System Security Certified Practitioner (SSCP 2018): Network Fundamentals

Explore foundational network concepts, from packet switching to network topologies to wireless router
configuration.
Course Overview
Dan Lachance has worked in various IT roles since 1993, including as a technical trainer with Global Knowledge, a
programmer, a consultant, as well as an IT tech author and editor from McGraw-Hill and Wiley Publishing. He has
held and still holds IT certifications in Linux, Novel, Lotus, CompTIA, and Microsoft. His specialties over the years
have included networking, IT security, cloud solutions, Linux management, and configuration and troubleshooting
across a wide array of Microsoft products.

The system security certified practitioner or SSCP is an intermediate-level security certification that benefits IT
technicians and executives. And it serves as confirmation of their skills for securing IT solutions. The certification
exam covers a wide breadth of knowledge and skills, including network and application security, all the way to
access control methods and vulnerability assessments.

In this course, Dan Lachance will explore those network concepts, from packet switching, to network topologies, to
wireless router configuration. These concepts will then serve as the foundation upon which security solutions are
built.
Packet Switching Networks
Modern network technologies have evolved over time from the old Public Switched Telephone Network or PSTN.
This is the older style legacy telephone network that was used around the world and still is in some places. And it's
called Circuit switched. What this means is that bandwidth gets allocated for the entire duration of a call, or in the
case of using a modem to connect a computing device over analog phone lines, for the duration of the session. In
other words, a bandwidth connection.

Now, regardless of whether or not anything's being transmitted, or in the case of a phone call, even if nothing is
being said, that bandwidth is still in use. And traditionally, it used 64 kbps per second in each direction.

Visualized on the screen, we can see that we've got a circuit switched connection from point to point that allocates
these 64 kbps per second dedicated bandwidth. In our diagram, we don't have old style telephones communicating
over an analog telephone network. Instead, we have pictures of computers. Computers can use modems to make a
connection to a telephone network to communicate that way. In the diagram, a dedicated 64 kbps circuit is used
for the duration of the connection.

Now, compared to circuit switching, packet switching is what is used in today's networks. This means that there is
no dedicated end-to-end circuit or bandwidth allocated when a session is set up. In other words, the network
bandwidth is only used when data is there to be transmitted, unlike circuit switching. Each transmission over the
network is called a packet. And a packet contains some source and destination addresses at the hardware level for
network interfaces. At the software level, things like IP addresses. And of course, the data is contained within the
payload of the packet. And each of the packets that traverse a packet switching network, like the Internet, can take
a different path to the destination. And that really depends on how routers are configured to route packets using
the most efficient path. Then the data gets reassembled at the target location.

So pictured on the screen, we have a visualization of a packet switching network. And what we have in the upper-
left is a machine that's transmitting to a machine listed in the bottom-right. Now, in the middle of a diagram, we've

1
got a cloud, which implies a wide-area network, such as the Internet, with a number of routers - which here, are
labeled with the letter R. In the diagram, there are six routers labeled R.

Routers are designed to find the best efficient path to send a packet to a target location. And so here, we can see
for example, two computers communicating where a transmission in Packet 1 goes through a specific set of
routers to arrive at the destination In this instance, Packet 1 gets passed from the first router to a second router,
and to a third router before it arrives at the destination. and Packet 2 could take a completely different
path. Packet 2 is passed along via four routers before it reaches its destination in this instance. And this is the
benefit of packet-switching networks is the most efficient route at the time is utilized.

Now, what exactly is in a packet? We're going to see more and more of that as we progress, but at this point,
we've got an ETHERNET HEADER. And that contains both the source and destination MAC address. Source and
destination can be abbreviated as src and dst, respectively. The MAC address is an address that uniquely identifies
a network card on a local area network.

Then, at the software level, we've got an IP HEADER, where we've got the source and destination IP address. Then
we've got, for example, a TCP HEADER if we're talking about connecting to a website. That uses the TCP transport
mechanism. And it uses source and destination port addresses. If we're connecting to a web server, the target port
address is port 80 or 443. More on that later. And then of course, within a packet we've got the payload. And
depending on what's been configured, that might be encrypted or it might not be encrypted. And we'll talk about
encryption mechanisms later on.

The OSI Model

Network and security professionals need to have a solid understanding of the OSI Model. OSI stands for Open
Systems Interconnect. This is a conceptual 7 layer model that's used to describe communications hardware and
software. And it's used internationally.

Now all transmissions over network do not have to use all of the 7 layers that we will discuss. In the industry, you'll
hear terms like Layer 3 switch, Layer 7 firewall appliance. So these layers are OSI layers. So let's talk about how this
works.

Pictured on the screen, we can see on the left that we've got Device 1 communicating on a network to Device 2,
which is listed over on the right. What we also see under each of the two devices are the 7 OSI layers.

Now this is all conceptual. It's not anything tangible or anything that you can see when you look at the
configuration of your computer. But the point at this level is that Device 1 will transmit over the network. And
when it does that, Device 1's transmission goes through all of these layers on that machine, conceptually. Before it
gets down to the physical layer and gets transmitted wirelessly perhaps or over a wired network. The layers of the
OSI model, at Device 1, are from top to bottom: Application, Presentation, Session, Transport, Network, Data Link,
and Physical. And on the receiving end, you can visualize this. You can imagine that it's coming up through all of
the OSI layers to be processed by software on Device 2. While the layers of the OSI model are the same at Device
2, the order in which they're processed is in reverse, from the bottom up. So the order is now: Physical, Data Link,
Network, Transport, Session, Presentation, and Application.

Layer 1 of the OSI Model here, the Physical Layer. The Physical Layer deals with things like Cables, whether we're
using twisted pair copper cabling, and fiber optic cabling, and so on. It also deals with other physical aspects of the
transmission media with things like Connectors, RJ-45 connectors. Which you'll commonly see with twisted pair
copper cables or one of the many different types of fiber optic cable connectors, such as Straight Tip - otherwise

2
called ST connectors. Also things like Electrical specifications, like Transmission frequencies for wired and wireless
networks. That would all fall under layer 1 of the OSI Model, the Physical Layer.

