Network+ Concepts Flashcards
TCP/IP Model
aka TCP/IP stack or the DoD model. It is an alternative to the OSI Model. 4 layers vs 7 layers to OSI model -Application -Transport -Internet -Network Interface
OSI Model
aka OSI stack. Open Systems Interconnection Model is a framework used to describe the functions of a networking system. There are 7 layers.
Please Do Not Throw Sausage Pizza Away
Physical Layer
OSI model Layer 1 - Electrically or optically transmitting raw unstructured data bits across the network. “physical” resources
Examples of Layer 1:
-Cable (Ethernet, fiber optic)
-Radio frequencies (Wi-Fi, Bluetooth)
-Infrastructure devices (network hubs, Wireless Access Points, Media converters) [devices that work at the bit layer; whatever comes in, goes out; simple dumb devices].
Data Link Layer
OSI model Layer 2
Layer 2 devices view networks logically.
data is packaged into frames. The data link layer also corrects errors that may have occurred at the physical layer.
Data link layer has two sub-layers:
- media access control (MAC), provides flow control and multiplexing for device transmissions over a network.
- logical link control (LLC), provides flow and error control over the physical medium
Examples at Layer 2:
- Network Interface Cards (NIC)
- Bridges
- Switches
- MAC addresses
- –They are smarter devices that can use logic to send specific information to specific devices
Network Layer
OSI model Layer 3 Forwards traffic (routing) using logical addresses (e.g. IPv4 or IPv6) -Logical addressing -Switching (i.e. routing; not switches as in Layer 2) -Route discovery and selection -Connection services -Bandwidth usage -Multiplexing strategy
Alt Summary
Receiving frames from the data link layer, and delivering them to their intended destination based on the addresses contained inside the frame.
Transport Layer
Layer 4 - This layer is the same in the OSI model and TCP/IP stack.
The transport layer manages the delivery and error checking of data packets. It regulates the size, sequencing, and ultimately the transfer of data between systems and hosts.
Examples of the transport layer is TCP or the Transmission Control Protocol.
Session Layer
OSI model Layer 5
The session layer controls the conversations between different computers. A session or connection between machines is set up, managed, and termined at layer 5. Session layer services also include authentication and reconnections.
Presentation Layer
OSI model, Layer 6
Responsible for formatting the data exchanged and securing that data with proper encryption so it can be presented.
Think data formatting and encryption at Layer 6.
Examples of Layer 6 are:
-scripting languages [because they’re formatting data] (ex. HTML, XML, PHP, JavaScript, etc
-Standard text (ASCII, EBCDIC, UNICODE) [ways of displaying the 1s and 0s]
-Pictures (GIF, JPG, TIF, SVG, PNG, etc)
-Video files (MP4, MPG, MOV, etc)
-Encryption (TLS and SSL)
The presentation layer formats or translates data for the application layer based on the syntax or semantics that the application accepts. Because of this, it at times also called the syntax layer. This layer can also handle the encryption and decryption required by the application layer.
Application Layer (OSI)
OSI model Layer 7 Provides application-level services and is where the users communicate with the computer. Application here=file transfer or network transfer, not IE or Word Examples at Layer 7: -Email (POP3, IMAP, SMTP) -Web browsing (HTTP, HTTPS) -Domain Name Service -File Transfer Protocol (FTP, FTPS) -Remote Access (Telnet, SSH) -Simple Network Management Protocol
At this layer, both the end user and the application layer interact directly with the software application. This layer sees network services provided to end-user applications such as a web browser or Office 365. The application layer identifies communication partners, resource availability, and synchronizes communication.
Application Layer (TCP/IP)
DoD model Application layer includes layers 5,6,7 of the OSI model (Session, Presentation, Application). Defines TCP/IP applications protocols and how programs interface with the transport layer service. This is the layer the end-user interacts with
Transport layer
Transport layer is the same in OSI and TCP/IP. Provides communications session management between hosts and defines level of service and status of connection used for transport. TCP, UDP, RTP.
Internet layer
Same as the Network layer of the OSI model. Packages data into IP datagrams and routes these IP datagrams between hosts across the network. Contains source and destination IPs.
Network Interface layer
Combines the Physical and Data Link layers from the OSI model. Concerned with physical and electrical characteristics. It describes how to transmit bits across the network.
Data on the Application, Presentation, Session layers (Layers 5,6,7) is called….
data (OSI model).
Data on the Transport layer (Layer 4) is called….
segments (OSI models).
