and printing, access to local les, and redirection of the host computers disk drives and peripheral ports. In client versions 6.1 and later, any application that can be accessed via the normal remote desktop can serve as a standalone remote application. The server component, the terminal server, is available on most Windows operating systems, except for Windows Vista Home Edition, and a desktop client is available for most operating systems. The server listens on port 3389. VNC is a platform-independent desktop sharing system. VNC client and server software is available for almost any operating system (and for Java), so a VNC viewer on a Linux system can connect to a VNC server on a Microsoft system and vice versa. VNC uses the Remote Frame Buffer (RFB) protocol, which allows the client and server to determine the best version of RFB they can support during a session. VNC is not an inherently secure system, but does offer varying levels of password and content encryption, depending on the implementation. The Citrix ICA protocol is a remote terminal protocol used by Citrix WinFrame and Citrix Presentation Server software as an add-on to Microsoft Terminal Services. ICA enhances and expands on the core thin-client functionality found in Terminal Services, and provides client support for additional protocols and services.
Virtual Network Computing (VNC)
Independent Computing Architecture (ICA)
329
LESSON 10
Remote Control Protocol Description
X Window system The X Window system is a protocol that uses a client-server relationship to provide a GUI and input device management functionality to applications. Current X Window systems are based on the X11 protocol and normally used on UNIXand Linux-based systems to display local applications. Because X is an open cross-platform protocol and relies on client-server relationships, remote connections are often easy to implement.
Remote Desktop Implementations Remote control networking solutions include Windows Remote Desktop and Remote Assistance, Symantec pcAnywhere, GoToMyPC, LogMeIn, WebEx PCNow, various VNC clients and servers, Citrix XenApp, and Apple Remote Desktop. Microsoft Windows Terminal Services The technologies formerly known as Terminal Services were renamed Remote Desktop Services in Windows Server 2008 R2. Terminal Services is a client/server system that enables multiple clients to run applications or manage a server remotely. Terminal Services provides client access to all Windows-compatible applications by opening a user session on the Terminal Server. All application execution, data processing, and data storage is handled by the Terminal Server. Microsofts terminal emulation software can be installed on almost any Windows operating system, from Windows NT to Windows 7. Even handheld PCs running Windows CE can connect to a Terminal Server and run applications. Web-based access is also available. The low demands on the client have led a lot of companies to deploy Terminal Services as a way of extending the life of their outdated computers. It is possible for a Terminal Server to support hundreds of sessions simultaneously. Although the upfront investment may be high, organizations spend less money in upgrading equipment. Citrix ICA Clients Because of Citrixs digital independence, almost any device can be a Citrix client, including PC desktops, net appliances, web browsers, or mobile devices. Net appliances are dedicated thin clients that have a keyboard, mouse, and video, but no hard drives or CD-ROM drives. The net appliances OS is embedded in a ROM chip, it has lower CPU power, and its job is to connect to a server. Even though it is a low-power device, it can run any application on the server. Web browser support is provided through the Citrix NFuse web server application. Websites that provide the applications are set up, and a client connects to the site with any ActiveX-enabled browser. Like a thin client on a LAN, the applications run on the web server and not on the browser. Mobile devices that use wireless connectivity services can access and run applications from laptops, cell phones, PDAs, or Windows Mobiles.
330
ACTIVITY 10-2
Enabling Remote Desktop Connections
LESSON 10
Scenario: You are a network administrator for OGC Advertising, a growing marketing company. In the past, you used telnet to manage and troubleshoot servers remotely. Since the company has grown, and you now have more dedicated servers, the decision has been made to manage and troubleshoot remotely using Remote Desktop, which is more secure than telnet. Additionally, since Remote Desktop allows for creating and accessing les on the remote computer, accessing les on the server is more efficient. You now do not need to keep FTP ports open to transfer individual les. In this activity, you will enable Remote Desktop Connections on your workstation to connect to a partners computer, which is simulating a dedicated le server running Windows Server 2008 R2.
What You Do 1. Enable remote desktop connections. How You Do It a. Browse to the C:\Data\Simulations\ Lesson10\Activity10-2 folder. b. Double-click the executable file. c. In the Open File - Security Warning message box, click Run. d. Follow the on-screen steps for the simulation. e. Close the C:\Data\Simulations\Lesson10\ Activity10-2 folder.
331
LESSON 10
TOPIC B
Remote Access Networking Implementations
In the previous topic, you identied remote access networking. The different remote network architectures can be used for different implementations of remote networks. In this topic, you will identify various remote access networking implementations. For many, connecting to a remote network while on the move is a way of life. From telecommuters to traveling sales representatives to a manager attending an annual conference, these remote users need a reliable way to access network services when they are not in an office environment. As a network professional, you need to recognize the components commonly used in remote access networking so that you can support your remote users.
Remote Access Protocols

Remote Access Protocols
Denition: A remote access protocol enables a user to access a remote access server and transfer data. Remote access protocols can provide direct dial-in connections via modems, or they can provide connections via ISPs and the Internet. There are various remote access protocols such as PPP, PPPoE, and EAP that provide remote access. Example:
Figure 10-3: A remote access protocol environment.
332
LESSON 10
PPP
The Point-to-Point Protocol (PPP) is a remote networking protocol that works on the Data Link layer of the TCP/IP protocol suite. It is used to send IP datagrams over serial point-topoint links. It can be used in synchronous and asynchronous connections. PPP can dynamically congure and test remote network connections, and is often used by clients to connect to networks and the Internet. It also provides encryption for passwords, paving the way for secure authentication of remote users. To log on to a remote session via PPP, you need to enable a remote authentication protocol. The Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA) are more recent PPP implementations used by many DSL broadband Internet connections.
SLIP is a legacy remote access protocol used for sending IP data streams over serial lines such as modem or phone connections. In Windows Server 2008 R2, SLIP is automatically upgraded by the NOS to PPP. PPP
PPP Variants
There are three commonly used variants of PPP: the PPPoE, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).
PPP Variants
Variant
PPPoE
Description
A standard that provides the features and functionality of PPP to DSL connections that use Ethernet to transfer signals from a carrier to a client. In addition, it contains a discovery process that determines a clients Ethernet MAC address prior to establishing a connection. A protocol which is an extension of PPP and provides support for additional authentication methods, such as tokens, smart cards, and certicates. A protocol that secures EAP by creating an encrypted channel between a remote client and a server. PEAP can also be used with Microsoft Challenge Handshake Authentication Protocol v2 (MS-CHAPv2) to strengthen the protocols password authentication.
CHAP, tokens, smart cards, and certicates are covered in detail in a subsequent topic in this lesson.
EAP PEAP
Remote Access Authentication

To authenticate a remote session connection, you need to perform several steps.
Remote Access Authentication
Figure 10-4: Steps in the remote access authentication process.
333
LESSON 10
Step
Step 1: Session initiation Step 2: Connection request Step 3: Link establishment Step 4: Client authentication
Description
A user initiates a session using a remote computer. The remote computer requests a connection to a remote access server so that it can connect to another computer. The remote access server acknowledges the connection request, and establishes the physical link between the two computers. The remote access server requires the client to authenticate itself by using a remote authentication protocol. If the client does not agree to provide the requested authentication data, the server refuses to create a connection and the physical link is dropped. If the client agrees to send the authentication data, the server establishes a connection and authenticates the client. The server and client use the agreed-upon authentication protocol to communicate authentication credentials. If the server does not accept the authentication credentials provided by the client, the server closes the connection and drops the physical link. If the server accepts the authentication credentials provided by the client, the server allows the client to access resources.
Step 5: Authentication credentials communications
Web-Based Remote Access

Web-Based Remote Access
Web-based remote access implementations provide access to services and data via web browsers. A well-deployed web-based service allows clients to access web-based applications and data without any additional software installed on their system. However, proper security mechanisms should be in place when you use these implementations. Web-based remote access also allows administrators to manage application servers from remote locations. Web-based remote access applications require a higher conguration of web servers when clients access the server.
Figure 10-5: Web-based remote access using a web browser.
334
LESSON 10
Web-Based Access in Windows In Windows Server 2008 R2, Windows XP Professional, and Windows 7, web-based remote access is available through the Remote Desktop Web Connection (RDWC). The remote machine requires Internet Explorer 7 or higher, while the web server requires RDWC to be installed and running. RDWC is a component of IIS and is included with Windows Server and XP Professional, but must be downloaded separately for Windows 7. Another web-based access feature in Windows Server 2008 R2 is called Web Interface For Remote Administration. Designed for remote management of application servers, it enables administrators to access a server from any computer running Internet Explorer 7 or higher. On the application server, which cannot be a domain controller, Web Interface For Remote Administration must be installed. Windows Server 2008 R2 can make use of the Remote Server Administration tools available for Windows 7.
ACTIVITY 10-3
Identifying Remote Access Networking Implementations
Scenario: In this activity, you will identify various remote access networking implementations.
What You Do 1. EAP is an extension of: a) PEAP b) CHAP c) PAP d) PPP 2. Which of these statements about PPP are true? a) Sends IP datagrams over serial point-to-point links. b) Works on the Physical layer of the TCP/IP protocol suite. c) Used for both asynchronous and synchronous connections. d) Provides secure authentication for remote users. 3. What is the correct sequence of steps in the Remote Access Authentication Process? 5 Authentication credentials communication 4 Client authentication 3 Link establishment 2 Connection request 1 Session initiation How You Do It
335
LESSON 10
4. Which remote access protocol is used with DSL connections? a) PEAP b) PPP c) PPPoE d) EAP
TOPIC C
Virtual Private Networking
In the previous topic, you identied remote access networking protocols and implementations. In some organizations, the sheer number of remote users makes the implementation of traditional remote access networking cost-prohibitive. This is where a Virtual Private Network (VPN) comes into the picture. In this topic, you will identify the major components of VPN implementations. Although standard dial-up implementations can still be found in some network environments, other considerations, such as security and the number of remote users to be supported, require additional measures to provide remote connections. When organizations opt to take advantage of public networks such as the Internet, the issue of securing data transmissions becomes critical. To counter the security risks associated with public networks, organizations implement a VPN within the public network to ensure secure communications. As a network professional, you need to recognize the components of VPN implementations to support remote users.
VPNs
VPNs
Denition: A Virtual Private Network (VPN) is a private network that is congured by tunneling through a public network such as the Internet. Because tunneling is used to encapsulate and encrypt data, VPNs ensure that connections between endpoints, such as routers, clients, and servers are secure. To provide VPN tunneling, security, and data encryption services, special VPN protocols are required.
336
LESSON 10
Example:
Figure 10-6: VPN infrastructure makes a private network secure. Example: Secure Socket Layer VPNs A Secure Socket Layer VPN (SSL VPN) is a VPN format that works with a web browserwithout needing the installation of a separate client. SSL ensures that the connection can be made only by using HTTPS instead of HTTP. This format works well in schools and libraries where easy access is required but security it still a concern.
Tunneling
Denition: A tunnel is a logical path through the network that appears like a point-to-point connection. Tunneling is a data transport technique in which a data packet from one protocol, called the passenger protocol, is transferred inside the frame or packet of another protocol, called the carrier protocol. Tunneling enables data from one network to pass from one endpoint of a tunnel to the other through the infrastructure of another network. The carrier protocol can encapsulate and route nonroutable passenger protocols, or it can provide additional security by hiding passenger data from the carrier network.
Tunneling
337
LESSON 10
Example:
Figure 10-7: Tunneling through a network. Tunnel Types Essentially, there are two tunnel types: voluntary and compulsory. Voluntary tunnels are created between endpoints at the request of a client. When a user runs a software application that supports encrypted data communications, the client establishes an encrypted tunnel to the other end of the communication session, whether it is on a local network or the Internet. Compulsory tunnels are established by a WAN carrier with no involvement with client endpoints. Clients send data between endpoints, and all data is tunneled without affecting the client. Compulsory tunnels can be in place permanently (static), or they can be put in place based on the data or client type (dynamic).
VPN Types
VPN Types (3 slides)
VPNs can be one of three types depending on the network: Access, Intranet, and Extranet.
VPN Type
Access VPNs
Description
Provides remote access to single users via dial-up, ISDN, xDSL, or cable modem connections.
338
LESSON 10
VPN Type
Intranet VPNs
Description
Connects sections of a network, such as remote offices tying into a corporate headquarters. Extranet VPNs
Connects networks belonging to different companies for the purposes of sharing resources.
VPNs can also be classied by their implementations.
Implementation
Hardware-based Firewall-based Software-based
Description
Uses hardware such as encrypting routers. Uses a rewalls security mechanisms. Uses software when VPN endpoints are not controlled by the same organization.
339
LESSON 10
Advantages of VPNs
Advantages of VPNs
The two biggest reasons that most organizations implement VPNs are cost savings and data condentiality. The cost of maintaining a VPN is generally lower than other remote access technologies. For instance, if a remote access technology depends on long-distance or toll-free calls, an organizations communication expenditure can become very high. Another reason for implementing VPNs is its versatility. One VPN endpoint connected to a T1 or T3 line through the service provider can accommodate hundreds of simultaneous connections from any type of client using any type of connection.
VPN Data Encryption

VPN Data Encryption
In most VPNs, data encryption is accomplished by either MPPE or IPSec.
IPSec will be covered in detail in subsequent lessons.
Encryption Method
MPPE
Description
Microsoft Point-to-Point Encryption (MPPE) is often used with Point-to-Point Tunneling Protocol (PPTP). It provides both strong (128-bit key) and standard (40- or 56-bit key) data encryptions. MPPE requires the use of MS-CHAP, MS-CHAPv2, or EAP remote authentication, because the keys used for MPPE encryption are derived from the authentication method. IPSec in Tunnel mode is often used with Layer Two Tunneling Protocol (L2TP). Data encryption is accomplished by IPSec, which uses Data Encryption Standard (DES) or Triple DES (3DES) encryption to provide data condentiality. IPSec can also be used on its own to provide both tunneling and encryption of data.
IPSec
VPN Concentrators
VPN Concentrators
Denition: A VPN concentrator is a device that incorporates advanced encryption and authentication methods to handle a large number of VPN tunnels. It is geared specically towards secure remote access or site-to-site VPNs. VPN concentrators provide high performance, high availability, and impressive scalability.
340
LESSON 10
Example:
Figure 10-8: A VPN concentrator used in a corporate environment.
VPN Connection Models

VPNs can be connected in one of two VPN connection models: site-to-site or client-to-site.
VPN Connection Models
Connection Model
Site-to-site
Description
In the site-to-site VPN connection model, each node on the network is connected to a remote network that may be separated by public or other unsecured networks. Site-to-site VPNs may be either open or closed. In case of an open site-to-site VPN connection, the exchange of data among nodes can be unsecured. In case of a closed site-to-site VPN connection, data can be communicated only using the VPN in a secure mode. In both types of VPNs, IPSec is implemented to ensure secure data transactions. In the client-to-site VPN connection model also, there are two types of networksopen and closed. In the case of an open VPN, the path between the end node and the IPSec gateway is not secured. In the case of a closed VPN, the path between the end node and the IPSec gateway is secured.
Client-to-site
Onsite vs. Offsite VPNs can also connect offsite to the virtual network components of VLANs or to other virtual networks that are onsite. The offsite components can also include proxy or reverse proxy servers.
341
LESSON 10
ACTIVITY 10-4
Verifying VPN Conguration on RRAS
Before You Begin: 1. Open the Server Manager window. 2. Verify that RRAS is running.
Scenario: In this activity, you will verify VPN conguration on RRAS.
342
LESSON 10
What You Do 1. Verify that VPN support is enabled on the WAN Miniport that uses PPTP. How You Do It a. In the Server Manager window, in the left pane, expand Roles, expand the Network Policy and Access Services object, expand the Routing and Remote Access object, and select the Ports object. b. In the Actions pane, click More Actions and then choose Properties. c. In the Ports Properties dialog box, select the WAN miniport that uses PPTP and click Configure.
PPTP and L2TP are covered in the next topic.
d. In the Configure Device - WAN Miniport (PPTP) dialog box, verify that the Remote access connections (inbound only) and Demand-dial routing connections (inbound and outbound) check boxes are checked and click OK.
343
LESSON 10
2. Verify that VPN support is enabled on the WAN Miniport that uses L2TP. a. Select the WAN miniport that uses L2TP and click Configure.
L2TP and PPTP are covered in detail in the next topic.
b. In the Configure Device - WAN Miniport (L2TP) dialog box, verify that Remote Access Connections (inbound only) and Demand-dial routing connections (inbound and outbound) check boxes are checked and click OK. c. Verify that the Used By column for the two ports displays RAS/Routing. d. In the Ports Properties dialog box, click OK. e. Close the Server Manager window.
344
TOPIC D
VPN Protocols
In the previous topic, you identied the basic characteristics of VPNs. VPNs have additional data packet formatting and security requirements for which it uses specic protocols. In this topic, you will identify the protocols that are used on VPNs. When using the public network as a channel for communication, organizations need to deploy additional layers of security to mitigate threats and attacks. VPNs have in-built protocols to address this security risk because one of the key benets to implementing a VPN is the security provided by the protocols that it uses. As a network professional, you should be aware of VPN protocols and their characteristics. This background information will ensure that you will be able to implement VPNs successfully.
LESSON 10
PAP
The Password Authentication Protocol (PAP) is a remote-access authentication method that sends client IDs and passwords as cleartext. It is generally used when a remote client is connecting to a non-Windows PPP server that does not support password encryption. When the server receives a client ID and password, it compares them to its local list of credentials. If a match is found, the server accepts the credentials and allows the remote client to access resources. If no match is found, the connection is terminated.
PAP
Figure 10-9: PAP authentication of a client by a server.
CHAP
The Challenge Handshake Authentication Protocol (CHAP) is a RAS protocol that uses an encryption method to transmit authentication information. Generally used to connect to nonMicrosoft servers, CHAP was developed so that passwords would not have to be sent in plaintext. CHAP uses a combination of Message Digest 5 (MD5) hashing and a challengeresponse mechanism, and authenticates without sending passwords as plaintext over the network. MS-CHAP is a Microsoft extension of CHAP that is specically designed for authenticating remote Windows workstations. MS-CHAPv2 provides all the functionality of MS-CHAP, and in addition provides security features such as two-way authentication and stronger encryption keys.
CHAP does not support PAP or Secure PAP unencrypted authentication. CHAP
345
LESSON 10
Figure 10-10: CHAP between a remote client and server.
The Challenge-Response Authentication Process

The Challenge-Response Authentication Process
In the challenge-response authentication process used in CHAP, the password is never sent across the network. The challenges that are tokens are encrypted.
Figure 10-11: Steps in the CHAP process.
Step
Step 1: Client requests a connection Step 2: Server sends the challenge sequence Step 3: Client encrypts the challenge sequence Step 4: Server encrypts the challenge sequence and compares the results
Description
A remote client requests a connection to a RAS. The remote server sends a challenge sequence, which is usually a random value. This is to receive an acknowledgment from the client. The remote client uses its password as an encryption key to encrypt the challenge sequence and sends the modied sequence to the server. The server encrypts the original challenge sequence with the password stored in its local credentials list and compares the results with the modied sequence received from the client. If the two sequences do not match, the server closes the connection. If the two sequences match, the server allows the client to access resources.
346
LESSON 10
TACACS+
Terminal Access Controller Access Control System (TACACS) and TACACS Plus (TACACS+) protocols provide centralized authentication and authorization services for remote users. TACACS includes process-wide encryption for authentication while RADIUS encrypts only passwords. TACACS utilizes TCP rather than UDP and supports multiple protocols. Extensions to the TACACS protocols exist, such as Ciscos TACACS+ and XTACACS. Features of TACACS+ TACACS+, which is Ciscos proprietary product, uses TCP port 49 and also supports multifactor authentication. TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user. TACACS+ is not compatible with TACACS because it uses an advanced version of the TACACS algorithm.
TACACS+
PPTP
The Point-to-Point Tunneling Protocol (PPTP) is a layer 2 Microsoft VPN protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets. It uses the same authentication methods as PPP, and is the most widely supported VPN protocol among older Windows clients. Deployed over public, unsecured networks such as the Internet, PPTP encapsulates and transports multiprotocol data traffic over IP networks.
PPTP
L2TP
The Layer Two Tunneling Protocol (L2TP) is a protocol that works on the Internet and combines the capabilities of PPTP and Layer 2 Forwarding (L2F) to enable the tunneling of PPP sessions across a variety of network protocols, such as IP, Frame Relay, or ATM. L2TP was specically designed to provide tunneling and security interoperability for client-to-gateway and gateway-to-gateway connections. L2TP does not provide any encryption on its own and L2TP packets appear as IP packets because, like IP packets, they also have a header, footer, and CRC. As a result, L2TP employs IPSec as the transport mode for authentication, integrity, and condentiality.
L2TP has wide vendor support because it addresses the IPSec shortcomings of client-to-gateway and gatewayto-gateway connections. L2TP
SSTP Windows Server 2008, Windows Server 2008 R2, Windows XP SP3, and Windows 7 support a new tunneling protocol, Secure Socket Tunneling Protocol (SSTP). SSTP uses the HTTP over SSL protocol. It encapsulates a data packet from IP with an SSTP header. The IP packet and SSTP header are encrypted by SSL. An IP header containing the destination addresses is then added to the packet.
347
LESSON 10
ACTIVITY 10-5
Identifying VPN Protocols
Scenario: In this activity, you will identify the characteristics of VPN protocols.
1.
Which statements are true of PAP? a) Encrypts user credentials. b) Connects a remote client to a non-Windows PPP server. c) Updates its local list of credentials when it receives a new set of credentials on the server. d) Compares credentials from a remote client with local credentials to allow access to resources.
2.
Which of these is an encrypted authentication protocol that is used to connect to nonMicrosoft servers? a) MS-CHAP b) PPTP c) CHAP d) PAP
3.
Which statements are true of CHAP? a) Sends passwords as plaintext. b) Used to connect to non-Microsoft servers. c) Does not send passwords as plaintext. d) Uses MD5 hashing.
4.
Match the protocol with its description.
b e c a d
PPTP TACACS+ TACACS CHAP L2TP
a.
Uses a challenge response mechanism. b. Encapsulates and transports multiprotocol data traffic. c. Performs process-wide encryption using TCP. d. Combines the capabilities of PPTP and L2F. e. Supports multifactor authentication.
348
LESSON 10
5. Arrange the steps in the CHAP process in sequence. 1 The remote client requests a connection to RAS. 3 The remote client uses its password as encryption key and sends the modified challenge sequence to the server. 2 The remote server sends a challenge response. 4 RAS encrypts the challenge sequence with the password stored in its local credential list.
Lesson 10 Follow-up
In this lesson, you identied the components of a remote network implementation. As a network professional, you will need to understand the technologies involved in remote network implementations so that you can implement them on your network to effectively support remote users.
1. What are the solutions that you can use for remote networking? Answers will vary, but may include: remote access to school library catalogs, course sign-up applications, telecommuting, intranet access while traveling, or connecting to a VPN. 2. Which of the remote networking protocols are you most likely to encounter in your network? Answers will vary, but may include: PPP, PAP, CHAP, or more secure protocols, such as TACACS+ and PPTP.
349
NOTES
350
LESSON 11
LESSON 11
System Security
In this lesson, you will identify the major issues and methods to secure systems on a network. You will: Describe basic security concepts for local computers. Identify various system security tools. Identify different methods used for authentication on a network. Identify major methods and technologies for data encryption.
Lesson 11: System Security
351
LESSON 11
Introduction
You have identied the basic components and concepts for implementing a network. A networks security is only as strong as the security of its individual systems. In this lesson, you will identify the major issues and technologies involved in local system security. Before connecting individual computers to the network, you need to ensure that the computers are secured using proper security mechanisms. This level of security will help you overcome any potential issues that might occur otherwise. Unsecured systems can result in compromised data and, ultimately, lost revenue. Identifying the appropriate steps and measures you can implement to protect your systems and keeping your resources and revenue safe from potential attacks are a key aspect of securing systems on your network. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 5.3 Explain methods of user authentication. 5.1 Given a scenario, implement appropriate wireless security measures. 5.3 Explain methods of user authentication. Topic C: Topic D:
TOPIC A
Computer Security Basics
In earlier lessons, you learned about the design and implementation of different types of networks. Irrespective of the type of network you implement, securing the network becomes a top priority. Securing individual computers is the rst step toward securing the entire network. In this topic, you will identify the security concepts that you will need to know as a Network+ technician. Just as the construction of a building is started with bricks and mortar, each security implementation starts with a series of fundamental building blocks. No matter what the nal result is, you will always start with the same fundamentals. As a networking professional, it is part of your responsibility to understand these fundamental concepts so that you can ensure appropriate security levels in your organization.
Security Factors
Security Factors
Most security systems rely on four major factors to achieve security goals: Authorization is the process of determining what rights and privileges a particular entity has. Access control is the process of determining and assigning privileges to various resources, objects, or data. Accountability is the process of determining who to hold responsible for a particular activity or event, such as a logon.
352
LESSON 11
Auditing or accounting is the process of tracking and recording system activities and resource access.
Figure 11-1: System security factors
Least Privilege
Denition: The principle of least privilege dictates that users and software should only have the minimal level of access that is necessary for them to perform their duties. This level of minimal access includes facilities, computing hardware, software, and information. Where a user or system is given access, that access should conform to the least privilege level required to perform the necessary task. Example:
Least Privilege
Least privilege is part of a wider range of security principles that are outside the scope of this course and the Network+ certication. For more information on topics such as separation of duties, job rotation and mandatory vacation, you might want to encourage your students to pursue training for the CompTIA Security+ certication to complement their Network+ certication.
Figure 11-2: Least privilege allows appropriate levels of access to users. Privilege Bracketing The network or security administrator can use privilege bracketing to allow privileges only when needed, and then revoke them as soon as the user nishes the task or the need has passed.
353
LESSON 11
Non-Repudiation
Non-Repudiation
Non-repudiation is the goal of ensuring that data remains associated with the party that creates it or sends a transmission with that data. It is supplemental to the CIA triad. You should be able to independently verify the identity of the sender of a message, and the sender should be responsible for the message and its data. The CIA Triad Information security seeks to address three specic principles: condentiality, integrity, and availability. This is called the CIA triad. If one of the principles is compromised, the security of the organization is threatened.
Principle
Condentiality
Description
This is the fundamental principle of keeping information and communications private and protecting it from unauthorized access. Condential information includes trade secrets, personnel records, health records, tax records, and military secrets. This is the property of keeping organizational information accurate, free of errors, and without unauthorized modications. For example, in the 1980s movie War Games, actor Matthew Broderick was seen modifying his grades early in the movie. This means that the integrity of his grade information was compromised by unauthorized modication. This is the fundamental principle of ensuring that systems operate continuously and that authorized persons can access the data that they need. Information available on a computer system is useless unless users can get to it. Consider what would happen if the Federal Aviation Administrations air traffic control system failed. Radar images would be captured but not distributed to those who need the information.
Integrity
Availability
Threats
Threats
Denition: In the realm of computer security, a threat is any event or action that could potentially result in the violation of a security requirement, policy, or procedure. Regardless of whether a violation is intentional or unintentional, malicious or not, it is considered a threat. Potential threats to computer and network security include: Unintentional or unauthorized access or changes to data. Interruption of services. Interruption of access to assets. Damage to hardware. Unauthorized access or damage to facilities.
If time permits, consider having students brainstorm other examples of threats.
Example: An email containing sensitive information that is mistakenly sent to the wrong person would be considered a potential threat, even though the misdirection of the information was not intentional.
354
LESSON 11
Figure 11-3: Threats cause a violation of security policies and procedures.
Vulnerabilities
Denition: At the most basic level, a vulnerability is any condition that leaves a system open to attack. Vulnerabilities can come in a wide variety of forms, including: Improperly congured or installed hardware or software. Example: Bugs in software or operating systems. Misuse of software or communication protocols. Poorly designed networks. Poor physical security. Insecure passwords. Design aws in software or operating systems. Unchecked user input.
Vulnerabilities
Figure 11-4: A system open to attack.
Attacks
Denition: In the realm of computer security, an attack is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so. Attacks on a computer system and network security include:
Attacks
355
LESSON 11
Example:
Physical security attacks Network-based attacks Software-based attacks Social engineering attacks Web application-based attacks
Figure 11-5: Types of attacks.
Risks
Risks
Denition: As applied to information systems, risk is a concept that indicates exposure to the chance of damage or loss. It signies the likelihood of a hazard or threat occurring. In information technology, risk is often associated with the loss of a system, power, or network, and other physical losses. Risk also affects people, practices, and processes. Example: A disgruntled former employee is a threat. The amount of risk this threat represents depends on the likelihood that the employee will access their previous place of business and remove or damage data. It also depends on the extent of harm that could result. Risk Factors Risk is the determining factor when looking at information systems security. If an organization chooses to ignore risks to operations, it could suffer a catastrophic outage that would limit its ability to survive.
356
LESSON 11
Unauthorized Access
Denition: Unauthorized access is any type of network or data access that is not explicitly approved by an organization. It can be a deliberate attack by an outsider, a misuse of valid privileges by an authorized user, or it can be inadvertent. Unauthorized access does not necessarily result in data loss or damage, but it could be the rst step in mounting a number of attacks against the network. Example:
Unauthorized Access
Figure 11-6: Unauthorized users can mount a number of attacks against a network.
Data Theft
Denition: Data theft is a type of attack in which an attacker uses unauthorized access to obtain protected network information. The attacker can use stolen credentials to authenticate to a server and read data stored in les. Or, the attacker can steal data in transit on the network media by using a hardware- or software-based packet sniffer, which is a device or program that monitors network communications and captures data.
Data Theft
357
LESSON 11
Example:
Figure 11-7: An unauthorized user obtaining protected network information.
Hackers and Attackers

Hackers and Attackers
Denition: Hackers and attackers are related terms for individuals who have the skills to gain access to computer systems through unauthorized or unapproved means. Originally, a hacker was a neutral term for a user who excelled at computer programming and computer system administration. Hacking into a system was a sign of technical skill and creativity that also became associated with illegal or malicious system intrusions. Attacker is a term that always represents a malicious system intruder.
The term cracker refers to an individual who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems. The term cracker is sometimes used to refer to a hacker or an attacker.
Example:
Figure 11-8: A hacker and an attacker. White Hats and Black Hats A white hat is a hacker who discovers and exposes security aws in applications and operating systems so that manufacturers can x them before they become widespread problems. The white hat often does this on a professional basis, working for a security organization or a system manufacturer. This is sometimes called an ethical hack.
358
LESSON 11
A black hat is a hacker who discovers and exposes security vulnerabilities for nancial gain or for some malicious purpose. While the black hats might not break directly into systems the way attackers do, widely publicizing security aws can potentially cause nancial or other damage to an organization. People who consider themselves white hats also discover and publicize security problems, but without the organizations knowledge or permission. They consider themselves to be acting for the common good. In this case, the only distinction between a white hat and a black hat is one of intent. There is some debate over whether this kind of unauthorized revelation of security issues really serves the public good or simply provides an avenue of attack. White hats and black hats get their names from characters in old Western movies: the good guys always wore white hats, while the bad guys wore black hats.
ACTIVITY 11-1
Discussing Computer Security
Scenario: In this activity, you will discuss computer security basics.
1.
What are applicable forms of vulnerabilities? a) Improperly configured software b) Misuse of communication protocols c) Poor physical security d) Lengthy passwords with a mix of characters
2.
Which of these describes the concept of least privilege? a) End-user jobs and software access should be restricted so that no one wields too much administrative power over the network. b) End users should at least hold administrative privileges over their local workstation. c) Technological and physical access should be granted only when it is needed, and then revoked as soon as the task or need has ended. d) End users should be given the minimal level of technological and physical access that is required for them to perform their jobs.
3.
A biometric handprint scanner is used as part of a system for granting access to a facility. Once an identity is verified, the system checks and confirms that the user is allowed to leave the lobby and enter the facility, and the electronic door lock is released. This is an example of which of the security factors? a) Accountability b) Authorization c) Access control d) Auditing
359
LESSON 11
4. Which security factor tracks system activities? a) Accountability b) Access control c) Auditing d) Authorization 5. At the end of the day, security personnel can view electronic log files that record the identities of everyone who entered and exited the building along with the time of day. This is an example of: a) Accountability b) Authorization c) Access control d) Auditing 6. Match each security control with its description.
a c d b
Accountability Authorization Access control Auditing
a.
Determining the individual responsible for a particular activity or event. b. Tracking system events. c. Determining rights and privileges for an individual. d. Assigning rights and privileges on objects.
TOPIC B
System Security Tools
In the previous topic, you identied the basic security concepts. One of the components of a total security plan is implementing system-level security. In this topic, you will identify various system security tools. As part of your organizations quest to ensure security for its users, systems, and data, you will implement security measures using different tools and on different components of your network. You will need to secure from the inside out as well as from the outside in. Conguring appropriate security on local system components secures from the inside out, and is an important piece of an overall security plan.
360
LESSON 11
Permissions
Denition: A permission is a security setting that determines the level of access a user or group account has to a particular resource. Permissions can be associated with a variety of resources, such as les, printers, shared folders, and network directory databases. Permissions can typically be congured to allow different levels of privileges, or to deny privileges to users who should not access a resource. Example:
Permissions
Figure 11-9: Permissions determine the user access level. Users and Groups Rights and permissions can be assigned to individual user accounts. However, this is an inefficient security practice, because so many permission assignments must be duplicated for users with similar roles and because individual users roles and needs can change frequently. It is more efficient to create groups of users with common needs, and assign the rights and permissions to the user groups. As the needs of individual users change, the users can be placed in groups with the appropriate security conguration. UNIX Permissions Because UNIX and related systems are multiuser by nature, there is a series of permissions associated with all les and directories. There are three types of permissions.
Permission
r (read) w (write)
Allows the User To

View le content. See what is in the directory. Modify le contents. Create and delete directory contents.
361
LESSON 11
Permission
x (execute)
Allows the User To

Run the le (if it is an executable program and is combined with read). Move into the directory. When combined with read, you can also see a long listing of the contents of the directory.
NTFS Permissions
NTFS Permissions
On Windows operating systems, le-level security is supported on drives that are formatted to use the Windows NT File System (NTFS). These permissions can be applied either to folders or to individual les. NTFS permissions on a folder are inherited by the les and subfolders within it. There are several levels of NTFS permissions, which can determine, for example, whether users can read les or run applications; write to existing les; and modify, create, or delete les.
Group Policy
Group Policy
Denition: A group policy is a centralized account management feature available for Active Directory on Windows Server systems. A group policy can be used to control certain desktop workstation features within an enterprise, such as specifying that all workstations display the company logo as their wallpaper, or that the default browser should have pre-loaded settings. It is also used to control security features, such as limiting the desktop icons that get displayed, granting permission to access certain servers but not others, or totally locking down a desktop. Example:
Figure 11-10: A group policy controls certain desktop workstation features.
362
ACTIVITY 11-2
Testing Permissions
LESSON 11
Scenario: You manage a basic le server for the Human Resources department at your company. The HR department uses a single folder named Security for works in progress that may contain sensitive materials, but since they would like additional control over le access, you have decided to use individual le permissions to limit access to certain users.
What You Do 1. Test the permissions. How You Do It a. Browse to the C:\Data\Simulations\ Lesson11\Activity11-2 folder. b. Double-click the executable file. c. In the Open File - Security Warning message box, click Run. d. Follow the on-screen steps for the simulation. e. Close the C:\Data\Simulations\Lesson11\ Activity11-2 folder.
363
LESSON 11
TOPIC C
Authentication Methods
In the previous topic, you identied the components of a local systems security. In a network environment, there are security settings that control how users and computers authenticate to the network. In this topic, you will identify different methods used for authentication. Strong authentication is the rst line of defense to secure network resources. But authentication is not a single process; there are many methods and mechanisms involved. As a network professional, to effectively manage authentication on your network, you will need to understand these different systems and what each one can provide for your organization.
Authentication
Authentication
Denition: Authentication is the method of uniquely validating a particular entity or individuals credentials. Authentication concentrates on identifying if a particular individual has the right credentials to enter a system or secure site. Authentication credentials should be kept secret to prevent unauthorized individuals from gaining access to condential information. Example:
Figure 11-11: Authentication with a user name and password. Authentication Factors Most authentication schemes are based on the use of one or more authentication factors. The factors include: Something you know, such as a password. Something you have, such as a token or access card. Something you are, including physical characteristics, such as ngerprints or a retina pattern.
364
LESSON 11
User Name/Password Authentication
The combination of a user name and a password is one of the most basic and widely used authentication schemes. In this type of authentication, a system compares the users credentials against credentials stored in a database. It authenticates the user if the user name and password match the database. If not, the user is denied access. This method may not be very secure because the users credentials are sometimes transmitted through the network as plaintext, making the user name and password easily accessible to an attacker.
User Name/Password Authentication
Figure 11-12: A combination of a user name and password for authentication.
Strong Passwords
Denition: A strong password is a password that meets the complexity requirements that are set by a system administrator and documented in a security policy or password policy. Strong passwords increase the security of systems that use password-based authentication by protecting against password guessing and password attacks. Password complexity requirements should meet the security needs of an individual organization, and can specify: The minimum length of the password. Example: Required characters, such as a combination of letters, numbers, and symbols. Forbidden character strings, such as the user account name or dictionary words.
Strong Passwords
Figure 11-13: Strong passwords increase system security.
365
LESSON 11
Authentication by Assertion Authentication based entirely on a user name/password combination is sometimes called authentication by assertion, because once the client has a valid set of credentials, it can use them to assert its identity to obtain access to a resource. Password Policies and Policy Tools The types of password policies and the complexity settings they can include vary between different organizations and systems. Human resources or the IT department maintains an official password policy document that is often publicized to employees, or it can be a system conguration setting within an application or operating system.
Tokens
Tokens
Denition: Tokens are physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information. Tokens can store Personal Identication Numbers (PINs), information about users, or passwords. Unique token values can be generated by special devices or software in response to a challenge from an authenticating server or by using independent algorithms. Example:
Figure 11-14: Tokens store authentication information. Smart Cards Smart cards are a common example of token-based authentication. A smart card is a plastic card containing an embedded computer chip that can store different types of electronic information. The contents of a smart card can be read with a smart card reader.
Biometrics
Biometrics
Denition: Biometrics are authentication schemes based on an individuals physical characteristics. This system can involve a ngerprint scanner, a retinal scanner, a hand geometry scanner, or voice-recognition and facial-recognition software. As biometric authentication becomes less expensive to implement, it is adopted more widely.
366
LESSON 11
Example:
Figure 11-15: Biometric authentication using a fingerprint scanner.
Multi-Factor Authentication
Denition: Multi-factor authentication is any authentication scheme that requires validation of at least two of the possible authentication factors. It can be any combination of who you are, what you have, and what you know. One-, Two-, and Three-Factor Authentication An authentication scheme with just one factor can be called a one-factor authentication, while a two- or three-factor authentication scheme can simply be called multifactor authentication. Example: A Multi-Factor Implementation Requiring a physical ID card along with a secret password is an example of multifactor authentication. A bank ATM card is a common example of this.
Multi-Factor Authentication
Figure 11-16: Multi-factor authentication requires validation of at least two of the authentication factors. Non-Example: Username and Password Authentication A user name and password is not a multi-factor authentication, because the user name helps in identication and the password alone acts as the authentication factor.
Mutual Authentication
Denition: Mutual authentication is a security mechanism that requires that each party in a communication verify each others identity. A service or resource veries the clients credentials, and the client veries the resources credentials. Mutual authentication prevents a client from inadvertently submitting condential information to a non-secure server. Any type or combination of authentication mechanisms can be used.
Mutual Authentication
367
LESSON 11
Mutual authentication helps in avoiding man-in-the-middle and session hijacking attacks. Man-in-the-middle and session hijacking attacks will be covered in subsequent lessons.
Example:
Figure 11-17: Mutual authentication to verify credentials.
SSO
SSO
Single Sign-On (SSO) is a mechanism in which a single user authentication provides access to all the systems or applications where the user has permission. The user need not enter multiple passwords each time he wants to access a system.
Figure 11-18: A user authenticated using SSO.
EAP
EAP
Extensible Authentication Protocol (EAP) is a protocol that enables systems to use hardwarebased identiers, such as ngerprint scanners or smart card readers, for authentication. EAP categorizes the devices into different EAP types depending on each devices authentication scheme. The EAP method associated with each type enables the device to interact with a systems account database. Users might need to provide a password in addition to the physical authentication. EAP allows for logon using different methods such as public-key authentication, Kerberos, and certicates. RADIUS, a centralized authentication protocol, is often used with EAP.
368
LESSON 11
Figure 11-19: EAP allows systems to use hardware-based identifiers for authentication. EAP Implementations There are other authentication protocols that are used in EAP implementations.
Protocol
Extensible Authentication Protocol over LAN (EAPOL) Lightweight Extensible Authentication Protocol (LEAP) EAP-Transport Layer Security (EAPTLS)
Description
EAP over LAN as used in 802.1X implementations. LEAP is Cisco Systems proprietary EAP implementation. This widely supported feature in wireless routers and cards provides robust security. Native support is included in: Mac OS X 10.3 and above Windows XP and Windows 7 Windows Server 2008 Windows Mobile 7 and above
EAP-MD5 Protected Extensible Authentication Protocol (PEAP)
Provides minimal security and is easily bypassed or hacked. PEAP, similar to EAP-TLS, was proposed as an open standard by a coalition made up of Cisco Systems, Microsoft, and RSA Security. PEAPv0/EAPMSCHAPv2 is a widely supported authentication method in EAP implementations.
IEEE 802.1x The IEEE 802.1x is a standard for securing networks by implementing EAP as the authentication protocol over either a wired or wireless Ethernet LAN, rather than the more traditional implementation of EAP over PPP. IEEE 802.1x, often referred to as port authentication, employs an authentication service, such as RADIUS, to secure clients, removing the need to implement security features in APs, which typically do not have the memory or processing resources to support complex authentication functions.
369
LESSON 11
Kerberos
Kerberos
Kerberos is an authentication service that is based on a time-sensitive ticket-granting system. It was developed by the Massachusetts Institute of Technology (MIT) to use an SSO method where the user enters access credentials that are then passed to the authentication server, which contains an access list and permitted access credentials. Kerberos can be used to manage access control to several services using one centralized authentication server.
Figure 11-20: Kerberos is used to manage access control to services. The Kerberos Authentication Process In the Kerberos authentication process: 1. A user logs on to the domain. 2. 3. 4. 5. 6. 7. The user requests a Ticket Granting Ticket (TGT) from the authenticating server. The authenticating server responds with a time-stamped TGT. The user presents the TGT back to the authenticating server and requests a service ticket to access a specic resource. The authenticating server responds with a service ticket. The user presents the service ticket to the resource. The resource authenticates the user and allows access.
Wireless Authentication Methods

Wireless Authentication Methods
There are three methods used for wireless authentication.
370
LESSON 11
Authentication Method
Open system
Description
Open system authentication uses null authentication, which means that user names and passwords are not used to authenticate a user. This is the default for many APs and stations. Open system authentication enables a station to connect to any wireless AP that has open system authentication enabled, even if the SSID is different from the station. When an AP and a station have an open system congured: 1. The station will nd an AP by sending out a probe. 2. When it locates an AP, it sends a request for authentication to that AP. 3. The AP responds with an authentication success. 4. The station then associates itself with an AP by sending an association request. 5. The AP, upon receipt of an association request, responds with a success association response.
Shared-key
The shared-key authentication method veries the identity of a station by using a WEP key. Both the station and the AP must be congured to use data encryption and the same WEP key. The station also needs to be congured to use a shared-key authentication instead of the default setting, which is open system authentication. Once congured correctly, the communication process begins. 1. The station probes for an AP and initiates an authentication request. 2. Upon receipt of the request, the AP issues a challenge to the station. 3. The station accepts the challenge and encrypts it using the WEP key with which it has been congured. 4. The station then sends the challenge back to the AP that decrypts the encrypted challenge using its key. 5. If both the station and the AP have the same key, the AP decrypts the challenge with the matching WEP key. 6. The AP then authenticates the station. 7. The station initiates an association request. 8. The AP accepts the association request.
371
LESSON 11
Authentication Method
802.1x and EAP
Description
The EAP authentication method authenticates a user and not the station. This is done with a RADIUS server. An AP forwards the authentication request to the RADIUS server, and the server calls the user credential database (for example, Active Directory in Windows domains) to verify the user. The RADIUS server then passes the identity verication to the AP. The authentication process consists of the following steps: 1. A station initiates an authentication request to the AP. 2. The AP issues an EAP identity request. 3. Once the station receives the request, it sends an EAP identity response to the AP. 4. The AP forwards the EAP identity response to the RADIUS server. 5. The RADIUS server issues a RADIUS access challenge, which passes through the AP to the station. 6. The station sends a RADIUS challenge response that the AP forwards to the RADIUS server. 7. If the RADIUS server can decrypt the challenge and verify the user, it forwards a success response to the AP. 8. The AP forwards an EAP success to the station and the station can then establish an association with the AP.
ACTIVITY 11-3
Discussing Authentication Methods
Scenario: In this activity, you will discuss the characteristics of various authentication methods.
1.
Brian works at a bank. To access his laptop, he inserts his employee ID card into a special card reader. This is an example of: a) User name/password authentication b) Biometrics c) Token-based authentication d) Mutual authentication
372
LESSON 11
2. To access the server room, Brian places his index finger on a fingerprint reader. This is an example of which authentication method: a) Password b) Token-based c) Biometric d) Multi-factor 3. To withdraw money from an ATM, Nancy inserts a card and types a four-digit PIN. This incorporates what types of authentication? a) Token-based b) Password c) Biometrics d) Multi-factor e) Mutual 4. Match each authentication method with its description.
c d a
Mutual User name/password Biometric
a.
Token-based
Authentication based on physical characteristics. b. An object that stores authentication information. c. A security mechanism that requires that each party in a communication verify its identity. d. A security mechanism where a users credentials are compared against credentials stored on a database.
TOPIC D
Encryption Methods
In the previous topic, you identied secure client authentication methods to prevent unauthorized access. Apart from restricting access, it is also important to ensure the integrity of data by securing it. Data encryption can be used to secure information. In this topic, you will identify major data encryption methods and standards. However fast you secure your digital communications, hackers will test the security method and attempt to breach the systems. To stay one step ahead of the hackers and protect data, you need to understand the fundamentals of data encryption and the choices you have for implementing data encryption in your organization.
373
LESSON 11
Encryption
Encryption
Denition: Encryption is a cryptographic technique that converts data from plain, or cleartext form, into coded, or ciphertext form. Only authorized parties with the necessary decryption information can decode and read the data. Encryption can be one-way, which means the encryption is designed to hide only the cleartext and is never decrypted. Encryption can also be two-way, in which ciphertext can be decrypted back to cleartext and read. Example:
Figure 11-21: Encryption converts plain data into ciphertext. Cryptography Cryptography is the science of hiding information. The practice of cryptography is thought to be nearly as old as the written word. Current cryptographic science has its roots in mathematics and computer science and relies heavily upon technology. Modern communications and computing use cryptography extensively to protect sensitive information and communications from unauthorized access.
The word cryptography has roots in the Greek words krypts, meaning hidden, and grphein, meaning to write, translating into hidden writing.
Ciphers A cipher is a specic set of actions used to encrypt data. Plaintext is the original, unencoded data. Once the cipher is applied via enciphering, the obscured data is known as ciphertext. The reverse process of translating ciphertext to cleartext is known as deciphering.
Encryption and Security Goals

Encryption and Security Goals
Encryption is used to promote many security goals and techniques. Encryption enables condentiality by protecting data from unauthorized access. It supports integrity because it is difficult to decipher encrypted data without the secret decrypting cipher. It supports nonrepudiation, because only parties that know about the condential encryption scheme can encrypt or decrypt data. In addition, some form of encryption is employed in most authentication mechanisms to protect passwords. Encryption is used in many access control mechanisms as well. Forms of Encryption It is becoming common to encrypt many forms of communications and data streams, as well as entire hard disks. Some operating systems support whole-disk encryption whereas some other commercially available open-source tools are capable of encrypting all or part of the data on a disk or drive.
374
LESSON 11
Encryption Algorithms An encryption algorithm is the rule, system, or mechanism used to encrypt data. Algorithms can be simple mechanical substitutions, but in electronic cryptography, they are generally complex mathematical functions. The stronger the mathematical function, the more difficult it is to break the encryption. A letter-substitution cipher, in which each letter of the alphabet is systematically replaced by another letter, is an example of a simple encryption algorithm.
Key-Based Encryption Systems

Data encryption depends on the use of a key to control how information is encoded and decoded. There are two main categories of key-based encryption. In shared-key, or symmetric, encryption systems, the same key is used both to encode and to decode the message. The secret key must be communicated securely between the two parties involved in the communication. In key-pair, or asymmetric, encryption systems, each party has two keys: a public key, which anyone can obtain, and a private key, known only to the individual. Anyone can use the public key to encrypt data; only the holder of the associated private key can decrypt it.
Key-Based Encryption Systems (2 slides)
Figure 11-22: Shared-key encryption uses the same key for encoding and decoding.
Figure 11-23: Key-pair encryption uses two separate keys for encoding and decoding.
375
LESSON 11
WEP
WEP
Denition: Wired Equivalent Privacy (WEP) is a protocol that provides 64-bit, 128-bit, and 256bit encryption using the Rivest Cipher 4 (RC4) algorithm for wireless communication that uses the 802.11a and 802.11b protocols. While WEP might sound like a good solution at rst, it is ironically not as secure as it should be. The problem stems from the way WEP produces the keys that are used to encrypt data. Because of a aw in the method, attackers could easily generate their own keys using a wireless network capture tool, such as Airsnort or WEPCrack, to capture and analyze as much as 10 Mb of data transferred through the air. Example:
Figure 11-24: WEP provides encryption using the RC4 algorithm.
WPA/WPA2
WPA/WPA2
Denition: Wi-Fi Protected Access (WPA) is a security protocol introduced to address some of the shortcomings in WEP. It provides for dynamic reassignment of keys to prevent the key-attack vulnerabilities of WEP. WPA provides improved data encryption through the Temporal Key Integrity Protocol (TKIP), which is a security protocol created by the IEEE 802.11i task group to replace WEP. It is combined with the existing WEP encryption to provide a 128-bit encryption key that xes the key length issues of WEP. In addition to TKIP, WPA2 adds Advanced Encryption Standard (AES) cipher-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption for even greater security and to replace TKIP.
In order to use WPA, you may need to use devices that support WPA. Older WAPs may only support WEP.
WPA can operate in two modes: WPA-Personal and WPA-Enterprise
376
LESSON 11
Mode
WPA-Personal
Description
In this mode, the WAP is congured with a value known as the preshared key, which is used to encrypt data. It is used for personal use and by small businesses. Also known as WPA-PSK. This mode is designed for enterprise networks. It assigns a unique encryption key for every client when they log on to the network. This encryption key is regularly updated making it impossible for a Wi-Fi snooper to decode the key. WPA-Enterprise uses a RADIUS server for authentication, which provides logging and accounting information. It also uses EAP to provide authentication.
WPA-Enterprise
Example:
Figure 11-25: WPA/WPA2 prevents WEP from key-attack vulnerabilities.
Digital Certicates
Denition: A digital certicate is an electronic document that associates credentials with a public key. Both users and devices can hold certicates. The certicate validates the certicate holders identity and is also a way to distribute the holders public key. A server called a Certicate Authority (CA) issues certicates and the associated public/private key pairs. Example:
Digital Certicates
Figure 11-26: Digital certificates associate credentials with a public key.
377
LESSON 11
Keys An encryption key is a specic piece of information that is used in conjunction with an algorithm to perform encryption and decryption. A different key can be used with the same algorithm to produce different ciphertext. Without the correct key, the receiver cannot decrypt the ciphertext even if the algorithm is known. The longer the key, the stronger the encryption. In a simple letter-substitution algorithm, the key might be replace each letter with the letter that is two letters following it in the alphabet. If the same algorithm were used on the same cleartext but with a different keyfor example, replace each letter with the one three letters before itthe resulting ciphertext would be different.
Certicate Encryption
Certicate Encryption
Certicates can be used for data encryption. In the certicate encryption process consists of four steps: 1. A security principal obtains a certicate and a public/private key pair from a CA. 2. 3. 4. The party that encrypts data obtains the users public key from the user or from the CAs certicate repository. The encrypting party then uses the public key to encrypt the data and sends it to the other user. The other user uses the private key to decrypt the data.
Figure 11-27: Users share keys and certificates to encrypt and decrypt data. Encrypting File System The Encrypting File System (EFS) is a le-encryption tool available on Windows systems that have partitions formatted with NT File System (NTFS). EFS encrypts le data by using digital certicates. If a CA is not available to issue a le-encryption certicate, the local system can issue a self-signed encryption certicate to users who want to encrypt les. Unlike NTFS permissions, which control access to the le, EFS protects the contents of the le. With EFS, you can keep data secure even if NTFS security is breachedfor example, if an attacker steals a laptop computer and moves the laptops hard drive to another system to bypass the NTFS security implementations.
378
LESSON 11
PKI
Denition: A Public Key Infrastructure (PKI) is an encryption system that is composed of a CA, certicates, software, services, and other cryptographic components. It is used to verify data authenticity and validate data and entities. PKI can be implemented in various hierarchical structures, and may be publicly available or maintained privately by an organization. It can also be used to secure transactions over the Internet. Example:
PKI
Figure 11-28: PKI consists of a CA, certificates, software and services. PKI Components PKI contains several components: Digital certicates, to verify the identity of entities. One or more CAs, to issue digital certicates to computers, users, or applications. A Registration Authority (RA), responsible for verifying users identities and approving or denying requests for digital certicates. A certicate repository database, to store the digital certicates. A certicate management system, to provide software tools to perform the day-today functions of the PKI.
Certicate Authentication
When a user authenticates using a certicate, the user presents a digital certicate in place of a user name and password. A CA validates the certicate of the user for authentication. Certicate authentication is the process of identifying users in a transaction by carrying out a series of steps before conrming the identity of the user. These can include: 1. Initiating a secure transaction such as a client requesting access to a secure site. 2. 3. The secure site presents its digital certicate to the client with its public key and veried digital signature enclosed. The client browser compares it to a library of certicate authorities and validates the signature against its cache of trusted and acknowledged certicates.
379
Certicate Authentication
LESSON 11
4. Once the client accepts the digital signature, then the certicate authentication is successful. If the issuing CA does not match the library of certicate authorities in the client, then certicate authentication is unsuccessful and the user obtains a notication that the digital certicate supplied is invalid.
Figure 11-29: Certificate authentication identifies end users in a transaction. Digital Signatures A digital signature is a message digest that has been encrypted with a users private key. Asymmetric encryption algorithms can be used with hashing algorithms to create digital signatures. The sender creates a hashed version of the message text, and then encrypts the hash itself with the senders private key. The encrypted hash is attached to the message as the digital signature. The sender provides the receiver with the signed message and the corresponding public key. The receiver uses the public key to decrypt the signature to reveal the senders version of the hash. This proves the senders identity, because, if the public and private keys did not match, the receiver would not be able to decrypt the signature. The receiver then creates a new hash version of the document with the public key and compares the two hash values. If they match, this proves that the data has not been altered.
Digital signatures support message integrity, because if the signature is altered in transit, the receivers version of the hash will not match the original hash value. They support non-repudiation because the specic encrypted hash value is unique to a sender.
Hashing Encryption Hashing encryption is one-way encryption that transforms cleartext into ciphertext that is not intended to be decrypted. The result of the hashing process is called a hash, hash value, or message digest. The input data can vary in length, whereas the hash length is xed. Encryption of the Hash It is important to remember that a digital signature is a hash that is then encrypted. Without the second round of encryption, another party could easily: 1. Intercept the le and the hash.
380
LESSON 11
2. 3. 4. Modify the le. Re-create the hash. Send the modied le to the recipient.
DES
Data Encryption Standard (DES) is a shared-key encryption standard that is based on a 56-bit encryption key that includes an additional 8 parity bits. DES applies the encryption key to each 64-bit block of the message. Triple DES or 3DES is a more-secure variant of DES that uses three separate DES keys to repeatedly encode the message.
DES
Figure 11-30: DES includes 8 parity bits and a 56bit encryption key.
Encryption Devices
Denition: In encryption devices, encryption, decryption, and access control are enforced by a cryptographic module called a Hardware Security Module (HSM). Encryption devices do not allow the execution of external programs, which attempt either to reset any counters or access their memory. The lockdown in the event of unauthenticated use can also destroy data and encryption keys that are present on a USB drive or a hard drive, based on the level of security enforced in the HSMs.
Encryption Devices
381
LESSON 11
Example:
Figure 11-31: HSM enforces encryption and decryption. Benets of Encryption Devices Encryption devices provide benets such as: Preventing storage mapping from the drive to the le system until a user inserts a plug-in smart card into a slot connected to the hard drive. Preventing attackers from copying the drive contents without the assigned HSM. Providing security controls that are self-governed and not dependent on the operating system; therefore, the hard drive is not affected by malicious code. Providing an organization with the proof that each machine is encrypted. In the event of a machine being lost due to a security attack, this will act as an assurance to customers that none of the data has been lost or compromised.
SSL
SSL
Secure Sockets Layer (SSL) is a security protocol that combines digital certicates for authentication with public key data encryption. SSL is a server-driven process; any web client that supports SSL, including all current web browsers, can connect securely to an SSL-enabled server.
Figure 11-32: SSL combines digital certificates for authentication.
Encryption Using SSL