Layer 2 is called the Data Link Layer and it deals with how the device gets access to the transmission media so it
can transmit over the network. Whether we're talking about an Ethernet network or gaining access to a Token ring
network to transmit or Accessing wireless transmission frequencies.

Also, hardware addresses are used at layer 2. In other words, MAC addresses. A MAC address is Media Access
Control. It's a 48-bit hexadecimal address that uniquely identifies a network card on a local area network. A local
area network can be abbreviated as LAN. So things like smartphones, tablets, laptops, desktops, servers, routers,
switches. Anything that can communicate on a standard network has a MAC address. Now we've also got other
devices that apply to layer 2. Things like network bridges and network switches, which we'll describe in detail later.

Layer 3 of the OSI Model is where we start getting into software. It's called The Network Layer. And we deal with
Software network addresses, such as IPv4 or the newer IPv6 addressing. Also, routing is a big part of layer 3, where
packets get routed through the most efficient path to reach a target over a wide area network. So therefore
network routers then would apply to layer 3, where we can statically or manually enter routes into a router so it
knows how to transmit through multiple potential paths. Or routers can dynamically learn by themselves of other
routes to get to target destination networks.

Layer 4 of the OSI Model is the Transport layer. And there are two big TCP/IP protocols here. Transmission Control
Protocol (TCP) which is connection-oriented. That means that a session is established between two devices before
any data is sent. And it's also considered reliable because we've got an acknowledgement sent back to the sender
for everything that the sender has sent out. So when the recipient receives it, it acknowledges it back to the
sender.

The User Datagram Protocol (UDP) is not as careful. It's connection-less; there's no session establishment. And it's
essentially a best effort packet delivery. Now that means that there's no acknowledgement to make sure that what
was sent to the target was received by the target. But at the same time it also means less overhead, so it's quicker
than TCP. So you're going to find depending on the higher level protocol you're using, will determine whether it
uses TCP or UDP. It's really up, for the most part, to the programmer that built the software. In some cases,
technicians can configure whether something uses TCP or UDP.

Also what applies at layer four are Port addresses. These are network service listening addresses. So an HTTP web
server for example, listens on TCP port 80. It's like a channel. Whereas if it's a secured web server HTTPS, it would
listen on TCP port 443. An SMTP mail transfer server would listen on TCP port 25 and so on.

Layer 5 is the Session Layer. And it's responsible for network session Establishment, Maintenance, and Tear-down.
And when we talk about setting up a Network session, we're not necessarily talking about a user logging into
something. It could be built into the software. There's also the negotiation of session parameters that also applies
to layer 5. Such as the encryption algorithm that will be used or the strength of the key that will be used and so on.

Layer 6 is the Presentation Layer and it's responsible for how data gets presented. Such as whether things are
encrypted or decrypted. Whether things are compressed to increase the amount of data that can be transmitted
over a network within a period of time. Or also the translation between varying character sets like ASCII vs.
Unicode.

Layer 7 is the Application Layer at the top of the OSI Model. And it relates to application-specific data. So we can
look into the Payload portion of a packet. And it can also involve direct user interaction like your user checking
email. Examples would be APIs. Application programming interfaces used by programmers to hook into
functionality of software or devices. It could be the DNS protocol used to resolve names to IP addresses. It could be

3
the SMB server message block, Windows file sharing protocol or File Transfer Protocol, FTP. So there are many
higher level or layer 7 protocols that relate to the Application Layer. Just remember that with the OSI Model, its
conceptual and not every transmission uses every layer.

So to bring it all home, let's map packet headers to the OSI Model. So an ETHERNET HEADER contains source and
destination MAC addresses. This applies to OSI Layer 2 - the Data Link Layer. An IP HEADER in a packet has
addressing information for source and destination, specifically IP addresses. That applies to OSI Layer 3 - the
Network Layer. The TCP HEADER within a packet transmission for example, if TCP's being used, has source and
destination port addresses, which applies to OSI Layer 4 - the Transport Layer. Now the actual DATA or PAYLOAD in
the packet, which may or may not be encrypted, would apply to layers 5 through to 7 - the Session, Presentation,
and Application Layers. Depending on, for example, whether or not the payload is encrypted, that would apply to
the presentation layer. So there's an easy way then to map the actual contents of a packet to the OSI Model.

The TCP/IP Model

The TCP/IP model is a conceptual 4-layer model used by technicians to learn about and to explain the TCP/IP
protocol suite.

Now, this existed before the OSI model. The OSI model, if you'll recall, allows us to explain and describe
communication hardware and software, as well as many different protocol suites including TCP/IP. So like the
name implies then, the TCP/IP model is focused only on software - the TCP/IP protocol suite.

Now, we can see visualized on the left the OSI Model compared to the TCP/IP Model on the right. The OSI model is
depicted as consisting of seven layers, whereas the TCP/IP model consists of four layers only. The TCP/IP Model at
the bottom, starts with the Network Access Layer, which maps to the physical and data link layers of the OSI
Model. The TCP/IP Internet Layer maps to the OSI Network Layer. The TCP/IP Transport Layer, luckily maps to the
same thing in the OSI Model - the Transport Layer. And then the TCP/IP Model at the top has the Application Layer,
which maps to the OSI Model layers session, presentation, and application. The Session, Presentation, and
Application layers are arranged from the bottom up in the OSI model.

Layer 1 of the TCP/IP model, the Network Access Layer, deals with physical network medium access techniques for
both wired and wireless networks. Now bear in mind, that TCP/IP is a network software protocol suite. We're not
really talking about specific hardware components. And TCP/IP doesn't depend on a specific underlying physical
network technology being used. So TCP/IP would work with underlying Ethernet hardware physically, Token Ring
network hardware, Wi-Fi networks that use radio frequency signaling, and a variety of WAN protocols.

