Lesson 12: Ensuring Network Availability Flashcards
Define SSH (Secure Shell)
Application protocol supporting secure tunneling and remote terminal emulation and file copy (SFTP). SSH runs over TCP port 22.
What is a SSH host key?
A public/private key pair used to identify an SSH server
What purpose does an SSH host key serve?
To identify the SSH server and set up a secure channel for the client to submit authentication credentials
What are the various methods to authenticate with an SSH server?
- Username/password
- Public key authentication
- Kerberos
What commands starts the SSH server on a device?
sshd
What command creates a host key?
ssh-keygen
What command is used to store private keys?
ssh-agent
What command is used to connect a ssh client to a host?
ssh hostname or IP
What command is used to transfer a file using ssh?
scp Username@Host:RemoteFile /Local/Destination
What is Telnet?
Application protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23.
Why is Telnet unsecure?
Telnet connections are not encrypted and are vulnerable to packet sniffing and replay
What port does RDP use?
TCP port 3389
Define Network Time Protocol (NTP)
Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123
How do client hosts receive time?
Using Simple NTP (SNTP) over UDP port 123; can’t act as a time source
What windows command is used to configure NTP?
w32tm
What is the file to configure for NTP in linux?
/etc/ntp.conf
Define a bottleneck
Troubleshooting issue where performance for a whole network or system is constrained by the performance of a single link, device, or subsystem
Define Simple Network Management Protocol (SNMP)
Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default
What is needed for SNMP?
SNMP Agents and a SNMP monitor
What is the purpose of an SNMP agent?
Installed on a device for monitoring/management, maintains a Management Information Database (MIB) that holds device statistics referred to by a numeric object identifier (OID)
What is a Object Identifiers (OID)
A unique numeric value assigned to each statistic stored in a management information database (MIB)
How is an SNMP agent configured?
With the community name of the computers allowed to manage the agent and the IP address or hostname of the server running the management system
What is the function of a community name?
Acts as a password
Define an SNMP monitor
A management software that allows to oversee network activity by polling agents for data for their management information databases (MIB)
What are the two ways an SNMP monitor can poll data from a SNMP agent?
- Get
- Trap
What is the get function in a SNMP monitor?
The software queries the agent for a single object identifier (OID) at regular intervals
What is the trap function in a SNMP monitor?
The agent informs the monitor of a notable event once a set threshold is reached
What port does the SNMP monitor use for the get functnction?
UDP port 161
What port does the trap function use for a SNMP monitor?
UDP port 162
What do system logs typically contain?
Records startup events, changes to the OS, kernel processes, and driver
What do application logs typically contain?
Data from specific services such as DNS, HTTP
What do audit logs typically contain?
authentication attempts, privilege authorization/escalation
Define a log collector
Aggregates event messages from devices that are configured to send logs to it
Define Syslog
Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server
What port does Syslog use?
UDP port 514
What is the range of syslog severity levels?
1-7
What is a logging level configuration?
determines the level at which events are recorded or forwarded on each host
What is a heartbeat test?
A mechanism that probes a device to ensure it is available
Define Quality of Service (QoS)
The use of mechanisms or technologies that control network traffic and ensure the performance of critical applications with limited network capacity
What functions does Quality of Service (QoS) offer?
Prioritize traffic, which includes offering dedicated bandwidth, controlled jitter, and lower latency.
How can latency be tested?
- Ping
- Pathping
- mtr
Define Jitter
Defined as being a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds
What is the max latency for VoIP to function properly?
150 ms, 300ms round trip time (RTT)
What are the network components Quality of Service (QoS)?
- Control plane
- Data plane
- Management plane
Define control plane in Quality of Service (QoS)
Determines how traffic should be prioritized and where is should be switched/routed
Define data plane in Quality of Service (QoS)
Performs switching/routing of traffic
Define management plane in Quality of Service (QoS)
Monitors traffic conditions
What appliance/software is used to apply QoS functions?
A traffic shaper
What tools can be used to measure network throughput?
- iperf
- Ttcp
- bwping
How can throughput be mesaured manually?
- Transfer a file between two hosts, record the file size and the time it takes
- Take the file size and convert to bits, then divide that number by the amount of seconds it took for the file transfer to complete
Define a top talker
Interfaces that generate the most outgoing traffic in terms of bandwidth
Define a top listener
Interfaces that receive the most incoming traffic
What are two bandwidth speed testing tools?
- Broadband speed checker/test
- Website performance checker
Define a broadband speed checker
Test how fast the local broadband link to the internet is; tests downlink and uplink speeds using latency ping
Define a website performance checker
Queries a website to work out how quickly pages load
What is NetFlow
A packet analyzer that measures network stats
What are the three components of NetFlow?
- Exporter
- Collector
- Analyzer
What is the NetFlow exporter function?
Configured on network appliances (switch/router/firewall), and creates a “traffic flow” from each device defined by IP source and destination and protocol type
What is the NetFlow collector function?
Aggregates flows from multiple exporters
What is the NetFlow analyzer function?
Reports and intercepts information by querying the collector, can also be used to generate alerts/notification
What is link state?
Measures whether an interface is up or down
What is the reset metric?
The number of times an interface has restarted over the counter period
What is the utilization metric?
Data transferred over a period of time, measured in bits per second or as a percentage of available bandwidth
What is error rate?
The number of packets per second that cause errors
What causes an interface to discard/drop packets/frames?
checksum errors, mismatched MTUs, packets that are too small (runts) or too large (giants), high load, or configuration errors
What are the typical causes of a Cyclic Redundancy Check (CRC) error?
Interferance/attenuation, poor cable quality, termination, mismatch cable types
What is an encapsulation error?
When frame format is not expected on a link.
What causes encapsulation error?
- Incorrect ethernet/WAN frame type
- Ethernet trunk interfaces don’t use the same format
How many different traffic classes can be defined by 802.1Q Quality of Service?
8 different traffic classes
What does a syslog alert with code 2 represent?
Critical level
What does a syslog alert with code 5 represent?
A notice indicating that current state could lead to error
What does a syslog alert with code 1 represent?
A fault requiring immediate remediation; Critical Error
What does a syslog alert with code 3 represent?
Indicates a non-urgent fault
What is sufficient bandwidth for VoIP?
100Kbps
Define latency
the time it takes for a transmission to reach the recipient, measured in milliseconds (ms)
Define Bandwidth
Referred to as the amount of data that can transmitted (measured in Mbps or Gbps)