Encryption Using SSL
The encryption process in SSL consists of the following steps: 1. A client requests a session from a server.
382
LESSON 11
2. 3. 4. 5. The server responds by sending its digital certicate and public key to the client. The server and client then negotiate an encryption level. The client generates and encrypts a session key using the servers public key, and returns it to the server. The client and server then use the session key for data encryption.
Figure 11-33: SSL combines digital certificates with public-key data encryption.
TLS
Transport Layer Security (TLS) is a security protocol that protects sensitive communication from being eavesdropped and tampered. It does this by using a secure, encrypted, and authenticated channel over a TCP/IP connection. TLS uses certicates and public key cryptography for mutual authentication and data encryption using negotiated secret keys.
TLS
Figure 11-34: TLS uses a secure channel over a TCP/IP connection. TLS and SSL TLS is very similar to SSL, but the two protocols are incompatible with each other. TLS1.2 TLS1.2 is the current version of the TLS protocol. TLS1.2 has a variety of security measures:
383
LESSON 11
It prevents downgrade of the protocol to a previous (less secure) version or a weaker cipher suite. It uses sequence numbering based on application records in authentication code for messages. It uses a message digest upgraded with a key to ensure that MAC can be checked only by a key-holder.
ACTIVITY 11-4
Securing Wireless Traffic
Scenario: You have been assigned the task of tightening security for the sales department of OGC Technologies. As most of the employees in this department are constantly on the move, you need to install Windows 7 on their laptops, and secure them using wireless authentication and encryption methods to protect condential data. Employees often transfer client data and other sales information on systems that are part of a workgroup to ensure that only authenticated systems in the workgroup communicate with each other. You have successfully tested Internet access through the wireless router, and now you need to congure the security features of the router.
What You Do 1. Configure the wireless security on your wireless router. How You Do It a. Browse to the C:\Data\Simulations\ Lesson11\Activity11-4 folder. b. Double-click the executable file. c. In the Open File - Security Warning message box, click Run. d. Follow the on-screen steps for the simulation. e. Close the C:\Data\Simulations\Lesson11\ Activity11-4 folder.
384
ACTIVITY 11-5
Installing a CA
There is a simulated version of this activity available on the CD-ROM that shipped with this course. You can run this simulation on any Windows computer to review the activity after class, or as an alternative to performing the activity as a group in class. The activity simulation can be launched either directly from the CD-ROM by clicking the Interactives link and navigating to the appropriate one, or from the installed data le location by opening the C:\SPlus\Simulations\Lesson#\Activity# folder and double-clicking the executable (.exe) le.
LESSON 11
Scenario: As the network administrator for a private university located in Rochester, New York, USA, one of your job functions is to make sure the CA designed by the IT department is implemented correctly. To prevent users from receiving unapproved certicates and accessing information that they are not supposed to and also to prevent attackers from getting data, the university has decided to implement a new secure CA using Windows Server 2008 R2 CAs. The IT design team has created and documented a CA implementation plan that calls for installing a root CA for the entire university. The Windows Server 2008 R2 systems on which you will install certicate services have already been hardened to minimize the likelihood of attacks against the operating system itself from external users.
Although Certicate Services is running on a domain controller for classroom and testing purposes, this is a security risk and should not be replicated on a real-time network.
What You Do 1. Install Active Directory Certificate Services on the CA.
How You Do It a. In the Server Manager window, in the Roles Summary section, click the Add Roles link. b. In the Add Roles Wizard, on the Before You Begin page, click Next. c. On the Select Server Roles page, in the Roles section, check the Active Directory Certificate Services check box and click Next. d. On the Introduction to Active Directory Certificate Services page, click Next. e. On the Select Role Services page, check the Certification Authority Web Enrollment check box. f. In the Add Roles Wizard dialog box, click Add Required Role Services. Click Next.
385
LESSON 11
g. On the Specify Setup Type page, verify that the Standalone option is selected. Click Next.
h. On the Specify CA Type page, with the Root CA option selected, click Next. i. On the Set Up Private Key page, with the Create a new private key option selected, click Next. On the Configure Cryptography for CA page, click Next to accept the default values.
j.
k. On the Configure CA Name page, in the Common name for this CA text box, type UniversityCA## as the common name for the CA. Click Next. l. On the Set Validity Period page, click Next to accept the default validity period for the certificate.
m. On the Configure Certificate Database page, click Next to accept the default storage location for the CA database and log. n. On the Web Server (IIS) page, click Next. o. On the Select Role Services page, click Next. p. On the Confirm Installation Selections page, click Install. q. On the Installation Results page, click Close and then close Server Manager.
386
LESSON 11
2. Verify that Active Directory Certificate Services was installed properly. a. Choose StartAdministrative Tools Certification Authority. b. The CA object should appear in the Microsoft Management Console (MMC) window. Select the CA object and choose ActionProperties. c. In the UniversityCA# Properties dialog box, the name should appear as you configured it during installation. Click View Certificate.
d. The certificate should expire in five years. Click OK to close the Certificate dialog box. e. Click OK to close the UniversityCA# Properties dialog box, and close the Certification Authority window.
387
LESSON 11
Lesson 11 Follow-up
In this lesson, you identied the major issues and technologies involved in securing systems on a network. With more and more threats to systems appearing every day, your responsibility as a networking professional will be to ensure that your network provides the appropriate level of security, without compromising performance.
1. Which of the basic security concepts in this lesson were familiar to you, and which were new? Answers will vary, but familiar concepts could include policy documents and multi-factor authentication such as an ATM card and PIN. New concepts could include various encryption methods. 2. Can you describe some situations in which you have used basic security techniques such as authentication, access control, and encryption, or made use of a security policy? Answers will vary, but may include using an ATM, entering a secure workplace, or boarding an airplane.
388
LESSON 12
LESSON 12
Network Security
In this lesson, you will identify the major issues and technologies in network security. You will: Identify the primary techniques used to secure the perimeter of a network. Identify methods of intrusion detection and prevention on a network. Protect network traffic using IPSec.
Lesson 12: Network Security
389
LESSON 12
Introduction
This course covers the fundamental knowledge and skills needed by network administrators and support personnel. One of the basic tasks in network management is securing a network. In this lesson, you will identify the major network security issues and technologies involved in securing a network. Each day, the number and complexity of threats against computer network security increases. In response to these threats, there are more and more security tools and techniques available to increase network security. As a networking professional, your organization and users will be looking to you to ensure that your network environment provides the appropriate level of security, without compromising on network performance. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.1 Given a scenario, install and congure routers and switches. 4.1 Explain the purpose and features of various network appliances. 5.2 Explain the methods of network access security. 5.3 Explain methods of user authentication. 5.5 Given a scenario, install and congure a basic rewall. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 5.6 Categorize different types of network security appliances and methods. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 5.2 Explain the methods of network access security.
Topic B:
Topic C:
TOPIC A
Network Perimeter Security
Connections to the Internet have their own specic security considerations. The security measures for Internet are different from the security measures used for local and private networks. In this topic, you will identify the primary techniques used to secure the perimeter of your network. Every organization today needs to connect to the Internet. At the same time, there are valid concerns about the risks involved in connecting to this huge, open, public network. As a network professional, you need to be aware of specic tools and techniques that organizations can use to protect themselves from outside attacks as well as prevent misuse of the connection to the Internet.
390
LESSON 12
NAT
Denition: Network Address Translation (NAT) is a form of Internet security that conceals internal addressing schemes from external networks such as the Internet. A router is congured with a single public IP address on its external interface and a nonroutable address on its internal interface. A NAT service running on the router or on another system translates between the two addressing schemes. Packets sent to the Internet from internal hosts all appear as if they came from a single IP address, thus preventing external hosts from identifying and connecting directly to internal systems.
An internal network can be congured with a private IP address, which makes NAT both secure and cost-efcient. NAT
Example:
Figure 12-1: NAT conceals internal addressing schemes from the public Internet. NAT Implementations NAT can be implemented as software on a variety of systems, or as hardware in a dedicated device such as a router. ICS in Windows systems includes a simple softwarebased NAT implementation, but requires a separate device, such as a modem, to provide Internet connectivity. Hardware-based NAT devices, such as cable modems and DSL routers, often have extended functionality and can double as Internet access devices. Static vs. Dynamic NAT In static NAT, an unregistered address is mapped to a single specic registered address. In dynamic NAT, a single unregistered address is mapped to the rst registered address in an address pool. PAT Port Address Translation (PAT) is a subset of dynamic NAT functionality that maps either one or more unregistered addresses to a single registered address using multiple ports. PAT is also known as overloading. SNAT SNAT is an intensely debated acronym that can stand for Secure NAT, Stateful NAT, Source NAT, or Static NAT, depending on the source of information. Per Cisco, the originators of NAT, SNAT stands for Stateful NAT. SNAT includes two or more routers working together to perform NAT.
391
LESSON 12
ACTIVITY 12-1
Conguring NAT
Scenario: You are a network administrator in your company and you have been assigned the task of conguring a NAT service on your network. There are several computers in the network that are to be connected to NAT so that they can access the Internet in a secure manner.
What You Do 1. Enable NAT for routing. How You Do It a. Choose StartAdministrative Tools Routing and Remote Access. b. If necessary, in the Routing and Remote Access window, on the left pane, expand the server object. c. Expand IPv4 and select General. d. Right-click General and choose New Routing Protocol. e. In the New Routing Protocol dialog box, verify that NAT is selected and click OK. f. Observe that on the left pane, a new entry called NAT appears under IPv4.
392
LESSON 12
2. Exclude reserved IP addresses and configure NAT. a. Right-click NAT and choose Properties. b. In the NAT Properties dialog box, select the Address Assignment tab, check the Automatically assign IP addresses by using the DHCP allocator check box. c. Click Exclude. d. In the Exclude Reserved Addresses dialog box, click Add. e. Enter the IP address of a partner computer. f. In the Exclude Reserved Addresses dialog box, click OK.
g. In the NAT Properties dialog box, click Apply and then click OK. h. Right-click NAT and choose New Interface to create an interface for NAT. i. In the New Interface for IPNAT dialog box, select Loopback Adapter and click OK. From the Interface Type section, select Public interface connected to the Internet.
j.
k. In the Network Address Translation Properties dialog box, check the Enable NAT on this interface check box, click Apply and then click OK. l. Close the Routing and Remote Access window.
393
LESSON 12
The NAT Process
The NAT Process
The NAT process translates external and internal addresses based on port numbers.
Figure 12-2: Steps in the NAT process.
Step
Step 1: Client request Step 2: Source address conversion Step 3: Data return
Description
An internal client sends a request to an external service, such as a website, using the external destination IP address and port number. The NAT device converts the source address in the request packet to its own external address, and adds a reference port number to identify the originating client. The service returns data to the NAT devices external address using the reference port number.
Step 4: Internal source iden- NAT uses the reference port number to identify the correct internal source tication address. Step 5: Data delivery NAT readdresses the packet to the internal system and delivers the data.
IP Filtering
IP Filtering
IP ltering determines which packets will be allowed to pass and which packets will be dropped by screening the packet based on certain criteria. An administrator can set criteria to determine which packets to lter, such as the protocol type, source IP address, and destination IP address. When a packet is dropped, it is deleted and treated as if it was never received. IP ltering operates mainly at Layer 2 of the TCP/IP protocol stack and is generally performed by a screening router, although other network devices can also perform IP ltering.
394
LESSON 12
Figure 12-3: IP filtering screens the packets.
MAC Filtering
MAC address ltering provides a simple method of securing a wireless network. By conguring a WAP to lter MAC addresses, you can control which wireless clients can access your network. Typically, an administrator congures a list of client MAC addresses that are allowed to join the network. Those preapproved clients are granted access if the MAC address is known by the access point. A note of caution, though: it is not difficult for someone with a little skill and know-how to change a MAC address, falsely gain authorization using another computer, and gain access to your network. While MAC ltering is usually implemented on wireless networks, it can also be used on wired networks.
MAC Filtering
Figure 12-4: MAC address filtering provides control over clients who join the network.
395
LESSON 12
Firewalls
Firewalls
Denition: A rewall is a software program or a hardware device or a combination of both that protects a system or network from unauthorized data by blocking unsolicited traffic. Firewalls generally are congured to block suspicious or unsolicited incoming traffic, but allow incoming traffic sent as a response to requests from internal hosts. They permit traffic that has specically been permitted by a system administrator, based on a dened set of rules. Information about the incoming or outgoing connections can be saved to a log, and used for network monitoring or hardening purposes. Firewalls use complex ltering algorithms that analyze incoming packets based on destination and source addresses, port numbers, and the data type.
Figure 12-5: A firewall blocks unwanted network traffic. Example: Firewall Deployment Firewalls are universally deployed between private networks and the Internet. They can also be used between two separate private networks, or on individual systems, to control data ow between any two sources. Software and Hardware Firewalls The word rewall generally refers to software-based rewalls. Software rewalls can be useful for small home offices and businesses. The rewall provides many features that can be congured to suit various computing needs. Some features include: Enabling or disabling port security on certain ports. Filtering inbound and outbound communication. A user can set up rules or exceptions in the rewall settings to limit access to the web. Reporting and logging activity. Protecting systems from malware and spyware. Blocking pop-up messages. Assigning, forwarding, and triggering ports.
A hardware rewall is a hardware device, either stand-alone or built into most routers, that protects computers on a private network from unauthorized traffic. They are placed between the private network and the public network to manage inbound and outbound traffic and network access.
396
LESSON 12
Firewall Rules There are three sets of rewall rules to block/allow content. These rules can be set using the Windows Firewall with Advanced Security console: Inbound rules: These rules dene the action to be performed by the rewall on the data that enters the system from another system. Outbound rules: These rules dene the action to be performed by the rewall on the data that ows out of the system. Connection security rules: These rules dene the type of authentication that is needed to allow communication between the systems.
Port Security Port security is the process of properly securing ports on a network. The process includes: Disabling unnecessary services. Closing ports that are by default open or have limited functionality. Regularly applying the appropriate security patches. Hiding responses from ports that indicate their status and allow access to precongured connections only.
Firewall Types
Firewalls can be of different types based upon the requirements of the network. There are four common types of rewalls.
Firewall Types
Firewall Type
Packet lters
Description
Packet lters are the simplest implementation of a rewall and work at the Network layer of the OSI model. Each packet being passed along the network is compared to a set of default criteria or a set of rules congured by a network administrator. Once a packet is compared to the criteria, it is passed or dropped, or a message sent back to the originator. Packet lters are usually a part of a router. Stateful inspection rewalls work at the Session layer of the OSI model by monitoring the condition, or state, of the connection. It monitors the TCP connection-establishment to determine if a request is legitimate. Stateful inspection rewalls are also known as circuit-level gateways. Proxy rewalls work at the Application layer of the OSI model and require incoming and outgoing packets to have a proxy to access services. This functionality allows proxy rewalls to lter application-specic commands. Proxy rewalls can be used to log user activity and logons, which offer administrators a high level of security but signicantly impacts network performance. Also known as application-level gateways. Hybrid rewalls combine the functions of a packet lter, a stateful inspection rewall, and a proxy rewall. They operate on all three OSI layers: Network, Session, and Application simultaneously.
Stateful inspection rewall
Proxy rewall
Hybrid rewall
397
LESSON 12
Network-Based vs. Host-Based Firewalls A network-based rewall is a dedicated hardware/software combination that protects all the computers on a network behind the rewall. A host-based rewall (also known as a personal rewall) is a software that is installed directly on a host and lters incoming and outgoing packets to and from that host.
Some popular personal rewalls are ZoneAlarm, Norton Personal Firewall, and Windows XP Internet Connection Firewall (ICF).
Stateful vs. Stateless A stateless rewall is a rewall that manages and maintains the connection state of a session through the lter to ensure that only authorized packets are permitted in sequence. It thus performs a stateful inspection and keeps track of the network connections in progress. So, it can lter a legitimate packet for various connections and allow only the packets matching a recognized connection state to pass, dropping the others. A stateless rewall monitors network traffic and forwards or drops packets based on static rules. In contrast, stateful rewall monitors communication paths and data ow on the network. Stateful rewalls track the connection status and integrity of packets. Stateful Inspection Stateful inspection builds on the process of packet ltering by analyzing each packet to ensure that the content matches the expected service it is communicating with. For example, stateful inspection would check web traffic data to ensure that it is HTML data. If the data type did not match the acceptable use for the service, stateful inspection would block the packet from passing through. With stateful inspection, it is possible to do antivirus checks and even quarantine suspicious data if it matches certain criteria. Stateful inspection is a very powerful feature, but it comes at a cost. The processing overhead incurred in analyzing every individual packet passing through the lter is extremely resource-intensive. Signicant processor and memory resources are required in order to provide the stateful inspection capability and to minimize network latency. In addition, stateful inspection devices are typically very expensive.
Common Firewall Features

Common Firewall Features
Modern rewall software and hardware can offer a great deal of features and functionality.
Firewall Feature
Scanning services Content ltering
Description
Provides the ability to scan incoming and outgoing packets and perform some action based on the content of those packets. Blocks restricted websites or content. This can be accomplished by URL ltering, or inspection of each le or packet. Some rewalls have this functionality built in; in other cases, each request is passed to a ltering server that can approve or deny the request.
398
LESSON 12
Firewall Feature
Signature identication
Description
Many modern rewalls can scan for and detect indicators and patterns that may indicate that a network-based attack is underway. These indicators could also signify that data in question is not legitimate or could be infected with a virus, Trojan, or other malicious code. These indicators are compared against a list of known features, or signatures, of common threats including network-based attacks and viruses. The data is then handled according to the rules established by the rewall administrator. Firewall zones are used to create a virtual or physical network topology or architecture that creates separate areas (zones) with differing security levels. For example, web servers may be placed inside rewalls with increased security due to frequent attacks, while a departmental le server might be placed in a medium security zone because it is less likely to be directly attacked.
Zones
Implicit Deny The principle of implicit deny dictates that when using a rewall, anything that is not explicitly allowed is denied. Users and software should only be allowed to access data and perform actions when permissions are specically granted to them. No other action is allowed.
DMZs
Denition: A demilitarized zone (DMZ) is a small section of a private network that is located between two rewalls and made available for public access. A DMZ enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network as a whole. The external rewall enables public clients to access the service whereas the internal rewall prevents them from connecting to protected internal hosts. Example:
DMZs
Figure 12-6: A section of a private network available for public access.
399
LESSON 12
Proxy Servers
Proxy Servers
Denition: A proxy server is a system that isolates internal clients from the servers by downloading and storing les on behalf of the clients. It intercepts requests for web-based or other resources that come from the clients, and, if it does not have the data in its cache, it can generate a completely new request packet using itself as the source, or simply relay the request. In addition to providing security, the data cache can also improve client response time and reduce network traffic by providing frequently used resources to clients from a local source. Example:
Figure 12-7: A proxy server isolates internal clients from the server. Example: Proxy Server for Different Services Depending on your traffic level and network needs, different proxy servers can be congured for different external services. For example, one proxy server can handle HTTP requests, while another server can handle FTP content. Proxy Servers vs. NAT Both proxy servers and NAT devices readdress outgoing packets. However, NAT simply replaces the original source address on the packet. Proxy servers actually examine the packet contents and then generate a new request packet, thus providing an additional level of protection between the original requesting client and the external network.
Web Proxy Features

Web Proxy Features
A proxy that grants access to the web is called a web proxy. Web proxies can incorporate a number of enhanced features.
Feature
User security Gateway services Auditing Remote access services
Description
Enables an administrator to grant or deny Internet access based on user names or group membership. Enables proxies to translate traffic between protocols. Enables administrators to generate reports on users Internet activity. Provides access to the internal network for remote clients.
400
LESSON 12
Feature
Content ltering
Description
Evaluates the content of websites based on words or word combinations, and blocks content that an administrator has deemed undesirable.
Website Caching
The website caching process enables web proxies to cache web data for clients.
Website Caching
Step
Step 1: Client request Step 2: Packet intercepted Step 3: Download content Step 4: Verify cache
Description
The client requests data from a website. The proxy server intercepts the packet, generates a new request, and transmits it to the website. The proxy server downloads all requested content, caches it, and sends it to the client. If the client requests the same data, the proxy server intercepts the request, veries that the les are current based on the TTL values in its cache index, and sends the cached data to the client. If the les are not current, the proxy server updates both cache contents from the external website and the TTL on the cache. The proxy server purges its cache once the TTL value on an indexed item expires.
Step 5: Update cache Step 6: Purge cache
Figure 12-8: Steps in caching web data.
401
LESSON 12
Keeping the Cache Current One important danger of using a proxy server is that, if an external website updates its contents before the TTL of the cache on the web proxy expires, a client might get outdated information from the web proxys cache. Proxy servers can use either passive or active caching to ensure that cache data is current. In passive caching, the proxy server does not cache any data marked as time sensitive, but sends repeated requests to external sites to ensure that data is current. In active caching, the proxy server proles cache indexes of websites based on the volume of use. The proxy server actively refreshes the cache contents for sites that have had multiple hits from internal clients. Another technique the proxy server can use is to request time stamps from the external website, compare them to the stamp in its cache, and download only new data. The time stamp requests generate only a small amount of traffic and eliminate unnecessary content downloads.
NAC
NAC
Denition: Network Access Control (NAC) is a general term for the collected protocols, policies, and hardware that govern access on device network interconnections. NAC provides an additional security layer that scans systems for conformance and allows or quarantines updates to meet policy standards. Security professionals will deploy a NAC policy according to an organizations needs based on three main elements: the authentication method, endpoint vulnerability assessment, and network security enforcement. Once the NAC policy is determined, professionals must determine where NAC will be deployed within their network structure. Posture Assessment Sometimes, authorization in NAC can be done using a compliance check. This process is called posture assessment. In this process, a networks security is assessed based on the security applications that are running on the network. IEEE 802.1x An IEEE standard is used to provide a Port-based Network Access Control (PNAC), using the 802.11a and 802.11b protocols. 802.1x uses EAP to provide user authentication against a directory service.
402
LESSON 12
Example:
Figure 12-9: NAC governs access on device network interconnections. Access Control Lists An Access Control List (ACL) is a set of data (user names, passwords, time and date, IP addresses, MAC addresses, etc.) that is used to control access to a resource such as a computer, le, or network. ACLs are commonly implemented as MAC address ltering on wireless routers and access points. When a wireless client attempts to access the network, that clients MAC address is compared to the list of authorized MACs and access is granted or restricted based on the result.
Physical Network Security Measures

An organizations physical components have vulnerabilities that should be mitigated by employing appropriate physical security measures.
Physical Network Security Measures
403
LESSON 12
Physical Resource
Building and grounds
Vulnerabilities and Countermeasures

Location Is the building located in a high-crime area or in a relatively remote location that would be hard to access in the event of a natural disaster? If so, what protections do you have in place to deter theft or vandalism, and to recover from disaster? Is it in a ood area? Fire risks Is the building adequately covered by a re-suppression system? Are critical systems and server rooms equipped with special re-protection methods? Will a re accident destroy the storage systems and will data be compromised? Is network cabling in the plenum areas of the building re-resistant? Electrical shieldingAre the building and the network equipment protected from electrical surges and other interference from the outside? Physical access control Are there physical barriers in place, such as fences, locks, mantraps, and monitored reception areas, to protect the building from unauthorized access? Are strict physical access controls, such as biometric authorization, deployed to restrict access to sensitive areas? Is there video or still-image surveillance in place to deter or help prosecute any unwanted access?
Devices
Servers Are all the servers in one physical location? If someone gains access to a server room, does she have access to every server in the company? Laptops/PDAsThese items are easily misplaced or stolen and often contain highly sensitive information. Cell phonesCondential conversations about proprietary company information should be held on land lines and not over wireless channels that do not use encryption. You may also want to disallow the use of wireless devices altogether.
Communications
TelecommunicationsPhone company cables, transformers, and switches can be intentionally or unintentionally damaged or tapped. Service providersThird-party ISPs and other service providers may have security holes that your organization has no control over. Can your provider maintain your service if they have a loss or failure, and, if not, do you have a backup plan? Wireless cellsAre your wireless access points placed and secured properly so that outside parties cannot connect to your network?
404
ACTIVITY 12-2
Describing Network Perimeter Security
Scenario: In this activity, you will describe the network perimeter security concepts.
LESSON 12
1.
In the NAT process, in which step does the NAT readdress the packet to the internal system? a) Source address conversion b) Client request c) Data delivery d) Data return
2.
True or False? In IP filtering, dropped packets are delivered after a delay. True False
3.
Arrange the steps in the sequence as they occur in the NAT process. 2 The NAT device converts the source address in the request packet to its own external address, and adds a reference port number to identify the originating client. 4 NAT uses the reference port number to identify the correct internal source address. 5 NAT readdresses the packet to the internal system and delivers the data. 3 The service returns data to the NAT devices external address using the reference port number. 1 An internal client sends a request to an external service, such as a website, using the external destination IP address and port number.
4.
Match the firewall feature with its description.
a c d b
Scanning services Content ltering Signature identication Zones
Checks incoming and outgoing packets. b. Creates a network topology with distinct areas. c. Blocks restricted websites. d. Veries if the data in question is legitimate.
a.
405
LESSON 12
TOPIC B
Intrusion Detection and Prevention
In the previous topic, you identied the tools and techniques used to secure the perimeter of your network. However, there are several other mechanisms that you can use to secure the networks. In this topic, you will identify methods of threat detection and prevention. At one time, computers were connected to an internal organizations network and most people did not access the Internet on a daily basis. Since the mid-1980s, there is a tremendous surge in Internet usage. With millions of connections comes the very real potential for malicious attacks on an organizations network. As a network administrator, you must be aware of potential threats to your network and methods you can employ to protect data and resource availability.
Intrusion Detection
Intrusion Detection
Denition: Intrusion detection is the process of monitoring the events occurring on a computer or a network, and analyzing them to detect possible incidents. An incident is a violation or an imminent threat of violation of both computer security policies and standard security practices. Though this process cannot prevent intrusions from occurring, it is predominantly used to monitor events, gather information, create a log of events, and alert you to the incident. The incidents may be unintentional or deliberate, but many of them are malicious. Intrusion detection can be performed manually or automatically. Example: Audit Logs and Trails The most popular way to detect intrusions is by using the audit data generated by the operating system. It is a record of activities logged chronologically. Since almost all activities are logged, it is possible that a manual inspection of the logs would allow intrusions to be detected. Audit trails are particularly useful because they can be used to establish the attackers guilt. In any case, they are often the only way to detect unauthorized and subversive user activity.
IDSs
IDSs
Denition: An Intrusion Detection System (IDS) is software or hardware, or a combination of both, that scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. It is used to quickly detect malicious behavior that compromises the integrity of a computer so that appropriate action can be taken. IDS software can also analyze data and alert security administrators to potential infrastructure problems. An IDS can comprise a variety of hardware sensors, intrusion detection software, and IDS management software. Each implementation is unique, depending on the security needs and the components chosen.
406
LESSON 12
Figure 12-10: IDS detects an attack. Example: OGC Financial Groups IDS OGC Financial Group is a banking institution that has thousands of encrypted transactions everyday. They have offices all over the world and the transaction databases are in use 24 hours a day, 7 days a week. In addition, OGC Financial Group has developed several Business-to-Business (B2B) web partnerships with brokerage houses and insurance agencies. The highest priorities are condentiality and data integrity. To detect intruders, OGC Financial Group has a system of IDS sensors on each segment of the network to monitor all traffic within the system. In addition, IDS software is installed on each web server and email server. Finally, each transaction database has application-specic IDS utilities to monitor its own activity for anomalies. Example: Snort Snort is an open source free IDS software available for detecting and preventing intrusions. It is available at www.snort.org. This software has the capability to log data, such as alerts and other log messages, to a database. Firewalls vs. IDS Both a rewall and an IDS enforce network policies but the way they accomplish that task is signicantly different. An IDS collects information and will either notify you of a possible intrusion or block packets based on conguration settings determined by a dened signature. A rewall lters traffic based on conguration settings alone. It can be helpful to keep in mind that many rewall and IDS systems have functionality that overlaps, or is integrated into the same device or system.
Types of IDSs
There are three general categories of IDSs that may be used alone or in combination.
Types of IDSs
407
LESSON 12
Category
Network-based
Description
An IDS that monitors network traffic and restricts (IPS) or alerts (IDS) when unacceptable traffic is seen in the system. It can be connected to a switch. An example of an NIDS is Snort. A network-based IDS primarily uses passive hardware sensors to monitor traffic on a specic segment of the network. A network-based IDS cannot analyze encrypted packets because they have no method for decrypting the data. They can sniff traffic and send alerts about anomalies or concerns. Many network-based IDSs allow administrators to customize detection rules so that they may be tailored to a specic environment. An IDS capability installed on a workstation or server to protect that device. It monitors the computer internally, and detects which program accesses the particular resource(s). It checks the host completely, and gathers information from the le system, log les, and similar places and detects any deviations from the security policy. A host-based system primarily uses software installed on a specic host, such as a web server. Host-based IDSs can analyze encrypted data if it is decrypted before reaching the target host. However, host-based IDSs use the resources of the host they are installed on, and this can add to the processing time from other applications or services. Many host-based IDSs allow administrators to customize detection rules so that they can be tailored to a specic environment. An IDS that uses a predened set of rules that can be pattern-based or uses a signature provided by a software vendor to identify traffic that is unacceptable. An IDS that uses a database of unacceptable traffic patterns identied by analyzing traffic ows. Anomaly-based systems are dynamic and create a baseline of acceptable traffic ows during their implementation process. An IDS installed on a web server and used to monitor the protocol(s) used by the computer. It contains a system or agent at the front end of a server that is used for the monitoring and analysis of the communication protocol between a connected device and the system. An IDS that monitors the application protocol(s) in use by the system. Contains an agent that interfaces between a process, or between multiple servers and analyzes the application protocol between two devices. Application-based IDSs monitor traffic within or related to a specic application. They may be used in conjunction with a network- or host-based IDS to add another layer of protection to a critical application, such as a customer database.
Host-based
Pattern- or signature-based Anomaly- or behavior-based Protocol-based
Application protocol-based
Comparing Host- and Network-Based IDSs This table will help you compare the two most popular types of IDS implementations.
Characteristic
Components Monitoring method Monitoring target
Network-Based IDS
Primarily hardware sensors Monitors traffic on a specic network segment Packets for protocol anomalies and known virus signatures
Host-Based IDS
Primarily software applications Monitors traffic on the host it is installed on Log les, inadvisable settings or passwords, and other policy violations
408
LESSON 12
Characteristic
Encrypted data
Network-Based IDS
Cannot analyze encrypted data
Host-Based IDS
Can analyze encrypted data if it is decrypted before it reaches the target host Passive or active Uses computing resources from the host it is monitoring Narrow scope; very specic Management console or email messages To secure a specic resource, such as a web server, that has critical data; cost prohibitive Service agreements or other policy restrictions prevent the installation on a host May be admissible as evidence in a lawsuit
Passive vs. active Resource utilization Capabilities Alerts Best use
Passive Uses resources from the network Broad scope; very general Management console or email messages To secure a large area with noncritical data, provides broadbased overall security; most cost effective Can be installed on a network
Management issues
Legal issues
Hard to use as evidence in a lawsuit
Passive and Active IDSs

Denition: An IDS can be either passive or active. A passive IDS detects potential security breaches, logs the activity, and alerts security personnel. An active IDS does the same, and then takes the appropriate action to block the user from the suspicious activity. Some people consider the active IDS a type of Intrusion Prevention System (IPS), and not a separate system.
Passive and Active IDSs
409
LESSON 12
Example: An Active, Host-Based IDS A large payroll management company uses a host-based IDS to monitor its network. Because it manages the personal and nancial information of thousands of employees at hundreds of companies, security is a major concern. It uses an active IDS, so that it can react to malicious activity and respond in real time. One night, it detects some suspicious activity, monitors the traffic, and modies the le permissions as a safety precaution. A passive IDS may have detected the suspicious network traffic, but would have logged it and sent an alarm to the network or security administrator; whereas the activity itself would not have been blocked.
IPSs
IPSs
Denition: An IPS, also referred to as a Network Intrusion Prevention System (NIPS), is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS may drop packets, reset connections, sound alerts, and can at times even quarantine intruders. It can regulate traffic according to specic content, because it examines packets as they travel through the IPS. This is in contrast to the way a rewall behaves, which blocks IP addresses or entire ports. Example:
Network behavior analysis is a behavior-based IPS that constantly monitors network trafc and identies potential threats such as DDoS, malware, and policy violations.
Figure 12-11: An IPS blocks suspicious network traffic. Types of Intrusion Prevention Systems There are two major types of IPS: host-based and network-based.
IPS
HIPS
Description
A Host-based IPS (HIPS) is an application that monitors the traffic from a specic host or a list of host addresses. This method is efficient because it blocks traffic from a specic host or an attack targeted against a specic system. The host-based IPS is also effective against internal attacks and threats from viruses, worms, Trojan horses, keyloggers, among others.
410
LESSON 12
IPS
NIPS
Description
A Network-based IPS (NIPS) monitors the entire network and analyzes its activity. It detects malicious code and unsolicited traffic, and takes the necessary action. The NIPS is built to identify distorted network traffic; analyze protocols; and secure servers, clients, and network devices from various threats and attacks. NIPS is deployed in an organization and is considered a checkpoint to all incoming traffic.
Port Scanners
Denition: A port scanner is a type of software that searches a network host or a range of IP addresses for open TCP and UDP ports. A port scanner looks for open ports on the target system and gathers information including whether the port is open or closed, what services are running on that port, and any available information about the operating system. Administrators can use a port scanner to determine what services are running on the network and potential areas that are vulnerable. A port scanning attack occurs when an attacker scans your systems to see which ports are listening in an attempt to nd a way to gain unauthorized access.
Port Scanners
Figure 12-12: A port scanner on a network.

When multiple hosts are scanned simultaneously or consecutively, it is called portsweeping.
Example: NMAP NMAP is a widely available open source port scanner. It can rapidly scan a single host or an entire network. It can determine what hosts are available on a network, what services are offered, what types of operating systems are being used, what types of rewalls are being used, and numerous other characteristics of the target.
411
LESSON 12
Port Scanning Utilities There are many utilities available that potential attackers can use to scan ports on networks, including NMAP, SuperScan, and Strobe. Many utilities can be downloaded for free from the Internet. Performing port scanning attacks is often the rst step an attacker takes to identify live systems and open ports to launch further attacks with other tools.
Vulnerability Assessment Tools

Vulnerability Assessment Tools
A honeypot is a security tool that lures attackers away from legitimate network resources while tracking their activities. Honeypots appear and act as a legitimate component of the network but are actually secure lockboxes where security professionals can block the intrusion and begin logging activities for use in court or even launch a counterattack. The act of luring individuals in could potentially be perceived as entrapment or violate the code of ethics of your organization. These legal and ethical issues should be discussed with your organizations legal counsel and human resources department. Honeypots can be software emulation programs, hardware decoys, or an entire dummy network, known as a honeynet. A honeypot implementation often includes some kind of IDS to facilitate monitoring and tracking of intruders. Some dedicated honeypot software packages can be specialized types of IDSs.
Figure 12-13: A honeypot scanning for attacks.
Network Scanners
Network Scanners
Network scanners are computer programs used for scanning networks to obtain user names, host names, groups, shares, and services. Some network scanners provide information about vulnerabilities or weak spots on the network. Network scanners are sometimes used by attackers to detect and exploit the vulnerabilities on a network. Network scanners are also known as network enumerators.
412
LESSON 12
Figure 12-14: A network scanner scanning for usernames on the network. Popular Network Scanners There are several network scanners available. NMAP, NESSUS, and QualysGuard are popular among them.
ACTIVITY 12-3
Scanning for Port Vulnerabilities
There is a simulated version of this activity available on the CD-ROM that is shipped with this course. You can run this simulation on any Windows computer to review the activity after class, or as an alternative to performing the activity as a group in class. The activity simulation can be launched either directly from the CD-ROM by clicking the Interactives link and navigating to the appropriate one, or from the installed data le location by opening the C:\Data\Simulations\Lesson#\Activity# folder and double-clicking the executable (.exe) le.
Before You Begin: Ensure that the services running on the Child## computer include Active Directory, DNS, and Certicate Services. SuperScan is available in the C:\Data\Tools folder. Scenario: You are a network administrator for a large brokerage rm and need to make sure your new Windows Server 2008 R2 servers are secure by scanning them for open ports. The brokerage rms IT department has had problems in the past with attackers getting access to applications on servers by getting through the rewall and accessing open ports on the servers. You have already hardened your servers and now want to check your work. Before connecting the new Windows Server 2008 R2 servers to your network, you need to ensure that not only the base operating system is hardened, but also that no unnecessary ports are open on the servers to minimize the likelihood of attacks. You are responsible for scanning your Windows Server 2008 R2 computer.
413
LESSON 12
What You Do 1. Install SuperScan. How You Do It a. Navigate to the C:\Data\Tools folder. b. Double-click the superscan4 compressed folder and in the folder, double-click the SuperScan4 application. c. In the Compressed (zipped) Folders dialog box, click Run. 2. Use SuperScan to scan the default ports on your server. a. In the SuperScan 4.0 window, on the Scan page, in the IPs section, in the Hostname/IP text box, type Computer## and select the Host and Service Discovery tab. b. Verify that the UDP port scan and TCP port scan check boxes are checked, and that a default list of ports appears in each scan area. The default ports are loaded from a configuration file. c. Select the Scan tab, and click the Start button to start the scan. 3. Examine the scan results. a. When the scan is complete, click View HTML Results. b. The report opens in the browser window. Scroll down to view a list of open ports. The right column shows how the server responds to a scan of each port. c. Close all open dialog boxes and windows.
414
TOPIC C
Protect Network Traffic Using IPSec
When you secure network traffic, it is usually not a single operation. You need to consider various types of traffic, such as LAN, WAN, and wireless communications. It makes sense to use a method that you can apply in different types of situations. In this topic, you will learn how to congure Internet Protocol Security (IPSec), a powerful, general-purpose technique for protecting data on IP networks. IPSec is a exible and powerful tool that helps you to ensure that only authorized data is getting through your network systems, and that the data can be read exclusively by authorized parties. So, IPSec can prevent hackers, both from hijacking a session and scanning the network data for information. When used incorrectly, however, IPSec can also shut down legitimate communications on your network. Therefore, learning to apply IPSec correctly is an indispensible skill for any network professional.
LESSON 12
IPSec
Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet. IPSec uses an array of protocols and services to provide data authenticity and integrity, anti-replay protection, non-repudiation, and protection against eavesdropping and sniffing.
IPSec
Figure 12-15: IPSec standards are used to secure data across networks. Tunneling and Data Encryption with IPSec IPSec in Tunnel mode is often used with L2TP. Data encryption is accomplished by IPSec, which uses DES or 3DES encryption to provide data condentiality. IPSec can also be used on its own to provide both tunneling and encryption of data. IPSec System Support Many operating systems support IPSec, including Windows Server 2008, Windows XP, Linux, UNIX, the current version of NetWare, and Sun Solaris. Internetworking devices, such as most routers, also support IPSec. While IPSec is an industry standard, it is implemented differently in the various operating systems and devices.
415
LESSON 12
IPSec Protection Mechanisms
IPSec Protection Mechanisms
IPSec can protect your network communication using different mechanisms.
Man-in-the-middle and replay attacks are covered in more detail in subsequent lessons.
Protection Mechanism
Provides data authenticity and integrity Protects against replay attacks
Description
IPSec provides data authenticity and integrity by verifying the identities of the computers that are transmitting data to one another. In this way, IPSec can prevent IP spoong and man-in-the-middle attacks. IPSec provides anti-replay protection by using sequence numbers to protect the integrity of the data being transmitted. Packets captured cannot be replayed later to be used to gain unauthorized access to your network.
Prevents repudia- IPSec prevents repudiation by providing verication that a computer sending infortion mation is the computer it purports to be. Protects against eavesdropping and sniffing IPSec protects against eavesdropping and sniffing by providing data encryption mechanisms to allow you to encrypt data as it travels across a network.
IPSec Modes
IPSec Modes
IPSec operates in one of two main modes: transport mode or tunnel mode.
IPSec Mode
Transport mode
Description
In transport mode, only the contents of the data packet are encrypted. Routing takes place normally, as the IP header is still readable. Transport mode is used for host-to-host communications. In tunnel mode, the entire packet is encrypted and then wrapped in a new, unencrypted packet. Tunnel mode is often used when creating VPNs using IPSec.
Tunnel mode
416
LESSON 12
IPSec Transport Protocols
IPSec uses two transport protocols, which use different methods to protect data. The two protocols can be employed separately or together.
IPSec Transport Protocols
IPSec Transport Protocol Description

Authentication Header (AH) protocol Provides data integrity through the use of Message Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA) encryption techniques. AH takes an IP packet and uses either MD5 or SHA to hash the IP header and the data payload, and then adds its own header to the packet. The AH header is inserted into the packet behind the original IP header but ahead of the TCP or UDP header and the ESP header (if you are using AH and ESP together). Among other things, the AH header consists of the Security Parameters Index (SPI), the sequence number of the packet, and the hash data. The SPI helps the computer keep track of the computers it is communicating with. The computer on the other end receives the IP packet, calculates the hash value, and compares it to the data in the AH header to verify the integrity of the payload. If the values do not match, the packet is dropped. Provides data integrity, as well as data condentiality (encryption), using one of two encryption algorithms, DES or 3DES. Like AH, ESP uses MD5 or SHA to hash an IP packets header and payload, but it includes the hash in the ESP authentication data at the end of the packet instead of in the ESP header, which contains the packets sequence number and the SPI. The ESP header is inserted behind the IP header and the AH header (if there is one) but before the IP payload. After the payload, you will nd the ESP trailer, which contains mostly padding (required by the ESP packet format) and the ESP authentication data, where you will nd the hash for verifying data integrity. ESP encrypts only the payload and not the headers in IPSecs transport mode.
SHA and MD5 are part of a wider range of encryption technologies that are outside the scope of this book and the Network+ certication. For more information on topics such as encryption, cryptography and security, you might want to encourage your students to pursue training for the CompTIA Security+ (Exam SY0-301) to complement their Network+ certication.
Encapsulating Security Payload (ESP) protocol
IKE
IPSec uses the Internet Key Exchange (IKE) protocol to create a master key, which in turn is used to generate bulk encryption keys. IPSec computers never exchange the master key. Instead, they agree on a prime number and a public key, which are used along with each computers private key to create another set of numbers that are shared between the computers. The separate computers then use the Diffie-Hellman algorithm to calculate matching master keys. Because no other computer can access the original private keys used to create the master key, the master key is always secure.
IKE
417
LESSON 12
Figure 12-16: A master key generates encryption keys. Diffie-Hellman Algorithm The Diffie-Hellman algorithm is a cryptographic protocol that provides for secure key exchange. Described in 1976, it formed the basis for most public key encryption implementations, including RSA.
Security Associations
Security Associations
A Security Association (SA) is the negotiated relationship between two computers using IPSec. It occurs in two phases. In Phase 1, the computers negotiate how communication will take place, and agree on authentication, encryption, and master key generation. The resulting Phase 1 SA is bi-directional. Phase 2 produces two one-way SAs on each computer: one inbound and the other outbound. The Phase 2 SA is used for the actual transmission of data. Each computer can have multiple Phase 1 and Phase 2 SAs with different partners.
Figure 12-17: Security association between computers. SA Lifetimes By default, Phase 1 SAs last for one hour. This allows two computers to exchange data using multiple Phase 2 SAs. You can congure SA lifetimes for a longer or shorter duration in IPSec conguration settings. ISAKMP Internet Security Association and Key Management Protocol (ISAKMP) is a protocol used for setting up SA and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange and is designed to be key exchange independent. Protocols such as IKE provide authenticated keying material for use with ISAKMP.
418
LESSON 12
IPSec Policies
Denition: An IPSec policy is a set of security conguration settings that dene how an IPSecenabled system will respond to IP network traffic. The policy determines the security level and other characteristics for an IPSec connection. Each computer that uses IPSec must have an assigned policy. As policies work in pairs; each of the endpoints in a network communication must have an IPSec policy with at least one matching security method in order for the communication to succeed. Example:
IPSec Policies
Figure 12-18: IPSec rules in the Secure Server Properties dialog box. Example: Client Policy A client policy is an IPSec policy that a client computer seeks if the server requests it. Default IPSec Policies In Windows systems, there are three default IPSec policies.
The client and server in the IPSec policies refer to which node initiates the session and does not refer to the actual server or client.
Default IPSec Policy

Secure Server
Description
The highest level of security is the Secure Server (Require Security) policy. The session fails if the client cannot negotiate security with the server. The middle level of security is the Server (Request Security) policy. The server requests a secure session if the client can support it, but will accept an open session. The lowest level of security is the Client (Respond Only) policy. The client negotiates security if the server requests it.
Server
Client
419
LESSON 12
IPSec Policy Rules
IPSec Policy Rules
IPSec policies are composed of rules, and each rule has ve components.
Component
IP lters Filter action Authentication method Tunnel setting Connection type
Description
Describe the protocol, port, and source or destination computer the rule applies to. Species how the system should respond to a packet that matches a particular lter. The system can permit the communication, or request, or require security. Enables computers to establish a trust relationship. Possible methods include Kerberos, digital certicates, or a preshared key congured as part of the rule. Enables computers to encapsulate data in a tunnel inside the transport network. Determines if the rule applies to local network connections, remote access connections, or both.
Windows IPSec Components

Windows IPSec Components
There are four main IPSec components.
Component
IPSec policy agent IPSec driver
Description
The IPSec policy agent is a service that runs on each Windows computer, where it is displayed as the IPSec Services service. The IPSec driver implements the policy assigned to the system. Based on policy requirements, the IPSec driver watches packets being sent and received to determine if the packets need to be signed and encrypted. The Microsoft Management Console (MMC) snap-in is used to manage IPSec policies on Windows systems. Use IPSec Security Monitor to monitor the status of IPSec on the local system. Use IP Security Policies to manage the conguration and assignment of IPSec policies on local or remote computers. You can also use the IP Security Policies node in Group Policy or Local Security Policy to manage IPSec policies.
Microsoft Management Console (MMC)
IP security monitor
The IP security monitor provides a main mode and a quick mode to verify IPSec statistics. Main mode statistics show information from the IKE. Quick mode statistics show information about the IPSec driver.
420
LESSON 12
How to Protect Network Traffic Using IPSec
Procedure Reference: Secure Network Traffic Using IPSec To secure network traffic using IPSec:
1. 2. 3. 4.
Create an appropriate IPSec policy or modify an existing policy. Deploy the policy by assigning it to the appropriate computers. Test the IPSec communications to verify that only secured hosts can communicate with each other. Verify that the communications are secure by examining the network data with a packet analyzer or an IPSec security monitoring tool.
The steps mentioned in this procedure are generally performed by a security administrator. For a network administrator or technician, it will sufce to be informed of the broad-level steps.
Procedure Reference: Congure IPSec on Windows Server 2008 R2 There are several ways to congure IPSec on Windows Server 2008 R2. One method to congure IPSec is:
1.
Congure the policy. Congure the policy for a local computer. a. b. c. d. a. b. c. d. e. Open the IP Security Policy Management snap-in. Choose Local Computer for the snap-in. Select IP Security Policies on Local Computer and choose Action Create IP Security Policy. Use the IP Security Policy Wizard to create a new IP security policy. Open the IP Security Policy Management snap-in. Choose the Active Directory domain for the snap-in. Double-click IP Security policies on Active Directory to display the default IPSec policies. Open the properties for the appropriate security policy. In the Properties dialog box, modify the policy according to your security policy guidelines.
Congure the policy at the domain level.
2.
Assign the policy. To assign a policy to the local computer, select the policy you want to assign and choose ActionAssign. To deploy IPSec policies using the Group Policy window, assign the appropriate IPSec policy at the site, domain, or Organizational Unit (OU) level using the Group Policy Management Editor window.
3. 4.
Test the communications to verify that only secured hosts can communicate with each other. Verify the secure communications for the local computer by using Windows IP Security Monitor. a. In the Windows IP Security Monitor window, expand your computer object. b. Expand the Main Mode folder and select the Security Associations folder.
421
LESSON 12
c. Open the properties for the security association object to see the authentication mode as well as the encryption and data integrity algorithms negotiated for the security association. In the Windows IP Security Monitor window, expand your computer object. Select the Active Policy folder. Verify the details of the active policy assigned to your domain.
5.
Verify the active IP security policy for your domain. a. b. c.
ACTIVITY 12-4
Identifying Windows IPSec Policies
There is a simulated version of this activity available on the CD-ROM that shipped with this course. You can run this simulation on any Windows computer to review the activity after class or as an alternative to performing the activity as a group in class. The activity simulation can be launched directly from the CD-ROM by clicking the Interactives button and navigating to the appropriate one, or from the default installed datale location by opening the C:\Data\Simulations\Lesson#\Activity# folder and double-clicking the EXE le.
Scenario: You are the network administrator performing some security tasks for OGC International, which does consulting for military personnel. As the organization begins the process of adopting a security policy, you want to be sure you understand some basic ideas about Windows IPSec policies and management tools.
422
LESSON 12
What You Do 1. Create a custom MMC console containing IP Security Policy Management and IP Security Monitor. How You Do It a. Choose StartRun. b. In the Run dialog box, type mmc and click OK. c. Maximize the Console1 - Console Root window. d. Choose FileAdd/Remove Snap-in. e. If necessary, in the Available snap-ins list, scroll down and select IP Security Monitor and click Add. f. Select IP Security Policy Management and click Add.
g. In the Select Computer or Domain dialog box, select The Active Directory domain of which this computer is a member and click Finish. h. Click OK to close the Add or Remove Snap-ins dialog box. i. j. Choose FileSave As. In the Save As dialog box, in the File name text box, enter IPSec Management as the file name.
k. Click Save to save the console to the default location.
423
LESSON 12
2. Display the default IPSec policies. a. In the IPSec Management window, doubleclick IP Security Policies on Active Directory. b. Double-click the Server (Request Security) policy. c. In the Server (Request Security) Properties dialog box, select the General tab. d. Read the text in the Description text box and click Cancel. e. Double-click the Client (Respond Only) policy. f. In the Client (Respond Only) Properties dialog box, select the General tab.
g. Read the text in the Description text box and click Cancel. h. Double-click the Secure Server (Require Security) policy. i. In the Secure Server (Require Security) Properties dialog box, select the General tab. Read the text in the Description text box and click Cancel.
j.
424
LESSON 12
3. Examine the rule settings in the Server policy. a. Double-click the Server (Request Security) policy. b. In the IP Filter List, verify that All IP Traffic is selected and click Edit. c. In the Edit Rule Properties dialog box, note that ICMP and IP are listed by default on the IP Filter List tab. Select the Filter Action tab. d. Verify the Request Security (Optional) option is selected. Select the Authentication Methods tab. For traffic that matches the filter, you can permit, request, and require security. e. Observe that the default authentication method is Kerberos. Select the Tunnel Setting tab. f. Observe that by default, no tunnel is specified. Select the Connection Type tab.
g. Observe that there are options by which you can specify LAN or remote access connections. Click Cancel to close the Edit Rule Properties dialog box. h. Click Cancel to close the Server (Request Security) Properties dialog box. i. Close the IPSec Management window without saving.
4.
If you want a Windows Server 2008 R2 computer to request negotiations for a secure session but still communicate with a computer that does not respond to the request, which default policy would you use? a) Secure Server b) Server c) Client
5.
If you want a Windows Server 2008 R2 computer to require secure communications at all times and not communicate with another computer that cannot negotiate a secure session, which default policy would you use? a) Secure Server b) Server c) Client
425
LESSON 12
6. Which component of an IPSec policy rule describes the specific protocol, port, and source computer or destination computer to which the rule should apply? a) Connection type b) Tunnel setting c) Authentication method d) IP filters 7. True or False? You must explicitly assign a policy to a computer to apply policy settings to that computer. True False
Lesson 12 Follow-up
In this lesson, you identied the major issues and technologies involved in network security. With more and more network threats appearing every day, your responsibility as a networking professional will be ensuring that your network environment provides the appropriate level of security, without compromising network performance.
1. Which of the security measures discussed in this lesson are you most familiar with? Which ones are you most likely to implement or support in your network environment? Answers will vary, but may include firewalls, IP and MAC filtering, port scanning, IDSs, IPSs, and IPSec. 2. What intrusion detection systems do you think will suit your organizations network? Answers will vary, but depending upon the needs of the network may include network-, host-, anomaly-, or protocol-based IDS.
426
LESSON 13
LESSON 13
Network Security Threats and Attacks
In this lesson, you will identify network security threats and attacks. You will: Identify threats and attacks to security on a network. Apply threat mitigation techniques. Educate users about their security responsibilities.
Lesson 13: Network Security Threats and Attacks
427
LESSON 13
Introduction
Security is an ongoing process that includes setting up organizational security systems, hardening them, monitoring them, responding to attacks in progress, and deterring attackers. As a network professional, you will be involved in all phases of that process. But, in order for that process to be effective, you need to understand the threats and vulnerabilities you will be protecting your systems against. In this lesson, you will identify the various types of security threats and vulnerabilities that you might encounter. Unsecured systems can result in compromised data and, ultimately, lost revenue. But you cannot protect your systems from threats you do not understand. Once you understand the types of possible threats and identify individuals who will try to use them against your network, you can take the appropriate steps to protect your systems and keep your resources and revenue safe from potential attacks. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 2.2 Given a scenario, install and congure a wireless network. 5.4 Explain common threats, vulnerabilities, and mitigation techniques. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 5.4 Explain common threats, vulnerabilities, and mitigation techniques. 5.4 Explain common threats, vulnerabilities, and mitigation techniques. 4.5 Describe the purpose of conguration management documentation. 5.4 Explain common threats, vulnerabilities, and mitigation techniques.
Topic B:
Topic C: Topic D:
TOPIC A
Network-Based Security Threats and Attacks
In the previous topics, you identied security measures on a network. No matter how cautious the network security systems are, computer networks continue to face some common security risks. In this topic, you will identify security threats and attacks on a network. One of the users on the network unknowingly connects a virus-infected ash drive to her computer. The virus in the drive is programmed to spread and infect other computers on the network. The network security team faces problems like this as part of their everyday work schedule. As a part of the team that ensures the security of a network, it is essential that you know about various threats to network security.
428
LESSON 13
Physical Security
Physical security refers to the implementation and practice of various control mechanisms that are intended to restrict physical access to facilities. In addition, physical security involves increasing or assuring the reliability of critical infrastructure elements such as electrical power, data networks, and re suppression systems. Physical security may be challenged by a wide variety of events or situations, including: Facilities intrusions Electrical grid failures Fire Personnel illnesses Data network interruptions
Physical Security
Physical Security Threats and Vulnerabilities