Layer 2 of the TCP/IP model, the Internet Layer, deals with IP addressing. Whether we're working with the
established IPv4 32-bit addresses or the newer IPv6 128-bit addressing. There's not a whole lot of IPv6 out there
yet, but it is coming. And we're starting to see smatterings around the Internet.

Layer 2 also deals with the routing of packets through the quickest path. That's what routers do. TCP/IP protocols
that would relate to the Internet Layer would be things like the Address Resolution Protocol or ARP. This is used to
map a IP address on a local area network to the physical hardware MAC address, which is needed to talk on a local
area network. It also deals with protocols, like Internet Protocol (IP), which deals with routing and IP addressing.

Layer 3 of the TCP/IP model is called the Transport Layer and it deals with session establishment, maintenance,
and tear-down. So we're working with things like Transmission Control Protocol TCP, which sets up a connection or
a session, and uses acknowledgments if there are missing transmissions. The User Datagram Protocol UDP, could
also be used depending on how the programmer built the software or in some cases, how the technician
configures this specific software in question. TCP or UDP can be used at the transport layer. UDP doesn't set up a

4
connection; it's connection-less. And it uses the best effort mechanism to blast out packets and hopefully the
target receives it. So it's quicker; it has a lot less overhead than TCP. Layer 3 also uses port numbers to identify the
listening network service, whether it's a UDP or TCP port. For example, the standard web server would listen on
TCP port 80.

The highest layer in the TCP/IP model is layer 4 - the Application Layer. It communicates with lower levels and can
involve user interaction, such as a user connecting to an HTTP or an HTTPS secured website, or using FTP to
transfer files over a network, or SMTP for mail transfer between mail servers, or DNS to resolve names to IP
addresses.

Network Topologies
A physical network topology deals with how devices are physically wired together - at least in the case of a wired
network solution. It deals with things like the type of network interface cards being used, whether it be Ethernet,
token ring, ATM. It also deals with Cable types, such as twisted pair copper cables versus fiber optic cables. And
Connector types, like RJ-45s for twisted pair copper or maybe straight tip connectors for fiber optic cables.

The first network topology is a Bus. A physical bus topology means we've got a central cable run depicted here and
devices essentially have connecting tap-ins into the main centralized trunk. Now, there are many variations of a
physical bus topology and it's not used often anymore in enterprise networks. The idea is that if we have a cable
break in the middle of the centralized trunk, it isolates network devices on either side of that cable break or that
cable dysfunction.

A ring physical network topology means that every device has two connections to the network, as seen here, for its
upstream device and its downstream device. In the diagram, four devices are interconnected into a ring topology.
Each device is essentially connected to two devices; one on either side of it. The idea is that we've got a RING
TOPOLOGY to allow this kind of communication between devices. So there is no centralized trunk for a network
like we have with the Bus. And certainly, as we'll see when we discuss a Star topology in a moment, there's no
centralized connectivity device like a hub or a switch.

Now, with the Star physical network topology, all of the devices are connected to a central concentrating location.
Like a hub or in more modern networks, a network switch. We'll distinguish the difference later on. Now, in this
picture, we have all of our devices plugged directly into a port in the switch. Realistically in an office environment,
you plug your computer into a network jack in the wall and that wire goes through the ceilings back to a central
wiring closet or a server room where there's a smaller patch cable that then plugs in to the network switch. But in
the end this is correct. This is a Star physical network topology, which is by far, these days, the most common for
corporate networking.

We also have a Token ring network topology. But this is a logical topology not physical. What does that mean?
Well, take a look at how the Token ring network is physically wired. It's a star. We've got all of the devices
connected to a central item. In this case, you could call it a token ring switch. Most people would call it a MSAU - a
multi station access unit or M Sau. But essentially, it's really working as a regular network switch would. It's a
central connectivity point.

So you might say, well, where does Token ring come in? A token is a data packet that circles around the network at
very high speeds. And in order to transmit on a Token ring network, your machine needs to get a hold of that data
token, so to speak. And populate it with addressing information and, of course, with data. Now, the reason its
called ring is because if we were to draw a line to and from every device going to the centralized Token ring multi-
station access unit, we would have a ring. It wouldn't be a perfect circle, but it would be a ring.

5
So there is a distinction then between physical and logical network topologies.

Peer-to-Peer and Server-Based Networks

After you've dealt with physical network technology like cards and cables, and connectors, and wireless routers,
and so on, you then have to determine if you want to use a Peer-to-Peer or a server-based network model.

Both of these solutions are independent of the underlying network technology in use. It doesn't matter what kind
of cables, connectors, cards we're using. Including what network interface cards, or NICs. It is also independent of
the underlying network topology. It doesn't even matter what kind of software protocol we're using, whether it's
IPv4, IPv6, and so on.

When we configure a peer-to-peer and a server-based network, we're really talking about software configurations
at the network level that apply to OSI model layers 5 through to 7. Now, that would mean we're talking about the
session layer for establishment, and maintenance, and tear down of sessions. The presentation layer for
potentially encrypting, decrypting, or perhaps compressing and decompressing network transmissions. All the way
up to layer 7- the application layer with higher level protocols.

Let's talk about each of these. Starting with the peer-to-peer network, which we have pictured on the screen
here. A graphical representation of a sample peer-to-peer network displays. It consists of six devices. In the
diagram's network topology, all but one of the six devices connect directly to three others. The remaining device
connects to all five devices on the network directly.

The idea with the peer-to-peer network is that it's a software configuration within the operating system where
each device on the network could be a client. And when we say client, we mean the machine can be used to access
resources over the network shared on another computer, like a shared folder or perhaps a shared printer. But at
the same time, besides being a client, that same exact computer could also act as a server. Because it too might be
sharing folders out on the network or sharing a printer that others can connect to over the network to send print
jobs to. Hence peer-to-peer network.

