Networking – Endterm Reviewer

SLIDE 11: WIRELESS STANDARDS AND

TECHNOLOGIES 802.11ax

Wireless Standards  Speed: 2.4 / 5.0 GHz

 Max Data Rate: 10-12 Gbps
802.11a
 Typical Indoor Range: 150 feet
 Speed: 5 GHz  Typical Outdoor Range: 300 feet
 Max Data Rate: 54 Mbps  Topology: Ad-hoc, Infrastructure
 Typical Indoor Range: 100 feet
Frequencies And Range
 Typical Outdoor Range: 400 feet
 Topology: Ad-hoc, Infrastructure
802.11b

 Speed: 2.4 GHz

 Max Data Rate: 11 Mbps
 Typical Indoor Range: 150 feet
 Typical Outdoor Range: 450 feet
 Topology: Ad-hoc, Infrastructure
802.11g

 Speed: 2.4 GHz

 Max Data Rate: 54 Mbps
 Typical Indoor Range: 150 feet
 Typical Outdoor Range: 450 feet
 Topology: Ad-hoc, Infrastructure
802.11n CHANNELS

 Speed: 2.4 / 5.0 GHz

 Max Data Rate: 600 Mbps
 Typical Indoor Range: 175 feet
 Typical Outdoor Range: 230 feet
 Topology: Ad-hoc, Infrastructure
 Backward Compatibility: 802.11a,
802.11b, and 802.11g
802.11ac
 Speed: 5.0 GHz
 Max Data Rate: 1.3 Gbps
 Typical Indoor Range: 115 feet
 Typical Outdoor Range: -
 Topology: Ad-hoc, Infrastructure
CHANNEL BONDING
 Combines different channels to
increase the throughput
 Was introduced in 802.11n
 Is configured with channels 1 and 6
in 2.4 GHz range
o Has total width of 70 MHz
o Forms a channel of 40 MHz (20
+ 20)
o Leaves a single non-overlapping
channel, 11 with 30 MHz
 Can be configured with 5.0 GHz

1
 Networking – Endterm Reviewer
o Has a total width of 500 MHz
o Allows multiple bonded channels
because they are non-
overlapping
SERVICE SET IDENTIFIER (SSID)
Basic Service Set
 Is a name given to the logical WLAN
segment
 Contains only one wireless access
point (WAP)
 Does not support mobility as there is
a single WAP
Extended Service Set
 Connects more than one WAPs
 Allows clients to move from one
WAP to another WAP
 Requires each WAP to use the same
SSID
 Allows the WAPS to have unique
BSSID
Independent Basic Service Set (Ad-hoc)
 Is also known as the Ad-hoc mode
or peer—to-peernetwork
 Is a simple wireless network that
allows the wireless clients to
communicate with each other
 Does not require a router or WAP in
between to connect with the clients
Roaming
 Allows the clients to move from one
WAP to another WAP
o Keeps a persistent connection
o Does not require re-
authentication with thesecond
WAP
 Requires the WAPs to beconfigured
with same SSIDs
ANTENNA TYPES
Omni
 Transmit signals to all directional
equally
 Are used in wireless routers,
mobiles,
 and radio transmission towers
 Are easy to install and implement
 Can be installed in any direction
 Have shorter range as signal is
transmitted in all directions
Directional
 Transmit narrow directional signals
 Are used when you need signals in a
specific direction, such as television
antennas
 Have good transmission and
reception of signals
SLIDE 12: CLOUD CONCEPTS AND
CONNECTIVITY OPTION
DEPLOYMENT MODELS
1. Public Cloud
- Works on the shared infrastructure
- Requires users to pay by:
o Subscriptions
o Pay-per-use
- Is owned by a third-party service
provider
- Is cost-effective and easier to
maintain
• Users have zero-maintenance
on the infrastructure
• Is less secure than the private
Cloud
2. Private Cloud
 Is set up by an organization or by a
2
 Networking – Endterm Reviewer
third-party for the organization
 Is dedicated to a single
organization
o No shared infrastructure
 Is more expansive than public
cloud
 Provides higher security than
public cloud
 Provides more flexibility in
Configuration
3. Community Cloud
 Has the same set of resources
shared by multiple entities
 Works well with the entities, such
as federal agencies, that share
common characteristics
 Security
 Privacy
 Compliance
 Example:
 IBM SoftLayer
 Salesforce Community Cloud
4. Hybrid Cloud
 Combines public and private cloud
 Provides flexibility and security
 Flexibility using the public
cloud
 Security using the private
cloud
 Can be used for high performance
applications
SERVICE MODELS
1. SaaS - or Software as a Service
delivery model.
o Is used for hosting
applications in the cloud
 Provides access to the users based
on subscription
 Requires a Web browser to access
applications
 Examples: Gmail, Office365
2. IaaS - or Infrastructure as a Service
 Allows the network
administrators to
set up their networks in the cloud
 Works just like the on-
premise infrastructure except
the access to the physical
hardware
 Allows upscaling and
downscaling as and when
required
 Works in the pay-per-use
model
 Example: Amazon EC2,
Microsoft Azure
3. PaaS – or Platform as a Service
 Provides development
platform the programmers
and developers
 Hosts development tools
 Reduces the cost of
development tools for the
developers
 Example: Google App
Engine,
4. DaaS – or Desktop As A Service
 Provides virtual desktop to
the users via a Web browser
 Uses the per-user
subscription model
 Can be either:
o Persistent
o Non-persistent
INFRASTRUCTURE AS CODE
Infrastructure As Code (IaC)
 Use a high-level descriptive coding
language to set up the infrastructure
 Automates the provisioning of
infrastructure
 Removes the manual work to:
o Set up and manage servers
o Installing operating systems
3
 Networking – Endterm Reviewer