Data on the Network layer (Layer 3) is called….
packets (OSI model).
Data on the Data Link layer (Layer 2) is called….
Frames (OSI model).
Data on the Physical layer (Layer 1) is called….
Bits (OSI model).
Do Some People Fear Birthdays? (mnemonic)
Data, Segments, Packets, Frames, Bits
What is a session (Layer 5)?
A session is like a convo that must be kept separate from others to prevent intermingling of the data.
What happens when setting up a session?
Check user credentials and assign a number to the session and determine who begins sending data. [Classroom example]
What happens when maintaining a session?
Transfer of data across the network, reestablish a session if it gets disconnected, and acknowledging data received. [Classroom example]
What happens when tearing down a session?
Ending a session due to mutual agreement (after the data transfer is done) or one party disconnects. [Classroom example]
What devices or protocols are used at Layer 5?
H.323 or H.264 (used to set-up, maintain and tear down voice and video connections) which operate over RTP [real time protocol] AND
NetBIOS is used to share files over a network.
RTP
Real Time Protocol is used for streaming audio and video usually in a two-way format (like an audio or video call)
Data Formatting
Data is formatted by the computer to have compatibility between different devices.
ASCII (ex. A = 65) text based language to ensure data is readable
GIF
JPG
PNG
Encryption
Scrambles the data in transit to keep it secure and confidential
Application Services
Unite communicating components from more than one network application.
Service Advertisement
When applications send out announcements to other devices on the network to state the services they offer:
such as a printer
Media Access Control (MAC)
Physical addressing system that uses a 48-bit address assigned to a network interface card (NIC) by manufactures.
Each character is 4 bits. The first 6 digits of the code indicates the manufacturer, the second half identifies the device.
Logical Link Control (LLC)
Provides connection services and allows acknowledgement of receipt of messages.
LLC is a basic form of flow control and basic error control funcions using a check sum. If the last bit is odd, the sum of the digits should be odd; if the last bit is even, the sum should be even.
Isochronous mode (Layer 2)
Network devices use a common reference clock source and create time slots for transmission with less overhead than synchronous or asynchronous methods, because both devices know when they can communicate and for how long.
Synchronous (Layer 2)
Network devices agree on clocking method to indicate beginning and end of frames and can used control characters or separate timing channels.
There isn’t much gap time so that’s a draw back of synchronous mode.
Asynchronous (Layer 2)
Network devices reference their own internal clocks and use start/stop bits.
The drawback is there’s no control of when the the devices are allowed to communicate.
Logical addressing
In the Network Layer (Layer 3), routing traffic to devices using IPv4, IPv6 and other logical addresses
Old examples are Apple Talk or IPX
IPv4 Address
4 sets of numbers, separated by dots
Dotted octet notation
1 byte = 8 bits
32 bits or 4 bytes
Packet Switching
aka routing, where data is divided into packets and forwarded based on its IP address.
Packets can take a different route, as long as they make it to the correct destination.
-Network Layer (Layer 3)
Circuit Switching
Dedicated communication link is established between two devices.
-Network Layer (Layer 3)
Message Switching
Data is divided into messages, similar to packet switching, except these messages may be stored THEN forwarded
-Network Layer (Layer 3)
ICMP
Internet Control Message Protocol is used to send error messages and operation information about an IP destination.
-Common example are ping and trace route
Trace route
Example of ICMP which traces the route a packet takes through the network and tells you each router along the way, so you can see which routes were up and down
What devices and protocols do you find on Layer 3?
The Network Layer
- Routers
- Multilayer switches (a router and a switch combined)
- -Switches are Layer 2 UNLESS it’s multilayer switch
- IPv4 protocol
- IPv6 protocol
- Internet Control Message Protocol (ICMP; port 1)
Coax
Coaxial Cable, oldest form of copper wire. The centre core transmits the data. Braided metallic shield protects against data loss and EMI.
Two flavors: RG-6 (thicker) & RG-59 (thinner)
Two connectors: BNC (push and twist) & F-type (screws on to the jack)
Twisted Pair Cable
Copper; most popular physical LAN media type.
4 pairs of two wires each.
Each pair is twisted.
More twists = more EMI connection
UTP
Unshielded Twisted Pair copper cable. Cheaper because there is no shield.
Bends easily, easy to work with.
STP
Shielded Twisted Pair copper cable. Same as UTP but with shielding.
Shielding helps minimize EMI.
More expensive.
RJ45
1 of 3 connectors for twisted pair copper cable.
Most common. 8 pins on the connector.