Now, this isn't really scalable. And what that means is that it really works well for smaller networks. So you might
see it within a larger enterprise, but only within a department. And certainly you would see it in a small office,
including a home office or a home network.

Now on the other end of the scale, we've got server-based networks pictured on the screen, where we've got a
centralized server that devices connect to. So instead of every device potentially being a client connecting to
shared resources, which it would do in this case. But also being a server and sharing things like folders and
printers, which it wouldn't do in this case. Instead that's all handled by a centralized server.

The thing about this is that with the peer-to-peer network, the shortfall is the lack of centralization. All user
accounts in a peer-to-peer network are kind of built on each machine as needed. If I want to connect over a peer-
to-peer network and authenticate to a shared folder that you are sharing on your computer, I need to know a
username and password on your computer. It doesn't matter what I've got on my computer. And so, as you might
imagine, if you've got dozens of computers set up this way and all of them are accessing resources from one
another, it becomes a bit of a management nightmare for user authentication.

And what about security settings? What if I want to enforce multi-factor authentication and so on? Well, we don't
have a centralized place to do that in a peer-to-peer network. We'd have to configure the same thing over and
over on each peer.

6
What about centralized logging and auditing so we can track what's been happening on the network? Well, we
don't have a centralized way to do it. So if we want to audit user activity for a given user, we'd have to do it across
multiple machines. And access the logs on those multiple machines.

And what about data backup? I don't have a centralized single place to back things up to from a centralized server.
In other words, we'd have to configure backup for each computer in a peer-to-peer network that might be sharing
data that should be backed up.

So you'll find peer-to-peer networks then used in smaller networks and server-based networks used at the
corporate or enterprise level.
Network Infrastructure Devices
If you're setting up a home network, it could be as simple as just connecting to the Wi-Fi network where a provider
already came in and set up the hardware for you. But in the enterprise environment, it could be different. Network
infrastructure devices control things like connectivity to the network as well as the flow of traffic throughout the
network. And there are many different types of devices that we have to consider. They are Hubs, Bridges,
Switches, and Routers. We're going to talk about each of these starting now with hubs.

A Hub is a legacy or an older central wired network connectivity solution. Hubs have multiple ports and for
example, they might have a number of RJ-45 network connectors that you could plug devices into the hub through.
Now, this would be used if you're using twisted pair copper cabling. It applies to OSI Layer 1 - the Physical layer. A
hub will broadcast a transmission from one port to all ports. So imagine that we've got our computer plugged into
port one in the hub and we send a transmission directly to the computer plugged into port two. Well, if we've got
eight port switch our transmission is also broadcast to the other six ports because hubs are very chatty. So they're
not very efficient.

On a network you might also encounter a bridge or you might set up a bridge. A bridge again, is an older or legacy
device that's used to segment a larger network into smaller pieces. Now these days you'll see network switches
used more often than not. And they also have the ability of acting as a hub and a bridge in one. So network bridges
are superseded by network switches. However, you'll still see some bridges around from time to time. They are OSI
Layer 2 devices. They apply to the Data Link layer. That's because they deal with things like MAC addresses and
which side of the network a given MAC address is on.

They also deal with how to gain access to the network. They have ports that connect different network segments
together. And what happens is that when you break a larger network, let's say into two smaller segments, the
bridge sits between them with each network segment plugged into the bridge. And this creates what are called
additional collision domains. The collision domain allows multiple simultaneous network connections on each side
of the bridge. Normally, in a very large network that uses hubs, only one machine can communicate at a time. Now
again, if you're using network switches, which we'll talk about shortly, then that's different. But we haven't got to
switches quite yet.

So network switches then, are a central wired network connection point that are used in modern day networks.
And a switch has multiple network ports. You might have an 8 port switch, 12, 24. It just depends on what you
have. And you can even link them together for larger network environments. Ports usually come in the form of RJ-
45 connector jack locations. So often we'll use them for copper twisted pair networks. Although you might have
switches that also have some ports on the back to connect to a backbone using fiber optic networks.

Switches apply to OSI Layer 2 - the Data Link layer. And the reason is because they store MAC address information
for every device plugged into every port. In other words, the switch will remember the MAC address; the hardware
address of the network card for the device plugged into switch one, switch two, switch three, and so on. And in

7
this way, it can allow direct communications between devices plugged into the switch instead of broadcasting it to
all ports like a hub does. So it transmits data only to the port with the correct target MAC address for that
transmission. And remember, source and destination MAC addresses would exist within a packet in the Ethernet
header.

A Router routes packets to other remote networks. And a router knows how to do this either because we've
manually or statically entered routes or because the router learns dynamically on its own through routing
protocols. Now we can have a wired router that only has wired connections to link networks together. Or of
course, we can have wireless routers that allow us to route traffic from a wireless network to a wired network.

Now, routers always try to use the most efficient route to send a transmission. And with packet switching
networks, that's why sometimes a transmission can take different paths, even if you're connecting to the same
target. Routers have to have at least two network interfaces to be a router. They can certainly have more than two
and they apply to OSI Layer 3 - the Network layer. The Network layer is concerned with routing of traffic. It's also
concerned with software network addressing, such as IP addresses. Where one portion of the IP address identifies
a network and the other portion of that same address identifies a host on that network.
Network Transmission Media
IT security experts need to have a solid understanding of the various types of Network Transmission Media. One of
the reasons is because some are more secure than others.

Let's start with Coaxial cable. Also called simply coax. You might be familiar with this because if you were around
when cable television was a big thing, that's the type of cabling infrastructure we're talking about. It Transmits
electricity down a single copper wire core. And the thicker that copper wire core, the longer we can transmit the
signal - greater distance. Now, this is rarely used these days for enterprise networks. Instead, you'll see coax often
used these days for residential Internet cable modems.