Physical security threats and vulnerabilities can come from many different areas.
Physical Security Threats and Vulnerabilities
Threat / Vulnerability
Internal
Description
It is important to always consider what is happening inside an organization, especially when physical security is concerned. For example, disgruntled employees may be a source of physical sabotage of important network security-related resources. It is impossible for any organization to fully control external security threats. For example, an external power failure is usually beyond a network technicians control because most organizations use a local power company as their source of electrical power. However, risks posed by external power failures may be mitigated by implementing devices such as a UPS or a generator. Although natural threats are easy to overlook, they can pose a signicant risk to the physical security of a facility. Buildings and rooms that contain important computing assets should be protected against likely weather-related problems including tornados, hurricanes, snow storms, and oods. Whether intentional or accidental, people can cause a number of physical threats. Man-made threats can be internal or external. For example, a backhoe operator may accidentally dig up ber optic cables and disable external network access. On the other hand, a disgruntled employee may choose to exact revenge by deliberately cutting ber optic cables.
External
Natural
Man-made
Environmental Threats and Vulnerabilities Natural, environmental threats pose system security risks and can be addressed with specic mitigation techniques.
429
LESSON 13
Environmental Threat
Fire
Effects and Mitigations

Fire, whether natural or deliberately set, is a serious network environment security threat because it can destroy hardware and therefore the data contained in it. In addition, it is hazardous to people and systems. You need to ensure that key systems are installed in a re-resistant facility, and that there are high-quality re detection and suppression systems onsite so that the damage due to re is reduced. Catastrophic weather events such as hurricanes and tornados are major network security threats due to the magnitude of the damage they can cause to hardware and data. You need to ensure that your information systems are wellcontained and that your physical plant is built to appropriate codes and standards so that damage due to severe weather is reduced. A ood is another major network security threat that can cause as much damage as re can. Your organization should check the history of an area to see if you are in a ood plain before constructing your physical plant, and follow appropriate building codes as well as purchase ood insurance. When possible, construct the building so that the lowest oor is above ood level; this saves the systems when ooding does occur. Spatial planning together with protective planning in concurrence with building regulations and functional regulations are precautionary measures that should be looked into as well. Extreme temperatures, especially heat, can cause some sensitive hardware components to melt and degrade, resulting in data loss. You can avoid this threat by implementing controls that keep the temperature in your data center within acceptable ranges. Extreme humidity can cause computer components, data storage media, and other devices to rust, deteriorate, and degrade, resulting in data loss. You can avoid this threat by ensuring that there is enough ventilation in your data centers and storage locations, and by using temperature and humidity controls and monitors.
Hurricanes and tornados
Flood
Extreme temperature
Extreme humidity
Social Engineering Attacks

Social Engineering Attacks
Denition: A social engineering attack is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Social engineering is often a precursor to another type of attack. Because these attacks depend on human factors rather than on technology, their symptoms can be vague and hard to identify. Social engineering attacks can come in a variety of methods: in person, through email, or over the phone.
430
LESSON 13
Example: Social Engineering Attack Scenarios These are a few typical social engineering attack scenarios: An attacker creates an executable program le (for example, a le with a .vbs or .exe le extension) that prompts a network user for his user name and password. The attacker then emails the executable le to the user with the story that the user must double-click the le and log on to the network again to clear up some logon problems the organization has been experiencing that morning. An attacker contacts a help desk pretending to be a remote sales representative who needs assistance setting up his dial-in access. Through a series of phone calls, the attacker obtains the phone number for remote access and the phone number for accessing the organizations private phone and voice-mail system. An attacker sends an executable le disguised as an electronic greeting card (e-card) or as a patch for an operating system or a specic application. The unsuspecting user launches the executable, which might install email spamming software or a key-logging program, or turn the computer into a remote zombie for the hacker.
Figure 13-1: A social engineering attack using the obtained password. Social Engineering Targets Social engineering typically takes advantage of users who are not technically knowledgeable, but it can also be directed against technical support staff if the attacker pretends to be a user who needs help.
Social Engineering Types

Hackers use various types of social engineering attacks.
Social Engineering Types
431
LESSON 13
Social Engineering Type
Spoong
Description
This is a human- or software-based attack where the goal is to pretend to be someone else for the purpose of concealing their identity. Spoong can occur by using IP addresses, network adapters hardware MAC addresses, and email. If used in email, various email message headers are changed to conceal the originators identity. This is a human-based attack where an attacker pretends to be someone he is not. A common scenario is when the attacker calls an employee and pretends to be calling from the help desk. The attacker tells the employee he is reprogramming the order-entry database, and he needs the employees user name and password to make sure it gets entered into the new system. This is a common type of email-based social engineering attack. In a phishing attack, the attacker sends an email that seems to come from a respected bank or other nancial institution. The email claims that the recipient needs to provide an account number, Social Security number, or other private information to the sender in order to verify an account. Ironically, the phishing attack often claims that the account verication is necessary for security reasons. Individuals should never provide personal nancial information to someone who requests it, whether through email or over the phone. Legitimate nancial institutions never solicit this information from their clients. A similar form of phishing called pharming can be done by redirecting a request for a website, typically an e-commerce site, to a similar-looking, but fake, website. This is a human-based attack where the goal is to extract personal, nancial, or condential information from the victim by using services such as the telephone system and IP-based voice messaging services such as VoIP as the communication medium. This is also called voice phishing or vishing. This is a form of phishing that targets individuals who are known to possess a good deal of wealth. It is also known as spear phishing. Whaling targets individuals that work in Fortune 500 companies or nancial institutions whose salaries are expected to be high. Spam is an email-based threat where the users inbox is ooded with emails which act as vehicles that carry advertising material for products or promotions for get-rich-quick schemes and can sometimes deliver viruses or malware. Spam can also be utilized within social networking sites such as Facebook and Twitter. Spim is an IM-based attack similar to spam that is propagated through instant messaging instead of through email. Hoax is any type of incorrect or misleading information that is disseminated to multiple users through unofficial channels. Hoaxes can be relatively benign, such as an email containing misinformation about historical facts. However, hoaxes often improperly alert users to the existence of unsubstantiated virus threats. Users then react in two ways: rst, by widely disseminating the hoax email, clogging communications systems, and possibly triggering a DoS condition. Second, users react by following instructions in the hoax that direct them to defend or secure their computer in an improper or unapproved manner. The hoax email might, for example, use social engineering methods that direct users to delete legitimate les, or to go to websites and download les that might themselves contain actual viruses.
Impersonation
Phishing
Vishing
Whaling
Spam and spim
Hoax
432
LESSON 13
A well-known website that deals with hoaxes and urban legends is www.snopes.com.
Malicious Code Attacks

Denition: A malicious code attack is a type of software attack where an attacker inserts some type of undesired or unauthorized software, or malware, into a target system. In the past, many malicious code attacks were intended to disrupt or disable an operating system or an application, or force the target system to disrupt or disable other systems. More recent malicious code attacks attempt to remain hidden on the target system, utilizing available resources to the attackers advantage. Potential uses of malicious code include launching DoS attacks on other systems; hosting illicit or illegal data; skimming personal or business information for the purposes of identity theft, prot, or extortion; or displaying unsolicited advertisements. Example:
Malicious Code Attacks
Figure 13-2: A malicious code attack. Example: Viruses Virus attacks are the most well-known type of malicious code attacks. Evidence of a Malicious Code Attack Malicious code is often combined with social engineering to convince a user that the malware is from a trusted or benign source. Typically, you will see the results of malicious code in corrupted applications, data les, and system les, unsolicited pop-up advertisements, counterfeit virus scan or software update notications, or reduced system performance or increased network traffic. Any of these could result in malfunctioning applications and operating systems.
Types of Malicious Code Attacks

Hackers launch several major types of malicious code attacks to target a system. The exact method that is used to get malicious code onto a computer varies by attacker and attack type.
Types of Malicious Code Attacks (2 Slides)
433
LESSON 13
Malicious Code Type
Virus
Description
A sample of code that spreads from one computer to another by attaching itself to other les. The code in a virus executes when the le it is attached to is opened. Frequently, viruses are intended to enable further attacks, send data back to the attacker, or even corrupt or destroy data. A piece of code that spreads from one computer to another on its own, not by attaching itself to another le. Like a virus, a worm can enable further attacks, transmit data, or corrupt or erase les. An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks. There is a social engineering component to a Trojan horse attack since the user has to be fooled into executing it. A piece of code that sits dormant on a target computer until it is triggered by a specic event, such as a specic date. Once the code is triggered, the logic bomb detonates, and performs whatever actions it was programed to do. Often, this includes erasing and corrupting data on the target system. Surreptitiously installed malicious software that is intended to track and report on the usage of a target system, or collect other data the author wishes to obtain. Data collected can include web browsing history, personal information, banking and other nancial information, and user names and passwords. Software that automatically displays or downloads advertisements when it is used. While not all adware is malicious, many adware programs have been associated with spyware and other types of malicious software. Also, it can reduce user productivity by slowing down systems and simply by creating annoyances. Code that is intended to take full or partial control of a system at the lowest levels. Rootkits often attempt to hide themselves from monitoring or detection, and modify low-level system les when integrating themselves into a system. Rootkits can be used for non-malicious purposes such as virtualization; however, most rootkit infections install backdoors, spyware, or other malicious code once they have control of the target system. A set of computers that have been infected by a control program called a bot that enables attackers to exploit them and mount attacks. Typically, black hats use botnets for DDoS attacks, sending spam email, and mining for personal information or passwords.
Worm
Trojan horse
Logic bomb
Spyware
Adware
Rootkit
Botnet
Malware Malware is malicious code, such as viruses, Trojans, or worms, which is designed to gain unauthorized access to, make unauthorized use of, or damage computer systems and networks. Software Attacks A software attack is any attack against software resources including operating systems, applications, protocols, and les. The goal of a software attack is to disrupt or disable the software running on the target system, or to somehow exploit the target system to gain access to it, to other systems, or to a network. Many software attacks are designed to surreptitiously gain control of a computer so that the attacker can use that computer in the future, often for prot or for further malicious activity.
Black hats also use spam to deliver malware.
434
LESSON 13
Types of Viruses
Viruses can be categorized into several types.
Types of Viruses
Virus Type
Boot sector
Description
Infects any disk based media. Writes itself into the boot sector of the disk. When a system attempts to boot from the disk, the virus is moved onto the system. Once on the system, the virus attempts to move itself to every disk placed in the system. A macro is a group of application-specic instructions that execute within a specic application. A macro virus uses other programs macro engines to propagate. True macro viruses do not actually infect les or data, but attach themselves to the les template, document, or macro code. Microsoft Office products have been popular targets for macro viruses. A mailer virus sends itself to other users through the email system. It simply rides along with any email that is sent. A mass mailer virus searches the email system for mailing lists and sends itself to all users on the list. Often, the virus does not have a payload; its purpose is to disrupt the email system by swamping it with mail messages in the form of a DoS attack. This type of virus can change as it moves around, acting differently on different systems. It can sometimes even change the virus code, making it harder to detect. A small program that runs code using the Windows scripting host on Windows operating systems. It is written as a script in Visual Basic or JavaScript and executes when the script runs. Scripts are often distributed by email and require a user to open them. A stealth virus moves and attempts to conceal itself until it can propagate. After that, it drops its payload.
Macro
Mailer and mass mailer
Polymorphic
Script
Stealth
See http://support.microsoft.com/kb/211607/en-us for more information on macro viruses in Microsoft products.
Virus Infection Methods Viruses are an insidious threat because of their ability to replicate themselves and thus spread to multiple systems. Viruses can use different propagation methods: A virus on a hard disk can attach itself to removable media including ash drives, removable hard drives, and multimedia devices, which are then shared. A virus on the Internet can attach itself to a le. When a user downloads and runs the le, the virus is activated. A virus can attach to email. When a user opens or runs the attachment, the virus is activated.
435
LESSON 13
Buffer Overow
Buffer Overow
Denition: Buffer overow is an attack that targets system vulnerability to cause the device operating system to crash or reboot, and may result in loss of data or execute rogue code on devices. Buffer overow attacks typically target desktop and server applications; however, it is also possible for applications on wireless devices to be vulnerable to buffer overows. Example: RADIUS, Diameter, and TACACS+ are subject to buffer overow attacks and other software exploits.
Password Attacks
Password Attacks
Denition: A password attack is any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. The attacker can guess or steal passwords, or crack encrypted password les. A password attack can show up in audit logs as repeatedly failed logons and then a successful logon, or as several successful logon attempts at unusual times or locations. Example:
Figure 13-3: Attacker guesses the password to gain network access. Protecting Password Databases Attackers know the storage locations of encrypted passwords on common systems, such as the Security Accounts Manager (SAM) database on standalone Windows systems. Password-cracking tools take advantage of known weaknesses in the security of these password databases, so security might need to be increased.
Types of Password Attacks

Types of Password Attacks
Hackers use several common categories of password attacks. Creating complex passwords can increase the amount of time it takes for an attack to succeed.
436
LESSON 13
Password Attack Type
Guessing
Description
A guessing attack is the simplest type of password attack and involves an individual making repeated attempts to guess a password by entering different common password values, such as the users name, a spouses name, or a signicant date. Most systems have a feature that will lock out an account after a specied number of incorrect password attempts. Passwords can be stolen by various means, including sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password. A dictionary attack automates password guessing by comparing encrypted passwords against a predetermined list of possible password values. Dictionary attacks are successful against only fairly simple and obvious passwords, because they rely on a dictionary of common words and predictable variations, such as adding a single digit to the end of a word. In a brute force attack, the attacker uses password-cracking software to attempt every possible alphanumeric password combination. A hybrid password attack utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password.
Stealing
Dictionary attack
Brute force attack Hybrid password attack
IP Spoong Attacks
Denition: An IP spoong attack is a type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system. One sign of an IP spoong attack is a network packet from an external source that appears to have an internal source address. Example:
IP Spoong Attacks
Figure 13-4: An IP spoofing attack using a forged IP address.
437
LESSON 13
Example: An IP Spoong Attack on a UNIX Host An attacker wants to access a UNIX host with an IP address of 192.168.0.77 and an application that authenticates only hosts with 192.168.0.x addresses. If the attackers IP address is 10.10.10.25, the application will not authorize packets from this source. So the attacker creates IP packets with the forged source IP address of 192.168.0.10 and sends those packets to the UNIX host. Because the networks border router has not been congured to reject packets from outside the network with internal IP addresses, the router forwards the packets to the UNIX host, where the attacker is authenticated and given access to the system. Non-Example: Other Spoong Attacks The term spoong can also be used to describe any situation where the source of network information is forged to appear legitimate. For example, the common social engineering technique of phishing uses forged email to try to persuade users to respond with private information. IP Spoong Attack Targets IP spoong attacks take advantage of: Applications and services that authenticate based on the IP address. Devices that run Sun RPC (Remote Procedure Call) or X Windows, the GUI system in UNIX systems. Services that have been secured using TCP wrappers. Legacy technologies such as NFS and UNIX r commands such as rlogin. Routers that have not been congured to drop incoming external packets with internal IP addresses as source addresses.
Session Hijacking Attacks

Session Hijacking Attacks
Denition: A session hijacking attack involves exploiting a session to obtain unauthorized access to an organizations network or services. It involves stealing an active session cookie that is used to authenticate a user to a server and controlling the session. Session hijacking attacks also initiate denial of service to either the clients system or the server system, or both. Example:
Figure 13-5: An attacker hijacking the session.

438
LESSON 13
DoS Attacks
Denition: A Denial of Service (DoS) attack is a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services, including: Flooding a network link with data to consume all available bandwidth. Sending data designed to exploit known aws in an application. Sending multiple service requests to consume a systems resources. Flooding a users email inbox with spam messages, the genuine messages to get bounced back to the sender.
DoS Attacks
Example:
Figure 13-6: DoS attacks on a server consuming all its resources. DoS Targets The attack can target any service or network device, but is usually mounted against servers or routers, preventing them from responding to legitimate network requests. A DoS attack can also be caused by something as simple as disconnecting a network cable. Smurf Attacks Smurf attacks are a type of DoS attack that exploits vulnerabilities in ICMP by overloading a host with ping requests and clogging a network with traffic. Essentially, smurf attackers create a false ICMP Echo Request (ping) packet that uses the address of the targeted host as the source and a network broadcast address as the destination. When a smurf attack is launched, every machine on the destination network returns a packet to the victim. In well-orchestrated attacks, an attacker could cause the complete crash of the target operating system as well as create substantial traffic that can cripple a network.
DDoS Attacks
Denition: A Distributed Denial of Service (DDoS) attack is a type of DoS attack that uses multiple computers on disparate networks to launch the attack from many simultaneous sources. The attacker introduces unauthorized software called a zombie or drone that directs the computers to launch the attack.
DDoS Attacks
439
LESSON 13
Example:
Figure 13-7: DDoS attacks using drones.
Man-in-the-Middle Attacks
Man-in-the-Middle Attacks
Denition: A man-in-the-middle attack is a form of eavesdropping where the attacker makes an independent connection between two victims (two clients or a client and a server) and relays information between the two victims as if they are directly talking to each other over a closed connection, when in reality the attacker is controlling the information that travels between the two victims. During the process, the attacker can view or steal information to use it fraudulently. Example:
Figure 13-8: A man-in-the-middle attack. Example: A Man-in-the-Middle Attack In a typical man-in-the-middle attack, the attacker sets up a host on a network with IP forwarding enabled and a network-monitoring utility installed to capture and analyze packets. After analyzing network traffic to determine which server would make an attractive target:
440
LESSON 13
1. 2. 3. 4. 5. 6. The attacker intercepts packets from a legitimate client that are destined for the server. The attackers computer sends a fake reply to the client. The attackers computer forwards a fake packet to the server, which is modied so the attackers computer looks like the original sender. The server replies to the attackers computer. The attackers computer replies to the server as if it were the original client. The attacker stores any valuable information contained in the packets, such as sensitive data or user credentials, for use in future attacks.
Purpose of a Man-in-the-Middle Attack Man-in-the-middle attacks are used to gain access to authentication and network infrastructure information for future attacks, or to gain direct access to packet contents. Generally, there will be no signs that a man-in-the-middle attack is in progress or has just taken place. Eavesdropping Attacks An eavesdropping attack or sniffng attack uses special monitoring software to intercept private network communications, either to steal the content of the communication itself or to obtain user names and passwords for future software attacks. Attackers can eavesdrop on both wired and wireless network communications. On a wired network, the attacker must have physical access to the network or tap in to the network cable. On a wireless network, an attacker needs a device capable of receiving signals from the wireless network. Eavesdropping is very hard to detect, unless you spot an unknown computer leasing an IP address from a DHCP server. Many utilities are available that will monitor and capture network traffic. Some of these tools can only sniff the traffic that is sent to or received by the computer on which they are installed. Other tools are capable of scaling up to scan very large corporate networks. Examples of these tools include: Wireshark, the Microsoft Network Monitor Capture utility, tcpdump, and dsniff.
Port Scanning Attacks

Denition: A port scanning attack is a type of network attack where a potential attacker scans the computers and devices that are connected to the Internet or other networks to see which TCP and UDP ports are listening and which services on the system are active. Port scans can be easily automated, so almost any system on the Internet will be scanned almost constantly. Some monitoring software can detect port scans, or they might happen without your knowledge.
Port Scanning Attacks
441
LESSON 13
Example:
Figure 13-9: A port scanning attack. Port Scanning Utilities There are many utilities available that potential attackers can use to scan ports on networks, including Nmap, SuperScan, and Strobe. Many utilities can be downloaded for free from the Internet. Performing port scanning attacks is often the rst step an attacker takes to identify live systems and open ports to launch further attacks with other tools. Example: Xmas Attack The Xmas Scan is available on popular port scanners such as Nmap. It is mainly used to check which machines are alive or reachable, and subsequently what ports are open or responding, so that those machines or ports can be used as an avenue for a follow-up attack. The type of port scanning attack uses an Xmas packet with all ags turned on in the TCP header of the packet. The name Xmas refers to all ags being on (like lights) and so a packet is lit up like a Christmas tree. This scan is commonly known as a stealth scan due to its ability to hide the scan in progress, and to pass undetected through some popular rewalls, IDSs, and other systems. However, most modern-day IPSs can detect this type of scan.
Replay Attacks
Replay Attacks
Denition: A replay attack is a network attack where an attacker captures network traffic and stores it for retransmitting at a later time to gain unauthorized access to a specic host or a network. This attack is particularly successful when an attacker captures packets that contain user names, passwords, or other authentication data. In most cases, replay attacks are never discovered.
442
LESSON 13
Example:
Figure 13-10: A replay attack.
FTP Bounce Attacks

An FTP bounce attack targets the FTP vulnerability, which permits connected clients to open other connections on any port on the FTP server. A user with an anonymous FTP connection can attack other systems by opening a service port on the third system and sending commands to that service.
FTP Bounce Attacks
ARP Poisoning Attacks

ARP poisoning occurs when an attacker redirects an IP address to the MAC address of a computer that is not the intended recipient. Before the attack can begin, the attacker must gain access to the target network. Once the attacker has gained access to the network, he or she can poison the ARP cache on the target computers by redirecting selected IP addresses to MAC addresses that the attacker chooses. At this point, the attacker could choose to capture and/or alter network traffic before forwarding it to the correct destination, or create a denial of service condition by pointing the selected IP address at a nonexistent MAC address.
ARP Poisoning Attacks
Figure 13-11: An ARP poisoning attack.
443
LESSON 13
Wireless Security
Wireless Security
Denition: Wireless security is any method of securing your WLAN network to prevent unauthorized network access and network data theft. You need to ensure that authorized users can connect to the network without any hindrances. Wireless networks are more vulnerable to attacks than any other network system. For one thing, most wireless devices such as laptops, mobile phones, and PDAs search and connect automatically to the access point offering the best signal, which can be coming from an attacker. Wireless transmissions can also be scanned or sniffed out of the air, with no need to access physical network media. Such attacks can be avoided by using relevant security protocols. Example:
Figure 13-12: A wireless security environment. Site Surveys A site survey is an analysis technique that determines the coverage area of a wireless network, identies any sources of interference, and establishes other characteristics of the coverage area. While an authorized site survey is a standard part of planning or maintaining a wireless network, unauthorized site surveys or compromise of the site survey data can be a security risk. You use a site survey to help you install and secure a wireless LAN.
Wireless Vulnerabilities
Wireless Vulnerabilities (2 Slides)
Wireless networks have an increasing number of specic vulnerabilities.
444
LESSON 13
Wireless Threat / Vulnerability
Rogue access point
Description
This is an unauthorized wireless access point on a corporate or private network. Rogue access points can cause considerable damage to an organizations data. They are not detected easily, and can allow private network access to many unauthorized users with the proper devices. A rogue access point can allow manin-the-middle attacks and access to private information. Organizations should protect themselves from this type of attack by implementing techniques to constantly monitor the system, such as installing an IDS. These are rogue access points on a network that appear to be legitimate. Although they can be installed both on corporate or private networks, typically they are found in public Wi-Fi hotspots where users do not connect transparently and automatically as they do in a corporate network, but rather select available networks from a list. Evil twins can be more dangerous than other rogue access points because the user thinks that the wireless signal is genuine, making it difficult to differentiate from a valid access point with the same name. In wireless networking, this is the phenomenon by which radio waves interfere with the 802.11 wireless signals. It usually occurs at homes because of various electronic devices, such as microwaves, operating in a bandwidth close to that of the wireless network. When this occurs, it causes the 802.11 signals to wait before transmitting and the wait can be indenite at times. This is a method used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth-enabled devices. Because Bluetooth has a 30-foot transmission limit, this is a very close-range attack. With the advanced technology available today, attackers can send out unsolicited messages along with images and video. These types of signals can lead to many different types of threats. They can lead to device malfunctions, or even propagate viruses, including Trojan horses. Users should reject anonymous contacts, and congure their mobile devices to the nondiscoverable mode. This is a method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-foot Bluetooth transmission limit. Unlike bluejacking, access to wireless devices such as PDAs, mobile phones, and laptops by bluesnarng can lead to the exploitation of private information including email messages, contact information, calendar entries, images, videos, and any data stored on the device. The act of searching for instances of wireless networks using wireless tracking devices such as PDAs, mobile phones, or laptops. It locates wireless access points while traveling, which can be exploited to obtain unauthorized Internet access and potentially steal data. This process can be automated using a GPS device and war driving software. The method used to crack the encryption keys used in WEP and WPA installations to gain access to private wireless networks. There are many tools available that can aid attackers in cracking encryption keys, such as Aircrack. The act of using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access. In this attack, the attacker is able to predict or control the Initialization Vector (IV) of an encryption process. This gives the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for an authentic user of the network.
Evil twins
Interference
Bluejacking
Bluesnarng
War driving
WEP and WPA cracking War chalking IV attack
445
LESSON 13
Wireless Threat / Vulnerability
Packet sniffng
Description
An attack on wireless networks where an attacker captures data and registers data ows, which allow the attacker to analyze the data contained in a packet. In its benign form, it also helps organizations monitor their own networks against attackers.
In the terms war driving and war chalking, war stands for wireless access receiver.
There are common tools that can be used for war driving and war chalking, such as NetStumbler, Kismet, Aircrack, and Airsnort.
Initialization Vectors Initialization Vector is a technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.
ACTIVITY 13-1
Identifying Network Threats and Attacks
Scenario: In this activity, you will identify various types of network threats and attacks.
1.
What is a macro virus? a) A virus that is transmitted via email. b) A virus that targets office productivity applications. c) A virus that attacks the boot sector. d) A virus that runs on the Windows scripting host.
2.
John is given a laptop for official use and is on a business trip. When he arrives at his hotel, he turns on his laptop and finds a wireless access point with the name of the hotel, which he connects to for sending official communications. He may become a victim of which wireless threat? a) Interference b) War driving c) Bluesnarfing d) Rogue access point
446
LESSON 13
3. A new administrator in your company is in the process of installing a new wireless device. He is called away to attend an urgent meeting before he can secure the wireless network, and without realizing it, he forgot to switch the device off. A person with a mobile device who is passing the building takes advantage of the open network and hacks it. Your company may become vulnerable to which type of wireless threat? a) Interference b) War driving c) Bluesnarfing d) Rogue access point 4. Every time Margaret decided to work at home, she would get frustrated with the poor wireless connection. But when she gets to her office, the wireless connection seems normal. What might have been one of the factors affecting Margarets wireless connection when she worked at home? a) Bluesnarfing b) Interference c) IV attack d) Evil twins attack 5. A disgruntled employee removes the UPS on a critical server system and then cuts power to the system, causing costly downtime. This physical threat is a(n): a) Internal threat b) External threat c) Man-made threat d) False alarm 6. Why is a hoax dangerous? a) The hoax is an actual virus that has the potential to cause damage. b) Propagation of the hoax can create DoS conditions. c) Users are annoyed by the hoax. d) The hoax can include elements of a social engineering attack. 7. Social engineering attempt or false alarm? A supposed customer calls the help desk and states that she cannot connect to the e-commerce website to check her order status. She would also like a user name and password. The user gives a valid customer company name, but is not listed as a contact in the customer database. The user does not know the correct company code or customer ID. Social engineering attempt False alarm
Students may disagree with the answers. Use this as an opportunity to solicit feedback from other students and discuss why they disagree or what social engineering attacks they have come across. You can also discuss what category each attacker might fall into and the attackers possible motivation in each case.
447
LESSON 13
8. Social engineering attempt or false alarm? A new accountant was hired and would like to know if he can have the installation source files for the accounting software package, so that he can install it on his computer himself and start work immediately. Last year, someone internal compromised company accounting records, so distribution of the accounting application is tightly controlled. You have received all the proper documentation for the request from his supervisor and there is an available license for the software. However, general IT policies state that the IT department must perform all software installations and upgrades. Social engineering attempt False alarm 9. While you are connected to another host on your network, the connection is suddenly dropped. When you review the logs at the other host, it appears as if the connection is still active. This could be a(n): a) IP spoofing attack b) DoS attack c) Man-in-the-middle attack d) Session hijacking attack 10. Response time on the website that hosts the online version of your product catalog is getting slower and slower. Customers are complaining that they cannot browse the catalog items or search for products. What type of attack do you suspect? a) A Trojan horse attack b) A spoofing attack c) A social engineering attack d) A DoS attack 11. Tina, the network analysis guru in your organization, analyzes a network trace capture file and discovers that packets have been intercepted and retransmitted to both a sender and a receiver during an active session. This could be a(n): a) IP spoofing attack b) Session hijacking attack c) Replay attack d) Man-in-the-middle attack 12. Your intranet webmaster, Tim, has noticed an entry in a log file from an IP address that is within the range of addresses used on your network. But, Tim does not recognize the computer name as valid. Your network administrator, Deb, checks the DHCP server and finds out that the IP address is not similar to any in their list of IP addresses in that particular domain. This could be a(n): a) IP spoofing attack. b) Malicious code attack. c) Man-in-the-middle attack. d) Session hijacking attack.
448
LESSON 13
13. Match a network-based attack with its description.
e a c
Social engineering DoS DDoS
Man-in-the-middle
ARP poisoning
Disables systems that provide network services. b. An attacker intercepts communications between two hosts. c. Uses multiple computers on disparate networks to launch an attack from many sources concurrently. d. An attacker redirects an IP address to the MAC address of a computer that is not the intended recipient. e. Uses deception and trickery to convince unsuspecting users to provide sensitive data.
a.
14. Jason arrives at work in the morning and finds that he cannot log on to the network. The network administrator says his account was locked at 3 A.M. due to too many unsuccessful logon attempts. What type of attack do you suspect? a) Man-in-the-middle b) Password c) Virus d) Hijacking 15. Which of these examples can be classified as social engineering attacks? a) A customer contacts your help desk asking for her user name and password because she cannot log on to your e-commerce website. b) A user gets a call from a person who states he is a help desk technician. The caller asks the user to go to an external website and download a file so that the technician can monitor the users system. c) The CEO of your company calls you personally on the phone to ask you to fax salary data to her personal fax number. The fax number she gives you is listed in the company directory, and you recognize her voice. d) A user receives an email that appears to be from a bank; the bank says they need the users name, date of birth, and Social Security number to verify account information.
449
LESSON 13
TOPIC B
Apply Threat Mitigation Techniques
In the previous topics, you identied network security threats and attacks. Scanning a network for threats and attacks will help you prevent most of them from materializing. In this topic, you will mitigate and deter threats and vulnerabilities on a network. No matter how secure a network may be, unfortunate events continue to happen. The network administrators should be involved in planning for the worst-case scenarios and should have strong mitigation and deterrent techniques in place, should something go wrong. In most organizations, security policies are the documents that have the greatest inuence over the actions taken and decisions made by network professionals. A well-constructed security policy is a great weapon in the ght to preserve the safety and integrity of an institutions technical and intellectual assets.
Software Updates
Software Updates
Software manufacturers regularly issue different types of system updates that can include security-related changes to software.
System Update Type

Patch Hotx Rollup Service pack
Description
A small unit of supplemental code meant to address either a security problem or a functionality aw in a software package or operating system. A patch that is often issued on an emergency basis to address a specic security aw. A collection of previously issued patches and hotxes, usually meant to be applied to one component of a system, such as the web browser or a particular service. A larger compilation of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotxes issued up to the point of the release of the service pack.
Patch Management
Patch Management
Patch management is the practice of monitoring for obtaining, evaluating, testing, and deploying software patches and updates. As the number of computer systems in use has grown over recent years, so has the volume of vulnerabilities and corresponding patches and updates intended to address those vulnerabilities. So, the task of managing and applying them can be very time-consuming and inefficient without an organized patch management system. In typical patch management, software updates are evaluated for their applicability to an environment and then tested in a safe way on non-production systems. Finally, an organized plan for rolling out a valid patch across the organization is executed.
450
LESSON 13
Figure 13-13: Management of patches. Patch Management Policies Many organizations have taken to creating official patch management policies that dene the who, what, where, when, why, and how of patch management for that organization. Patch Management Example A patch management program might include: An individual responsible for subscribing to and reviewing vendor and security patches and updating newsletters. A review and triage of the updates into urgent, important, and non-critical categories. An offline patch-test environment where urgent and important patches can be installed and tested for functionality and impact. Immediate administrative push delivery of approved urgent patches. Weekly administrative push delivery of approved important patches. A periodic evaluation phase and pull rollout for non-critical patches.
Antivirus Software
Denition: Antivirus software is a category of protective software that scans computers and sometimes networks for known viruses, Trojans, worms, and other malicious programs. Some antivirus programs attempt to scan for unknown harmful software. It is advisable to install antivirus software on all computers, and keep it updated according to your organizations patch management policy. In addition to detection, most antivirus software is capable of logging scan and detection information. These logs should be monitored to make sure that scans are taking place and ensure that infections are reported properly.
Antivirus Software
451
LESSON 13
Figure 13-14: Antivirus software deployed in a working environment. Example: Antivirus Use Jim is in the process of preparing a new le server for an internal group. While the group that will be using the server is anxious to have it installed, Jim knows that the system must be fully patched and the approved antivirus software installed prior to connecting to the corporate network. Connecting an unpatched and unprotected system to the network is a large vulnerability, even with the corporate rewall between the new system and the Internet. The antivirus software will provide a measure of protection against any malicious software that may be lurking undetected on the network. The antivirus program will also scan all of the les that users place onto the system or modify while it is in use, guarding against infection from the users systems. Adware and Spyware Protection In addition to antivirus software, protection against adware and spyware is also necessary. While some antivirus software packages include protection against adware and spyware, it is often desirable to maintain separate protection against adware and spyware. Updating Virus Denitions The antivirus software vendor maintains and updates the libraries of virus denitions; the customer must periodically update the denitions on all systems where the software is installed. Most vendors provide an automatic update service that enables customers to obtain and distribute current virus denitions on a schedule. Periodically, administrators should manually check to verify that the updates are current. When there is a known active threat, administrators should also manually update denitions. Enterprise Virus Solutions Some vendors offer enterprise virus suites that include virus protection for all systems in a company, automatic updating, and the ability to download and distribute updates from a central server. Distributing the updates from a local server instead of obtaining them directly from the vendor enables the antivirus administrator to review and verify virus denitions before they are deployed.
Internet Email Virus Protection

Internet Email Virus Protection
Because almost all computer systems today are connected to the Internet, email is a source of serious virus threats. Companies can implement Internet email virus protection by: Screening the Internet gateway computers for viruses. Employing reliable desktop antivirus software. Scanning incoming email between the Internet and the email server.
452
LESSON 13
Scanning email again at the system-level. If a virus attack is detected, disabling all Internet connections and isolating affected systems.
Figure 13-15: Antivirus deployed on different network locations.
Anti-Spam Software
A few different anti-spam solutions are available that you can implement to help prevent the ood of spam in your email.
Anti-Spam Software
Spam Target Area

End users
Solutions
End users can protect themselves against the ood of spam using the following methods: Address munging is when end users use a fake name or address to post on consumer websites or newsgroups. This can also include changing legitimate addresses to make a no spam statement. Responding to spam emails can cause different issues. Once an email has been responded to, the spammer can conrm that the message was successfully received. The spammer will be sure to include that address again. Spammers also use forged addresses that may look like a legitimate email address. In this case a spammer may be using a zombie computer to relay messages. A response will only cause more spam to be sent out. By disabling HTML in email programs, you can prevent automatic downloading of images and attachments that may contain viruses. Using disposable email addresses can be an effective way to guard against unwanted spam by posting the address on a website and using it for only a predetermined amount of time.
453
LESSON 13
Spam Target Area
Administrators
Solutions
Administrators can use many different systems and services to guard against spam within their organization. They can block messages from known spam sources, or they can use a ltering system that will read messages and scan for target words and phrases used in known spam email. They can also use a known blacklist to block documented spamming sources from getting into a private network. Email senders use a number of automated methods in order to ensure that they do not send out spam. A sender risks being added to the DNS blacklist if they are perceived as a spam sender. Background checks, opt-in email lists, and spam ltering and blocking incoming messages from users can enforce anti-spam actions for consumer websites. Researchers and law enforcement officials have joined the ght against spam. This effort is an ongoing task that involves coordination of many parties, including ISPs and consumer companies. The parties must work together to investigate potential spam opportunities, track activities, and gather evidence to stop further spamming attacks. Research in this area is ongoing, so updated anti-spam solutions can be implemented.
Email senders
Research and law enforcement
Spam Detection Methods Spam detection has become an important task to end users. There are many different ways end users can protect themselves against spammers. Detection can include a ltering program that will detect specic words that are commonly used in spam messages. The message may be rejected once the words are found. This can cause issues if the detection system rejects legitimate messages that may contain one of the key words. Other detection methods are used to block IP addresses of known spammers or to pose an email address that is not in use or is too old to collect spam. These methods can help reduce the number of spam messages in your inbox. Some examples of anti-spam software include SPAMghter, iHateSpam, Cloudmark for Microsoft Outlook, and BullGuard Internet Security Suite. DNS Blacklists DNS blacklists (DNSBLs) are published lists that contain email addresses that are conrmed as spam sources. Mail servers can be congured to scan these lists for addresses and then ag or reject them to avoid spreading spam within an organization.
Security Policies
Security Policies
Denition: A security policy is a formalized statement that denes how security will be implemented within a particular organization. It describes the means the organization will take to protect the condentiality, availability, and integrity of sensitive data and resources, including the network infrastructure, physical and electronic data, applications, and the physical environment. It often consists of multiple individual policies. All implemented security measures should conform to the stated policy.
454
LESSON 13
Analogy: A good security policy provides functions similar to a governments foreign policy. The policy is determined by the needs of the organization. Just as a nation needs a foreign policy in part because of real and perceived threats from other countries, organizations also need a policy to protect their data and resources. A nations foreign policy denes what the threats are and how the government will handle those threats. A security policy does the same for an organization; it denes threats to its resources and how those threats will be handled. A policy forms the plan that ties everything together. Without a formal policy, you can only react to threats instead of anticipating them and preparing accordingly. Example: A Password Security Policy A nuclear plant has a password policy to which all employees must adhere. Each employee is responsible for using strong passwords and protecting those passwords accordingly. It contains guidelines for strong passwords to use and weak passwords to avoid.
Figure 13-16: Password policy of a nuclear plant. Security Policy Components Each subsection of a security policy typically consists of several standard components.
Component
Policy statement Standards Guidelines Procedures
Description
Outlines the plan for the individual security component. Dene how to measure the level of adherence to the policy. Suggestions, recommendations, or best practices for how to meet the policy standard. Step-by-step instructions that detail how to implement components of the policy.
455
LESSON 13
Windows Security Policies Windows security policies are conguration settings within Windows operating systems that control the overall security behavior of the system. They are found in a policy object in the Computer Conguration\Windows Settings\Security Settings node. The policies can be set on a centralized basis, through a Group Policy in Windows Server systems, or can be set in the individual policy objects on each computer.

Identifying a Security Policy
Setup: You have a Windows Server 2008 R2 computer with the name Child##, where ## is a unique number. Log on as Administrator with the password !Pass1234. The policy document is stored on your workstation at C:\085708Data\ NuclearPlantPasswordPolicy.rtf. Scenario: As the new network administrator for a nuclear plant, you will also be involved in updating documentation related to security policies. Before you can be effective in these new duties, you have decided that you need to familiarize yourself with existing policy documents in the organization.
1.
Open and review the policy file. What type of policy document is this? a) Acceptable use policy b) Audit policy c) Extranet policy d) Password policy e) Wireless standards policy
2.
Which standard policy components are included in this policy? a) Statement b) Standards c) Guidelines d) Procedures
3.
How often must system-level administrators change their passwords to conform to this policy? The password policy states that administrator passwords should be changed every month to remain secure.
456
LESSON 13
4. To conform to this policy, how often must regular system users change their passwords? The password policy states that regular system users should change their passwords every three months to stay secure. 5. According to this policy, what is the minimum character length for a password and how should it be constructed? Eight characters is the minimum length for security purposes and you should try and include numbers and special characters to make it more secure. 6. Why is password1 not a good choice for a password? It is easy to guess and therefore not very secure.
Common Security Policy Types

Administrators use several common security policy types as part of most corporate security policies.
Common Security Policy Types
Type
Acceptable Use Policy Audit Policy
Description
Denes the acceptable use of an organizations physical and intellectual resources. Details the requirements and parameters for risk assessment and audits of the organizations information and resources.
Extranet Policy Sets the requirements for third-party entities that desire access to an organizations networks. Password Policy Wireless Standards Policy Denes standards for creating password complexity. It also denes what an organization considers weak passwords and the guidelines for protecting password safety. Denes what wireless devices can connect to an organizations network and how to use them in a safe manner that protects the organizations security.
Security Policy Standards Organizations The SysAdmin, Audit, Networking and Security (SANS) Institute has identied a list of standard policy types and policy templates, ranging from the acceptable encryption policy to the wireless communication policy. To view the complete list of policies from the SANS Institute, see www.sans.org/ resources/policies/. Other organizations, such as the IETF, have provided RFC 2196 for different security policies. To view RFC 2196, see www.cse.ohio-state.edu/cgi-bin/rfc/rfc2196.html. ISO has published ISO/IEC 27002:2005, which is a standard for information security. To view information on ISO/IEC 27002:2005, see www.iso.org.
457
LESSON 13
Security Incident Management
Security Incident Management
Denition: A security incident is a specic instance of a risk event occurring, whether or not it causes damage. Security incident management is the set of practices and procedures that govern how an organization will respond to an incident in progress. The goals of incident management are to contain the incident appropriately, and ultimately minimize any damage that may occur as a result of the incident. Incident management typically includes procedures to log, and report on, all identied incidents and the actions taken in response. Example: InniTrade Financial has created a task force specically designed to manage all aspects of incident management within the company. The team carries out all operations using the security governance guidelines and procedures issued by management. The task force is responsible for incident analysis, incident response, incident reporting, and documentation.
IRPs
IRPs
Denition: An Incident Response Policy (IRP) is the security policy that determines the actions that an organization will take following a conrmed or potential security breach. The IRP usually species: Who determines and declares if an actual security incident has occurred. What individuals or departments will be notied of. How and when they are notied. Who will respond to the incident and Guidelines for the appropriate response.
Example: AFR Travels IRP AFR Travels IRP is highly detailed in some places, and highly exible in others. For example, the list of who should respond to an incident is broken down both by job title and by equivalent job function in case a company reorganization causes job titles to change. This same exibility is given to the department titles. However, the majority of the IRP consists of highly detailed response information that addresses how proper individuals and authorities should be notied of an incident. Since some computer attacks might still be ongoing at the time they are discovered, or some attacks might take the communications network down entirely, AFR Travel has made sure that there are multiple lines of secure communication open following an incident. Incident Response Involvement Incident response will usually involve several departments, and, depending on the severity of the incident, may involve the media. The human resources and public relations departments of an organization generally work together in these situations to determine the extent of the information that will be made available to the public. Information is released to employees, stockholders, and the general public on a need-toknow basis.
458
LESSON 13
First Responders A rst responder is the rst experienced person or a team of trained professionals that arrive on the scene of an incident. In a non-IT environment, this term can be used to dene the rst trained person, such as a police officer or reghter, to respond to an accident, a damage site, or a natural disaster. In the IT world, rst responders can include security professionals, human resource personnel, or IT support professionals.
Change Management
Denition: Change management is a systematic way of approving and executing change in order to ensure maximum security, stability, and availability of information technology services. When an organization changes its hardware, software, infrastructure, or documentation, it risks the introduction of unanticipated consequences. Therefore, it is important that an organization be able to properly assess risk; to quantify cost of training, support, maintenance, or implementation; and to properly weigh benets against the complexity of a proposed change. By maintaining a documented change management procedure, an organization can protect itself from potential adverse effects of hasty change. Example: Jane has identied a new service pack that has been released that xes numerous security vulnerabilities for the operating system on a server. The server that needs this service pack is running a custom in-house application, and signicant down-time is not acceptable. The company policy states that a change management form must be approved for all service packs. The form comes back from the approval process with a qualication that the service pack must be tested on a lab system prior to deployment on the production server. Jane applies the service pack in a lab and discovers that it causes the custom in-house application to fail. The application must be sent back to the software developers for testing before the service pack can be applied in production.
Change Management
Figure 13-17: Change management of service packs.
How to Apply Threat Mitigation Techniques

By balancing the potential security threat with the cost of implementing and maintaining a secure network, an administrator can mitigate data loss and ensure the proper level of network functionality. Guidelines: To protect data on your network, follow these guidelines: Always be sure to download and install the latest operating system patches, and updates for both server and client machines.
459
LESSON 13
Train users to recognize and deter social engineering attacks. Deploy intruder-detection and virus-protection software to monitor unauthorized software activity, such as the presence of viruses, password-cracking software, or Trojan horses. Limit physical access to the network to prevent the introduction of hardwarebased sniffers or unauthorized hosts. Require the use of strong, complex user passwords. Require passwords to be changed on a regular basis. Employ strong authentication and encryption measures for data stored on network servers. Use more than one form of authentication between devices to guard against IP spoong. Encrypt data during network transmission so that it cannot be read by sniffers. Conceal network address information with various technologies, including rewalls, Internet proxies, and address translation, to protect against spoong and hijacking. Enable security features included in operating systems. Run vulnerability scans.
In addition to the mitigation techniques to protect data in general, to secure wireless traffic, you need to follow separate guidelines: Secure sensitive private data. Do not include any data on a wireless device, such as a PDA, that you are not willing to lose if the device is lost or stolen. Install antivirus software if it is available for your wireless devices. Update the software on wireless devices and routers to provide additional functionality as well as to close security holes in wireless devices such as: Disable the discoverable setting on Bluetooth connections to prevent bluejacking and bluesnarng attacks. Set Bluetooth connections to hidden.
Implement a wireless security protocol. Implement appropriate authentication and access control, such as MAC address ltering or user authentication, against a directory service to prevent authentication attacks such as wardriving. Implement an intrusion detection system on the wireless network for monitoring network activity to protect against rogue access point attacks and data emanation. Implement your hardware and software manufacturers security recommendations. Test the functionality of systems after hardening to ensure that required services and resources are accessible to legitimate users. Document your changes.
460
LESSON 13
Connection Method Security The method or protocol that is used to communicate between two devices greatly affects the security of those devices and the data they transmit. Insecure connection methods do not provide any data security or encryption, allowing an attacker to capture and view any transmitted data. Secure connection methods provide at least some encryption, making it much more difficult for an attacker to make use of any intercepted data. The following table groups common connection methods into two categories: secure connection methods and insecure connection methods.
Category
Secure connection methods
Protocol
SSH HTTPS SNMPv3 SFTP SCP Telnet HTTP FTP RSH RCP
Insecure connection methods
SNMPv1/2
RSH and RCP In UNIX, the rcp command is used to copy les between systems. The rsh command can be used to start a shell to execute a command on a remote system without needing to be logged in. The results will be sent directly to the administrator. Example: Data Protection Methods As a network professional, Sue is concerned about threats against her company from hackers as well as from internal users. She deploys several safeguards against outside intruders, including enterprise-wide virus-protection software. She has also deployed a rewall. There are company-wide security policies in place to make sure that outside parties, such as clients and vendors, cannot enter the building or use equipment without an escort. Internally, Sue has implemented strong authentication measures so that users cannot log on or access server data without valid credentials and strong passwords. The most sensitive company data must be encrypted in storage and in transit, but universal data encryption affected network performance and was unacceptable to many users. Sue also sends out regular bulletins to make sure users understand proper security procedures, and provides users with information to help them recognize viruses, hoaxes, and other suspicious network activities.
461
LESSON 13
Example: AFR Travels Wireless Network AFR Travel is a small regional travel company with a central office and several branch locations in shopping malls and other venues. AFR Travel has many travel consultants and agents who use laptops to work in different locations within the main office or in branch offices. They also use mobile devices to check email and web-based travel data from any location. All wireless devices have antivirus software installed, and all software patches are kept up to date. Wireless routers are also patched with the latest rmware updates. AFR Travel employs the 802.11i security protocol for data encryption. All authentication is performed through EAP against the Active Directory accounts database.

Applying Threat Mitigation Techniques
Scenario: In this activity, you will apply different threat mitigation techniques.
1.
When should an antivirus administrator manually check for virus updates? a) When a known threat is active b) After each automatic update c) Never d) On a daily basis
2.
Which are considered legitimate network security measures? a) Requiring complex passwords. b) Installing antivirus software. c) Denying users the ability to log on. d) Preventing users from storing data. e) Restricting physical access to the network.
3.
You manage a small office network with a single gateway to an Internet service provider. The ISP maintains your corporate email on its own email server. There is an internal server for file and print services. As the administrator for this network, where should you deploy antivirus software? a) Desktop systems b) Gateway systems c) Email server d) File and print server
462
LESSON 13
4. Match the system update type with its description.
b d
Patch Hotx
c a
Rollup Service pack
System updates include those issued to point of the release of the software. b. Supplemental code meant to address either a security problem or a functionality aw. c. A collection of previously issued system updates. d. A system update issued on an emergency basis to address a specic security aw.
a.
TOPIC C
Educate Users
You have acquired the skills you need to keep your security infrastructure healthy. But, security is the responsibility of all individuals in an organization, not just the professional security team. In this topic, you will learn how to educate users about the need to follow appropriate security practices in their day-to-day work. An attacker calls Mary, poses as a network administrator, and hangs up after a brief conversation, after learning Marys user ID and password. John leaves his laptop on his desk, unlocked, over the weekend, and it is stolen by a member of the cleaning crew. Tina always logs in to her computer as Administrator with a blank password because it is easier. It is clear that none of these users are following good security practices, and, if nobody told them how to do things any better, it is not necessarily their fault. How can you prevent this scenario? It is your responsibility to educate or coach your users about their individual security responsibilities. An educated user is the IT professionals best partner in preventing security breaches.
Employee Education
Information security is not the exclusive responsibility of information professionals. A comprehensive security plan can succeed only when all members of an organization understand and comply with the necessary security practices. IT professionals are often the ones responsible for educating employees and encouraging their compliance with security policies. The process of employee security education consists of three components.
Employee Education
Step
Awareness
Description
Education begins with awareness. Employees must be aware of the importance of information security and be alert to its potential threats. Employees also need to be aware of the role they play in protecting an organizations assets and resources. A network security professional can create awareness through seminars, email, or information on a company intranet.
463
LESSON 13
Step
Communication
Description
Once employees are aware of security issues and the role they play in protecting the organizations assets, the lines of communication between employees and the security team must remain open. Network security professionals can accomplish this by encouraging employees to ask questions and provide feedback on security issues. Also, the security team must take responsibility for keeping the workforce informed of ongoing security concerns and updated practices and standards. Employees should be trained and educated in security procedures, practices, and expectations from the moment they walk through the door. Employees responsibility for organizational security starts the second they join the organization and have access to the physical building and resources, as well as the intellectual property inside. Education should continue as the technology changes and new information becomes available. Education takes many forms, from training sessions to online courses employees can take at work. Educated users are one of your best defenses against social engineering attacks.
Education
Online Resources A common way to promote all phases of the employee education process is to provide employees with access to security-related resources and information online. You can provide proprietary, private security information, such as your corporate security policy document, through an organizations intranet. You can also point employees to a number of reputable and valuable security resources on the Internet. However, both you and the employee should be cautious whenever researching information on the Internet, as not all sources are trustworthy. Just because information is posted on a website does not mean it is factual or reliable. Monitor the websites you recommend to your employees periodically to make sure that they are providing worthwhile information, and encourage employees to verify any technical or security-related information with a reliable third party before acting on the information or passing it along to others. Here are just a few of the valuable information security resources from technology vendors and other organizations that you can nd on the Internet: www.microsoft.com/security/default.mspx tools.cisco.com/security/center/home.x www.symantec.com/business/index.jsp www.sans.org
User Security Responsibilities

User Security Responsibilities
Because security is most often breached at the end-user level, users need to be aware of their specic security responsibilities.
464
LESSON 13
Security Area
Physical security
Employee Responsibilities
Employees should not allow anyone in the building without a proper ID. Employees should not allow other individuals to piggyback on a single ID badge. Employees should be comfortable approaching and challenging unknown or unidentied persons in a work area. Access within the building should be restricted to only those areas an employee needs to access for job purposes. Hard copies of condential les must be stored securely where they are not visible to others. Employees must use their user IDs and passwords properly. This information should never be shared or written down where it is accessible to others. All condential les should be saved to an appropriate location on the network where they can be secured and backed up, not just on a hard drive. Employees must use correct procedures to log off all systems and shut down computers when not in use. Wireless communication devices must be approved by the IT department and installed and secured properly. Portable devices, such as laptops, PDAs, and cell phones, must be properly stored and secured when not in use.
System security
Device security
How to Educate Users

When you educate your users, you give them the ability to participate in the process of ensuring the security of the organization. Because many attacks involve the unwitting participation of unsuspecting users, educating them to raise their level of awareness of proper security procedures can greatly increase the overall security of your organization. Guidelines: To educate your users on security practices, follow these guidelines: Train new users on how to use their computers, and applications, and follow organizational security policies. Focus on potential security problems throughout the training. Post all relevant security policies so that they are easily available to all users. Notify users when changes are made to the policies. Educate them on the changes. Test user skills periodically after training to ensure that they are implementing proper security. For example, you can use planned social engineering attacks. Post information such as a link to http://hoaxbusters.org/ on the company website to assist users in determining whether or not emails are hoaxes. Policies and procedures can be implemented so an organization can enforce conduct rules among employees. It is crucial that an organization distribute the appropriate policies in order to reduce the likelihood of damage to assets and to prevent data loss or theft.
How to Educate Users
465
LESSON 13
Example: Educating Users at OGC Financial Group At OGC Financial Group, during new-hire orientation, all new employees are briefed on the security standards of the company. A representative from the security team shows them how to connect to the companys intranet and locate links to all the companys security policy documents from the security page. The security representative also demonstrates basic system security procedures, such as how to create a strong password. After training, you email the address of the intranet security page to all new employees, along with the addresses of other Internet resources they can consult to identify email threats, such as spam and hoaxes. Any time there is a change to any policy, you update the policy and notify users of the change. Signicant policy changes are rolled out in conjunction with security training refresher sessions, which all users must attend.