Ethernet only uses 4 pins.
Other 4 pins can be used for other stuff (ex. power over ethernet)
RJ11
6 pin connector, standard phone line.
Usually 2 or 4 pins are used. One for the ring, one for the signal.
DB9 or DB25
Used for RS232 cables (aka Serial cables)
Ex DB9 = 9pin D-subminiature connector
Remember:
Serial connector, RS232, used for external modems
Maximum throughput for Cat 3
10 Mbps
Maximum throughput for Cat 5
100 Mbps
Maximum throughput for Cat 5e
1000 Mbps (aka 1 Gbps)
Maximum throughput for Cat 6
1000 Mbps (aka 1 Gbps)
Maximum throughput for Cat 6a
10000 Mbps (aka 10 Gbps)
Maximum throughput for Cat 7
10000 Mbps (aka 10 Gbps)
What is the maximum distance of Cat 3 - Cat 7 cable?
100 meters
Straight-Through Patch Cable
Both ends of the cable have matching pin outs (T568B cable)
These connect DTE (Data Terminating Equipment) [eg laptops and desktops] to DCE (Data Communications Equipment) [e.g. switches, modems]
T568B pin / wire order
Used on Patch cables 1 - white / orange (Tx+) 2 - orange (Tx-) 3 - white / green (Rx+) 4 - blue 5 - white / blue 6 - green (Rx-) 7 - white / brown 8 - brown
DTE
Data Terminating Equipment, such as laptops & routers
DCE
DCE (Data Communications Equipment) [e.g. switches, modems]
Crossover Cable
‘Send’ and ‘receive’ pins of the cable are swapped in the end pin outs.
Used for connecting two of the same kind of device (e.g. DTE to DTE, or DCE to DCE)
T568A pin / wire order
Used on Crossover cables 1 - white / green (Rx+) 2 - green (Rx-) 3 - white / orange (Tx+) 4 - blue 5 - white / blue 6 - orange (Tx-) 7 - white / brown 8 - brown
MDIX
An automated way modern switches can electronically simulate the right kind of cable
Plenum Cable
Special UTP/STP cable that has a fire retardant outer insulator.
Plenum is for things you cannot see (in the wall, in the ceiling)
Non-plenum Cable
PVC - Normal UTP/STP rated cable;
You can ONLY use this where you can SEE the cable.
Fiber Optic Cable
Uses light from an LED or laser to transmit information through a glass fiber
Pros:
-No EMI
-It can go really far (no 100 meter limit like Cat 3-7)
-Greater data-carrying capacity (measured in Tbps)
Cons:
- very expensive
- hard to work with
MMF
Multimode Fiber is used for shorter distances than single-mode fiber.
MMF has a larger core size which allows for multiple modes of travel for the light signal.
Normally used for patch cable uses: router to switch, switch to server, usually less than 1 kilometer
SMF
Single mode fibers are sending light in one direction for miles and miles; long distance only.
Small core size.
Fiber Optic Connectors
4 types:
- Subscriber Connecter (SC)
- Straight Tip Connector (ST)
- Lucent Connector (LC)
- Mechanical Transfer Registered Jack (MTRJ)
Subscriber Connecter (SC)
Fiber optic connector
Remember: Stick and click
Usually uses an APC (Angled Physical Contact; 45 degree angle) connector
Straight Tip Connector (ST)
Fiber optic connector
Remember: Stick and twist
Lucent Connector (LC)
Fiber optic connector
Remember: Love connector (because there’s two side by side)
Mechanical Transfer Registered Jack (MTRJ)
Fiber optic connector
Remember: very small. usually used for routers. takes up less space; half the size of the others
Usually uses a UPC (Ultra Physical Contact; mostly flat) connector
What are the advantages of fiber optic cable?
- Higher bandwidth
- Covers longer distances
- immune to EMI
- better security (harder to tap into)
What are the advantages of copper cable?
- Less expensive
- Easier to install
- tools are cheap
What is a Media Converter?
It convert media from one format to another (light to electricity / electricity to light) (fiber to coax, copper to wireless, fiber to copper, etc); any Layer 1 to Layer 1
-Layer 1 device
What is a transceiver?
Devices that can send and receive data. They can be bidirectional or duplex.
Example: GBIC
What does bidirectional communication mean?
aka: half duplex
devices take turns communicating (like a walkie-talkie; a person can send or receive, but not both)
You can only use half the bandwidth all the time.