Twisted pair copper cable is widely used today. It also transmits electrical signals over copper wires, like coax does.
But coax is a single copper wire. Here, we're talking about four pairs of twisted copper wires (eight wires in total).
Now, why are they twisted? Is it decorative? No, no, what it really has to do with is reduces crosstalk interference
from electrical signals going down an adjacent wire. That's why the twists exist.

Now, there's unshielded twisted pair, UTP. There's shielded twisted pair or STP cables. Shielded twisted pair gives
extra protection against electromagnetic interference, otherwise called EMI. In other words, it's less susceptible to
external electrical noise that might be caused by things like strong fluorescent lights or certain types of machinery
that have a heavy power draw.

Common twisted pair cabling standards include Category 5, otherwise called Cat 5. This has a maximum supported
network throughput of 100 Mbps. Megabits per second is often abbreviated to Mbps. Cat 5e has a maximum
throughput of approximately 1,000 Mbps. Where Category 6 has a Maximum Network Throughput of
approximately 10 Gbps. Gigabits per second is abbreviated to Gbps. I'm saying approximately because it really
depends on the environment in which you install this type of cable. And these cable runs often have a maximum
distance of approximately 100 meters. Now, could we get away with using Cat 5 cable and get 1000 Mbps? It's
possible, yes. But the general universally accepted standards are what we're seeing listed here. And there are
certainly many other categories of cable. This is just but a tiny sampling.

Then we've got Fiber optic cable. This is a cable that contains numerous tiny plastic fibers. Now what's used for
these fibers is that light is transmitted down them at various wavelengths. We're sending light signals, so to speak,
instead of transmitting electrons. Instead of transmitting electrical signals, like we would with twisted pair copper
wires or coax. This means that we end up getting the longer transmission distances than we would with coax or

8
twisted pair. Also because we're transmitting light that means that fiber optic cable signals are not susceptible to
electronic magnetic interference or electrical noise. Also from a security aspect, it's more difficult to wiretap fiber
optic cabling than it would be for twisted pair. And that's because it requires very specialized equipment in order
to be able to tap into what are essentially wavelengths versus electronic signals traversing wires.

Then we've got wireless network transmissions. Now this uses radio frequency signaling at various frequencies.
Whether we're talking about a mobile cellular network or Bluetooth, which is short range wireless. The maximum
distance of approximately 10 meters. Or the Wi-Fi standards, of which there are numerous 802.11 standards. Now,
the maximum distance with Wi-Fi is approximately 100 meters. It depends on the environment, such as whether
it's raining, whether there are leaves on trees, and so on. The signal degrades as the device is further away from
the access point. So if you've got a Wi-Fi network at home and you're in the backyard with your smartphone, you
might notice that when you get to the edge of your property, perhaps you have less of a signal - if any at all.

Configure a Wireless Router

The first thing you need to determine if you're going to configure a Wireless Router is the IP address of that router.
Here on my Windows station, I'm going to type ipconfig. The Command Prompt is open on a Windows machine.
The presenter is currently logged in as an Administrator user. He runs the command: ipconfig. And what I'm going
to take a look at here is my Default Gateway.

In my case, on my Wi-Fi network, which I am connected to, that is my Wireless Router. That's my Default Gateway.
It's the way out of the local area network. He highlights the Default Gateway value in the output, which is:
192.168.0.1. So I can see the IP address here is 192.168.0.1. So to configure that Wireless Router, I'm going to pop
that IP address into a web browser. The Login page for a wireless router displays in a browser. A notification
informs that the default user name is: 'admin.'

When I do that, I can see I'm connecting to an ARRIS wireless router and it wants me to specify the User Name and
Password. The URL in the address bar for the ARRIS router is 192.168.0.1. So I'm going to go ahead and enter
those in and then I'll click Apply. Once he's logged in, the System Basic Setup screen opens. There are two sections:
Basic Setup and Wireless 2.4 GHz.

So now I'm logged in. I've connected up in my browser URL over https, but notice that we've got a Not Secure
message and there's a line through https. He points to the page information icon on the address bar of the
browser. The URL now reads: https://192.168.0.1/?basic_setup but the HTTP part is strikethrough. That's because
my web browser doesn't trust the certificate built in to that ARRIS wireless router. However, I know it's the router
that's physically present in my office where I am. So therefore, I will still trust it.

So here I've got some Basic Setup, such as the Language and the name of the host. He points to a Language drop-
down list that is set to English and the Host Name text field, which has the value of: ARRISGW. And whether I want
to enable wireless connectivity because it is a wireless router, over different frequencies, 2.3GHz as well as the
5GHz frequency range. He scrolls to reveal sections for Wireless 5 GHz and 2.4G/5G WPS Settings as well.

Now, as I take a look here, I've also got over on the left, LOGIN SETTINGS. Because this is a router and so controls
network traffic flow, we want to make sure that not anybody can just log into it and reconfigure it. He selects
LOGIN SETTINGS in the navigation pane. The Login Settings page opens. So, it's important then that we specify a
complex password. The Change Password section contains text fields for: Old Password, New Password, and
Repeat New Password.

Now, remember that a router's got to have at least two network interfaces. This Wireless Router does. It's got a
WAN network interface that connects to the internet. In this case where WAN stands for wide area network. He

9
clicks the WAN Setup tab. The Dynamic Configuration Settings page opens. And DHCP is enabled. DHCP is the
dynamic host configuration protocol. He highlights a checkbox, Enable DHCP, which is selected within the DHCP
section of the page. Instead of me having to manually specify the IP Address, the subnet mask, and the gateway
for this interface, it's learned automatically through DHCP over the network. The values for IP Address, Subnet
Mask, and Gateway Address, respectively, are: 24.215.70.189, 255.255.240.0, and 24.215.64.1.

So my internet provider then has specified this information and my WAN interface on my wireless router has
acquired it from my internet provider's DHCP server. But my router has another interface that I control entirely on
my local area network or LAN. He clicks the LAN Setup tab. The LAN Settings page opens. It contains section such
as LAN IP Settings and DHCP Server Settings.