Educating Users
Scenario: As a network professional for a new military subcontractor, one of your responsibilities is coordinating the employee security education program. The plant has recently experienced several security incidents involving improper user behavior. Other IT staff and plant management personnel have come to you for recommendations on how to implement proper employee training procedures to prevent similar problems in the future.
1.
A virus has spread throughout your organization, causing expensive system downtime and corruption of data. You find that the virus sent to many users was an email attachment that was forwarded by an employee. The employee that received the original email was fooled into believing the link it contained was a legitimate marketing survey. You quickly determine that this is a well-known email hoax that has already been posted on several hoax-related websites. When questioned, this employee says that he thought it sounded as if it could be legitimate, and he could not see any harm in just trying it. How could better user education have helped this situation? If the employees had been aware of the dangers of opening email attachments, and had been more knowledgeable about how to identify email hoaxes, it is unlikely that the virus would have spread as far. If the initial employee, in particular, had been better informed, you might have been able to keep the virus out of your organization altogether.
2.
What education steps do you recommend taking in response to this incident? Because this was a widespread incident, your response must include better security information for all users. You could distribute or prominently post a notice regarding the incident, reviewing proper guidelines for opening email attachments and for identifying email hoaxes. You could distribute links to common hoax-debunking websites to make it easy for employees to research possible hoaxes. You could also review your new-hire training procedures to be sure they include information on email security.
466
LESSON 13
3. You come in on a Monday morning to find laptops have been stolen from several employees desks over the weekend. After reviewing videotapes from the security cameras, you find that as an employee exited the building through the secure rear door on Friday night, she held the door open to admit another individual. You suspect this individual was the thief. When you question the employee, she states that the individual told her that he was a new employee who had not yet received his employee badge, that he only needed to be in the building for a few minutes, and that it would save him some time if she could let him in the back door rather than having to walk around to the receptionist entrance. Your security policy states that no one without identification should be admitted through the security doors at any time, but the employee says she was unaware of this policy. You ask her to locate the security policy documents on the network, and she is unable to do so. How could better user education have helped this situation? Regardless of the specific policy, if the employee had been informed of some commonsense security guidelines, she might have not admitted the stranger without question. 4. What education steps do you recommend taking in response to this incident? This seems to be an isolated incident, so you should be sure to address it with the employee in question by reviewing all security policies with her and emphasizing the possible consequences of her actions. You should probably also post all security policies in an easily accessible location on the network and send out a company-wide reminder about them. However, because this employee never even attempted to refer to the policy, the inaccessibility of the policy documents was not a contributing factor in this incident. Finally, you should review your new-hire security training procedures to be sure they include common-sense tips on building security. 5. One of your competitors has somehow obtained confidential data about your organization. There have been no obvious security breaches or physical break-ins, and you are puzzled as to the source of the leak. You begin to ask questions about any suspicious or unusual employee activity, and you start to hear stories about a sales representative from out of town who did not have a desk in the office and was sitting down in open cubes and plugging her laptop into the corporate network. You suspect that the sales representative was really an industrial spy for your competitor. When you ask other employees why they did not ask the sales representative for identification or report the incident to security, the other employees said that, given their understanding of company policies, they did not see anything unusual or problematic in the situation. You review your security policy documents and, in fact, none of them refer to a situation like this one. How could better user education have helped this situation? In this case, it is not apparent that there were any problems in the education process. Users were aware of the presence of policy documents, but the documents themselves were inadequate because they did not deal with the dangers of this type of situation. 6. What education steps do you recommend taking in response to this incident? You need to update your acceptable network use policy to make it clear what kind of authorization an individual needs in order to access the corporate network from within the building. You also need to disseminate this new information to all employees. You might want to follow this up in a few weeks or months with a staged attack of a similar nature, to see how employees respond.
467
LESSON 13
Lesson 13 Follow-up
In this lesson, you identied the main types of security threats and attacks you will face: social engineering attacks, software attacks, network attacks, application attacks, and wireless attacks. Understanding the types of threats and attacks you face is an important rst step in learning how to protect your network and respond to an intrusion.
1. What type of attack is of the most concern in your environment? Answers will vary, but may include a network-based attack, because the network gives life to a business. Many businesses today rely on networks to operate successfully. A network-based attack can compromise daily business interactions and can be detrimental to keeping information private and secure. 2. Which type of attack do you think might be the most difficult to guard against? Answers will vary, but may include social engineering attacks, because the users form an important part of an information system and they can be the first part of the system to succumb to attacks, irrespective of how resistant and well-protected the system itself is.
468
LESSON 14
LESSON 14
Network Management
In this lesson, you will identify the tools, methods, and techniques used in managing a network. You will: Describe major system and network monitoring tools. Identify the major types of conguration management documentation. Identify network performance optimization techniques.
Lesson Time 20 minutes
Lesson 14: Network Management
469
LESSON 14
Introduction
You have designed your network, chosen the hardware and software it will require, and secured it. Your next step is to manage your network for optimal performance. In this lesson, you will investigate a number of monitoring tools and network management methods that will help you determine your networks baseline and optimize your networks performance. Managing your network for optimal performance is an essential task for network technicians to understand and be able to perform. By monitoring your network, determining your networks baseline, and optimizing your network to perform at its peak performance, your network can provide reliable service to your users. An effectively managed network has low downtime and improved availability of services no matter what the network size is. There are various network monitoring and troubleshooting tools that can help you to achieve this outcome. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.6 Explain the function of common networking protocols. 2.1 Given a scenario, install and congure routers and switches. 4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues. 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues. 4.4 Given a scenario, use the appropriate network monitoring resource to analyze traffic. 4.6 Explain different methods and rationales for network performance optimization. 5.1 Given a scenario, implement appropriate wireless security measures. 5.2 Explain the methods of network access security. 3.8 Identify components of wiring distribution. 4.5 Describe the purpose of conguration management documentation. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 2.1 Given a scenario, install and congure routers and switches. 4.1 Explain the purpose and features of various network appliances. 4.6 Explain different methods and rationales for network performance optimization.
Topic B:
Topic C:
470
TOPIC A
Network Monitoring
Monitoring the activities on your network is the rst step in efficiently managing it. With monitoring tools, you can compile information about your network that will help you manage it. In this topic, you will use monitoring tools to analyze your networks performance. There are several major types of monitoring tools that you can use to assess the overall functioning of your network and to diagnose the cause of general complaints such as The network is too slow or Im having problems getting on and off this server. You can use these tools to keep tabs on your networks performance, in order to recognize and correct problems as well as to anticipate and eliminate problems before they disrupt services on the network.
LESSON 14
Network Management
Network management is the management of functions such as operation, administration, maintenance, and provisioning of systems on a network using various activities, methods, procedures, and tools. Operation deals with procedures that allow for the smooth running of the network, and includes monitoring of the network to spot problems as they arise. Administration involves keeping track of the assignment and utilization of devices on the network. Maintenance involves repairing and upgrading network components, and taking necessary measures to ensure that devices are running optimally. Provisioning assigns resources to support a service.
Network Management
Figure 14-1: Functions of network management. Need for Network Management Effective network management leads to improved QoS, reduced operating costs, and increased revenue. The fundamental goal of network management is to make operations more efficient. The cost of ownership of the network should come down, and this includes the cost of the equipment and operating the network. Quality of the network and its services includes reliability and availability. Increased revenue can be obtained through network management when a service provider attracts more customers with management-related capabilities such as tracking accounting charges online and conguring service features over the web.
471
LESSON 14
Challenges of Network Management Network management has its share of challenges. For one, the number of services to be delivered over a network is usually large, and each of these services has specic requirements relating to bandwidth, connections, and other similar requirements that need to be fullled. These services along with other existing services on the network impact the overall performance. Moreover, networks expand constantly and require reconguration and upgrades. Any new management tools must adapt to the network in the shortest possible time, or they may impact network performance.
SNMP
SNMP
Simple Network Management Protocol (SNMP) is an Application-layer protocol used to collect information from network devices for diagnostic and maintenance purposes. SNMP includes two components: management systems and agent software, which are installed on network devices such as servers, routers, and printers. The agents send information to an SNMP manager. The SNMP manager can then notify an administrator of problems, run a corrective program or script, store the information for later review, or query the agent about a specic network device.
Figure 14-2: SNMP collects information from network devices for diagnostic purposes. SNMP Versions There are currently three versions of SNMP.
Version
SNMPv1 SNMPv2 SNMPv3
Description
Original specication dened in 1988. Introduced in 1993. Added several protocol operations and initial security measures. Introduced in 2002. Added security features and remote conguration capabilities. Three important services added: authentication, privacy, and access control.
472
LESSON 14
Network Monitoring Tools
Network monitoring tools can, depending on the tool, capture traffic, analyze it, create logs, alert you to events you dene, monitor different interfaces such as routers, switches, and servers, indicate areas of traffic congestion, help you construct baselines, determine upgrade and forecast needs, and generate reports for management. Depending upon the purpose of network monitoring, there are various tools available.
Network Monitoring Tools
Purpose
LAN monitoring
Tools
Remote Monitoring (RMON) pathping OpManager Distinct Network Monitor Solarwinds ipMonitor
QoS monitoring
QoS parameters Router parameters Load balancing NimBus XenMon RT Audio and RT Video Avaya Converged Network Analyzer
Bandwidth monitoring
Netow analyzer Rokario DU Meter Exinda Router monitoring CastleRock SNMPc Visual UpTime
WAN monitoring
AdvantNet Observer
Throughput Testers Throughput testers are software tools that can be used to measure network throughput and capacity. These software tools send large data packets from one destination to another and measure the time taken to transfer the packets. The throughput is then calculated by dividing the packet size by the time taken. Connectivity Tools and Utilities There are several built-in connectivity tools and utilities in Windows or UNIX operating systems that can be used to troubleshoot network connectivity issues. Connectivity software utilities are used to troubleshoot connectivity issues. Some of these utilities also support network monitoring. Ping, pathping, tracert, and netstat are examples of connectivity utilities. Some popular third-party connectivity tools includes Wireshark and Nagios.
473
LESSON 14
Network Monitoring Tool Categories
Network Monitoring Tool Categories
There are numerous software tools for managing or monitoring a network. These tools are generally part of an operating system such as Windows or UNIX. However, they are also available as add-on applications. They are broadly classied into three functional categories: status, trafc, and route monitoring tools.
Functional Category
Status monitoring Traffic monitoring
Description
Used to gather data related to the status of a network. Examples of these tools include the ping and nslookup commands. Used to gather data related to the traffic generated in a network. The ping command can be used as a traffic monitoring tool. The command used repeatedly enables a user to calculate the percentage of packet loss. Another example of a traffic monitoring tool is the iptrace command used in UNIX systems. The command is used to measure the performance of gateways. Used to trace the route taken by packets and detect routing delays, if any. Some examples of the route monitoring tools include the tracert and arp commands.
Route monitoring
Network Traffic Analysis

Network Trafc Analysis
Network traffic analysis is the study of various network activities. It includes: Identication of the inbound and outbound protocols. Checking whether the protocols acknowledge each other. This step helps identify if the protocols communicate unidirectionally or bidirectionally. Identifying if ports are open and closed. Checking the traffic that passes through a rewall. Checking throughput, threshold limits, and overall network performance. Tracing packets on the network. And, studying network utilization.
Port Filtering
Port Filtering
Port ltering is a technique of selectively enabling or disabling TCP and UDP ports on computers or network devices. It ensures that no traffic, except for the protocol that the administrator has chosen to allow, can pass through an open port. Port ltering works by examining the packets header, source address, destination address, and port number. However, a packets header can be spoofed; a sender can fake his IP address or any other data stored in the header.
474
LESSON 14
Figure 14-3: TCP and UDP ports disabled in computers on a network.
Traffic Filtering
Traffc ltering is a method that allows only legitimate traffic through to the network. It blocks unwanted traffic, thereby minimizing valuable resource consumption. Traffic is ltered based on rules that accept or deny traffic based on the source or destination IP address. Whenever a ltering device receives traffic, it attempts to match the traffic with a rule. Firewalls and servers are the most commonly used traffic ltering devices. Some devices lter traffic that originate only from the internal network, while there are other sophisticated devices that can lter traffic from external networks also.
Trafc Filtering
Figure 14-4: Data packets filtered by a firewall.
475
LESSON 14
Network Diagnostics
Network Diagnostics
There are various tools available to perform network diagnostic tests to determine concern areas and issues. The tools provide real-time issues and methods to troubleshoot most common issues. Some of the activities performed by the diagnostics tools are: Monitor end-to-end application response time Analyze network traffic Manage device performance Monitor and alert availability, bandwidth utilization, and health of devices Provide network diagnostics for troubleshooting and resolving issues Offer network discovery tools that facilitate IP address management, port mapping, and ping sweeps
Port mapping translates addresses of packets to a new address. The translated packets are then routed based on the routing table.
And, provide tools for real-time NetFlow analysis, conguration, and device management
Ping Sweep Establishes a range of IP addresses to locate active hosts within a given range. Ping sweep can be performed by using tools such as fping and map.
System Performance Monitors

System Performance Monitors
Denition: A performance monitor is a software tool that monitors the state of services or daemons, processes, and resources on a system. Performance monitors track one or more counters, which are individual statistics about the operation of different objects on the system, such as software processes or hardware components. Some objects can have more than one instance; for example, a system can have multiple CPUs. When a counter value reaches a given threshold, it indicates that the object of the counter may be functioning outside acceptable limits. Many operating systems include basic network performance monitor tools, or you can obtain more complex third-party tools, including network monitors that are based on the SNMP and Remote Monitoring (RMON) systems designed to handle large clusters or server farms. Example: The top Utility Most Linux/UNIX systems provide a CPU usage monitoring tool called top as part of their default installation. top can provide either a static snapshot, or a real-time display of the processes currently running on a given CPU. tops various data displays include columns for memory use, virtual memory, and the process ID. The -u ag is useful for ordering the list by CPU usage. The process with the highest use is displayed at the beginning of the list. Example: Windows Reliability and Performance Monitor Windows Reliability and Performance Monitor included in Windows Server 2008 allows network administrators to observe, monitor, and record a wide variety of system-related information including CPU usage, network usage, process and thread behavior, and memory usage.
476
LESSON 14
Counter Threshold Values System administrators generally take action when counter values they are monitoring reach a threshold value. These values can be set in different ways that vary depending on the monitoring tool and system. Some counters have thresholds that depend upon the device or its criticality. You will need to consult the documentation from your equipments manufacturer, and establish a baseline for performance before setting these thresholds. Log Files A log le is a record of actions and events performed on an operating system. There are three common types of log les: system, general, and history les.
Type
System General
Description
System logs are often predetermined by the operating system itself and are a record of events logged by the operating system. General logs are a type of system logs that contain information about device changes, installation/uninstallation of device drivers, and any other system changes. History logs record information, such as the type of log, the time of event occurrence, the name of the user who was logged on at the time of the event (or who caused the event), keywords, any identication numbers, and what category (or categories) the event belongs to. The format may differ based on the operating system used.
History
Syslog Syslog is a term used to dene the process of logging program messages or data logs. The term collectively includes the software or operating system that generates, reads, and analyzes log les.
Protocol Analyzers
Denition: A protocol analyzer, or a network analyzer, is diagnostic software that can examine and display data packets that are being transmitted over a network. It can examine packets from protocols that operate in the Physical, Data Link, Network, and Transport layers of the OSI model. Protocol analyzers can gather all information passed through a network, or selectively record certain types of transactions based on various ltering mechanisms. On a wired network, it is possible to gather information on all or just part of a network. On a wireless network, traffic can be captured one wireless channel at a time.
Protocol Analyzers
477
LESSON 14
Figure 14-5: A protocol analyzer with captured data. There are numerous uses for a protocol analyzer, including: Analyzing current network traffic patterns and potential problems. Detecting possible network intrusions. Monitoring network usage for performance analysis. Filtering undesirable network traffic. Launching an eavesdropping attack.
Protocol Analyzer Functions Different protocol analyzers have different levels of functionality. Some have only software components; others use a combination of hardware and software to gather and analyze network information. High-end solutions usually provide support for more protocols, the ability to send test traffic, higher speeds, and more analytical information. The product you will use depends on your environment and the needs of your network. Example: The Windows Network Monitor Tool Most Windows systems include a basic protocol analyzer tool called Network Monitor that enables you to save each network capture to a log. There are two versions of Network Monitor; one that ships with Windows but is not installed by default. You must add it using Add/Remove Windows Components. This version of Network Monitor can only capture packets that travel to or from the computer on which it is installed. There is also a full version of Network Monitor that is included with Systems Management Server, and can be installed separately from the full Systems Management Server product. This version can capture packets sent to or from any computer on the network. Network Monitor can be downloaded from http://www.microsoft.com/download/en/ details.aspx?id=4865 Example: The UNIX netstat Utility The netstat utility is included with most UNIX and Linux distributions. netstat can provide a wide range of information, including open ports and sockets, packets transmitted on those ports, routing tables, and multicast memberships.
478
LESSON 14
Network Adapter Promiscuous Mode To capture all packets sent on a network, protocol analyzers require a network adapter and driver that support promiscuous mode operation. Promiscuous mode enables the station running the analyzer to recognize all packets being sent over the network, irrespective of the source or destination. In the promiscuous mode, a network card passes all network events to the operating system. In normal modes of operation, network traffic that is not intended for the adapter that received it is ltered out and not passed to the operating system, including the error conditions that the protocol analyzer is designed to detect.
Network Fault Tolerance

Denition: Fault tolerance is the ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service. Fault tolerance measures include protecting power sources, disks and data storage, and network components. The critical components of a network need to be fault-tolerant so as to ensure base-level functioning of the network. Example:
Network Fault Tolerance
Figure 14-6: A backup server takes over when the main server fails.
479
LESSON 14
ACTIVITY 14-1
Monitoring Data on the Network
Before You Begin: Ensure that the Network Monitor 3.4 setup le was placed in the C:\Data\Tools\ folder as part of setup. Scenario: You want to use Network Monitor to capture data about your systems performance on the network.
What You Do 1. Install Network Monitor. How You Do It a. Navigate to C:\Data\Tools. b. Double-click the NM34_x64 file and in the Microsoft Network Monitor message box click Yes. c. In the Welcome screen of the Install wizard, click Next. d. Accept the license agreement and click Next. e. Select the I do not want to use Microsoft Update option and click Next. f. Click Complete, and click Install to begin the installation.
g. Click Finish and close the Tools window.
480
LESSON 14
2. Use Network Monitor to capture data. a. Choose StartAll ProgramsMicrosoft Network Monitor 3.4Microsoft Network Monitor 3.4. b. In the Microsoft Update Opt-In message box, click No. c. In the Microsoft Network Monitor 3.4 window, in the Select Networks section, in the Friendly Name list, check the NDISWANBH check box. d. Maximize the window. e. In the Network Monitor window, click New Capture. f. 3. Generate network traffic. Click Start.
a. Click StartCommand Prompt, and in the Command Prompt window, enter ping 192.168.1.200 b. Enter ping 192.168.1.XX, where XX corresponds to another students IP address in the classroom. Repeat the ping a few times to generate traffic. c. Close the Command Prompt window. d. Open a new browser window, and in the address bar, click and enter www.everythingforcoffee.com e. Close the browser window.
4.
Stop the Network Monitor capture of traffic and review the capture log.
a. In the Network Monitor window, click Stop. b. Select each frame and view the contents in the details pane.
481
LESSON 14
c. On the right pane, in the Display Filter text field, click and type http and then click Apply.
d. View the plaintext content of the HTTP frames. When you have finished, close the Microsoft Network Monitor 3.4 window without saving. 5. What other kinds of network traffic did you observe by running Microsoft Network Monitor? Answers may vary. The network traffic may depend on how many students tried to ping a particular computer or the websites they visit.
TOPIC B
Conguration Management Documentation
In the previous topic, you identied the network monitoring tools you will be using to troubleshoot network issues. However, when troubleshooting users problems, you may need to reference the actual network conguration documentation. In this topic, you will identify conguration management documentation. In case of a disaster, it is imperative that you already have critical documentation in place that will help you rebuild as quickly as possible. Without detailed documentation, you would have to rely on memory to determine your network layout, which would likely be very time consuming, costly, and ultimately inaccurate. A complete set of conguration documentation will give you a solid base from which you can begin rebuilding your network.
Network Administration
Network Administration
Network administration covers support functions required to manage a network. These include functions that do not involve performing changes such as conguring and tuning or the running of the actual network. Administration of a network includes activities such as designing the network, tracking its usage, assigning addresses, planning upgrades to the network, taking service orders from end users and customers, keeping track of network inventory, collecting accounting data, and billing customers.
482
LESSON 14
Conguration Management
Conguration management addresses setting up and changing the conguration of the network and its components. The information on conguration management is present on managed objects such as switches and routers. Conguration management therefore involves the setting up of parameters for these devices. There are three congurations of the network. The rst one is the static conguration, which is the permanent conguration of the network. The second conguration is the current running conguration. The third conguration is the planned conguration, when the conguration data changes as the network changes. Conguration management is the application of network management that focuses on maintaining a database of the hardware and software components on a network. The database stores a detailed inventory of network elements such as the part number, version number, description, wire schemes, and a record of the network topology being implemented. The database is updated as the network grows or shrinks. The arp command facilitates in updating this database because it can discover any new network component having an IP address.
Conguration Management
Figure 14-7: A configuration management database that stores information about the network topology.
Network Documentation
Although each network is unique, there are common documents that each network administrator should have at hand.
Network Documentation
Document
Network maps Device information
Used to
Provide the location and routing information for network devices. They are also known as network diagrams. List the hardware, software, and conguration information for each device on the network. This includes serial numbers and software license keys, unique identications, and date. Changes to device information should be noted and dated as they occur. Special cases should be called out so that a new network administrator can come up to speed quickly.
483
LESSON 14
Document
Utilization statistics Policies and procedures
Used to
Provide usage logs and reports to measure network utilization and performance. Provide guidelines and the appropriate method for performing network management tasks. Documented procedures can include: hardware selection, new user creation, security policies and procedures, and troubleshooting tips.
Physical Network Diagrams

Physical Network Diagrams
Denition: A physical network diagram is a diagrammatic representation of the locations of all network devices and endpoints, and depicts their connections with one another. A network diagram illustrates the physical relationship between nodes, but not necessarily their exact location in a building or a oor. A physical network diagram typically depicts: Example: Routers and switches Servers Workstations, printers, and fax machines Remote access equipment Firewalls Wireless access points Cable management information CSU/DSU
Figure 14-8: A physical network diagram.
484
LESSON 14
Floor Plans You may also want to include a oor plan in your physical network diagram. A oor plan or physical layout should also include the locations of the demarc, wiring closets, and cable runs. Wiring Schematic Network wiring schematic or wiring diagram is a combination of a oor plan and a physical network topology diagram. As with physical network diagrams, you can see the nodes on the network and how they are physically connected. Schematics show the nodes and network wiring superimposed on a oor plan of the facility with the actual equipment and cables depicted on the schematic in their real-world locations. Just as it is possible to follow a map from one place to another, it should be possible to use a wiring schematic to locate nodes and follow wires within a facility. The schematic is usually drawn to scale so that it is easy to estimate distances and locate drops, wiring closets, and cable runs. Cable management techniques and tools can be used to group and organize cables together to keep them out of the way and hidden from the general working space. IT Asset Management IT asset management is the set of management policies that include information about the nancial and contractual specications of all the hardware and software components present in an organizations inventory. Some organizations have exclusive asset management for hardware and software components.
Logical Network Diagrams

A logical network diagram documents the protocols and applications that control the ow of network traffic. Logical network diagrams do not attempt to depict the physical relationship of the nodes; rather, they show how the data should move, regardless of the physical implementation. A logical network diagram depicts: IP addresses of each network device FQDN of a device Application type of each server Trust relationships that exist between nodes The routing topology
Logical Network Diagrams
485
LESSON 14
Figure 14-9: A logical network diagram.
Critical Hardware and Software Inventories

Critical Hardware and Software Inventories
Hardware and software inventories provide insurance documentation and help determine what you need to rebuild the network.
Hardware Inventory Entry

Standard workstation
Information to Include
A basic description of a standard client workstation. Include minimum requirements and the installed operating system as well as how many workstations of this type are deployed. For workstations that deviate from the norm, be sure to document the deviations. A description of any specialty workstations deployed. Include a brief description of their roles and special congurations implemented on them. A list of the basic server hardware conguration and the role of these servers. List their internal hardware and any special conguration settings and software. Include a conguration list for the operating system. A list of all connectivity hardware in as much detail as possible. This includes the device brand and model numbers, but a description of each feature ensures that replacements can be made without research. Document critical information about backup hardware, such as the vendor and model number of a tape drive, backup hard drives, DVD drives, and network attached storage, if applicable.
Specialty workstation
Basic server
Connectivity hardware
Backup hardware
The critical inventory includes various software elements of a network.
486
LESSON 14
Software Inventory Entry
Operating system software
Information to Include
All operating system software, including desktop and server operating systems. Include documentation on licensing and copies of the bulk licenses, if possible. Many vendors retain records of software licenses sold to their customers. If this is the case, include this fact in your documentation. Off-the-shelf productivity software, including any applications installed on client machines and servers. The utilities used to maintain a network, especially backup software and software conguration. Records of when backups were made, how frequently to make them, what backups contain, where backups are stored, and credentials needed to restore backups. Document the backup software and version. Special setup and conguration considerations need to be documented too. If your company maintains an overall asset inventory, attach a copy. Many companies use the inventory as a base to track hardware and maintenance. This usually includes most of the information needed.
Productivity and application software Maintenance utilities Backup documentation
Overall asset inventory
Network Policies
Denition: A network policy is a formalized statement or set of statements that denes network functions and establishes expectations for users, management, and IT personnel. It describes, in detail, the acceptable use policies of network equipment for a particular organization, including the appropriate methods to maintain, upgrade, and troubleshoot the network. Policies may also include specic information about security and network functioning such as the use of removable drives and other detachable media, instant messaging, wireless devices, the Internet, backup storage, network monitoring procedures, and vendor agreements. Network policies may include other areas of network functioning depending on the size and needs of an organization.
Network Policies
487
LESSON 14
Example:
Figure 14-10: Network policy defines network functioning. Network Policy Components Each subsection of a network policy typically consists of several standard components.
Policy Component
Policy statement Standards Guidelines Procedures
Description
The policy statement outlines the plan for individual components. Standards dene how to measure the level of adherence to the policy. Policy guidelines are suggestions, recommendations, or best practices for how to meet the policy standard. Procedures are step-by-step instructions that detail how to implement components of the policy.
Legal Compliance Requirements and Regulations

Legal Compliance Requirements and Regulations
All organizations must consider their legal obligations, rights, liabilities, and limitations when creating policies. Because incidents can potentially be prosecuted as technology crimes, organizations must be prepared to work with civil authorities when investigating, reporting, and resolving each incident. Information security practices must comply with legal requirements that are documented in other departmental policies, such as human resources. A companys response to any incident must conform to the companys legal limitations as well as the civil rights of individuals involved. Types of Legal Requirements Legal issues can affect different parties within each organization.
488
LESSON 14
Affected Party
Employees
Legal Considerations
Who is liable for misuse of email and Internet resourcesthe organization, the employee, or both? What is the extent of liability for an organization for criminal acts committed by its employees? What rights to privacy do employees have regarding electronic communications? What customer data is considered private and what is considered public? How will a company protect the privacy and condentiality of customer information? Who is liable if the data resides in one location and processing takes place in another location? Who is responsible for the security and privacy of the information transmitted between an organization and a business partnerthe sender or the receiver?
Customers
Business partners
Network Baselines
Denition: A baseline is a record of a systems performance statistics under normal operating conditions. A network baseline documents the networks current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding system performance, and provide evidence for upgrading systems to improve performance. Example: Network Baseline Implementation For example, if a company is expanding a remote office that is connected to the corporate office with a fractional T1, the baseline can help determine if there is enough reserve bandwidth to handle the extra user load, or if the fractional T1 needs to be upgraded to a full T1.
Network Baselines
The Network Baselining Process

Creating and applying a baseline is a cyclical process. The network baselining process consists of eight steps.
The Network Baselining Process
489
LESSON 14
Figure 14-11: The process of baselining a network.
Step
Step 1: Evaluate network Step 2: Design tests
Description
Decide what statistics to measure to evaluate the networks current performance levels. You will evaluate a network that primarily provides le access differently than you would one that hosts web servers. Develop a suite of tests that reveal the networks performance level. Make the tests consistent to yield scalable results, speeds, percentages, and other information. Avoid tests that do not show improvement or degradation of performance as these may not affect the baseline. Determine when and how frequently to run the tests. The tests should include a sampling of different network usage levels, including peak and off-peak usages, and should be run over a period of time to present a realistic prole. Run the tests on the network at the scheduled times. Document test results. Record the data in a format that can be used for comparison with future tests. Analyze the data to identify bottlenecks, which are parts of the system that perform poorly as compared to other components and reduce the overall system performance. Repeat the tests at regular intervals or when network performance is low. If the performance data compares unfavorably to the baseline, try to identify the cause and troubleshoot the problem. Upgrade or recongure components on an ongoing basis to remove bottlenecks, and repeat the tests to establish new baseline values.
Step 3: Schedule tests
Step 4: Run tests Step 5: Document results Step 6: Analyze data
Step 7: Repeat tests
Step 8: Upgrade as needed
Baseline Customization The number, type, and frequency of tests performed and recorded in the baseline will vary depending upon the systems and the needs of the organization. The organization must also decide how often to establish a new baseline to reect current performance.
490
LESSON 14
Baseline Logging Typically, you will record baseline measurements to a log le that you can review later, rather than examining the measurements in real time. Most performance or network monitoring systems enable you to save log data. For example, in Windows Server 2008 R2, Performance Monitor gives you the option to record data directly to log format. When you log data in Performance, you can select all counters for a selected object, or specic counters. You can examine the counter values by selecting the counters to add when you open the log le in Chart view.
ACTIVITY 14-2
Using Performance Monitor to Establish a Baseline
This is a simulated activity that is available on the CD-ROM that shipped with this course. You can run this simulation on any Windows computer. The activity simulation can be launched either directly from the CD-ROM by clicking the Interactives link and navigating to the appropriate one, or from the installed data le location by opening the C:\Data\Simulations\Lesson#\Activity# folder and double-clicking the executable (.exe) le.
Scenario: A part of your regular duties on your companys network support team is to take and record baseline performance measurements for key systems on your network. The next system you are scheduled to baseline is a corporate le server running on Windows Server 2008 R2. This system is a dedicated le server, and does not run any special services.
491
LESSON 14
What You Do 1. Create and set up the performance log. How You Do It a. Choose StartAdministrative Tools Performance Monitor. b. On the left pane, expand Data Collector Sets. c. Select the User Defined object and choose ActionNewData Collector Set. d. In the Create new Data Collector Set. dialog box, in the Name field, type Baseline and click Next. e. In the Template Data Collector Set list, click Basic and click Next. f. Accept the default settings for saving data by clicking Next and then clicking Finish.
g. In the right pane, double-click the Baseline object. h. Right-click Performance Counter and choose Properties. i. In the Performance Counter Properties window, on the Performance Counters page, with the \Processor(*)\* item selected, click Remove. Click Add to add a new performance counter.
j.
k. In the Available counters section, scroll up and expand the Memory object. l. Click Add.
m. Click OK.
492
LESSON 14
2. Create the log file and set its parameters. a. In the Performance Counter Properties dialog box, in the Log format drop-down list, verify that Binary is selected and in the Sample interval text box, double click and type 15 b. Verify that the Units drop-down list displays Seconds and select the File tab. c. Click the button next to the File name format text field. d. Select yyyy Full year including century. e. Click the button next to the File name format text field. f. Select MM Numeric month with leading zero.
g. Click the button next to the File name format text field. h. Select dd Day of the month with leading zeros. i. Check the Prefix file with computer name check box. Observe that in the Example file name text box, a log file name appears that displays the criteria just selected. In the Log mode section, check Overwrite.
j.
k. Click Apply and then click OK. 3. Track server activity with the log. a. In the left navigation pane, right-click Baseline and choose Start. Verify that a green arrow appears over the icon, indicating that the monitor is running. b. Run the log for 5 or 10 minutes, while you generate system activity by opening and closing programs, documents, and connecting to other systems on the network. c. On the left pane, click Performance Monitor. d. Observe the graph that is plotted.
493
LESSON 14
4. Examine the log data. a. In the left navigation pane, expand ReportsUser Defined and then click Baseline. b. In the right navigation pane, double-click the object that displays todays date. c. In the Application Counters row, click the arrow on the right side to expand that section of the report. d. Observe that this report provides baseline information for the counters you specified, as each counter gets a Mean, Minimum, and Maximum score. Close the Performance Monitor window.
TOPIC C
Network Performance Optimization
Now that you have determined your conguration and baseline measurements, you may want to make changes to the network conguration or utilization to increase performance. In this topic, you will review techniques for network performance optimization. If all you did was to monitor the network and take baseline measurements, the data you gathered would be relatively useless. You need to use the data to tweak the performance of existing systems and make the necessary changes to ensure that the network performs to its peak efficiency. This, in turn, provides higher availability of data and resources to your users and optimizes the performance.
QoS
QoS
Quality of Service (QoS) is a set of parameters that controls the quality provided to different types of network traffic. QoS parameters include the maximum amount of delay, signal loss and noise that can be accommodated for a particular type of network traffic, bandwidth priority, and CPU usage for a specic stream of data. These parameters are agreed upon by the transmitter and the receiver, the transmitter being the ISP and the receiver being the subscriber. Both the transmitter and receiver enter into an agreement known as the Service Level Agreement (SLA). In addition to dening QoS parameters, the SLA describes remedial measures or penalties to be incurred by an ISP in the event that the ISP fails to provide the QoS promised in the SLA.
494
LESSON 14
Figure 14-12: QoS controls the quality provided to different types of network traffic.
The Need for QoS

The amount of data being transmitted over networks is rising every day. Also, the type of data being transferred is changing. Traditional applications such as FTP and Telnet are now outnumbered by real-time multimedia applications such as IP telephony, multimedia applications, and videoconferencing. FTP and Telnet are very sensitive to packet loss but are tolerant to delays in data delivery. The reverse is applicable to multimedia applications; they can compensate for some amount of packet loss, but are very sensitive toward delays in data delivery. Therefore, an optimum usage of bandwidth becomes very critical while dealing with multimedia applications. Low bandwidth may result in a bad quality transmission of real-time applications, leading to dropouts or data loss. To avoid this, certain parameters were developed to prioritize bandwidth allocation for real-time applications on networks, such as the Internet, and guarantee a specic QoS.
The Need for QoS
Figure 14-13: Bandwidth is prioritized to provide better QoS.
QoS Parameters
Several parameters affect QoS on a network.
QoS Parameters
495
LESSON 14
Parameter
Bandwidth Latency
Description
Network bandwidth is the average number of bits of data that can be transmitted from a source to a destination over the network in one second. Latency, also called lag or delay, is the time difference between transmission of a signal and when it was received. Some delay is inevitable; packets are held up in queues, or take less congested routes that take longer, but excessive delay can render applications insensitive to delay. To account for latency on a network, technicians need to consider the applications that will predominantly use the network, and design the network with devices that allow for lower processing delays or provision for bandwidth expansion when needed. Latency can be minimized by increasing the network bandwidth, fragmenting data packets, or prioritizing data on a network. Jitter is the variability over time in latency between sequentially transmitted data packets. Packets are delayed when processed in queues and routers along the transmission route and often reach the destination at variable times. Although packets are sent continuously with even spacing, the spacing becomes uneven because the delay between each packet is variable due to network congestion, improper queuing, or errors in conguration. The variation in the arrival of packets pauses the conversation and garbles the speech. A very low amount of jitter is important for real-time applications using voice and video. Jitter is resolved using the dejitter or play-out delay buffer. This buffer stores packets and plays them into a steady stream so that they are converted into a proper analog stream. However, dejitter buffers increase latency on a network. Packet loss is the number of packets that are lost or damaged during transmission. Packets can be dropped when they arrive at a destination that has buffers that are already full. To minimize packet loss, the receiving application asks for a retransmission of packets. Unfortunately, this can add to latency. Echo is a reected sound, a distinct repetition of the original sounda familiar phenomenon in phone calls when you hear your own voice after a few milliseconds (ms). Echoes can occur during many locations along the route. Splices and improper terminations in the network can cause a transmission packet to reect back to the source, which causes the sound of an echo. To correct for echo, network technicians can introduce an echo canceller to the network design. This will cancel out the energy being reected.
Jitter
Packet loss
Echo
Latency Sensitivity Some applications, protocols, and processes are sensitive to the time it takes for their requests and results to be transmitted over the network. This is known as latency sensitivity. Examples of latency sensitive applications include VoIP, video conferencing, and other real-time applications. In a VoIP, high latency can result in an annoying and counterproductive delay between a speakers words and the listeners reception of those words. Network management techniques such as QoS, load balancing, traffc shaping, and caching can be used to optimize the network and reduce latency for sensitive applications. By regularly testing for latency and monitoring those devices that are susceptible to latency issues, you can provide a higher level of service to users.
496
LESSON 14
Traffic Shaping
Traffc shaping, also known as bandwidth shaping is a mechanism in QoS for introducing some amount of delay in traffic that exceeds an administratively dened rate. Traffic shaping smooths down traffic bursts that occur when the transmitter sends packets at a rate higher than the capacity of the receiver. During such times, packets are stored in a buffer and released after a specic time interval. Traffic shaping is implemented on edge devices, before packets enter the core network. Traffic shaping does not drop packets and is implemented only on the outbound interface of a device, whereas traffic policing can be implemented on both outbound and inbound interfaces. Traffic Policing Traffc policing is the method of governing and regulating a ow of packets in conformity with the standards and limits specied in the SLA. Packets not conforming to the SLA are either dropped or marked to a lower precedence value.
Trafc Shaping
Load Balancing
Another network performance optimization method is load balancing. Load balancing is a method of dividing work among the devices on a network. By sharing the work, more resources are available and data is processed faster. By balancing the workload between devices, all devices in the network perform at their optimum efficiency. Often, a dedicated program or hardware device is used to balance the load on different devices. Clustering servers is also another way to create load balancing. In a cluster, a main server is used to determine which server in the cluster will provide the data processing capability. Load balancers are stand-alone network devices that perform load balancing as their primary function.
Load Balancing
Figure 14-14: Load balancing spreads out work among devices in a network.
497
LESSON 14
High Availability
High Availability
High availability is a rating that expresses how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high-level of system performance. High availability systems are usually rated as a percentage that shows the proportion of uptime to total time.
Figure 14-15: A storage system providing high availability for users. Availability Rating Five nines and other availability rating gures are determined through a series of industry-standard calculations that take into account a variety of factors, such as the amount of time between failures and the time required to restore the system.
Caching Engines
Caching Engines
Denition: A caching engine is an application or a service that stores, or indexes data in order to provide faster responses to requests for that data. Rather than having to run a database query or send a request to a web server every time data is needed, caching engines retrieve the data and store it until it is requested. The engine uses various parameters to determine when it should update the cached data, and is usually congured to deliver the most up-to-date information available. Caching engines are useful for responding to requests for frequently-used data. The presence of a caching engine is usually hidden to both the requester and originator of data.
498
LESSON 14
Example:
Figure 14-16: A caching engine indexes data.
High-Bandwidth Applications
A high-bandwidth application is a software application or program that requires large amounts of network bandwidth for data transmission. With these high-intensity, high-bandwidth applications, bandwidth issues will become more frequent, resulting in degradation of QoS on a network. High-bandwidth applications can be managed by ensuring a certain amount of bandwidth availability for them. High-bandwidth applications can include: VoIP HDTV Real-time video And, multimedia
High-Bandwidth Applications
Figure 14-17: A high-bandwidth application consumes large amounts of network bandwidth.
Factors Affecting a QoS Implementation

Proper QoS mechanisms ensure that a network performs at the desired level and delivers predictable results to its users. There are various factors that affect the QoS implementation on a network.
Factors Affecting a QoS Implementation
499
LESSON 14
Factor
Packet classication
Description
Each packet coming to a router is classied based on its QoS requirements. This classication enables the router to process the packet based on its resource requirement. For example, a packet classied as FTP will need less bandwidth than a packet classied as IP telephony. An application requests the required amount of network resources, and it must always adhere to this request. An application must not send packets at a rate more than what was requested. In order to make sure the application is adhering to the parameters, policing of packets is implemented at the routers end. A network may receive both data and voice packets simultaneously. It is the network devices responsibility to appropriately allocate resources to both these types of data. Once a network receives a QoS request, it veries the available network resources to see if it can provide the required quality. In case of unavailability of network resources, the network can deny the request.
Policing
Resource allocation
Call admission
ACTIVITY 14-3
Identifying Network Performance Optimization Techniques
Scenario: In this activity, you will identify network performance optimization techniques.
1.
Which QoS parameter represents inconsistency in packet delivery? a) Bandwidth b) Latency c) Jitter d) Packet loss
2.
Match the network performance optimization method with its function.
b a c
Traffic shaping Load balancing Caching engine
a. Spreading out work among devices. b. Controlling the ow of packets over a network. c. Indexing data to provide faster responses to requests.
500
LESSON 14
3. Which are examples of latency sensitive applications? a) VoIP b) Video conferencing c) Online gaming d) Email 4. Which statements are true of QoS? a) A set of parameters that controls the quality provided to different types of wireless network traffic. b) QoS parameters are agreed upon by the transmitter and the receiver, the receiver being the ISP and the transmitter being the subscriber. c) QoS parameters include the maximum delay, signal loss, and noise that can be accommodated for a type of network traffic, bandwidth priority, and CPU usage for a specific stream of data. d) The transmitter and receiver enter into a Service Level Agreement to ensure QoS.
Lesson 14 Follow-up
In this lesson, you identied a number of system monitoring tools that will help to determine your networks baseline and optimize its performance. This will help you monitor your network and ensure that there is low downtime and critical services are available to meet the needs of the users of your network.
1. What network optimization tools, methods, or techniques do you think will be most important to you as you manage your organizations network for optimal performance? Answers will vary, but may include log files, protocol analyzers, physical security, monitoring tools, and port filtering. 2. What network monitoring activities are you likely to perform in your organization? Answers will vary, but may include protocol analyzing, system performance monitoring, traffic filtering, and port filtering.
501
NOTES
502
LESSON 15
LESSON 15
Network Troubleshooting
In this lesson, you will describe troubleshooting of issues on a network. You will: List the components of a troubleshooting model. Describe various utilities for troubleshooting networks. Describe major hardware troubleshooting tools. Identify the causes and solutions of common network connectivity issues.
Lesson 15: Network Troubleshooting
503
LESSON 15
Introduction
So far in this course, you have learned about all the different components, theories, technologies, and tasks that a network administrator will draw upon to perform job functions. One of the most important of those functions, which requires knowledge about all aspects of the network, is network troubleshooting. In this lesson, you will identify major issues, models, tools, and techniques in network troubleshooting. Network problems can arise from a variety of sources outside your control. As a network professional, your users, your managers, and your colleagues will all look to you to identify and resolve those problems efficiently. To do that, you will need a strong fundamental understanding of the tools and processes involved in troubleshooting a network. This lesson covers all or part of the following CompTIA Network+ (Exam N10-005) certication objectives: Topic A: 1.8 Given a scenario, implement the following network troubleshooting methodology. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 1.4 Explain the purpose and properties of routing and switching. 2.1 Given a scenario, install and congure routers and switches. 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues. 1.2 Classify how applications, devices, and protocols relate to the OSI model layers. 3.1 Categorize standard media types and associated properties. 3.8 Identify components of wiring distribution. 4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues. 4.4 Given a scenario, use the appropriate network monitoring resource to analyze traffic. 2.2 Given a scenario, install and congure a wireless network. 2.4 Given a scenario, troubleshoot common wireless problems. 2.5 Given a scenario, troubleshoot common router and switch problems. 3.6 Given a scenario, troubleshoot common physical connectivity problems. Topic B:
Topic C:
Topic D:
504
TOPIC A
Network Troubleshooting Models
You have learned about monitoring and implementing fault tolerance on a network. Despite these measures, unforeseen issues do arise on a network that requires you, as a network professional, to identify and troubleshoot issues. The rst step in troubleshooting your network is to select a troubleshooting model. In this topic, you will list the components of a network troubleshooting model. Because troubleshooting network problems is such a big part of a network administrators or network professionals job, you should always use a systematic approach to problem-solving. Troubleshooting models provide you with processes on which to base your troubleshooting techniques. Learning and using a troubleshooting model can help you resolve problems speedily and effectively.
LESSON 15
Troubleshooting
Troubleshooting is the recognition, diagnosis, and resolution of problems. Troubleshooting begins with the identication of a problem, and does not end until services have been restored and the problem no longer adversely affects users. Troubleshooting can take many forms, but all approaches have the same goal: solving a problem efficiently with a minimal interruption of service.
Troubleshooting
Figure 15-1: Steps in the troubleshooting process.
Troubleshooting Models
Denition: A troubleshooting model is a standardized step-by-step approach to the troubleshooting process. The model serves as a framework for correcting a problem on a network without introducing further problems or making unnecessary modications to the network. Models can vary in the sequence, number and name of the steps involved, but all models have the same goal: to move in a methodical and repeatable manner through the troubleshooting process.
Troubleshooting Models
505
LESSON 15
Example:
Figure 15-2: Resolution of user issues using the troubleshooting model.
The Network+ Troubleshooting Model

There are seven steps in the CompTIA Network+ troubleshooting model.
Figure 15-3: Steps in the CompTIA troubleshooting model. Troubleshooting Documentation Some of the things you might want to include in a troubleshooting documentation template are: A description of the initial trouble call, including date, time, who is experiencing the problem, and who is reporting the problem. A description of the conditions surrounding the problem, including the type of computer, the type of NIC, any peripherals, the desktop operating system and version, the network operating system and version, the version of any applications mentioned in the problem report, and whether or not the user was logged on when the problem occurred. Whether or not you could reproduce the problem consistently. The exact issue you identied. The possible cause or causes you isolated. The correction or corrections you formulated.

506
LESSON 15
The results of implementing each correction you tried. The results of testing the solution. Any external resources you used, such as vendor documentation, addresses for vendor and other support websites, names and phone numbers for support personnel, and names and phone numbers for third-party service providers.
ACTIVITY 15-1
Discussing Troubleshooting Models
Scenario: In this activity, you will discuss elements of the Network+ troubleshooting model.
1.
Users on the third floor cannot connect to the Internet, but they can log on to the local network. What should you check first? a) Router configuration tables. b) If viruses exist. c) If users on other floors are having similar problems. d) If the power cable to the switch is connected.
2.
You reinstall the operating system for a user who is having problems. Later, the user complains that she cannot find her familiar desktop shortcuts. What step of the troubleshooting model did you omit? a) Documenting findings, actions and outcomes. b) Verifying full system functionality and implementing preventative measures. c) Testing the theory to determine cause. d) Establishing a plan of action to resolve the problem.
3.
Which techniques will help you establish a theory of probable cause of the problem? a) Ask the user open-ended questions about the problem. b) Try to replicate the problem on a nearby workstation. c) Make a list of problems that can all cause the same symptoms. d) Find out if users in other parts of the building are facing the same problem.
4.
A user calls to say that his computer will not boot. He mentions that everything was fine until a brief power outage on his floor. What stage of the troubleshooting model can this information help you with most directly? a) Establishing a theory of probable cause. b) Establishing a plan of action to resolve the problem. c) Documenting findings, actions and outcomes. d) Identify the problem.
507
LESSON 15
5. A user calls the help desk and says he is unable to open a file. You are not able to visit the users workstation because he is in a different location. What are the first steps you need to take to diagnose the problem? You need to detail the problem. You then need to define the specific symptoms of the problem so that you can begin to consider potential causes; you need to find out if other users are affected and, if so, who; and you need to find out if anything has changed on the users system or the network since he last accessed the file. 6. What are some of the questions you should ask? Ask the user to describe his system and his physical location. What application is he using to open the file? Can he open other files with that application? If so, the problem is with the file and not the software. Ask him to describe the specific problem he is having. Can he find the file but receives an error when he opens it? Or does the file open but looks corrupted? To localize the problem, ask where the file is saved; is it on a local disk or on a network drive? Can he open other files from that location? If not, it may be a problem with the storage media itself. Or is it in an email attachment? Find out when he could last open the file, if ever. If he could open the file previously, find out anything that might have occurred since that time to change the situation. If the file is in a network location, review network activity logs to see if there have been any issues or changes to that server. 7. Through your diagnostic questions, you establish that the file is a word-processing document stored on a network file server. The user last accessed the file three months ago. By reviewing the activity logs on the file server, you find that there is a bi-monthly cleanup routine that automatically backs up and removes user data files that have not been accessed since the last cleanup date. The backups are stored in an offsite facility for one year. Given this information, what is your action plan, how will you implement it, and what potential side effects of the plan do you need to consider? You need to locate the tape backup containing the archived copy of the document and restore it to the network location. You might need to work with your companys network storage administrator to identify the tape and retrieve it from the offsite storage location. You need to ensure that you identify the correct file and restore only that file so that you do not overwrite other data. Also, you need to consider the version compatibility of the backup that you are trying to restore. 8. What steps should you take to test, verify, and document the solution? Ensure that the user can open the restored file and that its contents are correct. Check the modification dates of other files in the restore location to ensure that you have not inadvertently overwritten an existing file with an archived copy. Enter the information from the service call in your service form and file it as prescribed by your companys help desk policies.
508
TOPIC B
Network Troubleshooting Utilities
In the previous topic, you learned how to apply a structured troubleshooting model. To implement your model, you will utilize various troubleshooting utilities. In this topic, you will identify the functions of network troubleshooting utilities. It does not pay to try to drive in a nail with a screwdriver or loosen a bolt with a hammer. Knowing the right tool for the job is an important part of correcting any problem. As a networking professional, you will need to be familiar with the uses of several tools. With TCP/IP being the most commonly implemented network protocol today, the TCP/IP utility suite will often be the rst place you will turn to start guring out a network communication problem and xing it.
LESSON 15
Troubleshooting with IP Conguration Utilities

With TCP/IP networking problems, a common rst step is to verify that the hosts IP addressing information is correct. Use ipconfig or ifconfig, as appropriate, to determine if the host is congured for static or dynamic IP addressing and if it has a valid IP address. If the host is getting an incorrect dynamic IP address and you believe there is a valid DHCP server, you can use the utility to release and renew the address.
Troubleshooting with IP Conguration Utilities
Figure 15-4: The ipconfig utility.
The ping Utility

Use the ping utility as an initial step in diagnosing general connectivity problems. The steps can include: Ping the loopback address (127.0.0.1) to test whether TCP/IP has initialized on an individual system. Ping a specic system to verify that it is running and is connected to the network. Ping by IP address instead of host name to determine if it is a problem related to name resolution. Localize the problem: Ping the local loopback address. Ping the systems own IP address. Ping the address of the default gateway.
509
The ping Utility
LESSON 15
And, ping the address of a remote host.
Figure 15-5: Successful and unsuccessful responses using the ping utility. ping Responses When you ping a computer, it will respond with one of the following responses: Normal response: The computer responds normally with requested data for different parameters. Destination unreachable: The target computer was identied but was not reachable by the default gateway. Unknown host: The target computer is unknown and is not reachable. Destination does not respond: There was no response to the ping. Network or host unreachable: The routing table does not contain an entry for the network or host.
The traceroute Utility

The traceroute Utility
If you cannot connect to a particular remote host, you can use traceroute to determine where the communication fails. Issue a traceroute command from the local machine to see how far the trace gets before you receive an error message. Using the IP address of the last successful connection, you will know where to begin troubleshooting the problem, and potentially even pinpoint a specic failed device. UNIX and Linux systems use the traceroute command, while on Windows, the tracert utility provides similar functionality.
510
LESSON 15
Figure 15-6: tracert output of ourglobalcompany.com
The arp Utility

The arp utility supports the ARP service of the TCP/IP protocol suite. It enables an administrator to view the ARP cache and add or delete cache entries. It is also used to locate a nodes hardware address. Any added entry becomes permanent until it is deleted or the machine is shut down. arp can be used both to help troubleshoot duplicate IP address problems and to diagnose why a workstation cannot connect to a specic host. If a host is reachable from one workstation but not from another, you can use the arp command on both workstations to display the current entries in the ARP table. If the MAC address on the problem workstation does not match the correct MAC address, you can use arp to delete the incorrect entry. On both UNIX and Windows systems, the arp -a command will return a tabular listing of all ARP entries in the nodes ARP cache.
The arp Utility
Figure 15-7: The ARP cache entries. arp Options There are several options available for use with arp. They follow the syntax: arp [option]
511
LESSON 15
Option
inet_addr eth_addr if_addr -a -g -N if_addr -d -s inet_addr eth_addr
Description
Used with other options to specify an Internet address. Used with other options to specify a physical address. Used with other options to specify the Internet address of the interface whose ARP table should be modied. Displays the current ARP entries in the cache. Can add inet_addr to specify a particular IP address. Displays the same information as the -a option. Displays the ARP entries for the network interface specied by if_addr. Deletes a single host entry if followed by if_addr. Deletes all host entries if followed by *. Add a host. The Internet address is set by adding an inet_addr value and the physical address is set by adding an eth_addr value.
arp and ping commands arp can be used in conjunction with ping to troubleshoot more complex network problems. If you ping a host on the network and there is no reply, the host may not necessarily be unavailable. The increased use of rewalls today can prevent a ping from returning accurate information. Instead, you can use the arp command to nd the host by the MAC address and bypass the IP address resolution. ARP Cache The ARP cache is a table used for maintaining the correlation between each MAC address and its corresponding IP address. To reduce the number of address resolution requests, a client normally has all addresses resolved in the cache for a short period of time. The ARP cache is of a nite size; if no limit is specied, all incomplete and obsolete entries of unused computers will accumulate in the cache. The ARP cache is, therefore, periodically ushed of all entries to free up memory.
The NBTSTAT Utility

The NBTSTAT Utility
NBTSTAT is a Windows utility that is used to view and manage NetBIOS over TCP/IP (NetBT) status information. It can display NetBIOS name tables for both the local computer and remote computers, and also the NetBIOS name cache. The table names enable you to verify the connection establishment. With NBTSTAT, you can refresh the NetBIOS name cache as well as the names registered with the WINS server. NBTSTAT can be very helpful in identifying problems that are specic to Windows computers that use NetBIOS naming. NBTSTAT was developed specically as a NetBIOS diagnostic tool, and it displays NetBIOS information that is not available with other TCP/IP utilities.
512
LESSON 15
Figure 15-8: Output of the NBTSTAT utility. NBTSTAT Options There are several case-sensitive options you can use with the NBTSTAT command. They follow the syntax: NBTSTAT [option]
Option
-a [RemoteName] -A [IPAddress] -c -n -r -R -S -s -RR
Description
Displays the NetBIOS name table of the remote computer specied by the name. Displays the NetBIOS name table of the remote computer specied by the IP address. Displays the NetBIOS name cache of the local computer. Lists the local NetBIOS name table along with the service code, type, and status. Lists NetBIOS names resolved by broadcast and via WINS. Purges the cache and reloads static entries from the LMHOSTS le. Lists NetBIOS connections and their state with destination IP addresses. Lists NetBIOS connections and their state, converting destination IP addresses to computer NetBIOS names. Sends name release packets to the WINS server and then starts refresh.
The NETSTAT Utility