What is duplex communication?
aka: full duplex
Device are able to communicate at the same time.
ex. a phone call (not like a walkie talkie)
GBIC
Standard, hot-pluggable gigabit Ethernet transceiver.
It can take in copper or fiber as its connector, then transmit that information into the network
It is in routers and switches
SFP
Small Form-factor Pluggable (aka mini-GBIC; because it’s about half the size) is a compact, hot-pluggable optical module (so it can be used for fiber)
This transceiver that can support 4.25 Gbps
It does the same thing as a GBIC.
It can be pulled in or out of the device without turning off the router or switch
SFP+
Enhanced SFP
Compact, hot-pluggable optical module (so it can be used for fiber) transceiver
It supports up to 16 Gbps
QSFP
Quad Small Form-Factor Pluggable
Compact, hot-pluggable optical module (so it can be used for fiber) transceiver
It supports up to 100 Gbps
Cable Distribution System
Uses an organized system that is hierarchical
Punch Down Blocks
located in either the main distribution frame or the intermediate distribution frame (IDF)
- 66 block was used for phones and older Cat 3 networks. The proximity of the cables caused crosstalk and is a bad choice for higher speed (Cat 5) LAN networks
- 110 Block is used for higher-speed networks. Requires Cat 5 or above cabling (less crosstalk because there is more space)
Patch Panels (Copper)
Devices with easy-to-use jacks on the front to connect wiring from the jack to a network switch in a flexible manner.
Patch panels are very inexpensive. It’s disposable so if you’re going to un/re-plugging lots of times, it better to use a patch panel than the switch because the switch is very expensive (you could damage it)
-Back of the panel has punch downs like a 110-block
-Front has RJ-45 jacks
-You plug from port 1 on the switch to port 1 on the patch panel.
–To move a connection, you unplug from the patch panel and move it to a different port on the patch panel; don’t unplug from the switch (to lower risk of damaging the ports on the switch.
Patch Panels (Fiber)
Connect fiber jacks throughout building to a single patch panel in network closet
- There are no punch down blocks
- They use LC, ST, and SC connectors
Toner probe
aka Fox and hound
used to find which port is tied to the patch panel
BNC
Connector for coax (Bayonet Nut Coupling) A commonly used plug and socket for video and networking applications that provides a tight connection.
Origins of Ethernet
Originally run over
- coaxial cables (10Base5, 10Base2)
- vampire taps
- Ethernet changed to copper twisted pair (UTP, STP)
- -10Base-T (10 mbps max speed, T=twisted pair); these were CAT-3 networks.
Deterministic
Very organized and orderly.
Requires and electronic token to transmit (e.g. Token Ring networks) – Classroom example
Contention-based
Very chaotic and you can transmit whenever you want (e.g. ethernet networks) – Pub example
CSMA/CD
Carrier Sense Multiple Access / Collision Detection:
Ethernet devices transmit based on a principle called CSMA/CD to deal with the problems in Contention-based method.
Carrier sense=listen for a spot; listen to the wire, start talking if it’s not busy
Multiple Access=(start talking)Everyone has access to the wire and can start talking whenever they want
Collision detect=detect an error, wait a short, then transmit again. Each sending source chooses a random time to wait before retransmitting (ex. 120 ms backoff) or 30ms backoff.
Collision Domains
Comprised of all the devices on a shared Ethernet segment (everything on the same cable or hub)
- -Devices operate at half-duplex when connected to a hub.
- -Devices must listen before they transmit to avoid collisions when operating as CSMA/CD
- -Making collision domains smaller reduces collisions and more efficient (pub example; 20 group at one table vs 5 tables of four people)
Collision Domains with Switches
Ethernet switches increase scalability of the network by creating multiple collision domains (each plug on a switch is a collision domain)
BGP
Border Gateway Protocol (BGP) refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). … BGP makes peering possible. Without it, networks would not be able to send and receive information with each other.
10BASE-T
Cat3, 10 mbps
10=10mbps
T=twisted pair
100BASE-TX
Cat 5 or higher, 100 mbps
TX=fast internet
1000BASE-TX
Cat 6 or higher, 1 Gbps
1000BASE-SX
MMF (multi-mode) fiber, 1 Gbps, 220 meters max
“S” is not single (aka single-mode fiber)
1000BASE-LX
MMF, 1 Gbps, 500 meters max
1000BASE-LX
SMF, 1 Gbps, 5km
1000BASE-ZX
SMF, 1 Gbps, 70km
Hub
Layer 1 devices used to connect multiple network devices/workstations. aka multiport repeaters
Not used often in modern networks; switches are mostly used instead.