So if I look at the LAN Settings here, I can see the IP address of my internal interface on my Wireless Router, He
highlights the IP Address value, which is: 192.168.0.1. but I can also see that the DCP server is enabled. He
highlights a checkbox, Enable DHCP Server, which is selected. So that means that my Wireless Router is configured
with a starting IP and an ending IP address range. He highlights the values for the Start IP Address and End IP
Address. These are 192.168.0.2 and 192.168.0.254, respectively. And it can hand out that IP address information
to any of my internal clients on my wireless network. And that saves me from having to configure it manually on
every device like smartphones, and tablets, and desktops on my office network.

So we've got a number of options available then when we configure this type of Wireless Router. And remember,
because wireless routers control network traffic flow, make sure that you change the default credential. Leaving a
default name of the admin with the default manufacturer password of password leaves you wide open for attack.
Network Load Balancing
Network Load Balancing or NLB, is all about business continuity, keeping things running at peak performance. A
network load balancer can either be a physical device or a virtual appliance. And you can configure load balancing
on-premises or in the public cloud.

Network load balancing is used for two things really. To improve performance of the busy application and also to
increase the resiliency to failure. So if we've got a single application server and it fails, the application is
unavailable. But what if we had a number of servers offering the same application and data? If a server fails, client
requests can simply be redirected to other healthy remaining servers.

So with improved performance, we're really talking about having a Single entry point to an application. And that
entry point is through the load balancer. The load balancer sits between clients and the back ends servers hosting
an application. So for example, we might have a load balancer that supports a web app and so the load balancer
would listen on TCP port 80 for HTTP client requests.

Now, if it's a public web application, then the load balancer would be configured with the public IP address that
port 80 would be listening on. And clients would connect to the DNS name of the load balancer, which you can
configure to be whatever you want. And that would resolve to the public IP address of the load balancer, not the IP
address of the back-end service behind the load balancer. So in the end, the load balancer is sending client
requests. to a collection of back-end servers. Essentially having more workers means better performance than
having a single worker. Additionally, NLB tracks back-end server health.

Another reason for Network Load Balancing though is also to increase the resiliency to failure because we've got
multiple back-end servers that will be hosting the same application. And often, these are implemented as virtual
machines, whether it's on premises or whether you're doing this up in the public cloud somewhere. You can also
configure shared network storage for data. So that you might have multiple back-end servers supporting the same

10
app, but we need to make sure that they all know about the same data. So what we could configure then is shared
storage that those multiple back-end servers would talk to.

If a back-end server fails, the Network Load Balancer would have a periodic health check that would fail when it
tries to make a connection to that specific server. So the load balancer would know about it. And as a result, the
Network Load Balancer would no longer forward client requests to the server because its failed - it's not
responding. Then client requests would be redirected only to healthy back-end servers.

So Network Load Balancing then can be used for really any type of application. It doesn't necessarily have to just
be for an HTTP web application listening on TCP port 80.
Configure a Cloud-Based Load Balancer
In this demonstration, I'll be configuring a network Load Balancer in the Amazon Web Services or AWS public
cloud, where I've already got an account created.

From the main page, I need to go down under the Compute section, and click on EC2. EC2 is where I configure
virtual machines and also load balancing. The AWS services main page displays. Within the All services section, the
presenter clicks the EC2 link in the Compute subsection. So on the left-hand navigator, I'm going to scroll all the
way down until I see the load balancing section and I'll click on Load Balancers. When the EC2 dashboard opens, he
expands the LOAD BALANCING node in the navigation pane and selects Load Balancers. The Select load balancer
type page opens. It lists three options: Application Load Balancer, Network Load Balancer, and Classic Load
Balancer. Each has a Create button assigned to it.

I'm going to go ahead and create a Network Load Balancer. So I'll Create button under that section. He clicks the
Create button associated with the Network Load Balancer option. A network load balancer configuration wizard
opens on the page, Step 1: Configure Load Balancer. There is a Basic Configuration section as well as a Listeners
section. And I have to name the Load Balancer configuration. I'll call it LB1. He types "Lb1" in the Name text field.

And it can be either an internet-facing Load Balancer, such as for a public website, or internal for internal line of
business application. This case it's going to be internal for my config. He selects the internal radio button within
the Scheme category. The other radio button is internet-facing. And I can see that my Load Balancer will be
listening on TCP port 80. Within the Listeners section, there is a Load Balancer Protocol drop-down list that's set to
TCP. The Load Balancer Port value is set to 80. I could click Add Listener if I wanted to add additional listening
ports, but port 80 will be fine for this example. He points to an Add listener button.

I'm going to scroll down. And I have to choose the virtual network in the cloud or the VPC Within the Availability
Zones section, he expands the VPC drop-down menu and selects vpc-a72ae2dd (10.1.0.0/16) | VPC-East. and then
subnets within it. I've already got these configured, so I'll just select those subnets. Two subnets are listed, with a
checkbox associated with each: us-east-1a and us-east-1c. He selects both checkboxes.

Then I have to create what's called a Target group, which defines what it is I'm connecting to in the back-end
behind the Load Balancer. The Step 2: Configure Routing page of the wizard opens on a section titled: Target
group. It prompts for several values to be configured, including Target group, Name, Protocol, Port, and Target
type. So it's going to be connecting to port 80 on virtual machine instances. I'm going to call this Tg1 for Target
group 1. The Target group is set to New target group by default. He types "Tg1" into the Name text field. The
Protocol is set to TCP. The Port is set to 80. He selects instance in the Target type drop-down menu. Now, it doesn't
have to use the same back-end port that the Load Balancer was listening on. But in this case, they're both 80.

If I go down under the Advanced health check settings, remember a network Load Balancer can determine if any
back-end servers are not responsive. He scrolls to a section, Advanced health check settings. So I'm going to
connect to a traffic port 80. He points to the traffic port radio button that's selected in the Port category. And the

11
Healthy threshold is if I've got a back-end server that's been unhealthy, how many consecutive attempts to
connect to it to determine if it's healthy? In this case, it's set to three. He points to the value in the Healthy
threshold text field, which is 3.