The NETSTAT utility shows the status of each active network connection. NETSTAT will display statistics for both TCP and UDP, including protocol, local address, foreign address, and the TCP connection state. Because UDP is connectionless, no connection information will be shown for UDP packets.
The NETSTAT Utility
513
LESSON 15
Figure 15-9: Output of the NETSTAT utility. NETSTAT is a versatile troubleshooting tool that can serve several functions. You can: Use NETSTAT to nd out if a TCP/IP-based program, such as SMTP or FTP, is listening on the expected port. If not, the system might need to be restarted. Check statistics to see if the connection is good. If there is a bad connection, this usually means there are no bytes in the send or receive queues. Use statistics to check network adapter error counts. If the error count is high, it could be a problem with the card, or could indicate generally high network traffic. Use NETSTAT to display routing tables and check for network routing problems.
NETSTAT Options There are several options available to use with the NETSTAT command.
Option
-a -e -n -o -p [protocol]
Displays
All connections and listening ports. Ethernet statistics. Addresses and port numbers in numerical form. The process ID associated with each connection. Connections for the protocol specied in place of [protocol] in the command syntax. The value of the [protocol] variable may be TCP, UDP, TCPv6, or UDPv6. The routing table. Statistics grouped by protocolIP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6. Refreshes and redisplays the statistics specied in the command at the stated number of seconds specied in place of [interval] in the code syntax. Ctrl+C stops the command from refreshing.
-r -s [interval]
514
LESSON 15
Socket States NETSTAT will display one of several states for each socket.
A SYN packet contains information regarding the return path for the data.
Socket State
SYN_SEND SYN_RECEIVED ESTABLISHED LISTEN FIN_WAIT_1 TIMED_WAIT CLOSE_WAIT FIN_WAIT_2 LAST_ACK CLOSED
Description
Connection is active and open. The server just received the synchronize ag set (SYN) from the client. The client received the servers SYN and the session is established. The server is ready to accept a connection. The connection is active, but closed. The client enters this state after FIN_WAIT_1. Passive close. The server just received FIN_WAIT_1 from a client. The client just received an acknowledgement of its FIN_WAIT_1 from the server. The server is in this state when it sends its own FIN. The server received an acknowledgement (ACK) from the client and the connection is closed.
The Nslookup Utility

The nslookup utility is used to test and troubleshoot domain name servers. Nslookup has two modes: the interactive mode enables you to query name servers for information about hosts and domains, or to print a list of hosts in a domain. The non-interactive mode prints only the name and requested details for one host or domain. The non-interactive mode is useful for a single query.
The Nslookup Utility
Figure 15-10: Output of the nslookup utility. You can use nslookup to display information about DNS servers. You can verify that: The system is congured with the correct DNS server. The server is responding to requests. The entries on the server are correct.
515
LESSON 15
And, the DNS server can communicate with other servers in the DNS hierarchy to resolve names.
nslookup Support nslookup is available on UNIX, and on all Windows systems except for older versions of Windows namely Windows 9x and Windows ME. nslookup Syntax The syntax for the nslookup command is nslookup [-option ...] [computer-to-find | - [server]]. To enter the interactive mode of nslookup, type nslookup without any arguments at a command prompt, or use only a hyphen as the rst argument and specify a domain name server in the second. The default DNS name server will be used if you do not enter anything for the second argument. To use the non-interactive mode, in the rst argument, enter the name or IP address of the computer you want to look up. In the second argument, enter the name or IP address of a domain name server. The default DNS name server will be used if you do not enter anything for the second argument. DIG Utility Domain Internet Groper (DIG) is a UNIX/Linux command-line tool that can be used to display name server information. Some experts consider it to be generally easier to use than nslookup, and that it supports more exible queries and is easier to include in command scripts. It is included with the BIND version of DNS, and can be downloaded from many UNIX and Linux resource sites on the Internet.
SNIPS
SNIPS
System and Network Integrated Polling Software (SNIPS) is a system and network monitoring software tool that runs on UNIX systems. It offers both a command-line and web interfaces to monitor network and system devices. The monitoring functions of SNIPS determine and report the status of services running on the network. Reports can be viewed in real time by the systems administrator through a terminal or web interface. Alarms created by SNIPS can be set to set off an alarm or to simply log the event based on monitoring levels the administrator can congure. The four monitoring levels supported by SNIPS are: info, warning, error, and critical.
Network Operations Center Online, or nocol, was Netplexs network monitoring tool that supports both a CLI and Web interface and was the predecessor of SNIPS.
516
ACTIVITY 15-2
Using the Network Troubleshooting Utilities
Scenario: In this activity, you will use various network troubleshooting utilities.
What You Do 1. Use the NETSTAT command to identify the connections that are active on your system. How You Do It a. Choose StartCommand Prompt to display the Command Prompt window. b. In the Command Prompt window, enter NETSTAT -a to identify the active connections. c. Observe the UDP connections that are listed in the output. d. If necessary, enter cls to clear the screen. 2. Use the NBTSTAT command to see the names in your NetBIOS name cache. a. In the Command Prompt window, enter NBTSTAT -c -n to view your NetBIOS name cache. b. Observe the name cache entries that are displayed in the output. c. If necessary, clear the screen. 3. Use the nslookup command to obtain the host name of the DNS server. a. In the Command Prompt window, enter nslookup to open the nslookup interactive mode. b. Enter set querytype=ptr to change the query type to pointer. c. Enter 192.168.1.##, where ## will be the IP address of your local system. d. Observe the results of the output. Enter exit to quit nslookup. e. If necessary, clear the screen.
LESSON 15
This command will take some time to execute.
517
LESSON 15
4. Use the arp command to view the entries in your systems ARP cache. a. In the Command Prompt window, enter arp /? to view the syntax of the arp command. b. In the Command Prompt window, enter arp -a | more to view the first page of the entries in your systems ARP cache. c. Press the Spacebar to view the next page of the entries in your systems ARP cache. d. Observe the entries displayed in the output. Enter exit to close the Command Prompt window.
If the students do not have many entries in their cache, have them ping other classroom computers and repeat the arp -a command.
ACTIVITY 15-3
Troubleshooting Network Problems
Scenario: You are a network administrator for OGC Financial, a medium-sized nancial company. An employee has contacted you, saying that she is unable to connect to the Internet. After checking the physical cables and verifying that everything is working correctly, you run ipconfig, and discover that the computer has been leased an IP address of 192.168.0.200. Your company uses private IP addresses that begin with 172, and so you need to start troubleshooting the problem.
1.
Which of the these would be the best first step? a) Reboot the computer. b) Load a new browser. c) Drop the IP address and lease a new address. d) Drop the IP address and assign a static address.
2.
If you lease a new IP address and it is also in the 192.168 scope, then, based on the evidence, what seems to be the problem so far? a) The employees computer is functioning as a DHCP server. b) There is another DHCP server on the network leasing addresses. c) The computer is looking at the incorrect network interface. d) The loopback adapter is not working.
518
LESSON 15
3. After the user in the next cubicle reports the same problem, based on the diagnostic methodology, you discover that an administrator in a nearby conference room has set up a wireless router so that visiting clients can access the Internet during a meeting. Based on this information, what is the most likely reason for the IP addressing problem? Answers will vary, but should include specific reference to the wireless routers DHCP capabilities. The employee running the conference has probably forgotten or neglected to disable the routers DHCP service, and so the wireless router is functioning as a rogue DHCP server, leasing addresses to any wireless device within range. 4. In order to correct the problem, you have to physically connect a computer to the wireless router and log in as an administrator. What kind of cable would be best to connect the wireless router to a laptop in order to access the admin features? a) Crossover b) Coaxial c) Category 5 d) Category 3
ACTIVITY 15-4
Discussing Network Troubleshooting Utilities
Scenario: In this activity, you will discuss the network troubleshooting utilities you might use for different network problem scenarios.
1.
You have installed a Linux system in your test lab so that application developers can test new software. Because the lab is isolated from the main network, there is no DHCP service running. A software engineer has loaded a network application on the system, but cannot connect to it from a client. She has already tried to ping the Linux system by name and IP address. What should you check next and why? Use the ifconfig utility to verify that you have configured the test system with an appropriate static IP address.
2.
A user is having trouble connecting to your companys intranet site (internal.everythingforcoffee.com), which is on your companys private network inside your firewall. She is not having general Internet connectivity problems. What is the best first step to take to try to narrow down the possible problem? Because the user does not seem to be having general TCP/IP problems, the problem may be with the web server that hosts the intranet site. You can ping internal.everythingforcoffee.com by name from different systems to verify that the name is being resolved. If there is no response, ping the system by IP address to see if you can connect to it at all.
519
LESSON 15
3. You can connect to the intranet site with no difficulty. You check your IP configuration against the users and find that you are configured with different DNS server addresses. You do not have DNS administrative utilities installed on your workstation. What can you do to diagnose the DNS problem? Use the nslookup command to see if the users server can resolve the internal.everythingforcoffee.com address and to examine the entries on both DNS servers. 4. You had to stop and start the DHCP server service earlier in the day. A Windows user calls to say that she has no network connectivity at all. What can you do to correct the problem? Use ipconfig /all to see if the user is receiving a dynamic address. If not, use the utility to renew the DHCP address configuration. 5. You provide consulting services for a small non-profit agency that is using Windows 7 systems configured in a workgroup. To optimize performance on the older systems, you have disabled unnecessary services on some of the machines. A user has just installed a printer and wants to share it so that his system can function as a print server for the rest of the workgroup. He is unable to share the printer. What can you do to help? Tell the user to use the NBTSTAT -n command to see if the system has registered a name with a service code entry of 20. If not, the Server service has been disabled on this workstation, and you can step the user through the procedure to re-enable it. 6. Your test environment includes a number of different clients, including Windows systems, Linux systems, and Mac OS X clients. You would like to be able to examine the network performance of each system while you run a batch file to generate network load. What utility can you use? The NETSTAT utility is a versatile tool for examining general network status and performance on a variety of systems. 7. You are experiencing a number of dropped packets and slow response time on your routed private network. You suspect there may be a routing loop and you would like to look more closely at packet transmissions through the network. How can you examine the path of the transmissions? Use the tracert command to trace the routes of packets between various source and destination hosts. This can help you locate a packet looping between routers, or the point at which a route fails. 8. Servers on your internal network are manually configured with IP addresses in the range 192.168.20.200 through 192.168.20.225. You are trying to open an FTP session with the FTP server that is located on your internal network at 192.168.20.218. Although you can ping the system by IP address, sometimes you can connect over FTP and sometimes you cannot. You suspect there may be two hosts configured with duplicate addresses. How can you verify which physical host system is using the FTP servers address? First ping the system, and then use the arp command to view your ARP cache. The cache will display the MAC address of the system that first responded to the ping request. You can then try to open an FTP session and use the arp command again; if the session succeeded, you know which physical system is the FTP server; if it failed, you know which physical system is incorrectly configured.
520
TOPIC C
Hardware Troubleshooting Tools
In the previous topic, you identied the functions of TCP/IP troubleshooting utilities. Another common category of troubleshooting utilities is hardware troubleshooting tools. In this topic, you will identify the functions of various hardware troubleshooting tools. As a network technician, you might not pick up a screwdriver or a pair of pliers as often as a cable installer or an electrician does, but there are still cases where hardware and hand tools come in handy. You should know which hardware tools you will need to use in your job, and when and how to use them.
LESSON 15
Network Technicians Hand Tools

In the computer industry, a good toolbox includes these basic hand tools: A variety of screwdrivers and spare screws. Long-nose pliers. Small diagonal cutting pliers. A small adjustable wrench. A variety of wrenches or nut drivers. A small AA or AAA ashlight. An anti-static wrist strap with clip.
Network Technicians Hand Tools
Figure 15-11: Common network technicians hand tools. Wrench and Screwdriver Types Depending on the equipment in your organization, your toolbox should have a variety of wrenches and screwdrivers. You should include #1, #2, and #3 Philips screwdrivers; 1/4 and 3/16 at blade screwdrivers; and T-15 and T-20 Torx screwdrivers, as well as any specialty security screwdrivers you need for your equipment. You should also include 3/16, 1/4, and 5/16 wrenches or nut drivers.
521
LESSON 15
Security Screwdriver Sets Many companies prefer to assemble their computers with security screws, which commonly require a specialty screwdriver not available at every hardware store. You can nd this type of screwdriver at specialty tool stores and electronics suppliers. There are a few different types of security screws on the marketsome have a slip collar on the outside to prevent unscrewing with anything like a wrench or pliers, and others simply have a post in the middle of a Torx or Allen socket-head screw that prevents a standard tool from being used. Many technicians like to buy a complete screwdriver set with multiple bits, including those for the security screws. Some manufacturers even have tool sets that include all of the parts for their equipment.
Electrical Safety Rules

Electrical Safety Rules
Only a professional electrician should install, test, and maintain electric power equipment. Network technicians can safely install and test low-power communication circuits in network cabling. When you work with electrical power, you need to follow certain basic safety rules: Always disconnect or unplug electrical equipment before opening or servicing it. Work with a partner. Never bypass fuses or circuit breakers. Use anti-static mats and wristbands to protect yourself and equipment from static discharge. Perform only the work for which you have sufficient training. Do not attempt repair work when you are tired; you may make careless mistakes, and your primary diagnostic tool, deductive reasoning, will not be operating at full capacity. Do not assume anything without checking it out for yourself. Do not wear jewelry or other articles that could accidentally contact circuitry and conduct current. Wear rubber-soled shoes to insulate yourself from ground. Suspend work during an electrical storm. Do not handle electrical equipment when your hands or feet are wet or when you are standing on a wet surface. Perform tests with the power supply turned off. Prevent static electricity from damaging components by standing on a totally insulated rubber mat to increase the resistance of the path to ground. In some cases, workstations are located in areas with grounded oors and workbenches, so static electricity has a lowresistance, non-destructive path to ground. Power supplies have a high voltage in them any time the computer is plugged in, even if the computer power is turned off. Before you start working inside the computer case, disconnect the power cord and press the power button to dissipate any remaining power in the system circuitry. Leave the power off until you are done servicing the system unit.
522
LESSON 15
Wire Crimpers
Denition: A wire crimper is a tool that attaches media connectors to the ends of cables. You can use it if you need to make your own network cables or trim the end of a cable. There are different crimpers for different types of connectors, so select the one that is appropriate for the type of network media you are working with. A cable stripper is often part of a wire crimper, allowing the user to strip wires of their protective coating, and then use the crimping tool to attach a media connector. Example:
Wire Crimpers
Figure 15-12: A wire crimper.
Punch Down Blocks

A punch down block can be used to connect one group of telephone and network wires with another group in utility or telecommunication closets. They typically support low-bandwidth Ethernet and Token Ring networks. There are two primary types of punch down blocks.
Punch Down Blocks
Type
66 Block 110 Block
Description
Used in the telephone industry for decades to terminate telecommunications. Supports low-bandwidth telecommunications transmission. Punch down block or cable termination block used for structured wiring systems. Using the 110 block system, multipair station cables are terminated, allowing cross-connection to other punch down locations. Supports higher-bandwidth than 66 block and is suitable for use in data applications.
110 block (T568A, T568B) supports both T568A and T568B wiring schemes.
Punch Down Tools

Denition: A punch down tool is used in a wiring closet to connect cable wires directly to a patch panel. The tool strips the insulation from the end of the wire and embeds the wire into the connection at the back of the panel.
The technical name for a punch down tool is an Insulation Displacement Connector (IDC). Punch Down Tools
523
LESSON 15
Example:
Figure 15-13: A punch down tool. Purpose of a Punch Down Tool The punch down tool makes connecting wires to a patch panel easier than it would be to connect them by hand. Without the punch down tool, you would have to strip the wire manually and connect it by twisting it or tightening it around a connection pole or screw.
Circuit Testers
Circuit Testers
Denition: A circuit tester is an electrical instrument that is used for testing whether or not current is passing through the circuit. This is normally used when there is a problem in testing electricity ows through two points. Plug the circuit tester into the socket and it will display a pattern of lights depicting the status of wiring of a circuit, which will help identify whether or not power is passing through the points. Example:
Figure 15-14: A circuit tester.
Multimeters
Multimeters
Denition: A multimeter, also known as a volt/ohm meter, is an electronic measuring instrument that takes electrical measurements such as voltage, current, and resistance. A multimeter can be a handheld device for eld service work or a bench-top model for in-house troubleshooting. Multimeters can be either analog or digital. Digital Multimeter (DMM) or Digital Volt Ohm Meter (DVOM) are examples of digital models, while Analog Multimeter (AMM) is an example of the analog model.
524
LESSON 15
Example:
Figure 15-15: Digital and analog multimeters. Categories of Multimeters Not all circuits are the same. Some circuits carry much higher electrical loads than others. Be sure that you know the approximate current and impedance that the circuit you are testing should be running at, and use the appropriately rated multimeter for the job. Connecting an underrated multimeter to a main electrical line could result in damage to the multimeter, and possible injury to the operator. There are various categories of multimeters that are used in different situations.
Multimeter Category
I II III IV
For Use In
Conditions where current levels are low. Interior residential branch circuits. Distribution panels, motors, and appliance outlets. High-current applications, such as service connections, breaker panels for wiring mains, and household meters.
Voltmeters
A voltmeter measures voltage and resistance between two points in a circuit. Like multimeters, voltmeters come in both digital and analog forms. A Digital Volt Meter (DVM) provides scales for reading voltage in both AC and DC and different resistances. It can be used to test resistances between cable endpoints or voltages inside a low-power system. It should not be used to service high-power or high-frequency equipment. Voltage Event Recorders A Voltage Event Recorder (VER) is another tool to use in conjunction with or in addition to a voltmeter to test and verify that the electrical signals transmitting through the network cables are within the required specications. VERs are attached to electrical lines or outlets and remain there undisturbed to monitor the ow of electricity across the lines or within an outlet. VERs can help diagnose electrical faults or intermittent problems regarding low or high voltage.
Voltmeters
525
LESSON 15
Cable Testers
Cable Testers
Denition: A cable tester, also called a media tester, is an electrical instrument that veries if a signal is transmitted by a cable. A simple cable tester will determine whether a cable has an end-to-end connection and can detect shorts or opens, but cannot certify the cable for transmission quality, which is the cable installers responsibility. Cable testers can differ based on their intended purpose. Example:
Figure 15-16: Network cable testers with adapters for testing. Distance and Speed Limitations UTP cable links are limited to a distance of 295 feet. The speed will be either 10 Mbps or 100 Mbps depending on the type of switch used.
Cable Certiers
Cable Certiers
A cable certier is a type of certier that allows you to perform tests, such as cable testing and validity testing. It can detect shorts, crosstalk on a cable, test for the cable type and whether a cable is straight-through or crossover, and check if the NIC is functioning and at what speed: half or full duplex. Cable certiers can also be attached to devices.
Types of Cable Testers and Certiers

Types of Cable Testers and Certiers
Several types of cable testers and certiers that are available vary based on the task they are used for.
Tool
Certication tester
Used To
Determine whether a cable meets specic ISO or TIA standards (Cat 5e, Cat 6, or Cat 7). Should be used if a network is wired with both copper and ber.
526
LESSON 15
Tool
Qualication tester
Used To
Measure the speeds at which a network can transmit data. Also used to troubleshoot a network. It is not used to test networks. A qualication tester tests the continuity of UTP/STP cables and veries the adherence to 10BASE-T, 100BASE-T, TIA-568A, TIA-568B and Token Ring wiring standards. It also veries ring wiring standards and shield integrity. Test transmission speed, cable skew, cable propagation delay, cable typing (Cat 3, 5, 5E, 6), attenuation, and cable verication. A LAN tester carries out a cable conduction test and a miswiring detection test. Test transmission speed and performance.
LAN tester
Network cable certier
Crossover Cables
Denition: A crossover cable is a special network cable used in Ethernet UTP installations, which enable you to connect devices without using a hub or a switch. In a crossover cable, the transmit and receive lines are crossed to make them work like a loopbacka function that the switch does. In troubleshooting, crossover cables let you connect two stations network adapters directly without a switch so that you can test communications between them. T1 Crossover T1 crossover cable is used to connect two T1 CSU/DSU devices by using T568B pairs. Straight-through The RJ 45 cable that is commonly used for network connectivity is also referred to as straight-through cable Crossover Cable vs. Straight Cable Wiring In a regular Ethernet UTP patch cable, four wires are used. Pins 1 and 2 transmit and Pins 3 and 6 receive. All lines are straight-wired (Pin 1 is wired to Pin 1, Pin 2 to Pin 2, and so forth). In a crossover cable, Pins 1 and 2 connect to Pins 3 and 6, and Pins 3 and 6 connect to Pins 1 and 2. Cascading Hubs with a Crossover Cable If you connect hubs via a crossover cable, you can cascade the hubs to provide more ports for a workgroup area, rather than buying and installing a larger hub. Example: Troubleshooting with a Crossover Cable If you suspect that a servers NIC might be corrupt, you can use a crossover cable to attach a laptops NIC directly to the servers NIC. Provided that both NICs are congured correctly, you should be able to log on to the server if the servers NIC is good.
Crossover Cables
527
LESSON 15
Figure 15-17: A crossover cable.
Hardware Loopback Plugs

Hardware Loopback Plugs
Denition: A hardware loopback plug is a special connector used for diagnosing transmission problems such as redirecting electrical signals back to the transmitting system. It plugs into a port and crosses over the transmit and receive lines. Some loopback plugs are small and plug into a port with no visible wires, while others have wires that loop visibly into the connector. Hardware loopback plugs are commonly used to test Ethernet NICs. The plug directly connects Pin 1 to Pin 3 and Pin 2 to Pin 6. Example:
Figure 15-18: A hardware loopback plug. Using a Loopback Plug If a NIC comes with hardware diagnostic capabilities, the loopback plug will be included with the NIC. Connect the loopback plug to the installed NICs network port, and run the diagnostic software to verify that the NIC can send and receive data. Loopback Wiring Standards There are standards for loopback wiring.
528
LESSON 15
Wiring Standard
Ethernet T1
Connects
Pin 1 to Pin 3 Pin 2 to Pin 6 Pin 1 to Pin 4 Pin 2 to Pin 5
Time-Domain Reectometers
Time-Domain Reectometer (TDR) is a measuring tool that transmits an electrical pulse on a cable and measures the reected signal. In a cable without any problems, the signal does not reect and is absorbed by a terminator, if present. Bends, short circuits, and connector problems on the cable modify a signals amplitude before it returns to a TDR. These modications change how the signal reects back. A TDR analyzes the returned signal, and based on the signals condition and its rate of return, it checks the time span and determines cable problems. In addition, if a TDR is attached on a coaxial cable network, the TDR will indicate whether terminators are installed properly and are functioning correctly. Optical Time-Domain Reectometers (OTDRs) are a variation of TDR used specically for ber optic cabling to determine cabling issues. An OTDR transmits light signals of different wavelengths over ber. Depending on the quality of the signal returned, an OTDR can accurately measure the length of the ber, determine locations of faulty splices, breaks, connectors and bends, as well as measure signal attenuation over the length of the ber cable.
Time-Domain Reectometers
Tone Generators and Locators

Denition: A tone generator is a device that sends an electrical signal through one pair of UTP wires. A tone locator or a tone probe is a device that emits an audible tone when it detects a signal in a pair of wires. Tone generators and tone locators are most commonly used on telephone systems to trace wire pairs. A digital toner and toner probe traces and locates voice, audio, and video cabling on a network. In addition to conrming the cable location, a toner and probe can verify continuity and detect faults.
The combination of a tone generator and tone locator is frequently referred to as fox and hound. Tone Generators and Locators
Do not confuse tone generators and tone locators with cable testers. Tone generators and tone locators can only help you differentiate between different UTP cables.
529
LESSON 15
Example:
Figure 15-19: A tone generator and a tone locator. Using the Tone Generator and Tone Locator To locate a cable in a group of cables, connect the tone generator to the copper ends of the wires; then move the tone locator over the group of cables. A soft beeping tone indicates that you are close to the correct wire set; when the beeping is loudest, you have found the cable.
Do not connect a tone generator to a cable that is connected to a NIC. The signal sent by the tone generator can destroy network equipment.
Environment Monitors
Environment Monitors
Denition: Environment monitors are hardware tools that ensure that environmental conditions do not spike or plummet temperature above or below equipment specications. In addition to temperature, environment monitors allow you to monitor the humidity in the environment where the network devices are placed. By monitoring humidity, you can ensure that condensation does not build in devices, and that there is enough humidity to decrease static electricity buildup. Example: You can monitor a computer room with a humidity monitor or you can use sensors to monitor the temperature inside servers, workstations, and components such as hard drives.
Butt Sets
Butt Sets
Denition: A butt set, also known as a linemans test set, is a special type of telephone handset used by telecom technicians when installing and testing local lines. It is called a butt set because the technician butts into telephone lines to detect issues. The butt set allows a technician to bridge onto wire pairs with clips in order to monitor the line and use dialing features as if it was a physical phone on the system. This feature allows a technician to determine any problems that exist. Some butt sets can detect polarity reversals and other line faults to troubleshoot performance issues.
530
LESSON 15
Example:
Figure 15-20: A butt set.
LED Indicators
LED indicators on network adapters, switches, routers, and cable and DSL modems can give you information about the status of the network connection. There are different types of LED indicators.
LED Indicators
Indicator
Link indicators
Description
Most adapters have a link indicator to visually indicate signal reception from the network. If the link indicator is not lit, it could indicate a problem with the cable or the physical connection. Most adapters also have an activity indicator that ickers when data packets are received or sent. If the indicator ickers constantly, the network might be overused or there is a system generating noise. Dual-mode adapters have a speed indicator to display whether the adapter is operating at 10 Mbps, 100 Mbps, or at 1 Gbps. Uses dual-color indicators to indicate different network states. For example, a green ickering indicator might indicate normal activity, while an amber ickering indicator indicates collisions on the network.
Activity indicators
Speed indicators Dual-color indicators
531
LESSON 15
Figure 15-21: Indicators on a network adapter.
Network Analyzers
Network Analyzers
Denition: A network analyzer, also known as a packet or protocol analyzer, or a packet sniffer, is a software or hardware tool that integrates diagnostic and reporting capabilities to provide a comprehensive view of an organizations network. As data ows across a network, an analyzer will intercept it, log it, and analyze the information according to baseline specications. Basic network analyzers enable a technician to analyze network traffic on a LAN or DSL connection. Network analyzers also have the ability to provide an administrator with an overview of systems and reports from one location on the network. Fullfeatured network analyzers offer a variety of monitoring, analyzing, and reporting functions. A network analyzer can be used during troubleshooting to locate problems, but it can also be used as a long-term network monitoring solution. Example: Wireshark and Microsoft Network Monitor are software that can analyze networks.
532
LESSON 15
Figure 15-22: The Network Monitor utility provides network statistics. Network Sniffer Similar to a packet sniffer, a network sniffer can identify and capture data packets on a network, record and analyze traffic, and identify open ports on the network. They can possibly analyze data packets from different protocols and identify data vulnerabilities on the network. Throughput testers You can measure the throughput of a network using various tools available on different operating systems. One of the methods will be to measure maximum data throughput in bits per second of network access or a communication link. Another method of measuring the network performance is to transfer a large le from one system to another and calculate the time required to complete the transfer the le or copy it. The throughput can be determined by dividing the le size by the total time and expressed as megabits, kilobits or bits per second.
Demarc
Denition: A demarc is a demarcation point where a buildings wiring ends and the telephone companys wiring begins. Any premises connected to the telephone company wiring include a demarc, including residential buildings as well as commercial and industrial buildings. A demarc can be installed on the outside of the building, as is common with residential demarcs, or it can be installed inside the building, as is the case with most commercial and industrial demarcs. Example: Smart Jack A smart jack is a device that serves as the demarcation point between the end users inside wiring and local access carriers facilities.
Demarc
533
LESSON 15
Demarc Extension A new networking solution may require that the point where a network connectivity line (such as DSL, T1, or T3) terminates within or just outside of a building be extended further to accommodate the extended connectivity segment.
Wireless Testers
Wireless Testers
A wireless tester is a Wi-Fi spectrum analyzer used to detect devices and points of interference, as well as analyze and troubleshoot network issues on a WLAN or other wireless networks. Like network analyzers, wireless testers give an overview of the health of a WLAN in one central location, enabling technicians to troubleshoot problems efficiently. Spectrum Analyzer A spectrum analyzer is an instrument that displays the variation of signal strength against the frequency.
WLAN Survey Software

WLAN Survey Software
WLAN survey software is used to plan, simulate, and implement WLANs. WLAN survey software can simulate WLAN performance during the planning phase even before any installation takes place. Technicians can use the software to analyze WLAN performance before and after implementation to determine the health of the network based on dened, measurable criteria. WLAN survey software can also be used to dene network coverage areas before implementation.
ACTIVITY 15-5
Identifying Hardware Troubleshooting Tools
Scenario: In this activity, you will identify the functions of various hardware troubleshooting tools.
Be prepared with some troubleshooting tools for the students to identify.
1.
You have a cable with a frayed end. You want to trim the cable and reattach the connector. You need a: a) Punch down tool b) Wire crimper c) Cable tester d) Cable stripper
2.
You need to trace a UTP cable in a bundle of cables. You need a: a) Butt set b) Circuit tester c) Cable tester d) Tone generator and locator
534
LESSON 15
3. A workstation and server on your small office network cannot communicate. To see if one of the network adapters is bad, you can connect them directly by using a: a) Crossover cable b) Hardware loopback plug c) Tone generator and locator d) Punch down tool 4. A user tells you he cannot log on to the network. You direct him to check his network adapter and he notices that there is one steady indicator and one flashing indicator. What does this indicate to you about the status of the connection? a) There is a network connection but there is no data transfer. b) There is no network connection. c) There is a network connection that is transferring data. d) The network adapter is faulty. 5. What does an amber indicator on a NIC indicate? a) A frame error b) A dysfunctional transceiver c) Bad network connectivity d) Data collisions e) A cable break 6. You are a network administrator and you recently replaced the NIC in a users machine. You receive a call from the user, who complains that there is no network connectivity. Which LED indicator on the NIC should you check first? Why? a) Activity b) Collision c) Link d) Cable 7. Your instructor will show examples of various types of hardware tools. Identify each tool and its function, and give an example of how you would use it in network troubleshooting. Answers will vary depending on the tools available.
535
LESSON 15
OPTIONAL PRACTICE ACTIVITY 15-6

Assembling a Patch Cable
Scenario: You need an extra length of patch cable to attach a client computer to the network. You do not have a cable assembled, but you do have some cable wire and loose connectors.
To perform this activity, you will need to provide a cable, connectors, a wire crimper, and a cable tester. An eye loupe is optional.
1.
Strip the cable jacket back about 3/4 of an inch. Do not cut or nick the inner wires. Place the pairs in the order of their color so that they lie flat and slip into the connector. Slip the wires into the connector and ensure that they are properly seated and in the correct order. Ensure that the outer jacket is far enough into the connector that it will be captured by the strain relief tab.
A 5x magnication eye loupe will help you examine the wires.
2.
3.
4. 5.
Insert the cable/connector assembly into the crimping tool and crimp it. Use the cable tester to test your cable.
TOPIC D
Common Connectivity Issues
Now that you are familiar with the common software and hardware tools used in network troubleshooting, you should also familiarize yourself with the types of connectivity issues you may encounter as a network administrator. In this topic, you will describe common network connectivity issues. A network can be simple or complexbut even at the most simplistic level, there are numerous connectivity issues that occur on a regular basis. Each time there is a problem with network connectivity, you will be faced with a large number of very unhappy users. In order to restore connectivity as quickly as possible, you will need to be aware of the possible connectivity issues you may face and the appropriate xes.
536
LESSON 15
Physical Issues
When troubleshooting network problems, it is helpful to understand the issues that can arise. Having this understanding will enable you to solve problems more efficiently. There are several categories of physical connectivity issues.
Physical Issues
Issue
Cross-talk
Description
Symptoms: Slow network performance and an excess of dropped or unintelligible packets. In telephony applications, users hear garbled voice or conversations from another line. Causes: Generally, cross-talk occurs when two cables run in parallel and the signal of one cable interferes with the other. Cross-talk can also be caused by crossed or crushed wire pairs in twisted pair cabling. Resolution: The use of twisted pair cabling or digital signals can reduce the effects of crosstalk. Maintaining proper distance between cables can also help. Symptoms: Signal loss or interference. Causes: Near-end cross-talk occurs closer along the transmitting end of the cable. Often occurs in or near the terminating connector. Resolution: Test with cable testers from both ends of the cable and correct any crossed or crushed wires. Verify that the cable is terminated properly and that the twists in the pairs of wires are maintained. Symptoms: Slow responses from the network. Causes: Degradation of signal strength. Resolution: In case of wired networks, use shorter cable runs. In case of wireless networks, add more access points and signal boosters along the transmission path. A longer cable length, poor connections, bad insulation, a high level of crosstalk, or EMI can all increase attenuation. Evaluate the environment for interference. The type of signal interference would depend on the wireless spectrum used. Symptoms: High latency, reduced network performance, and intermittent connectivity issues. Causes: Collisions tend to occur on networks as nodes attempt to access shared resources. Resolution: Depends on the network. For example, on a network still using hubs, replacing a hub with a switch will often alleviate the problem. Symptoms: Electrical shortscomplete loss of signal. Causes: Two nodes of an electrical circuit that are meant to be at different voltages create a low-resistance connection causing a short circuit. Resolution: Use a TDR to detect and locate shorts. Replace cables and connectors. Symptoms: Also known as echo, the tell-tale sign of open impedance mismatch is an echo on either the talker or listener end of the connection. Causes: The mismatching of electrical resistance. Resolution: Use a TDR to detect impedance. Collect and review data, interpret the symptoms, and determine the root cause in order to correct the cause.
Near-end crosstalk
Attenuation
Collisions
Shorts
Open impedance mismatch
537
LESSON 15
Issue
Interference (EMI)
Description
Symptoms: Crackling, humming, and static are all signs of interference. Additionally, low throughput, network degradation, and poor voice quality are also symptoms of interference. Causes: RF interference can be caused by a number of devices including cordless phones, Bluetooth devices, cameras, paging systems, unauthorized access points, and clients in the ad-hoc mode. Resolution: Remove or avoid environmental interferences as much as possible. This may simply entail turning off competing devices or relocating them. Ensure that there is adequate LAN coverage. To resolve problems proactively, test areas prior to deployment using tools such as spectrum analyzers. Symptoms: Faulty SFPs/GBICs are identied by various means by the manufacturers. The system console on the switch may use distinct colors such as amber or red to help you locate the faulty SFPs/GBICs. There will be no communication through the faulty device. Causes: Modules in SFPs/GBICs get corrupted. Resolution: Replace the faulty SFPs/GBICs. Symptoms: The nodes on the network cannot communicate. The router, switches, and the individual nodes on the network are fully functional, but the problem still persists. Causes: There is problem with the network cables. Resolution: There could be issues with the network cables. Identify the issue and determine a suitable solution. Bad connectors Check and replace the faulty connectors. Verify that the cables are properly secured to the connectors, and are properly crimped. Bad wiring Check and replace the wires that are in bad condition. Open, short cables Use cable testers and locate open or short cables. Repair the cables and recheck that the issues are resolved. If not, replace the cables. Split cables Identify the split cables and replace them with compatible cables. DB loss Check the cable for defects or damage, crimping, and connection with the connectors. Identify and remove sources of interference. TXRX reversed Check the network port indicators on the system; if the link light is off, there is an issue with the network adapter. Replace the network adapter. Cable placement Verify that the cable is placed away from source of EMI. Identify and remove the sources of interference. Distance Verify that the cables are run only for the maximum distance they are supported. For example, if an Ethernet cable exceeds 100 meters, the signal will deteriorate. Symptoms: Cables that connect different parts of a network are cut or shorted. Causes: A short can happen when the wire conductor comes in contact with another conductive surface, changing the path of the signal. Resolution: Cable testers can be used to detect many types of cable problems such as: cut cable, incorrect cable connections, cable shorts, interference, and faulty connectors. After identifying the source of the issue, move the cable to prevent it from coming in contact with other conductive surface.
Bad modules (SFPs, GBICs)
Cable problems
Bad cables/ improper cable types
Logical Issues
Logical Issues
In addition to physical connectivity issues, your network can suffer from connectivity issues on the logical layer, which range from no connectivity to lost connectivity and can vary in severity.
538
LESSON 15
Issue
Port speed
Description
Symptoms: No or low speed connectivity between devices. Cause: Ports are congured to operate at different speeds and are therefore incompatible with each other. Resolution: Verify that equipment is compatible and is operating at compatible speeds. For example, if youre running a switch at 100 Mbps, but a computers NIC runs at 10 Mbps, the computer will be slow. Replace the NIC with one that runs at 100 Mbps and you will increase the throughput to a higher level (or at least a theoretical higher level since there are other variables such as network congestion). Symptoms: Late collisions, port alignment errors, and FCS errors are present during testing. Causes: Mismatches are generally caused by conguration errors. They occur when the switch port and a device are congured to use a different set of duplex settings, or when both ends are set to auto negotiate the settings. Resolution: Verify that the switch port and device are congured to use the same duplex setting. This may entail having to upgrade one of the devices. Symptoms: No connectivity between devices. Causes: Devices are congured to use different VLANs. Resolution: Recongure devices to use the same VLAN. Symptoms: No connectivity between devices. Causes: Either the source or destination device has an incorrect IP address. Resolution: Use the ping command to determine if there is connectivity between devices. Resolution will depend on the problem. If a network is running a rogue DHCP server, for example, two computers could have been leased the same IP address. Check TCP/IP conguration info using ipconfig /all on Windows machines, and ifconfig on Linux/UNIX/MAC machines. After conrming the issue, troubleshoot DHCP. It could also be the case that a static IP address was entered incorrectly. Check IP addresses, and empty the ARP cache on both computers. Symptoms: No connectivity between devices. Causes: The IP address of the gateway is incorrect for the specied route. Resolution: Change the IP address of the gateway to the correct address. Symptoms: No connectivity between devices. Causes: A device is congured to use the wrong DNS server. Resolution: Open TCP/IP properties and check the IP address of the DNS server listed for the client. Replace with the correct IP address and test connectivity. Symptoms: No connectivity between devices. Causes: Either the source or destination device has an incorrect subnet mask. Resolution: Use the ping command to determine if there is connectivity between devices. Check the subnet mask on both devices. Change the incorrect subnet mask to a correct one and test connectivity.
Port duplex mismatch
Wrong VLAN
Wrong IP address
Wrong gateway address Wrong DNS
Wrong subnet mask
Duplicate IP address Symptoms: System displays notication that the same IP address is in use on the network. No connectivity between devices. Causes: The same IP address is assigned to more than one system. Resolution: In case the network is DHCP-enabled, try to identify the systems that are assigned IP addresses manually and change the IP address of such systems to be outside the DHCP scope. If the network is not DHCP-enabled, locate the systems that have the same IP address, and change the IP address in one of the systems.
539
LESSON 15
Issue
Power failure
Description
Symptoms: There is a power failure that affects switches and routers. Causes: Switch and router adapters connect to cable modems which depend on the availability of power. Resolution: Use cable modems and other network devices with battery-backed power supplies to ensure that there is uninterrupted service of several hours in case of local power failures. Symptoms: The router is sending packets using an invalid path. Causes: The router setting is incorrect. Resolution: Check and change the router setting and reboot the router for the changes to be effected.
Bad/missing routes
Wireless Issues
Wireless Issues
In addition to the physical and logical connectivity issues you can encounter while troubleshooting a wired network, wireless networks present their own issues.
Issue
Interference
Description
Symptoms: Low throughput, network degradation, dropped packets, intermittent connectivity, and poor voice quality are all symptoms caused by interference. Causes: RF interference can be caused by a number of devices including cordless phones, Bluetooth devices, cameras, paging systems, unauthorized access points, metal building framing, and clients in ad-hoc mode. Resolution: Remove or avoid environmental interferences as much as possible. Symptoms: If the encryption types between two devices (access point and client) do not match, no connection is established. Similarly, if different encryption keys are used between two devices, they cannot negotiate key information for verication and decryption in order to initiate communication. Causes: Improper conguration and different encryption types. Resolution: Ensure that security settings match between and among devices. Symptoms: Very slow speeds. Causes: Interference from neighboring wireless networks; congested network channels. Resolution: Many wireless routers are set to autocongure the same wireless channel. Try logging in to the router and manually change the channel the wireless router is operating on. Symptoms: No connectivity. Causes: Devices must operate on the same frequency. For example, a device to communicate at 5 GHz frequency cannot communicate with one designed to communicate at 2.4 GHz. Resolution: Deploy devices that operate on the same frequency. Symptoms: No connectivity between devices. Causes: Devices are congured to use different ESSIDs. Resolution: Set the devices to use the same SSID. Ensure that the wireless client and the access point are the same. Note: SSIDs are case-sensitive.
Incorrect encryption type
Congested channel
Incorrect frequency
SSID mismatch
540
LESSON 15
Issue
Standard mismatch
Description
Symptoms: No connectivity between devices. Causes: Devices are congured to use different standards such as 802.11a/b/ g/n. Resolution: Devices chosen to work together should use the same standard to operate. 802.11a, for example, is incompatible with 802.11b/g because the rst operates at 5 GHz and the second at 2.4 GHz. Or, a 802.11g router could be set only for g mode and you are trying to connect with a 802.11b wireless card. Both 802.11b and 802.11g transmit at 2.4 GHz. Their throughput is different with 802.11b at 11 Mbps and 802.11g at 54 Mbps. Change the mode on the router. Symptoms: Low signal strength and throughput. Causes: The distance between two points causes this connectivity issue. The longer the distance between two devices, the lower is the signal strength. Issues that can occur because of low signal strength include latency, packet loss, retransmission, or transient traffic. Resolution: Add another access point to increase coverage. Use a spectrum analyzer to determine coverage and signal strength. Symptoms: No or low connectivity between devices. Causes: Signals from device bounce off obstructions and are not received by the receiving device. Resolution: If possible, move one of the devices to avoid obstructions. Monitor performance and check for interference. Symptoms: No or low signal and connectivity. Causes: The position of your antenna can negatively affect overall performance, if placed incorrectly. Resolution: Alter the position of your antenna and monitor device performance. Symptoms: Wireless modem is active, but clients cannot access the Internet. Causes: Conguration of the wireless modem is incorrect. Resolution: Check the conguration of the wireless modem by accessing the web admin interface. Check the encryption type, SSID, and pass phrase text that is specied and conrm that the wireless modem was rebooted after the conguration change. Ensure that the clients can also support the same encryption type. Verify that the same SSID and key phrase are dened in the network connection. Verify that the wireless receiver on the desktop system is congured properly with the correct compatible drivers installed. Similarly, for a laptop, check that the wireless network adapter is functional and is turned on. If needed, update the device driver on the client systems. Note: Typically, http://192.168.1.1 will be the address for accessing the admin interface. This may vary based for some routers, refer the user manual or the manufacturer site for actual address.
Signal strength
Bounce
Antenna placement
Congurations
541
LESSON 15
Issue
Incompatibilities
Description
Symptoms: The wireless device is not accessible from the client. Causes: The settings on the wireless device is not compatible with the clients. Resolution: Check the conguration of the wireless modem by accessing the web admin interface. Verify that the client systems can support the same conguration. If not, identify the conguration, such as the encryption type, supported on both the clients and the server and apply the same on the wireless device and the client systems. Symptoms: The wireless signal is not accessible even within the expected range. Causes: Number of factors can cause the signal of the WAP to deteriorate and the performance of your network will dip lower than normal. Most common cause could be a another wireless device or application that operates at the same frequency level creating a conict. Resolution: Identify the conicting device and move it to another location that is outside the reach of the WAP. If it is not possible to relocate devices, change the channel of one of the devices such that they operate at a different frequency. Ensure that the cordless phones, microwaves, and other electrical equipment are kept a safe distance away from the access point. Symptoms: Delay in data transmission on the network is very high. Causes: The signal strength is weak or the position of the wireless antenna is modied. Resolution: Verify that the wireless modem is functional. Change the antenna position to the position that gives the best performance. Ensure that your antenna is maintained at the same position. Symptoms: Switch performance is considerably reduced. Causes: There is a conicting device in the range which is causing the interference that results in the switch performance being degraded. Resolution: Locate the conicting device and, if possible, move it to another location. If that is not possible, rework on your network layout and determine a better position for the switch such that there is no conict with the other devices. Monitor the switch performance periodically to prevent further occurrence of the issue.
Incorrect channel
Latency
Incorrect switch placement
Routing and Switching Issues

Routing and Switching Issues
There are common router and switch issues that can occur on a network.
Issue
Switching loop
Description
Symptoms: There is a switching loop on the network. Causes: Packets are switched in a loop. Resolution: A switching loop needs STP to ensure loop-free switching of data. Rework on the network arrangement and cabling to prevent the switching loop. Symptoms: There is a routing loop on the network. Causes: Packets are routed in a loop. Resolution: Recheck the router conguration and adjust it to prevent a routing loop.
Routing loop
542
LESSON 15
Issue
Route problems
Description
Symptoms: Packets do not reach their intended destination. Causes: This could be caused by conguration problems, route convergence, broken segments, or router malfunctioning. Resolution: Verify that the router is functional. If necessary, replace the router. Symptoms: The proxy server is not functional. Causes: The proxy settings are miscongured. This may lead to DoS attacks. Resolution: Correct the proxy settings to resolve the issue. Symptoms: The network becomes overwhelmed by constant broadcast traffic generated by a device on the network. Causes: There are too many broadcast messages being sent parallelly causing high network traffic. Resolution: Identify the device and recongure it to increase the interval of broadcast messages. On the network, apply restrictive settings to prevent network nodes from sending broadcast messages. Symptoms: Port conguration is incorrect. Causes: The recent changes made to the port conguration were incorrect. Resolution: On the system console of the switch, verify the port properties of the individual nodes and check their status. If required, restore the port conguration to its default setting from the last backup. Symptoms: Nodes on the network cannot communicate with one other. Causes: By default, computers on different segments are added to different VLANs, and they cannot communicate with one another, unless the switch is congured to allow communication between computers on different VLANs. Resolution: Check the VLAN assignment on the switch console and reassign the computers to the VLAN to enable communication among them. Ensure that the IOS of the switch is updated to reect the latest settings.
Proxy arp
Broadcast storms
Port conguration
VLAN assignment
Mismatched MTU/MUT Symptoms: MTU is inaccessible. black hole Causes: In case of a mismatch of the MTU, the TCP/IP connection handshake does not occur between the devices (routers) and the connection cannot be established. Resolution: Recongure the MTU to check whether the problem gets resolved. If not replace the device.
At times, there will be issues you will encounter that need to be escalated in order to be solved. This is an important aspect of network troubleshooting, since solutions may require input from people who are more experienced in switching or routing congurations and operations.
543
LESSON 15
ACTIVITY 15-7
Discussing Network Connectivity Issues
Scenario: You and a coworker are investigating some complaints by people regarding their inability to remain connected to the network.
1.
Match the physical connectivity issue with its most plausible cause or symptom.
d a e c b
2.
Crosstalk Attenuation Shorts Impedance mismatch Interference
a. b. c. d. e.
Low volume or data loss Crackling noise Echo Unrelated signal reception No connectivity
Match the logical connectivity issue with its most plausible cause or symptom.
b a c
3.
Port speed Port duplex mismatch Incorrect VLAN
a. Collisions and alignment errors b. Low connectivity between devices c. No connectivity
An client visiting your company found that his 802.11b wireless card cannot connect to your companys 802.11g wireless network. Of the following choices, which is most likely? a) 802.11b broadcasts at 5 GHz, while 802.11g is 2.4 GHz. b) Incompatibility between 802.11b and g. c) A rogue DHCP server. d) Too many wireless devices sharing the access point.
4.
An employee has complained that conference calls in Conference Room 1 routinely get interrupted by periods of white noise, and that the speaker often has every other word cut off. You have discovered that the rooms network cable has been run over by a chairs wheel, and that the wires have been crushed. What is this an example of? a) Packet loss b) Near-end crosstalk c) Far-end crosstalk d) Network drain
544
ACTIVITY 15-8
Troubleshooting Network Connectivity
Scenario: In this activity, you will identify the cause of network connectivity problems.
LESSON 15
1.
You receive a call from a network user who has lost all network connectivity. You examine the network components on the users station and segment and discover the situation shown in the graphic.
Which network component has failed? One of the network switches has failed. 2. Which network device(s) will be affected? Why? All devices on that segment because they all rely on the switch for connectivity with each other and with the rest of the network. In addition, any communications between the segments would fail.
545
LESSON 15
3. Another network user calls complaining that he cannot connect to a server. You try to connect to various network devices and examine the network components and discover the situation shown in the graphic.
What is the cause of the connectivity failure? A cable drop has failed or broken. 4. Which network device(s) will be affected? Why? Only connectivity to and from the server will be affected because it is the only system to use that cable drop.
546
LESSON 15
5. Your companys network is spread across several locations within the city. One of your network operations centers has experienced a power surge and you are concerned about the effect on network connectivity. You try to connect to various network devices and discover the situation shown in the graphic.
Which network device has failed? It is a hybrid network, and as there is a mesh topology between the four routers, and a star topology on each individual LAN segmentone of the routers has failed. 6. What area of the network will be affected? Only the nodes on Segment C will be affected. The mesh topology between the routers will enable the network to bypass the fault. 7. Your network uses UTP CAT 5 cable throughout the building. There are a few users who complain of intermittent network connectivity problems. You cannot determine a pattern for these problems that relates to network usage. You visit the users workstations and find that they are all located close to an elevator shaft. What is a likely cause of the intermittent connectivity problems? As the cabling is being run too close to the elevator equipment, when the elevator motor activates, it produces interference on the network wire. 8. How might you correct the problem? Replace the UTP cable with STP.
547
LESSON 15
Lesson 15 Follow-up
In this lesson, you identied the functions of major network monitoring tools and the troubleshooting process to help you resolve network problems efficiently.
1. In your troubleshooting experience, what types of problems have you encountered? How did you diagnose the problems? Answers will vary depending on students experience, but might include: troubles encountered when setting up a LAN, accessing the Internet, setting up a home network (wired or wireless), or helping a coworker who has lost Internet/intranet access. 2. In your opinion, what are the common TCP/IP issues that you encounter during troubleshooting? Answers will vary, but might include: detached cables, failed switches or routers, incorrect IP addresses, or the default gateway being unavailable or incorrect.
548
Follow-up
In this course, you identied and described all the major networking technologies, systems, skills, and tools in use in modern PC-based computer networks. You also learned information and skills that will be helpful as you prepare for the CompTIA Network+ examination, (exam number N10-005).
FOLLOW-UP
Whats Next?
The material in CompTIA Network+ (Exam N10-005) provides foundational information and skills required in any network-related career. It also assists you in preparing for the CompTIA Network+ exam. Once you have completed CompTIA Network+ (Exam N10-005), you might wish to continue your certication path by taking the Element K course CompTIA Security+ (Exam SY0-301) (Comprehensive), which can help you prepare for the CompTIA Security+ exam. Or, you can take any one of a number of vendor-specic networking technology or administration courses from Element K, including courses leading to professional-level certications from Microsoft and Novell.
549
NOTES
550
APPENDIX A
APPENDIX A
Mapping Network+ Course Content to the CompTIA Network+ Exam Objectives
1.0 Networking Concepts 1.1 Compare the layers of the OSI and TCP/IP models. Network+ Certication Lesson and Topic Exam Objective Reference
OSI model Layer 1 Physical Layer Layer Layer Layer Layer 2 3 4 5 6 Data link Network Transport Session Presentation Lesson 5, Topic B Lesson 5, Topic A
Layer 7 Application TCP/IP model Network Interface Layer Internet Layer Transport Layer Application Layer(Also described as: Link Layer, Internet Layer, Transport Layer, Application Layer)
Appendix A: Mapping Network+ Course Content to the CompTIA Network+ Exam Objectives
551
APPENDIX A
1.2 Classify how applications, devices, and protocols relate to the OSI model layers. Network+ Certication Lesson and Topic Exam Objective Reference
MAC address Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson 3, Topic D 4, Topic A 5, Topic A 6, Topic A 13, Topic B 14, Topic A 15, Topic B 1, Topic B 6, Topics A, B, C, D, and E 7, Topics A and B 8, Topics A and B 9, Topics A and B 12, Topics A and B 13, Topic B 14, Topic A 15, Topic B
IP address
EUI-64 Frames
Lesson 4, Topic A Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson Lesson 4, 5, 6, 9, Topics A and B Topics A and B Topic B Topic A
Packets
1, Topic D 3, Topic D 4, Topic A 5, Topics A and B 6, Topics A, B, and F 7, Topic C 8, Topics A, B, C, and D 9, Topics A and C 12, Topics A, B, and C 13, Topic B 14, Topics A and C 15, Topics B and C 1, 3, 4, 5, 8, Topic A Topic D Topic A Topic A Topics A, B, D, and E
Switch
Router Multilayer switch Hub Encryption devices Cable NIC
Lesson 3, Topic D Lesson 8, Topics B, C, and E Lesson 8, Topic A Lesson 3, Topic D Lesson 11, Topic D Lesson 3, Topic A Lesson 3, Topic D
552
APPENDIX A
1.2 Classify how applications, devices, and protocols relate to the OSI model layers. Network+ Certication Lesson and Topic Exam Objective Reference
Bridge Lesson 3, Topic D
1.3 Explain the purpose and properties of IP addressing. Network+ Certication Lesson and Topic Exam Objective Reference
Classes of addresses A, B, C and D Public vs. Private Classless (CIDR) IPv4 vs. IPv6 (formatting) MAC address format Subnetting Multicast vs. unicast vs. broadcast APIPA Lesson 6, Topic C
Lesson 6, Topic D Lesson 6, Topic E Lesson 4, Topic A Lesson 6, Topic B Lesson 2, Topic A Lesson 7, Topic A
1.4 Explain the purpose and properties of routing and switching. Network+ Certication Lesson and Topic Exam Objective Reference
EIGRP OSPF RIP Link state vs. distance vector vs. hybrid Static vs. dynamic Routing metrics Hop counts MTU, bandwidth Costs Latency Next hop Lesson 6, Topic A Lesson 8, Topics B and C Lesson 15, Topic B Lesson 8, Topic C Lesson 8, Topic D Lesson 8, Topic C Lesson 8, Topic C Lesson 8, Topic C Lesson 8, Topic C Lesson 8, Topic C Lesson 8, Topic B
Spanning-Tree Protocol VLAN (802.1q)
553
APPENDIX A
1.4 Explain the purpose and properties of routing and switching. Network+ Certication Lesson and Topic Exam Objective Reference
Port mirroring Broadcast domain vs. collision domain IGP vs. EGP Routing tables Convergence (steady state) Lesson 3, Topic D Lesson 2, Topic B Lesson 8, Topic B Lesson 8, Topics B and C Lesson 15, Topic B Lesson 8, Topic C
1.5 Identify common TCP and UDP default ports. Exam Objective
SMTP 25 HTTP 80 HTTPS 443 FTP 20, 21 TELNET 23 IMAP 143 RDP 3389
Network+ Certication Lesson and Topic Reference