o Configuring storage and “Capabilities can be elastically provisioned

databases and released, in some cases automatically,
 Helps to orchestrate across multiple to scale rapidly outward and inward
systems commensurate with demand. To the
o Span a distributed consumer, the capabilities available for
application across several provisioning often appear to be unlimited
systems and can be appropriated in any quantity at
any time.”
In simpler terms, elasticity is about adding
CONNECTIVITY OPTIONS or removing resources to your
infrastructure in an automated manner.
Virtual Private Network (VPN)
When workload increases, resources are
A. Site-to-site VPN: automatically added for the applications that
 Is between VPN gateway in the is demanded them. When the workload
cloud and a VPN endpoint in on- decreases, the resources are automatically
premises removed without any manual intervention.
 Joins two networks over the internet. Elasticity helps in controlling cloud
 Uses IPsec resources costs. You have to pay only for
what you use. When the resources are not
B. Client-to-site VPN: required, it simply removes them.
 Is between a VPN gateway in the
cloud and a VPN client SCALABILITY

Private-Direct Connections  Is when the administrators add more

resources to get optimal
 Is a dedicated direct connection performance
between:
 Is about increasing the resources to
o The cloud environment
manage the load
o Customer’s network o Scaling Up
 Creates the IPSec-encrypted private  Add more resources
connection between two endpoints to the system
MULTITENANCY o Scaling Out
 Adding more systems
Multitenancy for load management
 Has several tenants using the same
cloud infrastructure
o The same server or system SECURITY IMPLICATIONS
o The same hard drive (for data) Let’s look at some of these security
 Is done by the cloud service provider implications.
to achieve cost efficiency
o Service attacks
ELASTICITY o Shared Cloud Computing
Services
Elasticity
o Employee Negligence
Elasticity, as defined by NIST, is: o Inadequate date backups

4
 Networking – Endterm Reviewer

o Phishing and Social

Engineering Attack
o System Vulnerabilities SLIDE 13: NETWORK
TROUBLESHOOTING
Many cloud consumers use the public
1. Identify the Problem
cloud, which works with shared resources.
This causes a serious threat. If one of the  Gather information
cloud consumers having data and  Question users
applications on one server is compromised,  Identify symptoms
the threats become real for the other  Determine if anything has changed
tenants on the same server.  Duplicate the problem, if possible
 Approach multiple problems
Employee Negligence individually
Most organizations allow their employees to
remotely connect to their networks or the 2. Establish a Theory
cloud applications and data. Nowadays,  Question the obvious
employees use a mobile phones, tablets,  Consider multiple approaches
and other devices to connect to the cloud. If o Top-to-bottom/ bottom-to-top OSI
any of these is vulnerable or infected model
with malware, it can also impact the o Divide and conquer
cloud environment.
3. Test the Theory
Data backups can be a concern in the cloud
 If the theory is confirmed, determine
environment. You don’t know where your
the next steps to resolve the
data is replicated and if it is replicated at all.
problem
In a cyber-attack, such as malware or
 If the theory is not
ransomware, it might be difficult to
confirmedreestablish a new theory
retrieve data if the data is not backed up
or escalate
properly.
Specifically, social engineering and phishing 4. Establish a Plan
have been a threat to cloud environments. If  Determine the possible effects of the
a user accidentally falls to the phishing solution that you plan to implement
threat and is connected to the cloud, the  Need to determine a workaround or
a
attacker can access the user credentials
final solution
and do the lateral movement to sabotage
the cloud infrastructure.
5. Implement the Solution
Just like the on-premises infrastructure,  Implement the plan that you created
cloud infrastructure is also prone to in
vulnerabilities. After all, it is still running on the previous step
the physical infrastructure and using the  Need to have requisite permissions
same set of operating systems and to
applications. A single vulnerability in the implement the solution
operating systems or applications in the o May require additional help
cloud can let an attacker exploit the cloud
environment. 6. Verify The Functionality

5
 Networking – Endterm Reviewer

 Is the next step after implementing

the solution
 Requires the validation of the
solution implemented
o Ensure there are no negative
outcomes
o Ensure the problem is fixed
 Implement preventive measures

7. Document the Scenario

 Requires the document to be
created updated based on a new or
existing problem
 Requires new document if:
o Problem is new
o Problem has never encountered
before
 Should capture the following:
o Symptoms
o Corrective actions
o Outcomes