Then I've got the same thing for how do I determine if a back-end server's unhealthy? Well, after three consecutive
attempts to connect, notice we've got a Timeout of 10 seconds, then that Interval is every 30 seconds. Then we
determine that it is unhealthy. He points to the value of 3 in the Unhealthy threshold text field. And there is a value
of 10 in the Timeout seconds text field. The Interval setting is set to 30 seconds. Remember, Load Balancers don't
forward client request to unhealthy back-end servers. So we've got all of these health check options that are
available for us.

Then I'll click Next to register the targets - The Step 3: Register Targets page opens. the actual virtual machines
themselves in those subnets. An Instances table lists two instances, each associated with a checkbox. So I've got
two Windows Server 2012 hosts that are configured to support the same website. So I can see they're both listed
here and they're running. He selects both instances, WindowsServer2012-2 and WindowsServer2012-1. In the
table they have a State value of: running. So those are my back-end servers. I could have more than two, but that's
all I've got in this config.

So I'll click next to review my settings. The Step 4: Review page of the wizard displays. The settings for the various
categories, such as Load balancer and Routing, display. And basically, I could edit each section of my settings, but
I'm okay with what I've configured. He points to the Edit link associated with each settings category. So I'm going
to go ahead and create this Load Balancer and target group configuration. He clicks the Create button. A Load
Balancer Creation Status notification displays. It informs that Load balancer Lb1 was successfully created. And now
it says it successfully created it.

I've also got the ability to close this out and I can see that my Load Balancer configuration is currently being
provisioned. He clicks the Close button to dismiss the notification. The load balancer is listed on the Load Balancers
page within AWS. It has a State value of: provisioning.

Network Traffic Shaping

Network Traffic Shaping can be configured on any network if you have the correct tools. It's often used in larger
corporate networks and certainly with Internet provider networks.

Traffic Shaping allows the network owners to control network traffic flow. And that means managing the existing
bandwidth and then using priority, such that high priority traffic is guaranteed bandwidth. Now the priority rating
is configured by the network owners through what are called QoS policies, where QoS simply stands for quality of
service.

So the QoS policies that we configure then can examine network traffic in many different ways - looking at things
like the source or destination IP address or the type of traffic. Maybe voice over IP traffic has a higher priority than
HTTP web serving traffic. But that might also only apply during certain times of the day. We can also have our
policy examine the router interface through which traffic is incoming versus outgoing.

With Traffic Shaping, network packets can be Classified and then Prioritized. But what about transmissions that
don't meet our quality of service policies? They don't get dropped, they just get delayed. So traffic shaping routers
then can buffer or queue packets that don't meet a certain classification. In other words, low priority traffic gets
queued up and it will eventually get sent.

12
With Traffic Shaping, we can configure what's called Class-based shaping. This allows us to Control outbound
network traffic flow for traffic going through the router and leaving a specific router interface. What happens with
this is we have to take into account the next router down the line - its network interface speed. In other words,
the speed of the remote router target network interface. That will factor into the policy configuration to determine
how we classify traffic and how it gets prioritized.

As an example, imagine that we might have a higher transmission priority in our QoS policy that allows incoming
traffic from company servers. This is a typical example of traffic shaping. And maybe during work hours, during
the day, we have a higher transmission priority for outbound voice over IP traffic. This is often abbreviated as
VoIP. Voice over IP traffic is much more sensitive to network delays than something like surfing the web or
sending Internet email.

Capture and Examine Network Traffic

Wireshark is a packet analysis tool. It lets you capture network traffic on a wired or a wireless network, so that you
can examine it. Maybe looking for problems, or maybe the reason why that there's network congestion, or maybe
just as a periodic security audit.

So what we have to consider is that in a network switched environment, if we're plugged into a switch port, we're
only seeing traffic that we're sending out. Traffic that we're specifically receiving. We'll also see some network
broadcasts that everybody sees and some multicasts that certain groups of computers see. But if you're capturing
traffic and you're plugged into an ethernet switch, you are not seeing traffic that's going between specific
computers, even on that same switch, unless you configure the switch otherwise.

So having said that, I've already downloaded, installed, and started the Wireshark tool here on Windows 10. The
Wireshark Network Analyzer is open on a Windows machine. The Welcome to Wireshark page displays. And I've
selected my Wi-Fi network interface. He points to the Wi-Fi node on the page. I'm going to start a packet capture
by clicking the shark fin icon in the upper-left of the toolbar.

Now when I do that, I'll immediately start to see any activity on the network through that network interface. A
page, Capturing from Wi-Fi, opens. It displays a list of captured IP addresses, with options to display more details
about each. And notice that we can see the Source IP address column; He points to the Source column in the IP
address list. the Destination IP address column; the Protocol in use He points to the Destination and Protocol
columns, respectively. whether, for example, it's TCP or UDP or SSL or TLS for encrypted connections. We see the
length of the transmission and some additional information. He points to the Length and Info columns as well.

So I'm going to go ahead and click the red stop button to stop the capture. He clicks Stop on the toolbar. The Wi-Fi
page remains open but stops updating. And what I'm going to do is filter it. So up here in the filter bar, I'm going to
type HTTP to filter for HTTP type of traffic. And when I press Enter, it'll show me any traffic if there is any related to
that. He types "http" in the Filter field. There aren't any results.

Now, we don't see any here. So if I were to open up let's say TCP traffic, He selects the http value in the Filter field
and types "tcp" instead. The list is filtered to display TCP, TLSv1.2 and SSL packets that have been captured. that's
Transmission Control Protocol, we see we've got all kinds that show up down below. So it will filter out and show
you any traffic that it might have captured.