Lesson 7, Topic A
SSH 22 DNS 53 DHCP 67, 68
1.6 Explain the function of common networking protocols. Network+ Certication Lesson and Topic Exam Objective Reference
TCP FTP UDP TCP/IP suite DHCP TFTP DNS HTTPS Lesson 5, Topics A and B Lesson 6, Topics A and B Lesson 5, Topic A Lesson 7, Topic D Lesson 6, Topic A Lesson 6, Topic A Lesson 7, Topic A Lesson 7, Topic D Lesson 7, Topic B Lesson 7, Topic D
554
APPENDIX A
1.6 Explain the function of common networking protocols. Network+ Certication Lesson and Topic Exam Objective Reference
HTTP ARP SIP (VoIP) RTP (VoIP) SSH POP3 NTP IMAP4 Telnet SMTP SNMP2/3 ICMP IGMP TLS Lesson 7, Topic D Lesson 6, Topic A Lesson 9, Topic C Lesson 9, Topic C Lesson 7, Topic E Lesson 7, Topic D Lesson 7, Topic D Lesson 7, Topic D Lesson 7, Topic E Lesson 7, Topic D Lesson 14, Topic A Lesson 6, Topic A Lesson 6, Topic A Lesson 11, Topic D
1.7 Summarize DNS concepts and its components. Exam Objective

DNS servers DNS records (A, MX, AAAA, CNAME, PTR) Dynamic DNS

Lesson 7, Topic B Lesson 7, Topic B Lesson 7, Topic B
555
APPENDIX A
1.8 Given a scenario, implement the following network troubleshooting methodology: Network+ Certication Lesson and Topic Exam Objective Reference
Identify the problem: Information gathering Identify symptoms Question users Determine if anything has changed Establish a theory of probable cause Question the obvious Test the theory to determine cause: Once theory is conrmed determine next steps to resolve problem. If theory is not conrmed, re-establish new theory or escalate. Establish a plan of action to resolve the problem and identify potential effects Implement the solution or escalate as necessary Verify full system functionality and if applicable implement preventative measures Document ndings, actions and outcomes Lesson 15, Topic A
1.9 Identify virtual network components. Exam Objective

Virtual switches Virtual desktops Virtual servers Virtual PBX Onsite vs. offsite Network as a Service (NaaS)

Lesson 3, Topic D Lesson 3, Topic D Lesson 3, Topic D Lesson 3, Topic D Lesson 10, Topic C Lesson 3, Topic D
2.0 Network Installation and Conguration 2.1 Given a scenario, install and congure routers and switches. Network+ Certication Lesson and Topic Exam Objective Reference
Routing tables Lesson 8, Topics B and C Lesson 15, Topic B
556
APPENDIX A
2.0 Network Installation and Conguration 2.1 Given a scenario, install and congure routers and switches. Network+ Certication Lesson and Topic Exam Objective Reference
NAT PAT VLAN (trunking) Managed vs. unmanaged Interface congurations Full duplex Half duplex Port speeds IP addressing MAC ltering PoE Traffic ltering Diagnostics VTP conguration QoS Port mirroring Lesson 2, Topic B Lesson 14, Topic A Lesson 14, Topic A Lesson 8, Topic D Lesson 14, Topic C Lesson 3, Topic D Lesson 12, Topic A Lesson 12, Topic A Lesson 3, Topic D Lesson 8, Topic D Lesson 8, Topic D Lesson 8, Topic B
2.2 Given a scenario, install and congure a wireless network. Network+ Certication Lesson and Topic Exam Objective Reference
WAP placement Antenna types Interference Lesson 3, Topic B Lesson 4, Topic B Lesson Lesson Lesson Lesson 3, Topics B and C 4, Topic B 13, Topic A 15, Topic D
Frequencies Channels Wireless standards SSID (enable/disable) Compatibility (802.11 a/b/g/n)
Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 3, Topic B Lesson 4, Topic B
557
APPENDIX A
2.3 Explain the purpose and properties of DHCP. Exam Objective
Static vs. dynamic IP addressing Reservations Scopes Leases Options (DNS servers, suffixes)

Lesson 7, Topic A
2.4 Given a scenario, troubleshoot common wireless problems. Network+ Certication Lesson and Topic Exam Objective Reference
Interference Lesson 3, Topic B Lesson 4, Topic B Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 9, Topic C Lesson 15, Topic D Lesson 15, Topic D Lesson 3, Topic B Lesson 15, Topic D Lesson 15, Topic D
Signal strength Congurations Incompatibilities Incorrect channel Latency Encryption type Bounce SSID mismatch Incorrect switch placement
2.5 Given a scenario, troubleshoot common router and switch problems. Network+ Certication Lesson and Topic Exam Objective Reference
Switching loop Bad cables/improper cable types Port conguration VLAN assignment Mismatched MTU/MUT black hole Power failure Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 3, Topic D
558
APPENDIX A
2.5 Given a scenario, troubleshoot common router and switch problems. Network+ Certication Lesson and Topic Exam Objective Reference
Bad/missing routes Bad modules (SFPs, GBICs) Wrong subnet mask Wrong gateway Duplicate IP address Wrong DNS Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D
2.6 Given a set of requirements, plan and implement a basic SOHO network. Network+ Certication Lesson and Topic Exam Objective Reference
List of requirements Cable length Device types/requirements Environment limitations Equipment limitations Compatibility requirements Lesson 8, Topic E Lesson 8, Topic E Lesson 8, Topic E Lesson 8, Topic E Lesson 8, Topic E Lesson 8, Topic E
3.0 Network Media and Topologies 3.1 Categorize standard media types and associated properties. Network+ Certication Lesson and Topic Exam Objective Reference
Fiber: Multimode Singlemode Copper: UTP STP CAT3 CAT5 CAT5e CAT6 CAT6a Lesson 3, Topic A
Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A
559
APPENDIX A
3.0 Network Media and Topologies 3.1 Categorize standard media types and associated properties. Network+ Certication Lesson and Topic Exam Objective Reference
Coaxial Crossover T1 Crossover Straight-through Plenum vs. non-plenum Media converters: Singlemode ber to Ethernet Multimode ber to Ethernet Fiber to Coaxial Singlemode to multimode ber Distance limitations and speed limitations Broadband over powerline Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 2, Topic A Lesson 3, Topic A Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 3, Topic A Lesson 3, Topic A
3.2 Categorize standard connector types based on network media. Network+ Certication Lesson and Topic Exam Objective Reference
Fiber: ST SC LC MTRJ Copper: RJ-45 RJ-11 BNC F-connector DB-9 (RS-232) Patch panel 110 block (T568A, T568B) Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic A Lesson 3, Topic D Lesson 3, Topic A Lesson 15, Topic C Lesson 3, Topic A Lesson 3, Topic A
560
APPENDIX A
3.3 Compare and contrast different wireless standards. Network+ Certication Lesson and Topic Exam Objective Reference
802.11 a/b/g/n standards Distance Speed Latency Frequency Channels MIMO Channel bonding Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 4, Topic B Lesson 3, Topic D
3.4 Categorize WAN technology types and properties. Exam Objective

Types: T1/E1 T3/E3 DS3 OCx SONET SDH DWDM Satellite ISDN Cable DSL Cellular WiMAX LTE HSPA+ Fiber Dialup PON

Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic B Lesson 9, Topic A Lesson 3, Topic B Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 9, Topic A Lesson 3, Topic A Lesson 9, Topic B Lesson 9, Topic A
561
APPENDIX A
3.4 Categorize WAN technology types and properties. Exam Objective
Frame relay ATMs Properties: Circuit switch Packet switch Speed Transmission media Distance Lesson 8, Topic A Lesson 9, Topic A Lesson 9, Topics A and B Lesson 9, Topics A and B

Lesson 9, Topic A Lesson 9, Topic A Lesson 8, Topic A
3.5 Describe different network topologies. Exam Objective

MPLS Point to point Point to multipoint Ring Star Mesh Bus Peer-to-peer Client-server Hybrid

Lesson 9, Topic A Lesson 1, Topic D Lesson 1, Topic D Lesson 1, Topics D and E Lesson 1, Topics D and E Lesson 1, Topic D Lesson 1, Topics D and E Lesson 1, Topic C Lesson 1, Topic C Lesson 1, Topic D
3.6 Given a scenario, troubleshoot common physical connectivity problems. Network+ Certication Lesson and Topic Exam Objective Reference
Cable problems: Bad connectors Bad wiring Open, short Split cables Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D
562
APPENDIX A
3.6 Given a scenario, troubleshoot common physical connectivity problems. Network+ Certication Lesson and Topic Exam Objective Reference
DB loss TXRX reversed Cable placement EMI/Interference Distance Cross-talk Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D Lesson 15, Topic D
3.7 Compare and contrast different LAN technologies. Exam Objective

Types: Ethernet 10BaseT 100BaseT 1000BaseT 100BaseTX 100BaseFX 1000BaseX 10GBaseSR 10GBaseLR 10GBaseER 10GBaseSW 10GBaseLW 10GBaseEW 10GBaseT Properties: CSMA/CD CSMA/CA Broadcast Collision Bonding Speed Distance Lesson 2, Topic B Lesson 2, Topic B Lesson 2, Topic A Lesson 1, Topic D Lesson 2, Topic B Lesson 3, Topic D Lesson 4, Topic A Lesson 4, Topic A

Lesson 4, Topic A
563
APPENDIX A
3.8 Identify components of wiring distribution. Exam Objective
IDF MDF Demarc Demarc extension Smart jack CSU/DSU

Lesson 3, Topic A Lesson 3, Topic A Lesson 14, Topic B Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 9, Topic A
4.0 Network Management 4.1 Explain the purpose and features of various network appliances. Network+ Certication Lesson and Topic Exam Objective Reference
Load balancer Proxy server Content lter VPN concentrator Lesson 14, Topic C Lesson 12, Topic A Lesson 12, Topic A Lesson 10, Topic C
4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues. Network+ Certication Lesson and Topic Exam Objective Reference
Cable tester Cable certier Crimper Butt set Toner probe Punch down tool Protocol analyzer Loop back plug TDR OTDR Multimeter Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 14, Topic A Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C Lesson 15, Topic C
564
APPENDIX A
4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues. Network+ Certication Lesson and Topic Exam Objective Reference
Environmental monitor Lesson 15, Topic C
4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues. Network+ Certication Lesson and Topic Exam Objective Reference
Protocol analyzer Throughput testers Connectivity software Ping Tracert/traceroute Dig Ipcong/ifcong Nslookup Arp Nbtstat Netstat Route Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 7, Topic C Lesson 15, Topic B Lesson 7, Topic C Lesson 15, Topic B Lesson 15, Topic B Lesson 7, Topic A Lesson 15, Topic B Lesson 15, Topic B Lesson 15, Topic B Lesson 15, Topic B Lesson 15, Topic B Lesson 8, Topic B
4.4 Given a scenario, use the appropriate network monitoring resource to analyze trafc. Network+ Certication Lesson and Topic Exam Objective Reference
SNMP SNMPv2 SNMPv3 Syslog System logs History logs General logs Traffic analysis Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A Lesson 14, Topic A
565
APPENDIX A
4.4 Given a scenario, use the appropriate network monitoring resource to analyze trafc. Network+ Certication Lesson and Topic Exam Objective Reference
Network sniffer Lesson 15, Topic C
4.5 Describe the purpose of conguration management documentation. Network+ Certication Lesson and Topic Exam Objective Reference
Wire schemes Network maps Documentation Cable management Asset management Baselines Change management Lesson 14, Topic B Lesson 14, Topic B Lesson 14, Topic B Lesson 14, Topic B Lesson 14, Topic B Lesson 14, Topic B Lesson 13, Topic D
4.6 Explain different methods and rationales for network performance optimization. Network+ Certication Lesson and Topic Exam Objective Reference
Methods: QoS Traffic shaping Load balancing High availability Caching engines Fault tolerance CARP Reasons: Latency sensitivity High bandwidth applications (VoIP, video applications, unied communications) Uptime Lesson 9, Topic C Lesson 14, Topic C Lesson 14, Topic C Lesson 14, Topic C Lesson 14, Topic C Lesson 14, Topic C Lesson 14, Topic C Lesson 14, Topic D Lesson 8, Topic C Lesson 14, Topic C
566
APPENDIX A
5.0 Network Security 5.1 Given a scenario, implement appropriate wireless security measures. Network+ Certication Lesson and Topic Exam Objective Reference
Encryption protocols: WEP WPA2 WPA Enterprise MAC address ltering Device placement Signal strength Lesson 11, Topic D Lesson 11, Topic D Lesson 11, Topic D Lesson 14, Topic A Lesson 3, Topic B Lesson 3, Topic B
5.2 Explain the methods of network access security. Exam Objective

ACL: MAC ltering IP ltering Port ltering Tunneling and encryption: SSL VPN VPN L2TP PPTP IPSec ISAKMP TLS TLS1.2 Site-to-site and client-to-site Remote access: RAS RDP PPPoE PPP ICA

Lesson 12, Topic A Lesson 14, Topic A Lesson 12, Topic A Lesson 14, Topic A Lesson 10, Topic C Lesson 10, Topic C Lesson 10, Topic C Lesson 10, Topic D Lesson 10, Topic D Lesson 12, Topic C Lesson 12, Topic C Lesson 11, Topic D Lesson 11, Topic D Lesson 10, Topic C Lesson 10, Topic A Lesson 10, Topic A Lesson 10, Topic B Lesson 10, Topic B Lesson 10, Topic A
567
APPENDIX A
5.2 Explain the methods of network access security. Exam Objective
SSH

Lesson 7, Topic E
5.3 Explain methods of user authentication. Exam Objective

PKI Kerberos AAA (RADIUS, TACACS+) Network access control (802.1x, posture assessment) CHAP MS-CHAP EAP Two-factor authentication Multifactor authentication Single sign-on

Lesson 11, Topic D Lesson 11, Topic C Lesson 10, Topics A and D Lesson 11, Topic C Lesson 12, Topic A Lesson 10, Topic D Lesson 10, Topic B Lesson 11, Topic C Lesson 11, Topic C Lesson 11, Topic C Lesson 11, Topic C
5.4 Explain common threats, vulnerabilities, and mitigation techniques. Network+ Certication Lesson and Topic Exam Objective Reference
Wireless: War driving War chalking WEP cracking WPA cracking Evil twin Rogue access point Attacks: DoS DDoS Man in the middle Social engineering Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic B Lesson 13, Topic B Lesson 13, Topic B Lesson 13, Topic A
568
APPENDIX A
5.4 Explain common threats, vulnerabilities, and mitigation techniques. Network+ Certication Lesson and Topic Exam Objective Reference
Virus Worms Buffer overow Packet sniffing FTP bounce Smurf Mitigation techniques: Training and awareness Patch management Policies and procedures Incident response Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic A Lesson 13, Topic B Lesson 13, Topic B Lesson 13, Topic D Lesson 13, Topic C Lesson 13, Topic D Lesson 13, Topic D
5.5 Given a scenario, install and congure a basic rewall. Network+ Certication Lesson and Topic Exam Objective Reference
Types: Software and hardware rewalls Port security Stateful inspection vs. packet ltering Firewall rules: Block/allow Implicit deny ACL NAT/PAT DMZ Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A Lesson 12, Topic A
5.6 Categorize different types of network security appliances and methods. Network+ Certication Lesson and Topic Exam Objective Reference
IDS and IPS: Behavior based Signature based Lesson 12, Topic B Lesson 12, Topic B
569
APPENDIX A
5.6 Categorize different types of network security appliances and methods. Network+ Certication Lesson and Topic Exam Objective Reference
Network based Host based Vulnerability scanners: NESSUS NMAP Methods: Honeypots Honeypots Lesson 12, Topic B Lesson 12, Topic B Lesson 12, Topic B Lesson 12, Topic B Lesson 12, Topic B Lesson 12, Topic B
570
APPENDIX B
APPENDIX B
CompTIA Network+ Acronyms
The following is a list of acronyms that appear on the CompTIA Network+ certication exam (N10-005) objectives. Candidates are encouraged to review the complete list and attain a working knowledge of all listed acronyms as a part of a comprehensive exam preparation program.
Acronym
AAA ACL ADSL AES AH AM AMI APIPA ARIN ARP ASP ATM BERT BGP BNC BootP BPDU BRI CARP CHAP CIDR CNAME CRAM-MD5
Associated Term
Authentication Authorization and Accounting Access Control List Asymmetric Digital Subscriber Line Advanced Encryption Standard Authentication Header Amplitude Modulation Alternate Mark Inversion Automatic Private Internet Protocol Addressing American Registry for Internet Numbers Address Resolution Protocol Application Service Provider Asynchronous Transfer Mode Bit-Error Rate Test Border Gateway Protocol British Naval Connector / Bayonet Niell-Concelman Boot Protocol /Bootstrap Protocol Bridge Protocol Data Unit Basic Rate Interface Common Address Redundancy Protocol Challenge Handshake Authentication Protocol Classless inter domain routing Canonical Name Challenge-Response Authentication Mechanism Message Digest 5
Appendix B: CompTIA Network+ Acronyms
571
APPENDIX B
Acronym
CSMA / CA CSMA / CD CSU dB DHCP DLC DMZ DNS DOCSIS DoS DDoS DSL DSU DWDM E1 EAP EDNS EGP EIGRP EMI ESD ESSID ESP FDDI FDM FHSS FM FQDN FTP GBIC Gbps HDLC HSRP HTTP HTTPS Hz IANA ICA ICANN ICMP
Associated Term
Carrier Sense Multiple Access / Collision Avoidance Carrier Sense Multiple Access / Collision Detection Channel Service Unit decibels Dynamic Host Conguration Protocol Data Link Control Demilitarized Zone Domain Name Service / Domain Name Server / Domain Name System Data-Over-Cable Service Interface Specication Denial of Service Distributed Denial of Service Digital Subscriber Line Data Service Unit Dense Wavelength Division Multiplexing E-Carrier Level 1 Extensible Authentication Protocol Extension Mechanisms for DNS Exterior Gateway Protocol Enhanced Interior Gateway Routing Protocol Electromagnetic Interference Electrostatic Discharge Enhanced Service Set Identier Encapsulated security packets Fiber Distributed Data Interface Frequency Division Multiplexing Frequency Hopping Spread Spectrum Frequency Modulation Fully Qualied Domain Name / Fully Qualied Distinguished Name File Transfer Protocol Gigabit Interface Converter Gigabits per second High-Level Data Link Control Hot Standby Router Protocol Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Hertz Internet Assigned Numbers Authority Independent Computer Architecture Internet Corporation for Assigned Names and Numbers Internet Control Message Protocol
572
APPENDIX B
Acronym
IDF IDS IEEE IGMP IGP IIS IKE IMAP4 InterNIC IP IPS IPsec IPv4 IPv6 ISAKMP ISDN ISP IT Kbps L2F L2TP LACP LAN LC LDAP LEC LED LLC MAC Mbps MBps MDF MDI MDIX MIB MMF MPLS MS-CHAP MT-RJ MX
Associated Term
Intermediate Distribution Frame Intrusion Detection System Institute of Electrical and Electronics Engineers Internet Group Multicast Protocol Interior Gateway Protocol Internet Information Services Internet Key Exchange Internet Message Access Protocol version 4 Internet Network Information Center Internet Protocol Intrusion Prevention System Internet Protocol Security Internet Protocol version 4 Internet Protocol version 6 Internet Security Association and Key Management Protocol Integrated Services Digital Network Internet Service Provider Information Technology Kilobits per second Layer 2 Forwarding Layer 2 Tunneling Protocol Link aggregation control protocol Local Area Network Local Connector Lightweight Directory Access Protocol Local Exchange Carrier Light Emitting Diode Logical Link Control Media Access Control / Medium Access Control Megabits per second Megabytes per second Main Distribution Frame Media Dependent Interface Media Dependent Interface Crossover Management Information Base Multimode Fiber Multi-Protocol Label Switching Microsoft Challenge Handshake Authentication Protocol Mechanical Transfer-Registered Jack Mail Exchanger
573
APPENDIX B
Acronym
NAC NaaS NAS NAT NCP NetBEUI NetBIOS NFS NIC NIPS nm NNTP NTP OCx OS OSI OSPF OTDR PAP PAT PC PGP PKI PoE POP3 POTS PPP PPPoE PPTP PRI PSTN PVC QoS RADIUS RARP RAS RDP RFI RG RIP
Associated Term
Network Access Control Network as a Service Network Attached Storage Network Address Translation Network Control Protocol Network Basic Input / Output Extended User Interface Network Basic Input / Output System Network File Service Network Interface Card Network Intrusion Prevention System nanometer Network News Transport Protocol Network Time Protocol Optical Carrier Operating Systems Open Systems Interconnect Open Shortest Path First Optical Time Domain Reectometer Password Authentication Protocol Port Address Translation Personal Computer Pretty Good Privacy Public Key Infrastructure Power over Ethernet Post Office Protocol version 3 Plain Old Telephone System Point-to-Point Protocol Point-to-Point Protocol over Ethernet Point-to-Point Tunneling Protocol Primary Rate Interface Public Switched Telephone Network Permanent Virtual Circuit Quality of Service Remote Authentication Dial-In User Service Reverse Address Resolution Protocol Remote Access Service Remote Desktop Protocol Radio Frequency Interface Radio Guide Routing Internet Protocol
574
APPENDIX B
Acronym
RJ RSA RSH RTP RTSP RTT SA SC SCP SDSL SFTP SFP SIP SLIP SMF SMTP SNAT SNMP SOA SOHO SONET SPS SSH SSID SSL ST STP T1 TA TACACS+ TCP TCP / IP TDM TDR Telco TFTP TKIP TLS TTL UDP
Associated Term
Registered Jack Rivest, Shamir, Adelman Remote Shell Real Time Protocol Real Time Streaming Protocol Round Trip Time or Real Transfer Time Security Association Standard Connector / Subscriber Connector Secure Copy Protocol Symmetrical Digital Subscriber Line Secure File Transfer Protocol Small Form-factor Pluggable Session Initiation Protocol Serial Line Internet Protocol Single Mode Fiber Simple Mail Transfer Protocol Static Network Address Translation Simple Network Management Protocol Start of Authority Small Office / Home Office Synchronous Optical Network Standby Power Supply Secure Shell Service Set Identier Secure Sockets Layer Straight Tip or Snap Twist Shielded Twisted Pair T-Carrier Level 1 Terminal Adaptor Terminal Access Control Access Control System+ Transmission Control Protocol Transmission Control Protocol / Internet Protocol Time Division Multiplexing Time Domain Reectometer Telephone Company Trivial File Transfer Protocol Temporal Key Integrity Protocol Transport Layer Security Time to Live User Datagram Protocol
575
APPENDIX B
Acronym
UNC UPS URL USB UTP VDSL VLAN VNC VoIP VPN VTP WAN WAP WEP WINS WPA www X.25 XML XDSL Zeroconf
Associated Term
Universal Naming Convention Uninterruptible Power Supply Uniform Resource Locator Universal Serial Bus Unshielded Twisted Pair Variable Digital Subscriber Line Virtual Local Area Network Virtual Network Connection Voice over IP Virtual Private Network Virtual Trunk Protocol Wide Area Network Wireless Application Protocol / Wireless Access Point Wired Equivalent Privacy Window Internet Name Service Wi-Fi Protected Access World Wide Web CCITT Packet Switching Protocol eXtensible Markup Language Extended Digital Subscriber Line Zero Conguration
576
APPENDIX C
APPENDIX C
Network Fault Tolerance Methods
TOPIC A
Network Fault Tolerance Methods
You have monitored the performance of your network and optimized it to meet the needs of users. Apart from network performance management, fault management will be an important part of managing your network. In this topic, you will identify tools and technologies used to implement fault tolerance in networks. Fault tolerance planning is intended to prevent the negative impact of mishaps that you can reasonably foresee, such as a temporary power outage or the inevitable failure of a hard disk. With proper fault tolerance measures in place, you will keep these minor occurrences from affecting the network in your organization.
RAID
Denition: The Redundant Array of Independent Disks (RAID) standards are a set of vendorindependent specications for fault-tolerant congurations on multiple-disk systems. If one or more of the disks fails, data can be recovered from the remaining disks. In RAID, the central control unit provides additional functionality so that the individual disks can be utilized to achieve higher fault-tolerance and performance. The disks appear as a single storage unit to the devices to which they are connected.
The original RAID specications were titled Redundant Array of Inexpensive Disks. As the disk cost of RAID implementations has become less of a factor, the term Independent disks has been widely adopted instead.
Appendix C: Network Fault Tolerance Methods
577
APPENDIX C
Example:
Figure C-1: Fault-tolerant configurations on multiple-disk systems. Disk system A disk system consists of physical storage disks kept side-by-side. It has a central unit that manages all the input and output and simplies the integration with other devices such as other disk systems and servers. Disk systems are usually used for online storage due to their superior performance.
Non-RAID Disk Fault Tolerance Features

RAID systems are the primary means of providing disk fault tolerance. There are other fault tolerance methods that you might encounter on your network.
Fault Tolerance Method

Sector sparing
Description
A system in which every time the operating system reads or writes data to the disk, it checks the integrity of the sectors to which the data is being written. If a problem is detected, the data is moved to another sector and the problem sector is marked as bad. Bad sectors will not be reused. After a block of data is written to a hard disk or database, it is read back from the destination and compared to the original data in memory. If, after several attempts, data read from the destination does not match the data in memory, the software stores the data in a block in a temporary area, marks the bad area so that it will not be used again, and attempts to write the data to a new location. Transaction Tracking Systems (TTSs) monitor write and change processes that occur in a system to ensure successful completion, providing the ability to back out of transactions, such as changes in a database le, that have been interrupted by the failure of a component. For example, in a banking system, if power is interrupted after funds are deducted from a customers savings account but before they are credited to the customers checking account, the system will roll back the transaction to the original savings account balance.
Read-after-write verication
TTSs
578
APPENDIX C
Link Redundancy
Denition: Link redundancy is a network fault-tolerance method that provides alternative connections that can function even if a critical primary connection is interrupted. The duplicate link can be fully redundant and provide the same level of performance, service, and bandwidth as the primary link. Alternatively, the redundant link can be a broadband connection to provide basic connectivity until the main link is restored. Example: Link Redundancy in a Small Office For a small office, a fully fault-tolerant network might be too expensive, but a backup dial-in connection might be a reasonable and cost-effective precaution. Some broadband routers include a serial port where you can attach an external modem so that you can create a dial-up connection when a DSL or cable connection fails. Planning for Link Redundancy Not all network links must be made redundant. Each company must evaluate how critical each of its LAN and WAN links is to ongoing operations, and weigh the impact of losing connectivity for a given period of time against the cost of maintaining a redundant link.
How to Create an Enterprise Fault Tolerance Plan

A well-dened enterprise-wide fault tolerance plan adequately balances the need for service continuity against the cost of implementing fault tolerance measures to meet critical business requirements. Guidelines: To implement enterprise fault tolerance, follow these guidelines: Identify network devices and servers that need to be protected from power surges and outages, and implement UPS power protection. Identify critical data sources and implement appropriate disk fault tolerance measures. Design and implement a backup plan. Identify critical network services and implement redundant servers to provide DHCP, name resolution, and authentication service continuity. Analyze your need for redundant network links. Implement redundant WAN links only where needed and justied by cost. For internal routers, consider implementing dynamic routing over a mesh topology that provides multiple paths through the internal network. Identify the need for redundant hot spare and cold spare devices, and purchase and congure the required devices.
Hot and cold spares are covered in detail in the next topic.
Example: Our Global Companys Technology Services division is developing a fault tolerance plan. They assess their needs to protect against power failures, data loss, and network downtime and decide to implement several fault tolerance measures: All critical servers, routers, and other infrastructure equipment will be protected with UPS devices. User workstations will also have power backup.
Appendix C: Network Fault Tolerance Methods
579
APPENDIX C
Critical databases containing sensitive company data or mission-critical les should be deployed in RAID congurations using a standard backup rotation method; the backup tapes must be stored offsite and rotated back to the office as needed for reuse. A supply of spare parts for routers, disks, and other critical hardware elements is maintained so that critical infrastructure devices can be swapped as needed. However, as some user downtime is acceptable there is no need to maintain a redundant inventory of laptop and desktop systems for user-level tasks. There are four internal routers to provide enough links to create a redundant mesh topology. The company leases a single T3 WAN link. To maintain minimal network connectivity if this line goes down, they negotiate with their service provider to make a T1 connection available as needed.
580
APPENDIX D
APPENDIX D
Disaster Recovery Planning
TOPIC A
Disaster Recovery Planning
In this lesson, you have learned different aspects of network management such as network monitoring, conguration management, performance optimization, and fault tolerance. Another important aspect of managing your network is to be prepared for any extenuating situations that could affect your network and potentially disrupt it. A disaster recovery plan ensures that you have adequate recovery measures in place for your network so that you are prepared for a disaster when it occurs. In this topic, you will identify the components of a network disaster recovery plan. Networks are vulnerable to a multitude of threatsnot only from hackers and disgruntled employees, but also from natural disasters and plain, old-fashioned decay. Insurance can replace hardware and administrators can rebuild the network, but lost data is gone for good, and many companies cannot survive that. Having a solid disaster recovery plan in place will help ensure that your organization recovers efficiently from any type of disaster.
Disaster Recovery
Denition: A disaster is a catastrophic loss of system functioning due to a cause that cannot reasonably be prevented. Disasters can affect personnel, buildings, devices, communications, resources, and data. Disaster recovery is the administrative function of protecting people and resources while restoring a failed network or systems as quickly as possible. The rst priority is to ensure the safety of personnel, and then to ensure continuity of business functions.
Appendix D: Disaster Recovery Planning
581
APPENDIX D
Example:
Figure D-1: Disasters and disaster recovery. Disaster Categories Disasters that can affect network functioning fall into one of three main categories.
Disaster Category Description

Natural Disaster Natural disasters include res, storms, oods, and other destructive forces. Natural disasters involve the involuntary destruction of network hardware. Data loss is usually related to destruction of network infrastructure and hardware. The best defense against this type of disaster is excellent documentation and physical security for data backups. In the worst-case scenario, nothing remains of the office after the disaster, and the network has to be completely rebuilt from documentation alone. Data loss due to causes other than natural disaster can be easier to recover from. This kind of data loss includes accidental deletion, malicious destruction, or a virus attack. Again, the key is a good quality data backup. Most day-to-day network disasters relate to failure of network hardware. Not only can hardware failure cause a loss of data, but it can also cause a loss of productivity in the office. Defense against equipment failure can be as simple as having a relationship with a vendor who can get replacement parts quickly or contracting a service provider that stocks parts. Many companies keep highrisk spares on hand in order to quickly replace failures. One major mistake that many administrators make is to standardize uncommon hardware or rely too heavily on older hardware that might be hard to replace. If a network goes down because older equipment fails, it could be down for an unacceptable length of time while a replacement is found or the network is recongured.
Data Destruction Equipment Failure
582
APPENDIX D
Disaster Recovery Plans
A disaster recovery plan is a policy and set of procedures that document how people and resources will be protected in case of disaster, and how the organization will recover from the disaster and restore normal functioning. The plan should be developed and implemented cooperatively among and between different functional groups.
Figure D-2: A policy and set of procedures that document how people and resources will be protected in case of disaster. The disaster recovery plan incorporates many components, including: A complete list of responsible individuals. A critical hardware and software inventory. Detailed instructions on how to reconstruct the network.
A complete disaster recovery plan will be highly detailed and completely customized to suit the needs and circumstances of a particular organization. This section provides only a broad overview of the components and considerations involved in constructing a recovery plan.
Group Roles in Plan Development The network administrator has the biggest responsibility for drafting, testing, and documenting the plan. Corporate managers and administrators should contribute to the plan and should fully understand their role in implementing the plan, if needed. Vendors and regular contractors should understand their responsibilities and what service levels they will guarantee.
The Network Reconstruction Plan

The network reconstruction plan provides the steps to reconstruct the network.
583
APPENDIX D
Plan Component
Network documentation
Description
Physical and logical network diagrams will enable networking staff to begin to reconstruct the network with minimal downtime. An administrators access credentials need to be documented so that the system is accessible after the restore. Decryption or recovery agents and digital certicates need to be documented as well. In addition, critical hardware and software inventory documentation will aid in ensuring that you have all the documentation and information needed to rebuild the network. A fall-back plan is an alternate design that can be implemented temporarily to enable critical network elements to function. It should include a list of minimum required hardware and software as well as implementation instructions. A data restoration plan details exactly how to retrieve and restore data backups in the correct sequence.
Fall-back plan
Data restoration plan
Documenting Security Information Many administrators have the valid concern that writing down security information, such as administrative and service account passwords, provides opportunities for security breaches. However, a network is useless when restored if there is no administrative access. The security information must be in the recovery documentation, but it can be stored securely and accessed separately by the appropriate individuals; it certainly should not be distributed to everyone working on or reviewing the plan.
Hot, Warm, and Cold Sites

Backup site locations and replacement equipment can be classied as hot, warm, or cold, depending on how much conguration would be necessary to bring the location or spare equipment online. A hot site is a fully congured alternate network that can be online quickly after a disaster. A warm site is a business site that performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed. A cold site is a predetermined alternate location where a network can be rebuilt in case of a disaster.
Hot and Cold Spares A hot spare is a fully congured and operational piece of backup equipment that can be swapped into a system with little to no interruption in functionality. A cold spare is a duplicate piece of backup equipment that can be congured to use as an alternate if needed.
UPS
Denition: An Uninterruptible Power Supply (UPS) is a device that provides backup power when the electrical power fails or drops to an unacceptable voltage level. This helps reduce or eliminate data loss and limit or prevent hardware damage during power surges or brownouts. UPSs can be online or offline models.
584
APPENDIX D
Example:
Figure D-3: UPS provides backup power to systems. Comparing Online and Offline UPSs With an online UPS, power always ows through the UPS to the devices connected to it. Because it is always actively monitoring power, it provides an added benet by functioning as a line conditioner, reducing or eliminating surges and brownouts to the attached equipment. Online UPS systems tend to be more expensive than offline systems. With an offline UPS, the UPS monitors power and activates only when there is a drop, so there is a very slight delay before the UPS becomes active. However, system power is not usually lost because the delay is so short. Some operating systems provide UPS monitoring so that users can be alerted to log off and the operating system can be shut down properly if there is a power outage.
Specialized Data Backups

Certain data types may require specialized procedures or additional software components to perform a successful backup.
Specialized Backup Type

Open les
Description
Files that are opened by an application are locked to ensure that only one client makes changes at a time. It is a nice feature, but also one that causes a few problems for network backup software. Specically, the backup software has to deal with a client making changes during the backup, which can create errors in the backup (remember that backups are relatively slow). It also has to deal with the locked les. To help, you can deploy an open les agent with the backup software. When the backup software encounters a locked le, it uses the open les agent to take a snapshot of the le. The snapshot temporarily disables the les ability to be edited and copies the le to a temporary location on the drive. The backup software then backs up the snapshot. This happens very quickly and does not disrupt the client using the le. Databases are essentially big, open les. Some backup software handles simple databases with nothing more than an open les agent. However, larger databases have special considerations. In a database, the actual data on the drive might not be current because of write-behind caching, a technique that temporarily stores database changes in server memory while the server is busy. Sometimes, database logs need to be reset when a database is backed up. Log les are often stored on a different drive than the database itself. These databases may require either a manual backup procedure to close open les and clear logs, or the use of a database agent, which can back up the database and reset the logs while the database is online.
Databases
585
APPENDIX D
Specialized Backup Type
Email
Description
Email servers are essentially modied database servers that store users mailboxes. Data is still in a database data store, which means that the email server can be backed up just like a database server. In fact, a standard backup and restore of a mail server contains all the same elements that backing up a database does. When a mail server is backed up, like a database, one restore option is to restore all the data and then extract the damaged mailbox. There is another type of mail server backup called the brick-level backup, which uses a special agent that is aware of the databases data structure. Bricklevel backups enable a database to be backed up mailbox by mailbox, which takes longer, and then restored one mailbox at a time. Some agents even enable the mail to be restored message by message. Some power users on your network might have sensitive data on their personal workstations that you would choose to include in a backup plan. Workstations are easy to back up when they have an agent installed that enables backup software to access them. However, they have to be powered on to be backed up. This used to be a problem, but today most network cards and PCs support a technology called Wake on LAN (WOL), in which backup software sends a signal to the workstation (awakens it), waits for it to boot up, backs it up, and then turns it off again.
Power user workstations
Remote network back- When remote users are on the network, they are backed up the same way that ups workstations are. However, when they are primarily offline, backups require a different solution. Many backup software manufacturers use a remote agent to back up remote users when the users connect to the network. The agent copies changed data from the laptop to a network drive. This is always a partial backup, so it is faster than copying all the data off the laptop. But how do you back up remote users if they are not connected to the network? Some backup software uses over-the-web backups. The process is the same as already described except that the user attaches to a secure website and uploads data. Enterprise backups Many companies have moved to an enterprise-wide solution for data backups. A high-performance backup solution is deployed from a central location and all backup data is stored in the central location. Many of these solutions cross manufacturers boundaries, enabling one setup to get backups from PC servers, UNIX mainframes, mid-range servers, and workstations, regardless of manufacturer and operating system. Snapshots can be used to take complete backups of drives and databases, as well as to copy open les. There are a number of different snapshot technologies that are implemented in software, in hardware, or in combinations of the two. Depending on the technology in use, snapshots might clone an entire copy of a volume to another physical drive, or they might record only le changes or only pointers to le locations. See your storage or backup vendors for specics on the snapshot backup implementation they offer.
Snapshot Backups
586
APPENDIX D
Offline Files Windows XP Professional, Windows Server 2008, and various other operating systems support offline les, which can serve as a backup method for remote users. The offline les process synchronizes a copy of a le on the network with a copy of the same le on a remote computer or a website. This enables other users to access and use the network copy of the le at the same time that the remote user edits the remote copy. Any changes to the le are synchronized with the remote users copy whenever the remote user connects to the network. Types of Distributed Storage Systems Many systems include built-in support for distributed storage, and there are also thirdparty implementations for both software and hardware that you can purchase if you need improved performance. For example, Microsofts Distributed File System (DFS) is a software-based distributed hierarchical storage implementation that is built into Windows Server 2008 R2, and other Windows server software. It provides users with a simple and convenient way to access shared folders that are distributed throughout the network. With DFS, administration can make les that are distributed across multiple servers appear to users as if they all reside in a single location on the network. DFS comprises three main components. The rst is the DFS root, which is a visible network share that contains folders and les. The DFS link resides below the root and it redirects the user to a share that exists somewhere on the network. The DFS target (or replica) allows you to group two identical shares, usually stored on different servers, as DFS targets under the same link.
Backup Policies
Each organization will need to maintain a backup policy that documents its own backup requirements, procedures, and systems. The policy should include specications for all the components of the backup plan, including the backup software, hardware, media, schedule, and testing plans, as well as designating administrative responsibility for the system. Backup Policy Considerations When you devise a backup policy and implement a backup system, you should consider these factors: Hardware and mediaWhat is appropriate for your environment? How do you balance cost against performance? SoftwareCan you use the utilities built into your operating system, or will you need a dedicated third-party backup application? Backup administrationWho is responsible for performing backup functions? Backup frequencyHow much data you can afford to lose determines how often you will back up. Backup methodsWhich of several backup media-rotation schemes is appropriate for your organization? Backup typesWhich of several schemes will you use for backing up new and existing data efficiently? What is the balance between partial and complete backups? Backup setHow many tapes or other media will you need for each backup? Backup schedulingWhat time of day and when during the week will you run the backups? Will users be logged on? Will les be open?
587
APPENDIX D
Media identicationWhat are the standards for labeling backup media? Media storageWhere will backup media be kept? Onsite or offsite, or in multiple locations? Recovery testingWhen and how will you perform test restorations of data? Who is responsible? MaintenanceWhat scheduled maintenance or replacement is required for the hardware, software, and media? When will this be performed? How will you budget for it? Restoration timelineDo you have a complete plan for recovering all lost data? How long is recovery expected to take?
Network Reconstruction Plan Maintenance

A network is a living entitymost companies do not stay the same. A disaster recovery plan needs to reect changes to the organization. You should formally review the disaster recovery plan at least twice a year, and informally review it quarterly. A formal review should include business managers, the CIO, corporate staff, and IT managers. A formal review makes many employees, including corporate personnel, aware of the review. An informal review can be done by the appropriate administrator and his or her staff. During a review, check administrative passwords, recovery agents, and changes to the backup scheme. Review time is also a good time to train new IT personnel on the recovery plan. Once the plan has been reviewed and accepted, it needs to be distributed to the appropriate people. To ensure that you can access the plan in the event of an actual disaster, at least one copy must be stored offsite in a secure but known location, such as a remote corporate office. If your company uses an offsite data storage location, keep copies there. If your company uses an offsite storage/management company, keep copies on le with them. Key managers might also want to keep copies of the plan at their homes.
588
LESSON LABS
LESSON LABS
Due to classroom setup constraints, some labs cannot be keyed in sequence immediately following their associated lesson. Your instructor will tell you whether your labs can be practiced immediately following the lesson or whether they require separate setup from the main lesson content. Lesson-level lab setup information is listed in the front of this manual in the course setup section.
LESSON 3 LAB 1
Describing Network Media and Hardware
Activity Time: 20 minutes Scenario: In this activity, you will describe network media and hardware components.
1.
A user on your network uses a Personal Digital Assistant (PDA) to keep track of her calendar and contact list. She synchronizes the PDA data frequently with her laptop computer via the systems infrared ports. She complains that she intermittently loses the infrared connection between the two devices. You visit her workstation and find that she is seated in close proximity to a large window. What problem do you suspect? Bright sunlight from the window can occasionally interfere with the infrared transmission. There could also be a line-of-sight problem where the transmitter and receiver are not directly aligned.
2.
You have a logical bus network formed by connecting devices with twisted pair cables. As you expect considerable traffic on the network, you need maximum transmission speeds between the nodes on the network. Which network device would you use to handle this requirement? a) Router b) Bridge c) Switch d) Gateway
Lesson Labs
589
LESSON LABS
3.
Match the network connectivity device to its description.
c a b d
4.
Gateway WAP Router Switch
a.
Connects wireless devices to the network. b. Connects multiple networks that use the same protocol. c. Converts data between incompatible systems. d. Connect various nodes or segments on a network.
True or False? The unwinding of a twisted pair cables conductors does not affect its performance characteristics. True False
5.
True or False? Bluetooth is a long-range radio technology designed to simplify communications among Internet devices. True False
LESSON 3 LAB 2
Identifying the Network Media
Activity Time: 30 minutes Data Files: Crossword_Starter.html
Scenario: In this activity, you will identify the network media based on the descriptions specied in the Crossword_Starter.html le.
1. 2.
Print the html file. Read the descriptions in the Across and Down sections and fill the answers in the grid.
590
LESSON 4 LAB 1
Identifying Network Implementations
Activity Time: 20 minutes Scenario: In this activity, you will identify the different types of network implementations.
LESSON LABS
1.
What are some of the factors that affect the maximum transmitting distance of a wireless radio transmission? Answers will vary, but may include: atmospheric conditions, ambient electrical noise, conductive obstacles in the path, presence of other electrical equipment, and data rate.
2.
True or False? Infrared wireless networks are suitable for a large area with physical obstacles. True False
3.
Which factor significantly affects the maximum transmitting distance of a microwave wireless installation? a) Data transmission rate b) Environmental factors c) Distance between transmitting stations d) Sources of electrical disturbance
4.
What are the Ethernet standards you are likely to use in your organization? Answers will vary, but may include: 10Base standards, 100Base standards, and 1000Base standards.
Lesson Labs
591
LESSON LABS
LESSON 5 LAB 1
Comparing the OSI and TCP/IP Models
Activity Time: 20 minutes Scenario: In this activity, you will compare the OSI reference and TCP/IP models.
1.
Discuss the primary differences between the OSI reference model and the TCP/IP model. Answers will vary, but might include: the OSI reference model consists of seven layers whereas, the TCP/IP has only four layers. The Application layer of the TCP/IP model maps to the Application, Presentation, and Session layers of the OSI reference model and the Physical and Data Link layer of the OSI reference model maps to the Network Interface layer in the TCP/IP model. Moreover, the OSI reference model was invented before the advent of protocols, therefore, the functionality is not optimized according to the protocols functioning in each layer. However, the TCP/IP protocols formed the standards around which the Internet was developed and therefore, the layers in the model emulate the functionality at each layer.
2.
Explain why the TCP/IP model serves as a better architecture for the Internet than the OSI reference model? Answers will vary, but may include: TCP/IP was specifically developed to execute Internet-related tasks such as remote login, email, and resource sharing. Also, the functions and protocols in the TCP/IP model are more flexible than those defined in the OSI reference model. This has led to the complete replacement of the OSI reference model in all practical applications. The OSI reference model is now used only for theoretically explaining the concept of network models, and most of the present day networks, such as the Internet, follow the TCP/IP model.
3.
Discuss the design issues at the Physical layer? Answers will vary, but may include: some of the design issues at the Physical layer include the bandwidth of the transmission medium, the switching technologies, the type of modulation, and the type of transmission to be used.
4.
What is the main purpose of Layer 3 of the OSI model? Layer 3 is the Network layer and it addresses and ensures the delivery of packets across the network.
5.
What is the main purpose of Layer 5 of the OSI model? Layer 5 is the Session layer and it controls the conversation between two endpoints.
6.
What is the main purpose of Layer 7 of the OSI model? Layer 7 is the Application layer and it provides standardized services to applications.
592
7.
What is the purpose of Layer 1 of the OSI model? Layer 1 is the Physical layer and it is responsible for encoding and receiving signals.
LESSON LABS
8.
Match the Network- and Transport-layer protocol families with their functions.
b c a
9.
Reliability protocols Connection protocols Routing protocols
Ensure that data is transmitted to its correct destination. b. Ensure integrity of data transfer. c. Ensure establishment of data transfer.
a.
Match the Application-, Presentation-, and Session-layer protocol families with their functions.
d b e a c
Terminal-emulation protocols Remote-action protocols
Enable communication between different software processes. b. Responsible for setting up a clientserver relationship. Multiple-session protocols c. Responsible for representation of data. Task-to-task protocols d. Responsible for providing access to a host. Codeset and data structure e. Responsible for establishing addiprotocols tional network links.
a.
10. True or False? If you install multiple protocols on your computer, then each protocol must be bound to its own NIC. True False
LESSON 6 LAB 1
Identifying TCP/IP Addressing and Data Delivery
Activity Time: 20 minutes Scenario: In this activity, you will identify TCP/IP addressing and data delivery methods.
1.
What are the factors that contribute to the success of TCP/IP? Answers will vary, but may include: the factors that contribute to the success of TCP/IP include an integrated addressing system, flexible network design for routing, underlying network independence, scalability, open standards and the development process, and universal adaptability.
Lesson Labs
593
LESSON LABS
2.
Discuss the purpose of subnetting? Answers will vary, but may include: the purpose of subnetting is to integrate multiple physical networks into a single IP network. Subnetting affects only hosts and routers in the particular network, and on external networks, these addresses are treated as normal IP addresses. Thus, all datagrams being transmitted to any of the subnetted networks follow the same path through the external network. Only when they arrive at the subnetted network, do they follow paths to one of the individual networks in the subnet. Therefore, routers need not store subnet masks for external networks that use subnet addressing.
3.
How will you determine the class of an IP address? You can determine the class of an IP address from the first octet of the IP address.
4.
Discuss the use of ARP? Answers will vary, but might include: a host on an Ethernet network can communicate with another host, only if it knows the MAC address of that host. IP uses an IP address for routing the communications. ARP is used to obtain the MAC address of a host from its IP addressing scheme. ARP is extensively used by all hosts on an Ethernet network.
5.
What are the primary differences between TCP and UDP? Answers will vary, but may include: TCP is a connection-oriented protocol and provides for flow control and guarantees the data delivery. Moreover, it ensures congestion control with the help of algorithms. On the contrary, UDP is a connectionless protocol that does not guarantee data delivery.
6.
How does TCP ensure reliable data delivery? TCP ensures reliable data delivery by using a guaranteed-delivery process wherein it establishes a connection, sequences and acknowledges transmitted packets, and recovers packets lost during transmission.
594
LESSON 6 LAB 2
TCP/IP Addressing and Data Delivery Components
Activity Time: 30 minutes Data Files: Crossword_Starter.html
LESSON LABS
Scenario: In this activity, you will identify the elements of TCP/IP addressing and data delivery in the Crossword_Starter.html le.
1. 2.
LESSON 7 LAB 1
Identifying TCP/IP Services
Activity Time: 20 minutes Scenario: In this activity, you will identify major services deployed on TCP/IP networks.
1.
Discuss the salient features of IMAP4. Answers will vary, but may include: IMAP4 is a mail access protocol that offers many features. A user can check the email header prior to downloading, search contents of the email for a specific string of characters, and partially download email, ignoring files that require high bandwidth. Users can create, delete, or rename mailboxes on the mail server.
Lesson Labs
595
LESSON LABS
2.
Match the TCP/IP service with its description.
b c a d
3.
DHCP DNS FTP Telnet
a.
Enables the transfer of les between a users workstation and a remote host. b. Assigns TCP/IP conguration settings to network devices. c. Translates FQDNs into IP addresses. d. Enables a user at one site to simulate a session on a remote host.
What are the differences between FTP and HTTP? Answers will vary, but may include: although both FTP and HTTP enable file transfer across the Internet, there are important differences between the two protocols. FTP enables you to both upload and download files, while HTTP enables you to only download files from a website. Further, using FTP, you can automatically save a downloaded file. If you want to save a file downloaded using HTTP, you need to do so explicitly; it is not done by default.
4.
Match the TCP/IP upper-layer protocol or service with its description.
d c b a
5.
NTP SMTP IMAP4 HTTP
a.
Denes the interaction between a web server and a browser. b. Retrieves email messages from a mail server. c. Sends emails from a client to a server or between servers. d. Synchronizes the clock times of computers on a network.
Match the port number ranges with their reserved block.
c a b
6.
Well-known ports Registered ports Dynamic or private ports
a. 1024 to 49,151 b. 49,152 to 65,535 c. 1 to 1023
Discuss the salient features of Telnet. Answers will vary, but might include: Telnet is a client-server application that allows a user to log on to a remote machine, giving the user access to the remote system. Telnet uses an Network Virtual terminal (NVT) system to encode characters on the local system. On the server machine, NVT decodes the characters to a form acceptable to the remote machine.
7.
For the socket address example {tcp, 110.105.25.5, 23}, identify the components.
c a b
tcp 110.105.25.5 23
a. The IP address of the local computer. b. The port number of the local service. c. The protocol.
596
LESSON 7 LAB 2
Discussing the TCP/IP Services
Activity Time: 30 minutes Data Files: Crossword.html
LESSON LABS
Scenario: In this activity, you will discuss the TCP/IP services based on the descriptions specied in the Crossword_Starter.html le.
1. 2.
LESSON 8 LAB 1
Identifying Routing and Switching Implementations
Activity Time: 20 minutes Scenario: In this activity, you will identify various aspects of routing and switching implementations.
1.
Using the route print command, observe the various fields in the routing table of your system.
What advantage does a router have over a switch? a) Routers can transmit data from different technologies. b) Routers translate data between different types of networks. c) Routers can block unwanted traffic. d) Routers route data to the destinations across networks.
2.
Lesson Labs
597
LESSON LABS
3.
What is the advantage of the cell switching technique over packet switching? Answers will vary, but may include: the cell switching technique is very similar to packet switching except that data is divided into fixed-length cells instead of variable-length packets. The advantage of cell switching over packet switching is its predictability. Cell switching technologies make it easy to keep track of how much data is moving on a network.
4.
Explain the differences between the distance-vector routing algorithm and link state routing algorithm. Answers may vary, but might include: in the distance-vector routing algorithm, the routing table conveys information about the number of hops that need to be taken to reach the next node. This is in contrast to the link state routing algorithm that warrants the routing table to contain information regarding the entire topology of the domain, including the list of nodes and links and the cost and condition of the links (up or down).
5.
Discuss the advantages of adopting dynamic routing algorithms in a router. Answers may vary, but might include: a dynamic table automatically updates any change in the network. Alternate arrangements are automatically updated by the router when any node specified in the routing table is down. A dynamic table allows the router to choose an alternate path, if one is identified.
6.
A router has to forward a packet to point B on the network. It has two possible routes to point B: one is path X, which contains three hops and the other is path Y, which contains two hops. Discuss the different metrics that a router considers to select the optimum path. Answers may vary, but might include: the router may decide to take path Y if the metrics used to establish the routing table are based on the number of hops. If the metrics are based on minimizing delay across the network, path X, with more hops, may be chosen. This is based on the assumption that path X is a high-bandwidth connection with little congestion.
7.
Discuss the need for autonomous systems. Answers may vary, but might include: one routing algorithm cannot handle the task of updating the routing tables of all routers. Dividing the Internet into groups of networks and identifying a suitable algorithm to govern each network will simplify the task of updating information in a routing table.
8.
Which of the following are advantages of a static routing table? a) They do not require maintenance. b) They do not cause extra network traffic. c) They are controlled by an administrator. d) They do not require specialized routing protocols.
598
9.
Which of the following are components of a routing table? a) Destination b) Network mask c) Subnet number d) Metric
LESSON LABS
LESSON 9 LAB 1
Discussing the WAN Infrastructure
Activity Time: 20 minutes Scenario: In this activity, you will discuss various aspects of the WAN infrastructure.
1.
What are the benefits of MPLS? Answers will vary, but may include: benefits such as improved performance of network layers, improved scalability, guaranteed QoS with service deliveries, and improved traffic engineering capabilities.
2.
Compare and contrast DSL and the cable Internet. Answers will vary, but may include: DSL uses existing phone lines to transmit digital data signals on a separate channel from analog voice signals. The Cable Internet uses cable television transmission lines to transmit digital data signals for Internet connectivity, using a splitter to separate the two signals. DSL provides faster transmission speeds than the cable Internet; both cable and DSL provide adequate security for personal use. Cable modems deliver shared bandwidth whereas DSL modems deliver dedicated bandwidth.
3.
What are the benefits of ATM? Answers will vary, but may include: high-speed communication, connection-oriented service, efficient bandwidth allocation, and cell switching.
4.
What are the benefits and drawbacks of VoIP? Answers will vary, but may include: VoIP can use the existing IP infrastructure and Internet connectivity that is in place in virtually every organization to transmit voice data without incurring additional overhead costs and long-distance calling expenses. However, when voice data is broken down into packets on the IP network, it becomes subject to delay and signal degradation in high-traffic environments if there is no provision for QoS for voice traffic.
Lesson Labs
599
LESSON LABS
5.
How can you use ICS to provide Internet connectivity? ICS connects multiple computers to the Internet using a single Internet connection. The host connects directly to the Internet, whereas others act as ICS clients. An ICS host requires a local area connection and an external connection.
6.
Which DSL technology carries data over T1 lines? a) SHDSL b) RADSL c) ADSL d) IDSL e) HDSL
LESSON 9 LAB 2
Identifying the Components of a WAN
Activity Time: 30 minutes Scenario: In this activity, you will identify the components of a WAN infrastructure based on the descriptions specied in the Crossword_Starter.html le.
1. 2.
600
LESSON 10 LAB 1
Discussing Remote Networking
Activity Time: 20 minutes Scenario: In this activity, you will discuss remote networking.
LESSON LABS
1.
What is the primary benefit of implementing RADIUS in an environment that has several RAS servers? The primary benefit of implementing RADIUS in an environment that has several RAS servers is centralized administration.
2.
What are the types of remote networking associated with RDP? a) Remote access b) Remote desktop control c) Terminal services
3.
What are the necessary components for net appliances? a) Input device(s) b) Output device c) Network connection d) Client software e) Boot ROM
4.
How is web-based remote access accomplished in Windows Server 2008 R2? a) Remote Desktop Connection b) Remote Assistance c) RRAS d) Remote Desktop Web Connection e) IIS
5.
True or False? The main difference between PAP and CHAP is how they handle user passwords. True False
Lesson Labs
601
LESSON LABS
6.
What is the major benefit of using RRAS on a Microsoft network? The user can dial-in and authenticate with the same account that they use at the office. If a third-party RAS is used, an additional application will need to be used to help sync the user names and passwords.
7.
True or False? Tunneling enables non-IP data to be sent over the Internet. True False
8.
Which is a protocol used in VPNs? a) PEAP b) PPP c) PPTP d) PPPoE e) EAP
LESSON 11 LAB 1
Discussing System Security
Activity Time: 20 minutes Scenario: In this activity, you will discuss various aspects of system security.
1.
What are the essential characteristics of a strong password? Answers will vary, but may include: strong passwords are structured to conform to an administrators password policy. Typically, strong passwords require a minimum password length and must contain a mixture of uppercase and lowercase letters, numbers, and other non-alphanumeric characters.
2.
What are the security advantages of a drive-level security system such as NTFS? Answers will vary, but may include: a secure file system such as NTFS provides file- and folder-specific permissions on a user or group basis. This means that users must be authenticated by the system to gain access, rather than by simply obtaining a resource password. NTFS also provides user-level file encryption.
602
3.
Summarize the Kerberos authentication process. In Kerberos, users request a ticket from the authenticating server, which in turn responds with a time-stamped ticket. The user requests a service ticket and the server responds with a service ticket. The user presents the service ticket to the resource and the resource authenticates the user and allows access.
LESSON LABS
4.
How can digital certificates support network security? They can be used to establish identity as they generate digital signatures that prevent spoofing. They can also be used for encryption to protect data.
5.
What are some vulnerabilities that you are familiar with? Answers will vary, but may include: weak passwords, insecure wireless access, failure to keep up with software patches, lack of physical security, failure to train end users on proper procedures, and obsolete software or insecure hardware.
6.
Detail the differences between a threat, vulnerability, and risk. Answers will vary, but may include: a threat is any potential violation of security policies or procedures. A vulnerability is any condition that leaves a system open to attack. A risk is an exposure to the chance of damage or loss, and signifies the likelihood of a hazard or a threat.
7.
How does multi-factor authentication enhance security? Because the attacker must obtain at least two authentication factors, not just one, in order to breach the system. This can be particularly difficult with biometrics, or who you are authentication, where at least one of the factors is a unique physical characteristic of an individual.
Lesson Labs
603
LESSON LABS
LESSON 12 LAB 1
Discussing Network Security
Activity Time: 20 minutes Scenario: In this activity, you will discuss various aspects of network security.
1.
Describe some of the security benefits of IPSec. Answers will vary, but may include IPSec is an independent protocol that can be implemented on any IP network. IPSec can provide end-to-end encryption and security for an entire network communication. It can also prevent insecure communications on a nodeby-node basis.
2.
Distinguish between NAT servers, firewalls, and proxy servers. NAT servers translate between a private and a public IP address scheme. Firewalls filter packets based on administrative criteria, but do not make addressing changes. Proxy servers regenerate packets and readdress them. They can also provide address translation. All three types of services work together to create a secure solution.
3.
List a few purposes of NAT. Answers will vary, but may include provides a firewall, enables organizations to use more internal IP addresses, and allows them to combine multiple ISDN connections into a single Internet connection.
4.
What are the advantages of implementing a firewall? Answers will vary, but may include protection from insecure services, controlled access to systems, and enhanced privacy.
5.
How is a firewall different from an NAC? The deciding factors of a firewall are source IP and destination IP; whereas, the deciding factors of an NAC are username, group access method, and destination status. Also a firewall is positioned between two networks while an NAC is positioned between a user and a network.
604
LESSON 13 LAB 1
Discussing Network Security
Activity Time: 20 minutes Scenario: In this activity, you will discuss various aspects of network security.
LESSON LABS
1.
Describe Trojan horses and explain why they are dangerous. Trojan horses are programs that masquerade as legitimate software. They are often distributed through email. One way that they are dangerous is that they can steal passwords and transmit them to another party. They can also be used to obtain critical data from applications that a user thinks is legitimate.
2.
What are some ways that you can guard against network data theft? Implement strong security policies for data storage and user account management, and enforce the policies.
3.
Are there any disadvantages to strong virus protection plans? Yes. For example, scanning too many files too often can slow down response times on servers or user workstations. Network security is always a balance between protection and usability.
4.
A help desk representative in your organization sniffs the network for user accounts and passwords. She then changes the passwords, leaving a user unable to connect to the system to access any service. What type of attack(s) did the attacker use? Eavesdropping and DoS attacks.
5.
The help desk receives a call from someone claiming to be a support person asking for the FQDN and IP address of the web server in your organization. A short while later, no one on the Internet can get to your web server because the performance has suddenly dropped. What type of attack(s) did the attacker use? Social engineering and DoS or DDoS attacks.
6.
A user forwards an email with attachments to other users in the organization. The email states that a person is in dire need of help and to please forward the email to others immediately. It causes a virus to spread within the organization. What type of attack(s) did the attacker use? Malicious code and social engineering attacks.
Lesson Labs
605
LESSON LABS
7.
An attacker scans your network and finds Port 21 open. She then retrieves a user name and password for your server. After logging on, she creates an account with administrative privileges. Later, she logs on with this account and steals data. What type of attack(s) did the attacker use? Port scanning, eavesdropping, and backdoor attacks.
8.
Match the wireless threat with its description.
Interference
Evil twins
War chalking
Packet sniffing
Bluejacking
A rogue access point in a public access location has been congured so that it appears to be genuine. b. An attacker sends out unwanted signals from a mobile device with unsolicited content. c. An attacker captures data and registers data ows to analyze what data is contained in a packet. d. Symbols are used to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access. e. A wireless signal is jammed due to other wireless signals operating in the area.
a.
9.
Chuck, a sales executive, is attending meetings at a professional conference that is also being attended by representatives of other companies in his field. At the conference, he uses his smartphone with a Bluetooth headset to stay in touch with clients. A few days after the conference, he finds that competitors sales representatives are getting in touch with his key contacts and influencing them by revealing what he thought was private information from his email and calendar. Chuck is a victim of which wireless threat? a) Packet sniffing b) Bluejacking c) Bluesnarfing d) Rogue access point
606
LESSON 14 LAB 1
Identifying Network Management Tools
Activity Time: 20 minutes Scenario: In this activity, you will identify major system monitoring tools and how they are used to optimize network tolerance and usability.
LESSON LABS
1.
You are having trouble with your Windows Server 2008 machine connecting to the network. What tool can you use to monitor the systems general performance? Run the Performance and Reliability Monitor Tool first to observe, monitor, and record system related information.
2.
How can counter threshold values be helpful to general system monitoring? Threshold values can be set in many different ways, depending on what tools are being used. Administrators can establish a baseline and set a threshold to meet specific needs.
3.
What are some possible uses for protocol analyzers? Answers will vary, but may include analyzing current network traffic, intrusion detection, performance analysis, traffic filtering, or eavesdropping.
4.
What is the Network adapter promiscuous mode? Promiscuous mode operation is required on all protocol analyzers. Promiscuous mode enables a system to recognize all packets being sent over the network, no matter what the source or destination is.
5.
What are some Network monitoring tool sets? Network monitoring tool sets include LAN monitoring, QoS monitoring, bandwidth monitoring, and WAN monitoring.
6.
How can creating a network baseline be beneficial to general network monitoring? Creating a network baseline allows you to capture the network settings and activity during a normal activity interval. Once this baseline is captured, you can record baseline measurements to a log file and are better equipped to recognize irregular and abnormal network activity.
7.
Discuss the various types of parameters that can be included in a Service Level Agreement. Answers will vary, but may include: service definition, warranty policies, turnaround time, or minimum amount of delay.
Lesson Labs
607
LESSON LABS
8.
Discuss the various parameters that may affect the QoS in a network. Answers will vary, but may include: a sudden surge in network traffic, delay in transmission of packets, packet loss, or less bandwidth availability.
9.
Distinguish between disaster recovery planning and fault tolerance planning. Disaster recovery planning enables you to restore network services in the event of catastrophic damage that is either not foreseeable or preventable. Fault tolerance measures enable systems to keep functioning in the event of a mishap that can reasonably be predicted. Without fault tolerance measures in place, those events could actually trigger disastrous system loss.
10. What do you feel is the most important aspect of a disaster recovery plan? Why? Answers might vary, but documenting the plan adequately is probably the most important aspect. The people who composed the plan might not be those who implement it, so detailed documentation is critical to implementing it successfully. 11. How could you make a network with a single external WAN link and an internal routed topology fault-tolerant? Add a fall-back WAN link for use if the primary link goes down. Depending on the size of the network and the connectivity needs, this could be a simple dial-up connection or a redundant leased line. Internally, primary routers can be configured in a mesh topology, providing redundant routes through the network. Routing tables either need to be configured with the backup routes manually, or you can employ a dynamic routing protocol for more efficiency. 12. What factors should you consider when planning enterprise fault tolerance for your organization? For a true enterprise solution, you will need to consider and implement all elements of fault tolerance planning, including power protection for key systems; disk fault tolerance; a backup plan; server redundancy for DNS, DHCP, directory, and other key services; network link redundancy; and the availability of spares for critical devices.
608
LESSON 15 LAB 1
Analyzing Network Troubleshooting Procedures Network Troubleshooting Scenarios
Activity Time: 20 minutes Scenario: In this activity, you will discuss the appropriate network troubleshooting procedures to follow in various network troubleshooting scenarios.
LESSON LABS
1.
What are some ways that you can determine the scope of a networking problem? Answers will vary, but may include: checking with users in other areas of the network to see if they are experiencing the same problem. Find out if similar, related problems have been reported by other users.
2.
What are some of the benefits of clearly documenting the solutions of troubleshooting problems? Answers will vary, but may include: it provides a database of problems and their solutions for reference, so you can save time when similar problems arise. It can also serve as a record of problems so that you can look for patterns that might indicate deeper underlying problems you can anticipate and correct proactively.
3.
A Windows user logs on and gets a message that the systems IP address is already in use. This user receives an IP address through a DHCP server. How can the user get a valid IP address? Ping the DHCP server to make sure it is up, and then use the ipconfig /release and ipconfig /renew commands at a command prompt to obtain a new valid address from the DHCP server.
4.
A client calls from the California office saying that she is not able to connect to the server ICANY in New York. This server is on a routed IP network. This is the second client from California who has called with this problem. No users from other sites have called. What should you do? Try pinging the server from your workstation. If you are able to reach the server, ask the client to do the same and see if the client gets a response that the server is available (She will most likely get a Destination Host Unreachable message.) If she cannot connect, have the client enter tracert icany to see how far the trace can reach before timing out. You will then be able to figure out which device is causing the problem, because the next device that would be encountered on the route between the client and ICANY is the problem device.
5.
What indicator on a network adapter indicates that a computer is connected to the network? The link indicator on the network adapter will be lit indicating that the computer is connected to the network.
Lesson Labs
609
LESSON LABS
6.
What can a simple cable tester show? A simple cable tester can tell if a cable run is connected end to end, and can detect basic electrical connections or errors in the connections, such as opens or shorts and misrouted wires.
7.
Explain the factors that affect a networks baseline performance. Answers will vary, but may include: factors such as a large number of users or servers added to or removed from the network; and when the network is configured for remote access. The network should be re-baselined periodically to account for these changes.
8.
A user calls to say that she has lost her Internet connection and cannot open a web page. What information will you need in order to diagnose and resolve her problem? You must determine if she has connectivity to the local network, and then determine if she has lost connectivity to a DNS name server, or if she has lost all connectivity to the Internet.
9.
What questions will you ask her to help determine where her problem is? Can she connect to the local network? Can she log on to the network? Can she access her home directory on the network? Ask her if she changed any settings on her workstation or her TCP/IP settings? Can she ping remote hosts? Can she connect to the Internet?
10. What utilities can you ask her to use to locate the problem? In addition to using a GUI, she can use an IP configuration utility such as ping or tracert. 11. How will you test for functional name resolution to the website she wants to visit? You can ask her to ping the desired website by name. If it returns an IP address, but does not get a reply from the site, you will know that name resolution works, but the website is unavailable. Nslookup could also be used but tends to be a bit more confusing to users over the phone. 12. You are the administrator of a small office. One of your users keeps complaining that he is losing his connection to the network. He can reboot and log on each time, but loses the connection again shortly afterward. What items would you check? a) The network connection to the logon server. b) The network cable of the user. c) User rights and permissions. d) The network card driver. e) Ports on the switch. 13. If you wanted to test the users network card driver, how would you do it? Either reinstall the same driver or update the driver, and check the manufacturers website to see if it is a known problem that has a fix. 14. If you wanted to test the users network cable, how would you do it? Swap out the patch cord, use a cable tester to check for shorts or opens, or call a technician to certify the cable to the correct category specifications.
610
15. You are a network consultant working for an integrator/solutions provider. You have been called out to a financial office that says its network went down suddenly. They report that all servers seem to be functioning but users cannot log on. The network has approximately 200 workstations and servers distributed across six hubs. You place a network analyzer online, and observe that all traffic seems to be coming from one MAC address. What do you conclude is the most likely problem? You have a machine that is causing a broadcast storm. The problem is most likely due to a faulty network card. 16. How can you bring most of the network back online while you troubleshoot this problem? By isolating the switch connected to the faulty machine. Disconnect each switch until the storm stops to isolate the faulty segment from the remainder of the network. 17. How will you identify the individual machine causing the problem? You could record the source MAC address in the bad packets, and then use ipconfig to search for that machine, or you could move a network analyzer to the isolated switch and remove the patch cables connected to the switch one by one, testing each one to isolate the source of the storm. Once you locate the source of the storm, you can reinstate the switch on the network. 18. You have just moved a workstation from one office to another. It worked fine in the old office but will not connect to the network in the new office. You suspect that the wall plate in the new office may not be hotthat is, not patched into the switch. How can you quickly test to see if there is a connection? Check the link indicator on the network card. 19. If the user has no network connection, what is the next step toward isolating the problem? If there is no link, check to be sure the cable run to the office is patched in, and then test the cable with a simple point-to-point cable tester. 20. A user calls and complains that he cannot connect to the Internet but can connect to servers inside the company. You ask him to open a command prompt window and ping the company website. He does so but gets no reply. You ping the website and get a reply from your workstation. You ask him to ping the IP address of the website. He does so and gets the correct reply. What is keeping the user from connecting to the website? The users workstation is not getting resolved by the DNS server. 21. What is the next step in resolving the problem? Check to see if he has the correct settings in the TCP/IP Properties dialog box on his workstation. 22. You are presently working as a network engineer for a computer services company. One of your customers calls and complains that the networks main server keeps rebooting itself. When you arrive, the system seems to be running properly and then all of a sudden turns itself off. A few seconds later, it turns itself back on and starts a normal boot procedure. Where can you look to get more information on what was happening right before the server went down? The servers event logs might tell what was going on at the time of failure.
LESSON LABS
Lesson Labs
611
LESSON LABS
23. Is this most likely a software problem or a hardware problem? The problem is most likely related to hardware judging from the constant rebooting of the server. 24. Your company is planning changes to its deployment of web-based services. Currently, all services are being hosted by an outside vendor. The goal is to bring all the web servers inside the company to better control them. What is the first step in predicting the impact that the new incoming web traffic will have on the network? Obtain records from the current Internet service provider to predict how much extra traffc will be added to the network. 25. What component in the current network will be affected most? The Internet connection will have to handle the extra traffic. 26. How will your baseline information help you decide where to place the new servers? The baseline will show you where you have the most available bandwidth to accommodate the new servers.
612
GLOSSARY
GLOSSARY
10Base standards A set of standards that describes the media type and the speeds at which each type of media operates. 3DES See Triple DES. 802.11 An IEEE standard that species an over-theair interface between a wireless client and a base station or between two wireless clients. 802.2 An IEEE standard used to address the need for MAC-sub-layer addressing in bridges. 802.3 An IEEE standard used to standardize Ethernet and expand it to include a wide range of cable media. 802.x A family of networking standards developed by IEEE. A (Address record) A DNS record that maps the host name to its IP address using a 32-bit IPv4 address. AAAA (IPv6 address record) A DNS record that maps the host name to its IP address using a 128-bit IPv6 address. AC (Alternating Current) An electrical current that switches its ow back and forth in a circuit. access control In security terms, the process of determining and assigning privileges to various resources, objects, and data. accountability In security terms, the process of determining who to hold responsible for a particular activity or event. accounting See auditing. ACL (Access Control List) A set of data (user names, passwords, time and date, IP address, MAC address, etc.) that is used to control access to a resource such as a computer, le, or network. active hub A hub that regenerates the signal similar to a repeater. active IDS An IDS that detects a security breach according to the parameters it has been congured with, logs the activity, and then takes the appropriate action to block the user from the suspicious activity. ad-hoc mode A peer-to-peer wireless conguration where each wireless workstation talks directly to other workstations. address munging A method used by end users to provide a fake name or address to post on consumer websites or newsgroups.
Glossary
613
GLOSSARY
adware Software that automatically displays or downloads advertisements when it is used. AH protocol (Authentication Header protocol) A protocol that IPSec uses to provide data integrity through the use of MD5 and SHA. AH takes an IP packet and uses either MD5 or AH to hash the IP header and the data payload, and then adds its own header to the packet. algorithm In encryption, the rule, system, or mechanism used to encrypt data. amplitude The crest or trough of a wave from the midpoint of the waveform to its top or bottom. analog modulation The process of superimposing a low frequency data signal over a high frequency carrier waveform. analog signal A signal that oscillates over time between minimum and maximum values and can take on any value between those limits. ANS (Authoritative Name Server) A name server that responds to name-related queries in one or more zones. ANSI (American National Standards Institute) The national standards institute of the United States, which facilitates the formation of a variety of national standards, as well as promoting those standards internationally. antivirus software A software program that scans a computer or network for known viruses, Trojans, worms, and other malicious software. AP (Access Point) A device or software that facilitates communication and provides enhanced security to wireless devices. APIPA (Automatic Private IP Addressing) A service that enables a DHCP client computer to congure itself automatically with an IP address on the 169.254.0.0 network in case no DHCP servers respond to the clients DHCP discover broadcast. Application layer The OSI layer provides services and utilities that enable applications to access the network and its resources. application-based IDS An IDS software component that monitors a specic application on a host. ARP cache A table used to maintain a correlation between each MAC address and its corresponding IP address. arp utility A command that enables an administrator to view and manipulate the ARP cache, including deleting it or adding an entry to it. ARP (Address Resolution Protocol) A communications protocol that resolves IP addresses to MAC addresses. AS (Autonomous System) A self-contained network on the Internet that deploys a single protocol and has a single administration. asymmetric encryption See key-pair encryption. asynchronous communications A communication method in which special start and stop bit patterns are inserted between each byte of data allowing the receiver to distinguish between the bytes in the data stream. ATM (Asynchronous Transfer Mode) A cellswitching network technology designed for the high-speed transfer of voice, video, and data in LANs, WANs, and telephone networks.
614
GLOSSARY
attack Any technique that is used to exploit a vulnerability in any application on a computer system without authorization. attacker A term for a user who gains unauthorized access to computers and networks for malicious purposes. attenuation The fading or degradation of a signal as it travels across a network medium. auditing In security terms, the process of tracking and recording system activities and resource access. Also known as accounting. AUI connector (Attachment Unit Interface connector) A 15-pin D-shaped connector. Also known as a DIX connector, named for the three companies that invented it: Digital Equipment Corporation (DEC), Intel, and Xerox. authentication by assertion Authentication based entirely on a user name/ password combination. authentication A network security measure in which a computer user or some other network component proves its identity in order to gain access to network resources. authorization In security terms, the process of determining what rights and privileges a particular entity has. availability The fundamental security goal of ensuring that systems operate continuously and that authorized persons can access data that they need. backoff The random amount of time a node in a CSMA/CD network waits after a collision has occurred; a typical backoff period is a few milliseconds long. bandwidth shaping See traffic shaping.
Glossary 615
bandwidth The average number of bits of data that can be transmitted from a source to a destination over the network in one second. baseband transmission A transmission technique in which digital signaling is used to send data over a single transmission medium using the entire bandwidth of that medium. baseline A record of a systems performance statistics under normal operating conditions. BGP (Border Gateway Protocol) A path-vector protocol used by ISPs to establish routing between one another. biometrics Authentication schemes based on an individuals physical characteristics. black hat A hacker who exposes vulnerabilities for nancial gain or for some malicious purpose. bluejacking A method used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth-enabled devices. bluesnarng A process in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection. Bluetooth A wireless technology that facilitates shortrange wireless communication between devices such as personal computers, laptop, cellular phones, and gaming consoles, thus creating a WPAN. BOOTP (Bootstrap Protocol) A UDP network protocol that helps diskless workstation computers get an IP address before loading an advanced operating system.
GLOSSARY
border router A router situated on the edge of an AS that connects the AS to one or more remote networks. botnet A collection of software robots run by a command and control program that is controlled by a person. bottleneck A component of a system that performs poorly when compared to other components and reduces the overall system performance. bounded media A networking medium that uses a physical conductor, typically made of metal or glass. BPL (Broadband over Powerlines) A technology that allows domestic power lines for broadband transmission. branching factor In a physical tree topology, the number of point-to-point connections that are consistently found between a node and the nodes beneath it in the tree structure. bridge A network device that divides a logical bus network into subnets. broadband transmission A transmission technique in which analog signaling is used to send data over a transmission medium using a portion of the mediums bandwidth. broadcast connection See radiated connection. broadcast domain A logical area in a computer network where any node connected to the computer network can directly transmit to any other node in the domain without a central routing device. broadcast radio A form of RF networking that is nondirectional, uses a single frequency for transmission, and comes in low- and highpower versions. broadcast transmission A transmission method in which data goes from a source node to all other nodes on a network. brute force attack A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to try to crack encrypted passwords. BSS (Basic Service Set) A service set that denes the way a WLAN is congured. buffer overow An attack that targets system vulnerability to cause the device operating system to crash or reboot and may result in loss of data or execute rogue code on devices. buffering A ow control technique in which received data is stored on a temporary high-speed memory location. butt set A special type of telephone used by telecom technicians when installing and testing local lines. Also known as a linemans test set. CA (Certicate Authority) A server that can issue digital certicates and the associated public/ private key pairs. cable certiers A type of certier that can perform tests, such as cable testing and validity testing. cable Internet access A WAN connectivity technology that uses a cable television connection and a cable modem to provide high-speed Internet access to homes and small businesses. cable modem Hardware that connects subscribers to a service providers cable systems. cable tester An electrical instrument that veries if a signal is transmitted by a cable. Also called a media tester.
616
GLOSSARY
cache A buffer that is used when reading information from a disk or RAM. caching engine An application or service that stores requested data in order to provide faster responses to future requests for the data. CAN (Campus Area Network) A network that covers an area equivalent to an academic campus or business park. CARP (Common Address Redundancy Protocol) A redundancy protocol that allows a number of computers to be grouped together to use a single virtual network interface between them. carrier signal A high frequency signal that is superimposed on an analog signal to carry information. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) An AES cipher-based encryption protocol used in WPA2. cell switching network A type of network, similar to a packet switching network, in which data is transmitted as xed-length packets called cells. cell A type of xed-size data packet of 53 bytes transmitted on ATM networks. cell The area covered by a wireless access point. Alternatively, a cell is a type of network, similar to a packet switching network, in which data is transmitted as xed-length packets called cells. centralized network A network in which a central host computer controls all network communication and performs data processing and storage on behalf of clients. certicate management system A system that provides the software tools to perform the day-to-day functions of a PKI.
Glossary
certicate repository A database containing digital certicates. change management A systematic way of approving and executing change in order to assure maximum security, stability, and availability of information technology services. CHAP (Challenge Handshake Authentication Protocol) An encrypted remote-access authentication method that enables connections from any authentication method requested by the server, except for PAP and SPAP unencrypted authentication. Checksum A value to let the receiver test the integrity of received data. chips Multiple data signals generated in the DSSS technique. CIA triad (Condentiality, Integrity, Availability) The three principles of security control and management: condentiality, integrity, and availability. Also known as the information security triad or information security triple. CIDR (Classless Inter Domain Routing) A subnetting method that selects a subnet mask that meets an individual networks networking and node requirements and then treats the mask like a 32-bit binary word. cipher A method for concealing the meaning of text. ciphertext Data that has been encoded with a cipher and is unreadable. circuit switching A switching technique in which one endpoint creates a single path connection to another, depending on the requirement. circuit tester An electrical instrument that displays whether an electrical outlet is wired correctly.
617
GLOSSARY
Class A addresses A block of IP addresses from 1.0.0.0 to 127.255.255.255 that provides the largest number of nodes (16,777,214) for the smallest number of networks (126), thus increasing the number of nodes per network. Class B addresses A block of IP addresses from 128.0.0.0 to 191.255.255.255 that provides a good balance between the number of networks and the number of nodes per network16,382 networks of 65,534 nodes each. Class C addresses A block of IP addresses from 192.0.0.0 to 223.255.255.255 that provides the largest number of networks (2,097,150) and the smallest number of nodes per network (254). Class D addresses A block of IP addresses from 224.0.0.0 to 239.255.255.255 used to support multicast sessions. Class E addresses A block of IP addresses from 240.0.0.0 to 255.255.255.255 used for research and experimentation purposes. cleartext The unencrypted form of data. Also known as plaintext. client A network computer that utilizes the resources of other network computers. client/server network A network in which servers provide resources to clients. CNAME (Canonical name record) A DNS record that maps multiple canonical names (aliases) to one A record. coax A common abbreviation for coaxial cable. coaxial cable A type of copper cable that features a central conductor surrounded by an insulator and braided or foil shielding. codec Software or hardware that codes and decodes digital data to and from the analog format. cold site A predetermined alternate location where a network can be rebuilt after a disaster. cold spare A duplicate piece of backup equipment that can be congured to use as an alternate if needed. collision domain Another name for a contention domain. compulsory tunnels VPN tunnels that are established by the WAN carrier without involvement from client endpoints. computer network A group of computers that are connected together to communicate and share network resources. condentiality The fundamental security goal of keeping information and communications private and protecting them from unauthorized access. connection A virtual link between two nodes established for the duration of a communication session. connector A metal device at the end of a wire to connect video equipment and network nodes in a LAN. contention domain A contention-based network on which a group of nodes compete with each other for access to the media. contention-based media access A media access method in which nodes compete or cooperate among themselves for media access time. Also called competitive media access.
618
GLOSSARY
controlled media access A media access method in which a central device or system controls when and for how long each node can transmit. Also called deterministic media access. copper media A type of bounded media that uses one or more copper conductors surrounded by a nonconductive insulated coating. cost The number of hops along a route between two networks. counter An individual statistic about the operation of system objects such as software processes or hardware components, monitored by a performance monitor. cracker A user who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems. CRC (Cyclic Redundancy Check) An error detection method that can be applied to blocks of data, rather than individual words. Both sender and receiver calculate EDC; if they match, the data is assumed to be valid. crossover cable A special network cable used in Ethernet UTP installations, in which the transmit and receive lines are crossed in a way that enables you to connect two hubs or two stations without using a switch. Ethernet, UTP, hub, switch. cryptography The science of hiding information to protect sensitive information and communication from unauthorized access. CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) A contention-based media access method in which nodes can transmit whenever they have data to send. CSMA/CD (Carrier Sense Multiple Access/Collision Detection) A contention-based media access method in which nodes can transmit whenever they have data to send. CSU/DSU (Channel Service Unit/Data Service Unit) A combination of two WAN connectivity devices on a Frame Relay network that work together to connect a digital WAN line with a customers LAN. custom TCP/IP subnet A class of leased addresses that are divided into smaller groups to serve a networks needs. cycle One complete oscillation of an analog signal. daemon A background process that performs a specic operation. Data Link layer An OSI layer responsible for error-free transfer of data packets between nodes on the network. data packet A unit of data transfer between computers that communicate on a network. data theft A type of attack in which unauthorized access is used to obtain protected network information. data transmission The transfer of data between computers or other electronic devices through a network. data window A ow control technique in which multiple packets are sent as a unit. The recipient acknowledges each window rather than each packet, resulting in higher throughput. DC (Direct Current) A type of electric current that ows unidirectionally.
Glossary
619
GLOSSARY
DCE (Data Communications Equipment) Interface devices such as modems on a Frame Relay network. DDoS attack (Distributed Denial of Service attack) A software attack in which an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks to carry out a DoS attack. de-encapsulation It is the reverse process of removing the added information, as data passes to the next higher layer at the receiver end. deciphering The process of reversing a cipher. dedicated lines A telecommunication path that is available 24 hours a day for use by a designated user. default gateway An IP address of the router that routes remote traffic from the computers local subnet to remote subnets. demand priority A polling technique in which nodes signal their stateeither ready to transmit or idleto an intelligent hub. The hub polls the state of each node and grants permission to transmit in turn. demarc extension A demarcation point where a network connectivity line terminates within or just outside of a building and may need to be extended further to accommodate the extended connectivity segment. demarc A demarcation point where a buildings wiring ends and the telephone companys wiring begins. demarcation point See demarc. demodulation The process of decoding or removing a low frequency data signal from a high frequency carrier waveform.
620
demultiplexer A device that performs demultiplexing. Also called a demux. demultiplexing A process that converts the multiplexed signals to independent signals. demux See demultiplexer. Denial of Service attack See DoS attack. DES (Data Encryption Standard) A shared-key encryption algorithm that uses a 56-bit encryption key to encode data in 64-bit blocks. DET (Directory Entry Table) A logical link between a directory and the les it contains that is implemented by the NTFS. DFS (Distributed File System) A software-based distributed hierarchical storage implementation that is built into Windows Server 2003, Windows Server 2008 R2, and other Windows server software. DHCP relay agent A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet. DHCP (Dynamic Host Conguration Protocol) A network service that provides automatic assignment of IP addresses and other TCP/IP conguration information. dial-up lines PSTN connections that use modems, existing phone lines, and long-distance carrier services to provide low-cost, low-bandwidth WAN connectivity and remote network access. dial-up modem A communication device that converts a computers digital signals into analog signals before transmission over telephone lines.
GLOSSARY
dialectric An insulatora material that does not conduct electricity by separating the conductor and shield. The entire package is wrapped in an insulating layer called a sheath or jacket. Diameter An authentication protocol that is an updated version of RADIUS and improves on some of its features. dictionary attack A type of password attack that automates password guessing by comparing encrypted passwords against a predetermined list of possible password values. differential signaling A noise reduction technique in which the signals from two inputs are compared; signals that are identical on the two inputs are ignored, while those that are different on the inputs are accepted. digital certicate An electronic document that associates credentials with a public key. . digital signal modulation A process of representing digital data with an analog signal so that digital data can be transmitted between different digital devices. digital signal An electrical signal that can have combinations of only two values: one and zero. digital signature An encrypted hash value that is appended to a message to identify the sender and the message. directional antenna A type of antenna that concentrates the signal beam in a single direction. disaster recovery plan A policy and set of procedures that documents how people and resources will be protected in case of disaster, and how the organization will recover from the disaster and restore normal functioning. disaster recovery The administrative function of protecting people and resources while restoring a failed network or systems as quickly as possible. disaster A catastrophic loss of system functioning due to a cause that cannot reasonably be foreseen or avoided. distance-vector routing Each router passes a copy of its routing table to its adjacent neighbors. The neighbor adds the route to its own table, incrementing the metric to reect the extra distance to the end network. The distance is given as a hop count; the vector component species the address of the next hop. DMZ (demilitarized zone) A small section of a private network that is located between two rewalls and made available for public access. DNS (Domain Name System) The naming service used on the Internet and many TCP/IP-based networks. DNSBLs (DNS blacklists) Published lists that contain email addresses that are conrmed as spam sources. domain name A unique name that identies a website on the Internet. A period is used to separate the labels of domain names. domain A grouping of computers on the Internet based on the nature of their operations. DoS attack (Denial of Service attack) A network attack in which an attacker disables systems that provide network services by consuming a network links available bandwidth, consuming a single systems available resources, or exploiting programming aws in an application or operating system.
Glossary
621
GLOSSARY
drain The connection point between a shield and the ground. drone Unauthorized software introduced on multiple computers to manipulate the computers into mounting a DDoS attack. Also called a zombie. DS (Distribution System) A wired connection between a BSS and a premise-wide network that enables mobility on devices. DSH (Digital Signal Hierarchy) A channelized data transmission standard used to multiplex several single data or voice channels for a greater total bandwidth. DSL (Digital Subscriber Line) A broadband Internet connection method that transmits digital signals over existing phone lines. DSSS (Direct Sequence Spread Spectrum) A type of radio transmission in which a single data signal is converted into multiple digital data signals called chips. DTE (Data Termination Equipment) Interface devices such as NICs and routers on a Frame Relay network. DVM (Digital Volt Meter) Uses an analog-to-digital converter to display numeric voltage readings. DWDM (Dense Wavelength Division Multiplexing) A multiplexing technology that uses light wavelengths to transmit data. EAP-TLS (EAP-Transport Layer Security) A widely supported feature in wireless routers and cards that provides robust security. EAP (Extensible Authentication Protocol) A protocol that enables systems to use hardwarebased identiers, such as ngerprint scanners or smart card readers, for authentication. EAPOL (Extensible Authentication Protocol over LAN) EAP over LAN as used in 802.1X implementations. eavesdropping attack A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as a sniffing attack. EDAC (Error Detection and Correction) The process of determining if transmitted data has been received correctly and completely, and if not, rebuilding the data to its correct form. EDC (Error Detection Code) The bits that are attached to transmitted data to indicate its original contents. EFS (Encrypting File System) A le-encryption tool available on Windows systems that have partitions formatted with NTFS. EGP (Exterior Gateway Protocol) The protocol responsible for exchanging routing information between two neighboring gateways. EIA (Electronic Industries Alliance) A trade association accredited by ANSI to develop and jointly issue standards for telecommunications and electronics. EIGRP (Enhanced Interior Gateway Routing Protocol) An improvement over IGRP that includes features that support VLSM and classful and classless subnet masks. electrical noise Unwanted signals that are introduced into network media. Noise interferes with the proper reception of transmitted signals.
622
GLOSSARY
encapsulation A process of adding delivery information to the actual data in each layer. enciphering The process of applying a cipher. encoding Also known as digital signal modulation. encryption devices A device that provides encryption, decryption, and access control using an HSM. encryption A security technique that converts data from plain, or cleartext form, into coded, or ciphertext form so that only authorized parties with the necessary decryption information can decode and read the data. endpoint A network node that is the source or destination for data transfer. enterprise network A network that includes elements of both local and wide area networks and is owned and operated by a single organization to interlink its computers and resources. environment monitor A hardware tool that ensures that environmental conditions do not spike or plummet temperature above or below equipment specications. error detection The process of determining if transmitted data has been received correctly and completely. ES (Edge System) A system on a Frame Relay network that efficiently manages traffic between a user and the backbone network. ESP protocol (Encapsulating Security Payload protocol) A protocol that IPSec uses to provide data integrity as well as data condentiality (encryption) using one of the two encryption algorithms, DES or 3DES. ESS (Extended Service Set) A conguration of multiple BSSs used to handle mobility on a wireless network. Ethernet frame A data packet that has been encoded on the Data Link layer for transmission from one node to another on an Ethernet network. Ethernet A set of networking technologies and media access methods specied for LANs. exterior router Any router entirely outside an AS. extranet A private network that grants controlled access to users outside of the network. fall-back plan An alternate network reconstruction design that can be implemented temporarily to enable critical network elements to function. Fast Ethernet An Ethernet technology that can transmit data at speeds of 100 Mbps. FAT (File Allocation Table) A table on a hard disk maintained by the operating system that provides a map of clusters that les have been stored in. fault tolerance The ability of a network or system to withstand a foreseeable component failure and still continue to provide an acceptable level of service. FC (Face Contact) A connector used in industrial settings that has a heavy duty ferrule in the center for more mechanical stability than SMA or ST connectors. FCS (Frame Check Sequence) The extra characters added to a frame for detecting and correcting errors.
Glossary
623
GLOSSARY
FDDI (Fiber Distributed Data Interface) A dual-ring, token-passing ber network that operates at 100 Mbps. FDM (Frequency-Division Multiplexing) A multiplexing method in which data from multiple nodes is sent over multiple frequencies or channels, over a network medium. FHSS (Frequency Hopping Spread Spectrum) A type of radio transmission in which a signal is sent on one channel at a time, and at predetermined xed intervals, the channel changes. ber optic cable A network cable in which one or more glass or plastic strands, plus additional ber strands or wraps, are surrounded by a protective outer jacket. rewall A software program or a hardware device or a combination of both that protects a system or network from unauthorized data by blocking unsolicited traffic. rst responder The rst person or team to respond to an accident, damage site, or natural disaster in an IT company. xed length window A type of data window in which each block of packets is of the same size. Typically, xed length windows are small to avoid ooding the buffers of less-powerful receivers. ooding A network transmission state in which data arrives at a receiving node too quickly to be processed. ow control A class of technique for optimizing the exchange of data between systems. FQDN (Fully Qualied Domain Name) The host name combined with the hosts domain name. Frame Relay A WAN protocol that operates at the Physical and Data Link layers of the OSI model. frequency The number of complete cycles per second in a wave. Also, called the period of the wave. FTP bounce attack An attack that targets the FTP vulnerability to permit connected clients to open other connections on any port on the FTP server. FTP (File Transfer Protocol) A TCP/IP protocol that allows the transfer of les between a users workstation and a remote host. full duplex A feature of NIC that allows multiple devices to send and receive data simultaneously without data collision. gain An increase in the amplitude of a radio wave. gateway A device, software, or a system that converts data between incompatible systems. GBIC (Gigabit Interface Converter) A transceiver used to convert electrical signals into optical signals and vice versa. GIF (Graphics Interchange Format) A graphic interchange format primarily used on the Internet. Gigabit Ethernet An Ethernet technology that can transmit data at speeds of 1000 Mbps and primarily uses optical bers for transmission. GPS (Global Positioning System) A navigational system that consists of a network of satellites with 24 active satellites and 3 in standby mode. Grounding Connection of a shield or conductor to an electrical ground point, such as a pipe or wire that is in contact with the ground.
624
GLOSSARY
group policy A centralized conguration management feature available for Active Directory on Windows Server systems. guessing attack A type of password attack that involves and individual making repeated attempts to guess a password by entering different common password values, such as the users name, a spouses name, or a signicant date. guessing A human-based attack where the goal is to guess a password or PIN through brute force means or by using deduction. guideline A suggestion for meeting the policy standard or best practices on a network policy. hacker A user who excels at programming or managing and conguring computer systems, and has the skills to gain access to computer systems through unauthorized or unapproved means. half duplex A mode of communication that permits twoway transmission, but in only one direction at a time. hardware loopback plug A special connector used for diagnosing transmission problems that redirects electrical signals back to the transmitting system. Hardware Security Module See HSM. hash value See hash. hash The value that results from hashing encryption. Also known as hash value or message digest. hashing encryption One-way encryption that transforms cleartext into a coded form that is never decrypted. HCC (Horizontal cross-connect) A wiring closet where the horizontal cabling connects to a patch panel that is attached to the main facility by a backbone cable. hertz A measure of the number of cycles per second in an analog signal. One cycle per second equals one hertz. high availability A rating that expresses how closely systems approach the goal of providing data availability 100 percent of the time. high bandwidth application A software application or program that requires large amounts of network bandwidth for data transmission. HIPS (Host-based IPS) An IPS that resides on a computer and uses a specic IP address. It detects and prevents the actions malicious code attempts to modify the system. hoax Any type of incorrect or misleading information that is disseminated to multiple users through unofficial channels. honeynet An entire dummy network used to lure attackers. honeypot A security tool used to lure attackers away from the actual network components. Also called a decoy or sacricial lamb. hop The action of forwarding a packet from one router to the next. host computer A powerful, centralized computer system that performs data storage and processing tasks on behalf of clients and other network devices. host name The unique name given to a network node on a TCP/IP network.
Glossary
625
GLOSSARY
host-based IDS An IDS system that primarily uses software installed on a specic host such as a web server. HOSTS le A plaintext le congured on a client machine containing a list of IP addresses and their associated host names, which can be used for host name resolution as an alternative to DNS. hot site A fully congured alternate network that can be online quickly after a disaster. hot spare A fully congured and operational piece of backup equipment that can be swapped into a system with little to no interruption in functionality. hotx A patch that is often issued on an emergency basis to address a specic security aw. HSM (Hardware Security Module) A cryptographic module that can generate cryptographic keys. HTTP (Hypertext Transfer Protocol) A network protocol that works on the Application layer of the OSI and TCP/IP models and enables clients to connect to and retrieve web pages from a server to interact with websites. HTTPS (HTTP Secure) A secure version of HTTP that provides a secure connection between web browser and a server. hub A networking device used to connect the drops in a physical star topology network into a logical bus topology. HVAC (Heating, Ventilating, and Air Conditioning) A type of climate control system often found in large commercial or industrial buildings. hybrid password attack An attack that utilizes multiple attack vectors including dictionary, rainbow table, and brute force attack methodologies when trying to crack a password. hybrid topology Any topology that exhibits the characteristics of more than one standard network topology. IANA (Internet Assigned Number Authority) An international organization established in 1993 to govern the use of Internet IP addresses. ICANN is now responsible for leasing IP addresses worldwide. IBSS (Independent Basic Service Set) A peer-topeer network where each wireless station acts as both a client and a wireless AP. ICA (Independent Computing Architecture) A remote terminal protocol used by Citrix MetaFrame and MetaFrame XP software as add-ons to Microsoft Terminal Services. ICANN (Internet Corporation for Assigned Names and Numbers) A non-prot corporation that assigns unique identications on the Internet, such as domain names, IP addresses, and extension names. ICC (intermediate cross-connect) An optional connection between the main cross-connect and the horizontal cross-connect. ICMP (Internet Control Message Protocol) A protocol used with IP that attempts to report on the condition of a connection between two nodes. ICS (Internet Connection Sharing) A WAN connectivity method that connects multiple computers to the Internet by using a single Internet connection.
626
GLOSSARY
IDF (Intermediate Distribution Frame) A cable rack that interconnects the telecommunications wiring between an MDF and any workstation devices. IDS (Intrusion Detection System) A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) Also known as FireWire, used to connect up to 63 devices to form a small local network. IEEE 802.1x A standard for securing networks by implementing EAP as the authentication protocol over either a wired or wireless Ethernet LAN, rather than the more traditional implementation of EAP over PPP. IEEE (Institute of Electrical and Electronics Engineers) An organization dedicated to advancing theory and technology in electrical sciences. IETF (Internet Engineering Task Force) An international open committee that works to develop and maintain Internet standards and contribute to the evolution and smooth operation of the Internet. IGMP (Internet Group Management Protocol) A protocol in the TCP/IP suite that supports multicasting in a routed environment. IGP (Interior Gateway Protocol) The protocol responsible for exchanging routing information between gateways within an AS. IGRP (Interior Gateway Routing Protocol) A distance-vector routing protocol developed by Cisco as an improvement over RIP and RIP v2. IKE (Internet Key Exchange) A protocol used by IPSec to create a master key, which in turn is used to generate bulk encryption keys for encrypting data. IMAP4 (Internet Message Access Protocol) A protocol used for retrieving email messages and folders from a mail server. impedance A force that opposes the ow of electricity in an AC circuit. Impedance is measured in ohms (). impersonation A type of spoong in which an attacker pretends to be someone they are not, typically an average user in distress, or a help desk representative. implicit deny The principle that establishes that everything that is not explicitly allowed is denied. in phase Refers to two waves of the same frequency that begin at the same time. incident management Practices and procedures that govern how an organization will respond to an incident in progress. Incident Response Policy See IRP. information security triad See CIA triad. infrared transmission A form of wireless transmission over unbounded media in which signals are sent as pulses of infrared light. Infrastructure as a Service (IaaS) A method that provides network resources such as for storage and allow the client can deploy software and add network components such as rewalls.
Glossary
627
GLOSSARY
infrastructure mode A wireless conguration that uses one or more WAPs to connect wireless workstations to the cable backbone. initialization vector See IV. integrity The fundamental security goal of ensuring that electronic data is not altered or tampered with. intelligent hub A hub that polls the state of each node and grants permission to transmit in turn. inter-domain routing Routing a packet among different autonomous systems. interactive mode This mode of the nslookup utility enables you to query name servers for information about hosts and domains, or to print a list of hosts in a domain. interference Within wireless networking, the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals. interior router A router arranged inside an AS and completely controlled by the AS administrator. Internet The single largest global WAN that virtually links every country in the world. intra-domain routing Routing a packet within an autonomous system. intranet A private network that uses Internet protocols and services to share a companys information with its employees. intrusion detection A process of monitoring the events occurring on a computer or a network, and analyzing them to detect possible incidents, which are violations or imminent threats of violation of computer security policies, and standard security practices. IP ltering A technique that determines the packets which will be allowed to pass and those which will be dropped by screening the packet based on certain criteria. IP Security Monitor A Windows tool that provides a main mode and a quick mode to verify IPSec statistics. IP spoong attack A type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system. IP (Internet Protocol) A connectionless Networklayer protocol that is responsible for sending data packets across a network. IPS (Intrusion Prevention System) An active, inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. Also called a Network Intrusion Prevention System (NIPS). IPSec driver The component of IPSec that watches packets being sent and received to determine if the packets need to be signed and encrypted, based on Group Policy or local Registry settings. IPSec Policy Agent A service that runs on each Windows computer that is used to transfer an IPSec policy agent from Active Directory or the local Registry to the IPSec driver. IPSec policy A set of security conguration settings that dene how an IPSec-enabled system will respond to IP network traffic.
628
GLOSSARY
IPSec (Internet Protocol Security) A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption. IPv4 address A 32-bit binary number assigned to a computer on a TCP/IP network. IPv6 address A 128-bit hexadecimal number assigned to a computer on a TCP/IP network. IRP (Incident Response Policy) The security policy that determines the actions that an organization will take following a conrmed or potential security breach. IS-IS (Intermediate System to Intermediate System) A link-state routing protocol used within a network. ISDN (Integrated Services Digital Network) A digital circuit switching technology that carries both voice and data. ISO (International Organization for Standardization) The largest standards-development body in the world, comprising the national standards institutes of 162 countries. ISOC (Internet Society) A non-prot organization that oversees standards and practices for the Internet. iterative query A query used by the DNS server for name resolution when a client requests only the information the server already has in its cache for a particular domain name. ITU (International Telecommunication Union) An international organization within the United Nations that denes global technical standards for telecommunications. IV attack An attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for the user or network. IV (Initialization Vector) A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption. jitter The variability of latency over time across a network. JPEG (Joint Photographic Experts Group) A compressed graphical le format that reduces the le size. key-pair encryption An encryption system in which an individual has two encryption keys: the public key that anyone can use to encode the message, and the users private key, which is used to decode messages. key A specic piece of information that is used in conjunction with an algorithm to perform encryption and decryption in cryptography. L2TP (Layer Two Tunneling Protocol) The de facto standard VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM. label switching A switching technology that saves up on processing time of packets by routers by adding a label to each incoming data packet. LAN (Local Area Network) A self-contained network that spans a small area, such as a single building, oor, or room. latency sensitivity The susceptibility of a device to experience issues that affect delay within a network.
Glossary
629
GLOSSARY
latency The time delay for a packet to go from a source to a destination and back to the source. LC (Local Connector) A small form factor ceramic ferrule connector for both singlemode and multimode ber. LDAP (Lightweight Directory Access Protocol) A communications protocol that denes how a client can access information, perform operations, and share directory data on a server. LEAP (Lightweight Extensible Authentication Protocol) The proprietary EAP implementation of Cisco Systems. leased lines See dedicated lines. least privilege The security principle that establishes that users and software should only have the minimal level of access that is necessary for them to perform the duties required of them. link redundancy A network fault-tolerance method that provides alternative network connections that can function if a critical primary connection is interrupted. link state routing A routing method that oods routing information to all routers within a network to build and maintain a more complex network route database. LLC (Logical Link Control) A sub-layer of the Data Link layer of the OSI model that controls how data packets are placed on a media by controlling the Physical layer device. load balancer Stand-alone network devices that perform load balancing as their primary function. load balancing A method of dividing work among the devices on a network. log le A record of actions and events performed on an operating system. logic bomb A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specic conditions, such as a specic date and time. Once the code is triggered, the logic bomb detonates, performing whatever action it was programmed to do. logical bus topology A network topology in which all nodes receive the data transmission at the same time, regardless of the physical wiring layout of the network. logical network diagram A network diagram that documents the protocols and applications that control the ow of network traffic. logical ring topology A network topology in which each node receives data only from its upstream neighbor and retransmits it only to its downstream neighbor, regardless of the physical layout of the network. logical star topology A network topology in which a central device controls network access for nodes that are wired as a physical bus. logical state A representation of digital data in the binary form of 1s and 0s corresponding to the different voltage levels for mathematical reasons and to describe the working of digital devices. logical topology A topology that describes the data-ow patterns in a network. LTE (Long Term Evolution) A radio technology for wireless broadband access. MAC address (Media Access Control address) A unique, hardware level address assigned to every networking device by its manufacturer. MAC addresses are six bytes long. Also known as a physical address.
630
GLOSSARY
MAC (Media Access Control) A sub-layer of the Data Link layer of the OSI model that is responsible for sensing the presence of data frames on a medium and allowing the nodes to access the medium. malicious code attack A type of software attack where an attacker inserts malicious software into a users system. malware Malicious code, such as viruses, Trojans, or worms, which is designed to gain unauthorized access to, make unauthorized use of, or damage computer systems and networks. man-in-the-middle attack A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently. MAN (Metropolitan Area Network) A network that covers an area equivalent to a city or other municipality. managed hub Also known as an intelligent hub, this is a hub that enable you to monitor and congure its operations. Manchester encoding A digital transmission encoding scheme that represents the transition from positive to ground with a 0 and a negative to positive voltage transition in the middle of the bit period designates a binary 1. MCC (Main cross-connect) A structured cabling connection point that connects equipment cables, backbone cables, and entrance cables. MDF (Main Distribution Frame) A cable rack that interconnects the telecommunications wiring between itself and any number of IDFs. media access method A network communications mechanism that determines whether or not a particular node can transmit data on a network at a given time. media converter Enables networks running on different media to interconnect and exchange signals. media tester See cable tester. message digest See hash. Microsoft Management Console (MMC) A Windows tool that is used to manage IPSec policies on Windows systems. microwave transmission A form of point-to-point wireless transmission over unbounded media in which signals are sent via pulses of electromagnetic energy in the microwave region of the spectrum. mixed mode network A network that incorporates elements from more than one of the three standard network models. MME (Mesh Made Easy) A protocol used for routing in wireless networks. modem A device that modulates and demodulates data over an analog signal sent via a telephone line. modulator A device that superimposes a high frequency carrier wave over an analog signal. MPLS (Multiprotocol Label Switching) A network technology dened by a set of IETF specications that enable Layer 3 devices, such as routers, to establish and manage network trafc. MPPE (Microsoft Point-to-Point Encryption) A method of data encryption between PPP dial up connections or PPTP VPN connections.
Glossary
631
GLOSSARY
MT-RJ (Mechanical Transfer Registered Jack) Sometimes called a Fiber Jack connector, it is a compact snap-to-lock connector used with multimode ber. MTR (My traceroute) A utility that is a combination of ping and traceroute used in a UNIXbased system. multi-factor authentication Any authentication scheme that requires validation of at least two of the possible authentication factors. multicast transmission A transmission method in which data is sent from a server to specic nodes that are predened as members of a multicast group. multimeter An electronic measuring instrument that takes electronic measurements such as voltage, current, and resistance. multimode ber A type of ber optic cable that carries multiple light signals on a single strand. multiplexer A device that performs multiplexing. Also called a mux. multiplexing A controlled media access method in which a central device called a multiplexer combines signals from multiple nodes and transmits the combined signal across a medium. multipoint connections Connections between many nodes. mutual authentication A security mechanism that requires that each party in a communication verify its identity. mux (multiplexer) Manages separate signals in a logical star topology and enables them to share media. MX (Mail Exchange) A DNS record that maps a domain name to a mail exchange server list. NAC (Network Access Control) A term that refers to collected protocols, policies, and hardware that govern access on devices to and from a network. NAT (Network Address Translation) A form of Internet security that conceals internal addressing schemes from external networks such as the Internet. NBTSTAT A Windows utility that is used to view and manage NetBIOS name cache information. NetBIOS A simple, broadcast-based naming service. NETSTAT A TCP/IP utility that shows the status of each active connection. network acknowledgment A signal used by a communication protocol between nodes on a network to acknowledge receipt of data. network address A protocol-specic identier assigned to a node that maps to a MAC address. network administration Covers the support functions that are required to manage the network. It comprises functions that do not involve performing changes such as conguring and tuning or the running of the actual network. network analyzer A software or hardware tool that integrates diagnostic and reporting capabilities to provide a comprehensive view of an organizations network. Network as a Service (NaaS) A method by which service providers lease resources on the network such as communication services and infrastructure. network backbone The highest-speed transmission path that carries the majority of network data.
632
GLOSSARY
network baseline A baseline that documents the networks current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. Network layer The OSI layer that addresses data packets, routes the packets from a source to a destination through the network, and ensures the delivery of those packets. network management Management of systems on the network using various activities, methods, procedures, and tools that relate to the operation, administration, maintenance, and provisioning of these systems. network media The conduit through which signals ow, can be either bounded or unbounded. network model A network design specication for how the nodes on a network interact and communicate. network name A name assigned to a node to help users and technicians recognize the device. network policy A formalized statement that denes network functioning and establishes expectations for users, management, and IT personnel. network reconstruction plan A network plan that provides the steps to reconstruct the network. network scanner A computer program used for scanning networks to obtain user names, host names, groups, shares, and services. Also known as network enumerators. network-based IDS An IDS system that primarily uses passive hardware sensors to monitor traffic on a specic segment of the network. networking standard A set of specications, guidelines, or characteristics applied to network components to ensure interoperability and consistency between them. NFS (Network File System) A client/server application that enables users to access shared les stored on different types of computers and work with those les as if they were stored locally on their own computers. NIC (Network Interface Card) A device that serves as an interface between the computer and the network. Also called a network adapter or network card. NIPS (Network-based IPS) An IPS that is a host that prevents an intrusion on another host that resides on a different IP address and takes actions to prevent an intrusion. NNI (Network-to-Network Interface) A switch that is inside an ATM network. NNTP (Network News Transfer Protocol) A protocol used to post and retrieve messages from newsgroups, usually from the worldwide bulletin board system called USENET. node Any device that can connect to the network and generate, process, or transfer data. noise Electromagnetic interference that disrupts the signal. non-interactive mode This mode of the nslookup utility prints only the name and requested details for one host or domain and is useful for a single query. non-repudiation The security goal of ensuring that data remains associated with the party that creates it or sends a transmission.
Glossary
633
GLOSSARY
NRZ (Non-Return to Zero) A variation of the on-off keying digital transmission encoding scheme. NRZI (Non-Return to Zero Inverted) A variation of the on-off keying digital transmission encoding scheme. NS (Name Server) A DNS record that delegates a DNS zone to use the given authoritative name servers. nslookup A utility that is used to test and troubleshoot domain name servers. NT (Network Termination) In ISDN, a device that connects the local telephone exchange lines to the customers telephone or data equipment. NTP (Network Time Protocol) An Internet protocol that enables synchronization of computer clock times in a network of computers by exchanging time signals. NTU (Network Termination Unit) In ISDN, a device that can directly connect to ISDNaware equipment, such as phones or ISDN NICs in computers. OCx (Optical Carrier x) A standard that species the bandwidth for ber optic transmissions. ohm The value of electrical resistance through which one volt will maintain a current of one ampere. omni-directional antenna A type of antenna that radiates the signal beam out in all directions and has lower gain but a wider coverage area. on-off keying A digital data transmission encoding scheme in which a change in voltage from one state to another within a predetermined interval is symbolized by a 1.
634
open system network A network that supports multiple communication protocol suites that different vendors develop. oscilloscope A device that plots the amplitude of an analog signal as a function of time and displays analog signals as sine wave-shaped plots. OSI reference model (Open Systems Interconnection) A network model developed by ISO for communication through open system networks. OSI See OSI reference model. OSPF (Open Shortest Path First) A link-state routing protocol used on IP networks. OTDR (Optical Time-Domain Reectometer) A variation of TDR that transmits light-based signals of different wavelengths over ber optic cabling to determine cabling issues. OUI (Organizationally Unique Identier) The rst three bytes of a MAC address that uniquely identify a network device manufacturer. out of phase Refers to two waves that either start at an offset from each other or have different frequencies. packet loss The number of packets that are lost or damaged during transmission. packet sniffer A device or program that monitors network communications and captures data. packet sniffing An attack on wireless networks where an attacker captures data and registers data ows in order to analyze what data is contained in a packet.
GLOSSARY
packet switching network A network in which data is broken up into separate packets and each packet is separately routed, without a dedicated connection between the endpoints. packet A unit of data transmitted on a network. PAN (Personal Area Network) A network that connects two to three workstations with twisted pair cabling most often seen in small or home offices. PAP (Password Authentication Protocol) A remoteaccess authentication method that sends client IDs and passwords as cleartext. parallel data transmission A transmission technique in which multiple bits are transmitted across multiple transmission lines. parity check A process used to detect errors in memory or data communication. partial mesh A variation of mesh topology in which only a few nodes have direct links with all other nodes. passive hub A hub that receives data transmitted from a device on one port and broadcasts it out to the devices connected on all other ports. passive IDS An IDS that detects potential security breaches, logs the activity, and alerts security personnel. password attack Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. PAT (Port Address Translation) A subset of dynamic NAT functionality that maps either one or multiple unregistered addresses to a single registered address using multiple ports. Also known as overloading.
Glossary
patch management The practice of monitoring for, evaluating, testing, and installing software patches and updates. patch A small unit of supplemental code meant to address either a security problem or a functionality aw in a software package or operating system. path-vector routing A routing method in which the router keeps track of the route from itself to the destination; however, rather than recording every individual node, path-vector routing can treat entire autonomous systems as nodes. pathping A TCP/IP command that provides information about latency and packet loss on a network. PBX parachute A disaster recovery service provided by virtual PBX that keeps the phone service running in case of power failure. PDH (Plesiochronous Digital Hierarchy) A communications standard that can carry data over bre optic or microwave radio systems. PEAP (Protected Extensible Authentication Protocol) Similar to EAP-TLS, PEAP was proposed as an open standard by a coalition made up of Cisco Systems, Microsoft, and RSA Security. peer-to-peer network A network in which resource sharing, processing, and communications control are completely decentralized. peer A self-sufficient computer that acts as both a server and a client. performance monitor A software tool that monitors the state of services, processes, and resources on a system. permission A security setting that determines the level of access a user or group account has to a particular resource.
635
GLOSSARY
pharming An attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website. phase The xed point where a waves cycle begins in relationship to a xed point. phishing A type of email-based social engineering attack, in which the attacker sends email from a spoofed source, such as a bank, to try to elicit private information from the victim. physical bus topology A physical topology in which network nodes are arranged in a linear format. Physical layer The OSI layer provides the means for transmitting data bits over a physical medium. physical mesh topology A network topology in which each node has a direct, point-to-point connection to every other node. physical network diagram A pictorial representation of the location of all network devices and endpoints, it depicts their connections to one another. physical ring topology A network topology in which all network nodes are connected in a circle. physical star topology A network topology that uses a central connectivity device with separate point-to-point connections to each node. physical topology A topology that describes a networks physical layout and shape. physical tree topology A physical network topology in which a central, or root, node is hierarchically connected to one or more nodes, which in turn are connected to other nodes lower in the hierarchy. ping A TCP/IP command used to verify the network connectivity of a computer, and also to check if the target system is active. PKI (Public Key Infrastructure) An encryption system that is composed of a CA, certicates, software, services, and other cryptographic components, for the purpose of verifying authenticity and enabling validation of data and entities. plaintext Unencoded data. Also known as cleartext. Platform as a Service (PaaS) A method that enables infrastructure and tools from the service provider so that the client does not need to manage them. plenum cable A grade of cable that does not give off noxious or poisonous gases when burned. plenum Refers to an air handling space, including ducts and other parts of the HVAC system in a building. PoE (Power over Ethernet) A standard that species a method for supplying electrical power over Ethernet connections. point-to-point connection A direct connection between two nodes on a network. poison reverse An algorithm that prevents count-to-innity loops by ensuring that a router broadcasts a route cost of 16 for all transmissions on its network. policy statement An outline of the plan for the individual component on a network policy. polling A controlled media access method in which a central device contacts each node to check whether it has data to transmit.
636
GLOSSARY
PON (Passive Optical Network) A point-tomultipoint optical network that is used for broadcast transmissions using optical systems. POP3 (Post Office Protocol version 3) A protocol used from retrieving email from a mailbox on the mail server. port ltering A technique of selectively enabling or disabling TCP and UDP ports on computers or network devices. port mirroring The practice of duplicating all traffic on one port in a switch to a second port. port scanner A type of software that searches a network host for open ports. port scanning attack An attack where an attacker scans your systems to see which ports are listening in an attempt to nd a way to gain unauthorized access. port scanning attack An attack where an attacker scans your systems to see which ports are listening in an attempt to nd a way to gain unauthorized access. port The endpoint of a logical connection that client computers use to connect to specic server programs. PPP (Point-to-Point Protocol) A protocol that works on the Data Link layer of the TCP/IP protocol suite, PPP is used to send IP datagrams over serial point-to-point links. PPP can be used in synchronous and asynchronous connections and can dynamically congure and test remote network connections. PPTP (Point-to-Point Tunneling Protocol) A Microsoft VPN layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets and uses the same authentication methods as PPP. premise wiring The collection of drop cables, patch panels, and patch cables that together make a functional network. Presentation layer The OSI layer that is responsible for translating data into a network compatible format. private IP address Addresses used by organizations for nodes that need IP connectivity only within their enterprise network, but not external connections to the Internet. private key In key-pair encryption, the key that is known only to an individual and is used to decode data. privilege bracketing The security method of allowing privileges to a user only when needed and revoking them as soon as the task is complete. procedure Instructions that detail specically how to implement the policy on a network policy. promiscuous mode A mode of operation for network adapters that enables them to capture all packets sent across the network, regardless of the source or destination of the packets. protocol analyzer A type of diagnostic software that can examine and display data packets that are being transmitted over a network. Also called a network analyzer. protocol binding The assignment of a protocol to a NIC. proxy server A system that isolates internal networks from the servers by downloading and storing les on behalf of clients.
Glossary 637
GLOSSARY
PSTN (Public Switched Telephone Network) An international telephone system that carries analog voice data. PTR (Pointer) A DNS record that maps the IP address to a host name for reverse lookup functionality. public key In key-pair encryption, the key that is available to all and is used to encode data. punch down tool A tool used in a wiring closet to connect cable wires directly to a patch panel. PVC (Permanent Virtual Circuit) A virtual circuit associated with leased lines and connects two endpoints, which are always on. PVC (Polyvinyl Chloride) A exible rubber-like plastic used to surround some twisted pair cabling. QoS (Quality of Service) A set of parameters that controls the level of quality provided to different types of network traffic. RA (Registration Authority) An authority in a PKI that processes requests for digital certicates from users. radiated connection A wireless point-to-point or multipoint connection between devices. radio networking A form of wireless communications in which signals are sent via RF waves. Also called RF networking. RADIUS (Remote Authentication Dial-In User Service) A protocol that enables a server to provide standardized, centralized authentication for remote users. RAID (Redundant Array of Independent or Inexpensive Disks) A set of vendor-independent specications for fault-tolerant congurations on multiple-disk systems. RARP (Reverse Address Resolution Protocol) A allows a node on a local area network to discover its IP address from a routers ARP table or cache. RAS (Remote Access Services) A method where the user can dial in and authenticate with the same account he or she uses at the office. RDP (Remote Desktop Protocol) The protocol used by Microsofts Terminal Services implementations. recursive query A query used by the DNS server for name resolution when a client requests that its preferred DNS server nd data on other DNS servers. redistribution point A network node that is used to transfer data. refraction The phenomenon of light rays bending due to a change in speed when passing from one transparent medium to another. Registration Authority See RA. remote access protocol A type of protocol that enables users to log on to a computer or network within an organization from an external location. Remote Access A feature that allows an administrator to access client systems from any location on the network. Remote desktop A connection mode that enables a user to access any network system from their workstation and perform tasks on the remote system.
638
GLOSSARY
remote networking A type of network communication that enables users who are not at their physical locations to access network resources. repeater A device that regenerates a signal to improve transmission distances. replay attack A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network. RF (Radio Frequency) A frequency in which network or other communications that take place using radio waves in the 10 KHz to 1 GHz range. RFB (Remote Framebuffer) A protocol used in VNC for remote access and graphical user interfaces (GUIs). RIP (Routing Information Protocol) A routing protocol that congures routers to periodically broadcast their entire routing tables. RIP routers broadcast their tables regardless of whether or not any changes have occurred on the network. risk An information security concept that indicates exposure to the chance of damage or loss, and signies the likelihood of a hazard or threat. rogue access point An unauthorized wireless access point on a corporate or private network, which allows unauthorized individuals to connect to the network. rollup A collection of previously issued patches and hotxes, usually meant to be applied to one component of a system, such as the web browser or a particular service. rootkit Software that is intended to take full or partial control of a system at the lowest levels. routable protocol A network protocol which provides separate network and node addresses to work with routers. route convergence The period of time between a network change and the router updates to reach a steady state once again. Router discovery protocols Protocols that are used to identify routers on the network. router A networking device that connects multiple networks that use the same protocol. routing loop A routing process in which two routers discover different routes to the same location that include each other but never reach the endpoint. routing table A database created manually or by a routediscovery protocol that contains network addresses as perceived by a specic router. A router uses its route table to forward packets to another network or router. routing The process of selecting the best route for moving a packet from its source to destination on a network. RSS feeds Allow users to subscribe and receive updates made to a web page. SA (Security Association) The negotiated relationship between two computers using IPSec. SAs are the result of the two-stage negotiation process. These stages are known as Phase 1 and Phase 2. satellite Internet An Internet connection method that uses a satellite network. satellite phone A telephone system that relies on the satellite network to provide services, instead of the infrastructure of the local telephone switch.
639
Glossary
GLOSSARY
satellite television A method of relaying video and audio signals directly to the subscribers television sets using geosynchronous satellites. SC (Subscriber Connector or Standard Connector) A connector used in a duplex conguration where two bers are terminated into two SC connectors that are molded together. scope In DHCP, the IP addresses that a DHCP server is congured with and can assign to clients. SCP (Secure Copy Protocol) A protocol that uses SSH to securely copy les between a local and a remote host, or between two remote hosts. SCSI (Small Computer System Interface) An older personal computer connection standard that provides high-performance data transfer between the SCSI device and the other components of the computer. SCSI is pronounced scuzzy. SDH (Synchronous Digital Hierarchy) Another optical communications standard that is based upon SONET and implemented widely outside the U.S. Secure Sockets Layer See SSL. security incident A specic instance of a risk event occurring, whether or not it causes damage. security policy A formalized statement that denes how security will be implemented within a particular organization. segment A physical subdivision of a network that links a number of devices, or serves as a connection between two specic nodes. serial cable A serial cable is a type of bounded network media that transfers information between two devices using serial transmission. serial data transmission A transmission technique in which the transmission of bits occurs as one per clock cycle, across a single transmission medium. server A network computer that shares resources with and responds to requests from computers, devices, and other servers on the network. service pack A collection of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotxes issued up to the point of the release of the service pack. session hijacking attack An attack where the attacker exploits a legitimate session to obtain unauthorized access to an organizations network or services. Session layer The OSI layer that is responsible for establishing a connection between network devices, maintaining the connection, and then terminating or reestablishing it when required. SFP (Small Form Factor Pluggable) A transceiver used to interconvert electrical signals to optical signals. shared-key encryption An encryption system in which a single key is shared between parties in a communication and used to both encode and decode the message. shielding A method of placing grounded conductive material around the media to prevent the introduction of noise into the media. signal bounce A condition in which the signals endlessly move from one end of a cable to the other end.
640
GLOSSARY
signal The electromagnetic pulses that are transmitted across a network medium. simplex A one-way mode of communication. Radio and television broadcasts are simplex mode transmissions. sine wave A smoothly oscillating curve that is the result of calculating the sine of the angles between zero and 360 and plotting the results. singlemode ber A type of ber optic cable that carries a single optical signal. SLA (Service Level Agreement) An agreement entered into by the transmitter, ISP and the receiver, subscriber. sliding window A type of data window in which block sizes are variable. Window size is continually reevaluated during transmission, with the sender always attempting to send the largest window it can to speed throughput. SMA (Sub Multi Assembly or Sub Miniature type A) A connector with a threaded ferrule on the outside to itself where water or other environmental factors necessitate a waterproof connection. smart card A plastic card containing an embedded computer chip that can store different types of electronic information. smart jack A device that serves as the demarcation point between the end users inside wiring and local access carriers facilities. SMB (Server Message Block) A protocol that works on the Application layer and is used to share les, serial ports, printers, and communications devices, including mail slots and named pipes, between computers. SMTP (Simple Mail Transfer Protocol) A communications protocol that enables sending email from a client to a server or between servers. sniffing attack A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as an eavesdropping attack. SNIPS (System and Network Integrated Polling Software) System and network monitoring software that runs on UNIX systems and offers both a command-line and web interface to monitor network and system devices. SNMP (Simple Network Management Protocol) An Application-layer protocol used to exchange information between network devices. SOA (Start of Authority) A DNS record that species authoritative information about a DNS zone. social engineering attack A type of attack where the goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery. socket Software in an operating system that connects an application with a network protocol. software attack Any attack that targets software resources including operating systems, applications, protocols, and les. SOHO A small network that can comprise up to 10 nodes. SONET (Synchronous Optical Network) A standard for synchronous data transmission on optical media.
Glossary
641
GLOSSARY
spam An email-based threat that oods the users inbox with emails that typically carry unsolicited advertising material for products or other spurious content, and which sometimes delivers viruses. spear phishing See whaling. SPI (Security Parameters Index) The SPI helps the computer keep track of the computers it is communicating with. spim Is an IM-based attack just like spam, but is propagated through instant messaging instead of through email. split horizon An algorithm that prevents count-to-innity loops by conguring a router from broadcasting internal network information. spoong A human- or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. spread spectrum A form of radio transmission in which the signal is sent over more than one frequency to discourage eavesdropping. spyware Surreptitiously installed malicious software that is intended to track and report on the usage of a target system, or collect other data the author wishes to obtain. SRV (Service Locator) A DNS record that species a generic service location record for newer protocols. SSH (Secure Shell) A program that enables a user or an application to log on to another computer over a network, run commands in a remote machine, and transfer les from one machine to the other. SSID (Service Set Identier) A 32-bit alphanumeric string that identies a WAP and all devices attached to it. SSL VPN (Secure Socket Layer VPN) A VPN format that works with a web browserinstalling a separate client is not necessary. SSL (Secure Sockets Layer) A security protocol that uses certicates for authentication and encryption to protect web communication. SSO (Single Sign-On) A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. SSTP (Secure Socket Tunneling Protocol) Uses the HTTP over SSL protocol and encapsulates an IP packet with an SSTP header. ST (Straight Tip) A connector used to connect multimode ber. STA (Station) A device that contains an IEEE 802.11 conformant MAC interface to a wireless medium with an Ethernet-like driver interface. standard A measure of adherence to the network policy. stateful rewall A rewall that monitors communication paths and data ow on the network. stateless rewall A rewall that manages and maintains the connection state of a session using the lter and ensures that only authorized packets are permitted in sequence. static routing An type of routing used by a network administrator to manually specify the mappings in the routing table.
642
GLOSSARY
store and forward A data transmission method used to send data to a server or router where the data is stored until the next hop becomes available. STP (Spanning-Tree Protocol) A Layer 2 protocol that is used for routing and prevents network loops by adopting a dynamic routing method. strong password A password that meets the complexity requirements that are set by a system administrator and documented in a password policy. stub autonomous systems An autonomous system in which the source or the destination node must exist within the system. subnet mask A 32-bit number assigned to each host for dividing the 32-bit binary IP address into network and node portions. subnet A logical subset of a larger network, created by an administrator to improve network performance or to provide security. subnetting The process of logically dividing a network into smaller subnetworks or subnets. SVC (Switched Virtual Circuit) A virtual circuit associated with dial-up and demand-dial connections and provide more exibility than PVCs, allowing a single connection to an endpoint to connect to multiple endpoints as needed. switch A network device that acts as a common connecting point for various nodes or segments. switched Ethernet A LAN technology that connects computers using switches, enabling the devices on each switched connection to utilize the full bandwidth of the medium. switching A technique used to transmit information over a network to the destination network device.
Glossary
symmetric encryption See shared-key encryption. synchronous communications A communication method in which a byte is sent in a standardized time interval, enabling the receiver to use the predetermined time interval as the means to distinguish between bytes in the data stream. T-carrier system A digital and packet switched system that makes communication more scalable than the analog, circuit-switched systems. TA (Terminal Adapters) In ISDN, the hardware interface between a computer and an ISDN line. TACACS (Terminal Access Controller Access Control System) Provides centralized authentication and authorization services for remote users. TACACS+ (TACACS Plus) A Cisco proprietary product that uses TCP port 49, supports multifactor authentication and is considered more secure and scalable than RADIUS. TCP (Transmission Control Protocol) A connectionoriented, guaranteed-delivery protocol used to send data packets between computers over a network like the Internet. TCP/IP model A four-layer data communication model developed by the United States Department of Defense. To some extent, it is similar to the OSI model. TCP/IP (Transmission Control Protocol/Internet Protocol) A network protocol suite that is routable and allows computers to communicate across all types of networks. TDM (Time-Division Multiplexing) A multiplexing method in which the communication channel is divided into discrete time slots that are assigned to each node on a network.
643
GLOSSARY
TDR (Time-Domain Reectometer) A measuring tool that transmits an electrical pulse on a cable and measures the way the signal reects back on the TDR to determine network issues. TE (Terminal Equipment) ISDN communications equipment that stations use to accomplish tasks at both ends of a communications link. Telnet (Telecommunications Network) A terminal emulation protocol that allows users at one site to simulate a session on a remote host. terminal emulator Software that enables a standard client computer to appear to a host computer as a dedicated terminal. terminal An end users device on a host-based network, dedicated to transmitting data to a host for processing and displaying the result to the user. termination Adding a resistor to the ends of a coax network segment to prevent reections that would interfere with the proper reception of signals. terminator A network component attached to the ends of a network cable that can impede or absorb signals so they cannot reect onto the cable. terminator A resistor or other device added to the end of a cable to ensure that the end of the cable is not a source of signal reections and noise. TFTP (Trivial File Transfer Protocol) A simple version of FTP that uses UDP as the transport protocol, and does not require a logon to the remote host. ThickNet Refers to Ethernet networking over RG8 cabling. ThinNet Refers to Ethernet networking over RG58/U or RG58A/U cabling. threat Any potential violation of security policies or procedures. threshold When monitoring network performance, the value that signals that an object or component is functioning outside acceptable performance limits. TIA (Telecommunications Industry Association) A trade association accredited by ANSI to develop and jointly issue standards for telecommunications and electronics. TIA (Telecommunications Industry Association) Along with EIA, developed the 568 Commercial Building Telecommunication Cabling standard. TIFF (Tagged Image File Format) A digital format used to handle images used in publishing and photography. TKIP (Temporal Key Integrity Protocol) A security protocol created by the IEEE 802.11i task group to replace WEP. TLS (Transport Layer Security) A security protocol that uses certicates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection. Token ring A type of technology used on ring networks in which computers pass a special sequence of bits called a token between them. token A physical or virtual object that stores authentication information. tone generator An electronic device that sends an electrical signal through one set of UTP cables.
644
GLOSSARY
tone locator An electronic device that emits an audible tone when it detects a signal in a set of wires. top A CPU usage monitoring tool that provides a static snapshot, or a realtime display of the processes currently running on a CPU. topology A network specication that determines the networks overall layout, signaling, and dataow patterns. tracert A command that determines the route data takes to get to a particular destination. Traffic ltering A method that allows only legitimate traffic through to the network. traffic shaping A QoS mechanism that introduces some amount of delay in traffic that exceeds an administratively dened rate. transceiver A device that has a transmitter and a receiver integrated into it to send and receive data. transit autonomous systems An autonomous system in which the source or the destination node does not reside within the system. Transport Layer Security See TLS. Transport layer The OSI layer that accepts data from the upper layers, and breaks it up into smaller units known as segments, passes them on to the lower layers, and ensures that all segments arrive correctly at the other end. Triple DES (3DES) A more-secure variant of DES that repeatedly encodes the message using three separate DES keys. Trojan horse An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks. troubleshooting model A standardized step-by-step approach to the troubleshooting process. troubleshooting The recognition, diagnosis, and resolution of problems on a network. trunking Combining multiple network connections to increase bandwidth and reliability. TTL (Time To Live) A value for the ping command that determines how many hops an IP packet can travel before being discarded. TTS (Transaction Tracking System) Software that monitors a transaction through to completion. tunnel A logical path through the network that appears like a point-to-point connection. tunneling A data transport technique in which a data packet is transferred inside the frame or packet of another protocol, enabling the infrastructure of one network to be used to travel to another network. twisted pair A type of cable in which two conductors or pairs of copper wires are twisted around each other and clad in a color-coded, protective insulating plastic sheath or jacket to form a pair. UDP (User Datagram Protocol) A connectionless Transport-layer protocol that is one of the protocols in the Internet protocol suite, and is used with IP. It is also known as the Universal Datagram Protocol. unauthorized access Any type of network or data access that is not explicitly approved by an organization.
Glossary
645
GLOSSARY
unbounded media A networking medium that does not use a physical connection between devices and can transmit electromagnetic signals through the air using radio waves, microwaves, or infrared radiation. UNI (User-to-Network Interface) A user device, it is an ATM border device that connects one ATM network to another or a LAN. unicast transmission A method for data transfer from a source address to a destination address. UPS (uninterruptible power supply) A device that provides backup power when the electrical power fails or drops to an unacceptable voltage level. USB connection A personal computer connection that enables you to connect multiple peripherals to a single port with high performance and minimal device conguration. USB (Universal Serial Bus) A hardware interface standard designed to provide connections for numerous peripherals. UTP (Unshielded Twisted Pair) A type of twisted pair cabling that does not include shielding around its conductors. vampire tap A clamshell-like device that clamps over an RG8 cable, making contact with its conductors, and permitting a networking device to connect to the ThickNet segment. VCC (Vertical Cross-Connect) Refers to cables that run vertically between oors in a building, or vertically between equipment in an equipment rack. VER (Voltage Event Recorder) Another tool to use in conjunction with or in addition to using a voltmeter to test and verify that the electrical signals transmitting through the network cables are within the required specications. virtual circuit switching A switching technique that connects endpoints logically through a providers network. virtual PBX A private communications service provider that provides a low-cost PBX service. virtual server A remote software tool that can run its own operating systems or applications, similar to a physical server. virtual switch A software-based switch that provides functionality similar to physical switches, and is used for connecting virtual systems to form a network. virus A sample of code that spreads from one computer to another by attaching itself to other les. vishing Voice phishing, a human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services such as VoIP. VLAN switch A congurable managed switch used on VLANs that creates a logical network structure, even when computers are on different physical segments. VLAN (Virtual LAN) A LAN in which network components can be connected even if they are not on the same LAN segment. VLSM (Variable Length Subnet Mask) A classless subnet mask that can be customized to a different length for each subnet based on the number of nodes on that subnet.
646
GLOSSARY
VNC (Virtual Network Computing) A platformindependent desktop sharing system. voice over data systems Communications systems that replace traditional telephone links by transmitting analog voice communications over digital WAN networking technologies. VoIP (Voice over IP) A voice over data implementation in which voice signals are transmitted over IP networks. voltmeter An electrical instrument that measures voltage and resistance between two points in a circuit. voluntary tunnels VPN tunnels that are created between client endpoints at the request of the client. VPN concentrator A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels. VPN protocols Protocols that provide VPN functionality. VPN (Virtual Private Network) A private network that is congured within a public network such as the Internet. VSAT (Very Small Aperture Terminal) A small telecommunication Earth station that consists of a small antenna that transmits and receives signals from satellites. VTP (VLAN Trunking Protocol) A VLAN management protocol developed by Cisco. vulnerability Any condition that leaves a system open to attack. WAN (Wide Area Network) A network that spans multiple geographic locations, connecting multiple LANs using long-range transmission media. WAP (Wireless Access Point) A device that provides a connection between wireless devices and can connect to wired networks. war chalking Using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access. war driving The act of searching for instances of wireless LAN networks while in motion, using wireless tracking devices like PDAs, mobile phones, or laptops. warm site A business site that performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed. waveform Represents the shape of an analog signal. WEP (Wired Equivalency Privacy) A protocol that provides 64-bit, 128-bit, and 256-bit encryption using the Rivest Cipher 4 (RC4) algorithm for wireless communication that uses the 802.11a and 802.11b protocols. whaling An email- or web-based form of phishing which targets particularly wealthy individuals. Also known as spear phishing. white hat A hacker who exposes security aws in applications and operating systems so manufacturers can x them before they become widespread problems. WiMAX (Worldwide Interoperability for Microwave Access) A packet-based wireless technology that provides wireless broadband access over long distances.
Glossary
647
GLOSSARY
Windows security policies Conguration settings within Windows operating systems that control the overall security behavior of the system. WINS (Windows Internet Naming Service) An older type of naming service used on Windowsbased networks. wire crimper A tool that attaches media connectors to the ends of cables. wireless antenna A device that converts high frequency signals on a cable into wireless electromagnetic waves and vice versa. wireless communication A type of communication in which signals are transmitted over a distance without the use of a physical medium. wireless security Any method of securing your WLAN network to prevent unauthorized network access and network data theft while ensuring that authorized users can connect to the network. wireless tester A Wi-Fi spectrum analyzer used to detect devices and points of interference, as well as analyze and troubleshoot network issues on a WLAN. wiring diagram See wiring schematic. wiring schematic A combination of a oor plan and a physical network topology. Similar to physical network diagrams, you can see the nodes on the network and how they are physically connected. WLAN (Wireless Local Area Network) A selfcontained network of two or more computers connected using a wireless connection. worm A piece of code that spreads from one computer to another on its own, not by attaching itself to another le. WPA (Wi-Fi Protected Access) a security protocol introduced to address some of the shortcomings in WEP. WPA2 Provides WPA with Advanced Encryption Standard (AES) cipher-based CCMP encryption for even greater security and to replace TKIP. WPAN (Wireless Personal Area Network) A network that connects devices in very close proximity but not through a wireless access point. WWAN (Wireless Wide Area Network) Uses the wireless network technology to allow users to check email, surf the web, and connect to corporate resources accessible within the cellular network boundaries. X Window system Uses the X protocol that leverages a clientserver relationship to provide graphical user interface and input device management functionality to applications. X.25 A legacy packet switching network technology developed in the 1970s to move data across less than reliable public carriers. Zeroconf (Zero Conguration Networking) A set of standards used for automatically conguring and allocating IP address on Ethernet as well as wireless networks. zombie Unauthorized software introduced on multiple computers to manipulate the computers into mounting a DDoS attack. Also called a drone. zone A le that physically divides the DNS database and contains the actual IP-to-host name mappings for one or more domains.
648
INDEX
INDEX
10 Gigabit Ethernet, 123 10 Mbps Ethernet, 122 3DES, 340 802.11 standards, 130 modes in, 131 802.11based wireless LANs, 51 determining the size of, 512 ARP poisoning attacks, 443 Also See: WLAN ATM and QOS, 291 features of, 291 Also See: ATM Also See: ATM ATM network interfaces, 292 attacks, 356 on passwords, 365 AUI connectors, 70 authentication, 19, 364 by assertion, 366 for challenge-response, 346 multi-factor, 367 mutual, 367 null, 371 of usernames, 365 public-key, 368 authentication schemes biometrics as, 366 Authoritative Name Servers, 224 Autonomous Systems, 262, 265 classication of, 265 Also See: AS Also See: AS Also See: AS, router roles routers play in, 266 Also See: AS routing methods used in, 266
A
ACK signals, 164 ACLs, 403 Active Directory, 362 address headers, 189 address munging, 453 addresses loopback, 263 algorithms Diffie-Hellman, 418 Also See: IPSec Dijkstra, 276 for encryption, 375 for ltering data packets, 396 hashing, 380 link state, 272 poison reverse, 275 RC4, 376 router, 258 split horizon, 275 Also See: distance-vector routing, RIP, RIPv2 Also See: IGRP, VLSM, subnet mask aliases, 220 analog signals, 54 characteristics of, 55 anti-spam solutions, 453 Also See: DNS antivirus software, 451 APIPA, 207 armor, 76 ARP, 143, 160 ARP cache
B
backoff, 49 bandwidth, 291 bandwidth shaping, 497 base stations, 130 baseband transmission, 43 beacon frames
Index
649
INDEX
elements of, 132 binary address space 128-bit, 189 binary addresses, 166 binary ANDing, 174 binary exponents, 173 binary/decimal conversion, 172 using the Windows calculator, 174 binding order, 152 Also See: Network layer biometrics, 366 Bluetooth and the range of, 89 BOOTP, 206 bottlenecks, 489 BPL and signal interference issues around, 44 branching factor, 29 broadband transmission, 43 broadcast connections See: radiated connections broadcast radio, 85 broadcast transmission, 40 broadcasts dumping, 260 buffer overow, 436 buses data, 42 PC Card challenges, 346 change management, 459 channels, 297 Also See: ISDN Also See: ISDN Also See: ISDN CHAP, 345 Checksum, 144 chips, 86 CIA triads, 354 CIDR, 185 applications of, 186 CIDR subnet masks, 185 ciphers letter-substitution, 375 ciphertext, 374 class-based networks, 185 classless addressing, 185 cleartext, 374 client/server networks, 19 clients, 3 Citrix ICA, 330 conguration of, 6 network computers as clock cycles, 42 clock synchronization, 40 CNAMEs, 220 coax network segments, 71 Also See: termination coaxial cables, 69 types of, 69 codecs, 58 collisions, 27 commands arp -a, 511 pathping, 232 ping, 208 route, 264 tracert, 231 computer networks categories of, 12 components of, 3 conguration of, 3 condensation in devices, 530 conguration management, 483 connection modes, 193 connection services, 193 connections, 193
C
Cable Internet access, 308 cable modems, 308 cables faulty splices in, 529 other types of, 80 properties of, 79 cache, 194 cache controllers, 195 caching engines, 498 carrier signals, 57 cat 1 cables, 67 cells, 134, 291 centralized mainframes, 21 centralized networks, 18 certicates authenticating, 380 self-signed, 378 Also See: cryptography, CA
650
INDEX
dial-up, 256 Also See: packet switching network in VPNs, 341 connectors, 71 and wiring schemes, 66 BNC, 71 F, 71 RJ-11, 67 RJ-45, 66 contention domains, 52 copper media, 65 costs, 261 counters, 476 CRC, 118 credentials, 364 cross-connects horizontal, 75 vertical, 75 crossover cables, 527 crosstalk, 526 cryptographic techniques encryption as, 374 cryptography, 374 CSMA/CA, 51 CSMA/CD, 49 custom subnet masks, 183 on Class C networks, 183 custom subnets calculating the base network ID of, 187 custom subnetting, 174 custom TCP/IP subnets, 182 Cyclic Redundancy Check, 197 vs. datagrams vs. frames, 164 data theft, 357 data transmission analog, 39 digital, 39 instantaneous, 39 on a bus, 26 synchronous, 299 vs. telephony, 38 data windows, 195 xed length, 196 sliding datagrams, 152 Also See: NIC DCSs, 300 dedicated lines, 310 default gateways, 180 default subnet masks, 169 demand priority, 48 demarcation points, 72 demarcs, 533 demultiplexer, 47 DES, 381 detachable media, 487 DHCP, 204 leasing, 205 options for, 205 DHCP relay agents, 206 Also See: DHCP dial-up lines, 309 Also See: analog and digital signals dial-up modems, 309 Diameter, 323 dielectric, 69 differential, 59 differential signaling, 96 digital certicate, 377 digital data units, 57 Also See: demodulation Also See: modulation digital signal modulation, 58 techniques in, 59 digital signals, 56 and binary data, 56 and methods for referencing, 59 Also See: signal, bounded media, unbounded media Also See: radio networking, infrared transmission, microwave transmission
D
daemons, 236 data channels, 314 data encapsulation, 152 data frames, 292 Also See: Frame Relay, NIC, router Also See: Frame Relay Data Link layers, 117 data packets components of, 164 xed-length, 256 inspecting, 253 L2TP, 347 PPP, 347 Also See: VPN, PPP, Frame Relay, ATM specifying the number of hops, 261
Index
651
INDEX
digital signatures, 380 distance-vector routing, 271 DMZs, 399 DNS, 223 components of, 223 DNS hierarchy, 224 DNS name resolution, 225 DNS records static vs. dynamic, 224 Also See: A types of, 224 DNS servers primary/secondary, 226 domain names, 221 vs. host names, 221 DoS attacks, 439 Also See: DoS attack Also See: DDoS attack, drone Also See: DDoS attack, zombie dotted decimal notation, 167 double-colon substitution, 190 drains, 95 drop cables, 70 DS services, 298 DSH, 298 DSL, 295 DWDM, 301 dynamic routing, 271 vs. link-state routing, 272 key-based, 375 of certicates, 378 using SSL, 383 Also See: cryptography, authentication, encryption, digital certicates encryption keys, 376, 378 endpoints, 3 enterprise networks, 15 enterprise-wide applications, 5 error detection, 196 Ethernet and specications for, 116 Ethernet frames, 117 ethical hacking, 359 external clients, 227 extranets, 14
F
Fast Ethernet, 122 standards for, 122 fault tolerance, 479 FCS, 254 FDDI, 125 FDM and multiple broadband signals, 48 ber optic cables characteristics of, 77 how thick is their core?, 76 modes of, 76 types of connectors used in, 77 les HOSTS, 227 ller data, 256 rewalls, 396 features of, 398 rules of, 397 types of, 397 vs. IDSs, 407 FireWire vs. USB, 81 rst responders, 459 ooding, 195 oor plans, 485 ow control, 194 ow control techniques buffering, 194 foil shielding, 69 FQDN, 220
E
E-carrier systems, 299 EAP, 368 eavesdropping, 245, 383 eavesdropping attacks, 441 EDC, 196 EFS, 378 electrical noise and its effects, 94 reducing, 95, 96 sources of, 93 electrical safety guidelines to, 522 electromagnetic interference, 69 encryption, 322, 374 and security goals, 374 Also See: encryption devices used in, 381 hashing, 380
652
INDEX
frame network clouds, 293 Also See: Frame Relay, LAN, WAN Also See: Frame Relay Frame Relay, 292 components of, 293 merits/demerits of, 293 FRBS, 293 FTP, 236 and channels it works on, 236 and Internet browsers, 237 troubleshooting access to, 237 FTP bounce attacks, 443 Full Duplex, 101 HTTP, 241 Also See: HTTP HVAC, 75
I
ICANN, 13, 176 Also See: IP address Also See: IP address Also See: IP address Also See: IP address Also See: IP address ICMP, 161 ICS, 310 identiers DLCI, 256 hardware-based, 368 that are used in ISDN, 296 VCI, 256 IDSs, 406 types of, 407 IEEE, 48 IEEE 802.1q, 281 IEEE 802.1x, 369, 402 IGMP, 162 IGP vs. EGP, 266 IKE, 417 IMAP4, 240 impedance match, 98 implicit deny, 399 Also See: rewall infrared transmission, 87 infrared transmission rates, 88 insulating plastic sheaths, 66 interfaces software-based, 259 U-, 297 Internet, 13 Internet connectivity methods of providing, 296 Internet email protecting against viruses, 453 Internet registries, 179 intranets, 13 intrusion detection, 406 IP, 159 IP address classes, 176 IP addresses, 166 Also See: network addresses
G
gateways, 109 GBICs, 104 Gigabit Ethernet, 123 standards for, 123 ground loops, 95 grounding and network performance, 95 and safety, 95 group policies, 362
H
hackers, 358 Also See: hacker hand tools of network technicians, 521 hardware loopback plugs, 528 hashes encrypting, 381 Also See: shared-key encryption, encryption Also See: DES high availability, 498 high bandwidth applications, 499 hijacking, 245 Also See: SSH honeypots, 412 hop count, 272 hops, 261 host addresses determining availability of, 184 host computers, 7 host membership reports, 162 host names, 220 HSM, 381 HSPA, 305
Index
653
INDEX
an analogy of, 167 assigning, 203, 212 assigning statically, 203 guidelines to assigning, 172 hierarchy of, 167 private, 179 recovering, 207 Also See: DHCP restricted, 178 Also See: IP address special, 178 IP conguration utilities, 208 IP data packets delivering, 160 Also See: Transport layer IP ltering, 394 IP spoong attacks, 437 targets of, 438 IPSec, 415 as a transport mode, 347 components of, 420 IPSec policies, 419 IPSec protection, 416 Also See: IPSec, DES, Triple DES Also See: IPSec, encryption IPSs, 410 Also See: IPS, IP address IPv4 address space, 189 IPv4 addresses, 166 IPv6, 189 vs. IPv4, 191 IPv6 addresses, 190 implementing, 191 IrDA standards, 87 IRPs, 458 ISAKMP, 418 ISDN, 291, 296 hardware used in, 297 ISOC, 13 isolated grounds, 95 ITU, 301 Also See: multiplexing
K
Kerberos, 370, 368 Also See: LAN, EAP Also See: TLS, EAP Also See: EAP, PPP, Ethernet keys preshared, 377 keystrokes, 245
L
L2TP, 347 label switching, 294 LAN administrators duties of, 11 LAN technologies, 10 ring-based, 124 LANs Ethernet as, 10 laser light pulses, 76 latency, 305, 232 Also See: ping, traceroute latency sensitivity, 496 LDAP, 247 leased lines, 310 least privelege, 353 legacy connectivity devices, 111 light pulses, 65 link-state routing, 272 links T1, 272 load balancing, 497 local addressing, 179 log les, 477 Also See: network analyzer logical network diagrams, 485 logical state, 56 loops count-to-innity, 275 routing, 274 LOS transmission, 302 LSAs, 277 LTE, 305
J
jackets, 69
M
MAC addresses components of, 118 resolution of, 161 Also See: IP, ARP MAC ltering, 395
654
INDEX
mainframe computers, 7 malicious code attacks, 433 Also See: malware types of, 433 man-in-the-middle attacks, 440 managed hubs, 49 managed switches, 105 Manchester encoding, 40 Also See: on-off keying master clocks synchronizing times with, 237 mathematical functions, 375 Also See: encryption MD5 hashing, 345 Also See: encryption, authentication, PAP media access, 46 deterministic vs. contention-based, 47 media converters, 72 message digests digital signatures as, 380 Microsoft Windows 7, 7 Microsoft Windows Server 2008 R2, 6 microwave transmission increasing the distance of, 89 applications of mixed mode networks, 21 MME, 145 modems, 59 modes full duplex, 253 modulation, 57 merits of, 58 MPLS, 294 merits of, 294 MPPE, 340 multicast transmission, 41 multilayer devices, 142 multiplexer, 47 multiplexing, 47 multipoint connections, 24 mux, 33 naming services, 165 NAT, 391 vs. proxy servers, 400 NAT process, 394 NetBT, 512 network acknowledgments, 143 network adapters, 100 network address blocks, 182 dividing into multiple subnets, 183 network addresses, 165 network administration, 482 network backbones, 4 types of, 4 network baselines, 489 network baselining, 489 network bits, 183 network cards, 100 network conguration levels of, 483 network diagnostics, 476 Also See: performance monitor network rewalls, 232 network management, 471 network masks, 263 network media and performance factors for, 71 bounded, 65 unbounded network models, 17 network names, 165 network performance how bends in cables affect?, 529 Also See: TDR network policies, 487 network resources, 3 network scanners, 412 Also See: authentication, encryption network security educating users on, 463 network topologies, 23 hybrid, 30 logical bus, 32 logical ring, 33 logical star, 33 physical bus, 25 physical mesh, 28 physical ring, 27 physical star, 27 physical tree, 29
N
N-connectors, 70 NaaS, 110 Also See: passive hub, active hub Also See: hub Also See: hub NAC, 402
Index
655
INDEX
network traffic analyzing, 474 network users and responsibility, 464 networking standards, 120 10Base, 121 and Xerox, 121 de facto, 120 de jure IEEE 802.11, 130 IEEE 802.x, 121 networks cell switching, 256 cell-switching, 291 circuit switching, 254 circuit-switching, 296 converged, 313 documenting, 483 hierarchical tree, 277 packet switching, 255 satellite-based, 302 SOHO, 260, 285 Also See: cell-switching network, LAN, WAN Also See: ATM, data packet virtual circuit switching, 256 newsgroups, 240 NFS, 243 NICs, 100 installing, 100 NMAP, 411 NNTP, 240 node hardware addresses locating, 511 nodes, 3 communicating with, 180 IP connectivity for, 179 offline, 273 noise control considerations twisted pair as, 98 noise control methods differential signaling as, 96 grounding as, 95 shielding as, 95 termination as, 97 twisted pair as, 96 non-repudiation, 354 Also See: unauthorized access non-voice data, 38 NRZ/NRZI, 39 NTFS, 378 NTP, 237
O
octets, 167 OCx, 301 on-off keying, 39 ONUs, 302 open system networks, 141 oscilloscope, 56 OSI functional blocks, 141 OSI reference model layers 1: Physical, 142 2: Data Link, 142 3: Network, 143 4: Transport, 144 Also See: segments 5: Session, 145 6: Presentation, 145 7: Application, 145 protocols used in Application/Presentation/Session, 145 protocols used in Network and Transport, 144 OSI reference models, 140 data transmission in, 146 OSI stacks, 146 OSPF, 272 vs. RIP, 277
P
packet headers spoong, 474 packet sniffers, 357 Also See: unauthorized access packet-switched, 292 packets, 142 Hello, 277 PAP, 345 parallel data transmission, 42 parity bits, 381 Also See: HSM Also See: cryptography parity check, 197 password attacks, 436 Also See: password attack Also See: password attack Also See: password attack, brute force attack Also See: password attack Also See: IP address
656
INDEX
password guessing, 365 passwords that are strong, 365 PAT, 391 patch management, 450 patch panels, 523 path-vector routing, 273 PBX parachute, 110 PDH, 299 peer-to-peer networks, 20 peers, 7 permissions, 361 in NFTS, 362 in Unix, 361 physical addresses, 118 physical network diagrams, 484 physical network security, 403 physical security, 429 threats to, 429 ping blocking, 209 ping responses, 510 PINs, 366 PKI, 379 Also See: digital certicate Also See: PKI plenum cables, 75 point-to-point connections, 24 polling, 48 PONs, 302 POP3, 239 port ltering, 474 port mirroring, 105 port numbers of TCP, 210 of UDP, 211 port scanners, 411 port scanning attacks, 441 ports, 209 outbound, 254 posture assessment, 402 power surges, 94 PPP, 333 PPTP, 347 premise wiring, 73 components of, 74 privilege bracketing, 353 probes, 371 protocol analyzers, 477 protocol binding, 152 protocols passenger, 337 Also See: VPN Also See: WAN, VPN remote access, 332 remote control, 329 router discovery, 275 SSL, 347 proxy servers, 400 PSTN, 110, 296 punch down blocks, 523 PVC cabling, 75 PVCs, 256
Q
QoS, 494 factors affecting, 499 parameters of, 495
R
radiated connections, 25 radio networking, 85 RADIUS, 322 Also See: RADIUS RARP, 161 RAS, 322 recursive queries, 226 redistribution points, 3 refraction, 77 regulations and legal compliance, 488 Also See: baseline remote access authentication in, 333 conguring, 267 web-based, 334 remote access networking, 321 remote addressing, 179 remote desktop, 321 merits of, 322 remote networking, 320 repeaters, 27 replay attacks, 442 resistors, 70 resources inventories, 486 RF, 85 risks, 356 rollover cables and routers, 108 root name servers, 224
Index
657
INDEX
routable protocols, 107 route convergence, 273 routers, 3, 107 installing/conguring, 108 RFC 1542compliant, 207 rogue, 262 Routing and Remote Access software as, 259 Also See: routing types of, 260 VLSM-enabled, 186 vs. switches, 260 vs. VLAN switches, 282 routes, 259 routing, 258 routing domains, 265 routing entries components of, 263 routing lookups, 294 routing process, 264 Also See: AS Also See: AS, routing routing tables, 259, 261 entries in, 262 static, 262 RSS feeds, 240 servers, 5 clustering, 497 load-balancing on, 254 Also See: switching RAS, 322 service tickets, 370 session hijacking attacks, 438 SFD, 118 SFP, 105 shielding, 95 short-range wireless technologies, 10 shorts, 526 signal bounce, 25 signal gain, 128 signal reections, 71 signal-ended, 59 signals, 54 sine waves, 56 sinusoidal waves, 56 site surveys, 444 Also See: 802.11 Also See: Bluetooth Also See: Bluetooth SLAs, 494 smart cards, 366 SMB, 246 SMTP, 238 limitations to, 239 sniffing software, 91 SNIPS, 516 SNMP, 472 social engineering attacks, 430 Also See: spoong Also See: spoong, social engineering attack Also See: phishing, VoIP Also See: threat types of, 431 sockets, 211 states of, 515 software attacks, 434 software tools for displaying data packets, 477 for monitoring network, 474 for monitoring system performance, 476 Network Monitor, 478 software updates types of, 450 SONET, 299 categories of, 300
S
Samba, 247 Satellite Internet access, 312 satellite media, 311 satellite services, 302 scanners ngerprint, 366 scope, 204 SCP, 245 SCSI, 42 security factors of, 353 Security Associations, 418 security incidents managing, 458 security policies, 454 components of, 455 types of, 457 segments, 18 and network performance, 18 separator characters : (colon) as, 238 serial data transmission, 42
658
INDEX
merits of, 300 SONET rings, 300 spread spectrum, 86 Also See: chips types of, 86 squelch signals, 195 SSH, 244 and network protection, 245 SSIDs, 90 enabling/disabling, 91 mismatches with, 91 SSL, 382 SSL VPNs, 337 SSO, 368 Also See: authentication SSTP, 347 standards IEEE 802.16, 305 Also See: WAN standards organizations, 120 Also See: IEEE stateful inspection, 398 static electricity reducing, 530 static routing, 259 stating routing vs. dynamic routing, 271 Also See: hop store and forward, 160 STP, 277 streaming media, 255 Also See: virtual circuit switching Also See: virtual circuit switching structured cabling, 72 subnet mask values, 168 subnet masks, 168 structure of, 171 subnets hierarchy of, 167 merits of, 168 SVCs, 256 switched Ethernet, 117 switched networks X.25, 294 Also See: IETF switches, 3, 105 and network performance, 253 content, 254 cut-through, 254 fragment-free, 254 functions of a VLAN switch, 281 installing/conguring, 106 multilayer, 254 store-and-forward, 254 types of, 253 VLAN, 280 Also See: VLAN synchronous communications vs. asynchronous communications, 42
T
T lines, 298 T-carrier systems, 298 T-connectors, 25, 70 T-services, 298 table mappings, 259 TACACS, 347 Also See: VPN, PPP TACACS+, 347 tagging, 281 CoS, 294 TCP/IP making it routable, 168 TCP/IP hosts, 8 TCP/IP models, 149 layers in, 149 vs. OSI reference models, 150 TCP/IP protocols, 148 components of, 149 Also See: OSI reference model TDM and multiple baseband signals, 47 telcos, 256 Telnet, 245 terminal emulation protocols, 245 terminal emulation software, 21 terminal emulators, 8 Terminal Services, 330 terminals, 8 termination, 71, 97 terminators, 97 TGT time-stamped, 370 ThickNet, 70 ThinNet, 70 threats, 354 DoS attacks, 435 threshold, 476
Index
659
INDEX
throughput testers, 473 TIA, 72 TIA/EIA-568, 73 ticket-granting, 370 time slots, 47 time stamps server, 237 TKIP, 376 TLS, 383 tokens, 124, 366 tools butt sets, 530 cable certiers, 526 cable testers, 526 circuit testers, 524 environment monitors, 530 for assessing vulnerabilities, 412 for le encryption, 378 for ltering traffic, 475 for monitoring network, 473 for wireless network capture, 376 Also See: WEP, WPA2, Wi-Fi Also See: WEP, WPA2, Wi-Fi Also See: WEP LED indicators, 531 multimeter, 524 network analyzers, 532 punch down, 523 security screwdrivers, 522 smart jacks, 533 Also See: demarc spectrum analyzers, 534 TDRs, 529 tone generators, 529 VERs, 525 voltmeters, 525 wire crimpers, 523 wireless testers, 534 WLAN survey software, 534 wrenches, 521 traffic bursts, 497 traffic ltering, 475 traffic shaping, 497 transceivers, 70, 104 troubleshooting, 505 Also See: troubleshooting documenting, 507 of logical issues, 538 of physical issues, 537 of wiring issues, 540 with IP conguration utilities, 509 troubleshooting models, 505 CompTIA Network+, 506 trunking, 106 TTL, 231 tunneling, 337 tunnels types of, 338 twisted pair cables, 66 and color schemes, 68 categories of, 68 Also See: coax types of, 67 twists how connectors vary in, 97
U
UDP, 160 an analogy of, 160 Also See: hop unauthorized access, 357 Also See: unauthorized access unicast addressing, 189 structure of, 190 unicast applications, 40 unicast transmission, 40 USB standards, 81 USENET, 240 user groups creating, 361 utilities arp, 511 DIG, 516 for port-scanning, 412 Also See: honeypot FTP, 236 IP conguration, 509 MTR, 233 NBTSTAT, 512 netstat, 478, 513 nslookup, 515 ping, 510 top, 476 traceroute, 510
V
vampire taps, 70
660
INDEX
Virtual Channels, 292 Also See: Physical Layer, Data Link Layer, OSI model Virtual Circuits, 292 types of, 293 virtual PBX, 110 virtual servers, 110 virtual switches, 106 viruses, 435 VLAN trunking, 281 VLANs, 280 merits of, 281 VLSM, 184 Also See: subnetting VLSMs, 275 voice over data systems, 313 voice software, 313 voice-recognition software, 366 VoIP, 314 protocols used in, 316 VPN concentrators, 340 VPNs, 336 data encryption in, 340 types of, 338 VTP, 282 vulnerabilities, 355 Wi-Fi snoopers, 377 Also See: public key Also See: digital certicate WiMAX, 305 wired media, 116 Wireless Access Points, 90 installing, 91 wireless antennas, 128 and performance factors, 129 types of, 128 wireless authentication, 370 wireless communication, 84 types of, 85 Also See: RF wireless connections securing, 91 wireless networks guidelines to implementing, 132 Also See: WAP wireless security, 444 wireless vulnerabilities, 444 Also See: patch Also See: hotx wiring closets, 523 wiring diagrams, 68 wiring schematics locating nodes using, 485 WLANs, 126 components of, 127 vs. WWANs, 304 workstations, 3 WPA-PSK, 377 WPA/WPA2, 376 WPANs, 88 WWANs, 304
W
wall jacks, 308 Also See: PSTN, WAN WAN administrators duties of, 12 WAN links, 238 WAN transmissions direct, unbounded, 312 WANs private, 11 public WAPs placing, 134 War Games, 354 waveforms, 54 web proxies, 400 website caching, 401 WEP, 376 WEP keys, 371 Also See: cleartext white hats, 359
Z
Zeroconf, 248 zones, 223
Index
661
NOTES
662