I'm going to select one of these TCP packets by clicking on it once. He selects a TCP packet in the list that is
indicated as being from the source IP address: 34.232.123.151. When you select a packet, in the middle part of the
screen, you can see the packet headers. He points to the center pane.

13
For example, I can see the Ethernet II header and if I expand it, I can see the Source and Destination hardware MAC
addresses. In this instance, one of the MAC addresses is 2c::99:24:5a:12:c0. Sometimes, you'll see MAC addresses
prefixed with the name and the manufacturer. He points to the prefix ArrisGro. However, if you look in
parentheses, you'll see the full actual hexadecimal address. And the MAC address is assigned to a network
interface and it's unique on that local area network. So that maps then to OSI model Layer 2, the data link layer,
which is concerned with MAC addresses among other things.

The next header we see is the IP header, internet protocol, which maps to OSI model Layer 3, the network layer.
Here I can see things like the Protocol version. We're using IP version 4. And as I scroll down, some other things,
such as the Source and Destination IP addresses. And again, when we say layer 3 addresses, we're talking about IP
addresses. The destination address in this instance is: 192.168.0.6.

And because this is a TCP type of packet, the next header is the TCP header, Transmission Control Protocol, which
applies to OSI model layer 4 - the transport layer. Where among other things, we see things like the source and
Destination Port number. For example, here we've got a source port number of 443. The source port is 443 in this
instance and the destination port is 61139. What that tells me is that this is a response from a secured website
that was connected to a website that uses SSL or TLS. So it was connected to using the HTTPS secured protocol.
The Destination Port is the higher client side port that receives traffic from a network service. In this case, from an
SSL protected HTTPS server.

So it's important to have a general sense of what to look for within a transmission. Now, of course beyond that, we
can see further data down here. And later on we'll do some other packet captures. And we can also open up
existing saved packet capture files that show us encrypted data versus non-encrypted and so on.

The last thing I'll do here is just point out that I could go to File Save to save this packet capture for later perusal.
So I might capture it now and then go through it at a later time.

Exercise: Implement Network Solutions

In this exercise, the first thing you'll begin with is to Compare coax, twisted pair, and fiber optic cabling. Next, you'll
describe the OSI model Transport layer - layer 4. You'll then List the functions of switches and routers. And finally,
you'll configure some settings on a wireless router.

At this point, pause the video, think about how you'll do these things, and then come back to view the solutions.

The solution commences. With coax cable, electrical signals are transmitted down a Single copper core. And the
thicker that core, the longer the transmission distance. It's used rarely in enterprise networks these days. What's
much more common is Twisted pair. Which also Transmits electrical signals, but down Eight copper wires,
depending on the networking standard being used. You've got four pairs of twisted wires to reduce crosstalk
interference for the total of eight. We've also got Fiber optic cables, which transmit light wavelengths over longer
transmission distances than is possible with coax and twisted pair.

OSI Transport Layer is layer 4. And it has two main components when it comes to TCP/IP. Either we're using the
transmission control protocol or TCP mechanism or the user data-gram protocol, UDP. TCP is connection-oriented,
which means that a session is established between the sender and the receiver before any data is transmitted. It's
also acknowledged. When we say TCP is acknowledged, we mean that for every packet sent from the sender to the
recipient, the recipient has to send back an acknowledgement to the sender saying I got the transmission. So TCP is
a session-based careful protocol. UDP's the opposite. There's no session. It's connectionless and it doesn't
acknowledge any packet delivery. It's instead a best effort delivery. Also, the transport layer deals with addresses
in the form of Port numbers for listening network services.

14
A network switch is an OSI layer 2 or data link layer device. And that's because it Remembers which MAC
addresses are plugged into ports. And MAC addresses are layer 2 addresses. So the switch serves as a central wired
network connection point that's got multiple ports to plug in network devices. Usually those accept RJ45
connectors. And it transmits data only to the correct target switch port where a given MAC address is plugged in.

Routers, on the other hand, are used to control network traffic flow to remote networks. They apply to OSI layer 3
- the network layer. And a router needs at least two network interfaces to function properly. It could have more.
And it always routes packet based on the most efficient route. Whether that's been statically or manually
configured on the router. Or whether it's been learned dynamically amongst routers using routing protocols.

Configuring a wireless router means knowing the IP address of the wireless router and also knowing the username
and password. The login page for a wireless router displays in a browser. The presenter highlights the User Name
and Password values that have been entered. And certainly the default password should be changed if it's not yet
been done on a wireless router that you have control over. I'm going to go ahead and click Apply to log into this
wireless router.

Now there are many different settings that could be configured when it comes to a local area network TCP
settings. So you can control the IP addresses that are assigned to clients that connect to your Wi-Fi network. All the
way to things like hiding the SSID - the station set identifier. The System Basic Setup page for the wireless router
displays. All the SSID is is the name of the wireless network. And by hiding it, you're making it a bit trickier for
people to connect. They'd have to know the name. Now, there are freely available tools out there that most
average people wouldn't know about, that can actually show you hidden or non-broadcasting SSIDs.

So in this case, I'm going to go to Wireless 2.4 GHz. This wireless router also supports Wireless 5 GHz. He clicks the
tab, Wireless 2.4 GHz. When I go to one of these configuration tabs, I'll see the settings that are available. And the
one I'm looking for here for 2.4 GHz is the Broadcast Network Name or SSID, which is enabled. He points to a
checkbox, Broadcast Network Name (SSID), which is selected in the Basic Setup section of the page.

Now if I turn that off, this wireless network name or SSID here won't be visible. So for example, if I have a client
that wants to connect to my Wi-Fi network at the office, they won't be able to just simply pull up a list of Wi-Fi
networks on their smartphone. It won't show up. He highlights the Wireless Network Name (SSID) field's value,
which is: ARRIS-17BB. Now they could manually configure it, which means they'd have to know this name. And
again, there are freely available tools that would display this. So if I were to remove that check mark and then click
Apply, then at that frequency range, 2.4 GHz, that wireless network name would no longer show up.

15