Net 2011

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Net 2011

Uploaded by

Copyright:

Available Formats

It Pays to Get Certified

How Certification Helps Your Career

Steps to Getting Certified and Staying Certified

Practice for the Exam

reference not valid.

How to obtain more information

CompTIA Network+ (Exam N10005)

CompTIA Network+ (Exam N10-005)

COMPTIA NETWORK+ (EXAM N10-005)

CompTIA Network+ (Exam N10-005)

LESSON 2 - NETWORK COMMUNICATIONS METHODS

LESSON 3 - NETWORK MEDIA AND HARDWARE

CompTIA Network+ (Exam N10-005)

LESSON 4 - NETWORK IMPLEMENTATIONS

CompTIA Network+ (Exam N10-005)

LESSON 5 - NETWORKING MODELS

LESSON 6 - TCP/IP ADDRESSING AND DATA DELIVERY

CompTIA Network+ (Exam N10-005)

LESSON 7 - TCP/IP SERVICES

LESSON 8 - LAN INFRASTRUCTURE

CompTIA Network+ (Exam N10-005)

LESSON 9 - WAN INFRASTRUCTURE

CompTIA Network+ (Exam N10-005)

LESSON 10 - REMOTE NETWORKING

LESSON 11 - SYSTEM SECURITY

CompTIA Network+ (Exam N10-005)

LESSON 12 - NETWORK SECURITY

CompTIA Network+ (Exam N10-005)

LESSON 13 - NETWORK SECURITY THREATS AND ATTACKS

LESSON 14 - NETWORK MANAGEMENT

CompTIA Network+ (Exam N10-005)

LESSON 15 - NETWORK TROUBLESHOOTING

CompTIA Network+ (Exam N10-005)

APPENDIX D - DISASTER RECOVERY PLANNING

LESSON LABS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 GLOSSARY

CompTIA Network+ (Exam N10-005)

ABOUT THIS COURSE

How to Use This Book

On the Domain Controller:

CompTIA Network+ (Exam N10-005)

Congure the IP address.

16. Create user accounts in Active Directory.

17. Install the DHCP server.

CompTIA Network+ (Exam N10-005)

19. Create a Reverse Lookup Zone and add a Pointer record.

22. Allow authenticated users to log on to the domain controller.

CompTIA Network+ (Exam N10-005)

23. Congure and enable Routing and Remote Access Services. a. b.

25. Congure Internet Explorer.

26. Turn on Network Discovery.

27. Turn off the Windows Firewall.

29. Complete the setup.

On the Instructor and Student Computers:

Change the computer name.

CompTIA Network+ (Exam N10-005)

13. Create user accounts in Active Directory.

14. Allow authenticated users to log on locally.

15. Force the Policy update. a. b. c. d. a. b. c.

17. Congure Internet Explorer.

18. Turn on Network Discovery.

19. Create a Reverse Lookup Zone.

20. Install the Microsoft Loopback Adapter.

21. Turn off the Windows Firewall.