On a chart=square icon with an arrow pointing in both directions.
Passive hub
Repeats signal with no amplification (like a spliter).
A passive hub is part of the 100m distance limitation.
Layer 1 devices used to connect multiple network devices/workstations.
Active hub
Repeats signal with amplification; it boosts the signal and restarts the 100m distance limit.
Layer 1 devices used to connect multiple network devices/workstations.
Smart hub
Active hub with enhance features like SNMP, so you can configure and manage that hub from a distance.
Layer 1 devices used to connect multiple network devices/workstations.
Collision Domains
Hubs (Layer 1) are used to connect multiple network segments together and each LAN segment becomes a separate collision domain.
Bridge
Bridges analyze source MAC addresses and populate an internal MAC address table.
They make intelligent forwarding decisions based on destination MAC address in the frames.
Creates a broadcast domain
Switch
Layer 2 device used to connect multiple network segments together. They use MAC addresses
Each port on a switch is its own collision domain.
Switches are a hub+bridge aka multiport bridge.
ARP packet
ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication.
Router
Layer 3 device used to connect multiple networks together. They use IPV4 and IPV6.
Routers make forwarding decisions based on logical network address information.
Routers are usually more feature rick and support a broader range of interface types than multilayer switches.
Layer 3 Switch
Layer 3 device used to connect multiple network segments together. It can make Layer 3 routing decisions and interconnect entire networks (like a router), not just network segments (like a switch).
Basically a switch+router
Each port is it’s own broadcast domain and collision domain.
What is the effective range of HDMI cable?
Only about 20 ft. You need to use a media converter for longer distances so you can convert to ethernet.
What is Link Aggregation?
802.3ad
Allows for combination of multiple physical connections into a single logical connection.
With this, bandwidth available is increased and the congestion is minimized or prevented.
If the switch only has a 100 mbps connection, it could combine 4 ports for a virtual 400mbps connection.
If you have a 24 port switch, you should be safe to use 4 ports for Link Aggregation.
This is an ethernet switch feature
PoE
Power over Ethernet
-PoE 802.3af (provides up to 15.4 watts)
-PoE+ 802.3at (provides up to 25.5 watts)
Supplies electrical power over Ethernet and requires Cat5 or higher copper cable
PSE
Power Sourcing Equipment provides power to other devices.
Pins 1, 2, 3, and 6 provide power.
PD
Powered Devices such as VoIP phone or WAP
Port Monitoring or Mirroring
Helpful to analyze packet flow over a network as it makes a copy of all traffic destined for a port and sends it to another port.
You mirror a port to another port then your network analyzing machine (ex. Wireshark) can listen.
User Authentication
802.1x
For security purposes, switches can require users to authenticate themselves before gaining access to the network.
Once authenticated, a key is generated and shared between the supplicant (device wanting access) and the switch (authenticator)
What are the three methods for switch management and authentication?
1) SSH (port 22) can be used for remote management of the switch over the network
2) Console port is for local (in-person) administration of the switch. Use a rollover cable (DB-9 to RJ-45).
3) OOB (out-of-band) management. All network configuration devices on a separate network. This management network is only for admins.
First-Hop Redundancy
Hot Standby Router Protocol (HSRP) uses virtual IP and virtual MAC addresses to provide an “active router” and a “standby router”.
The PC only sees the virtual router, and the virtual router sends the traffic to the available router.
HSRP
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol.
It uses virtual IP and virtual MAC addresses to provide an “active router” and a “standby router”.
What are First-Hop Redundancy protocols?
- HSRP (Hot Standby Router Protocol) is a Cisco-proprietary protocol – this is the most popular.
- GLBP (Gateway Load Balancing Protocol), Cisco-proprietary.
- VRRP (Virtual Router Redundancy Protocol) which is an open-source protocol.
- CARP (Common Address Redundancy Protocol) which is an open-source protocol.
MAC Filtering
Permits or denies traffic based on a device’s MAC address to improve security.
-Layer 2 blocking (because it’s uses MAC addresses)
Traffic Filtering
Multilayer switch may permit or deny traffic based on IP addresses or applications ports.
- Layer 3 blocking is IP addresses
- Layer 4 blocking is Ports
QoS
Quality of Service Forwards traffic based on priority markings Example: -Phone/voice traffic has a high priority -PCs using TCP are lower priority
STP
Spanning Tree Protocol (802.1D)
- Permits redundant links between switches
- prevents looping of network traffic
- Uses Root Bridges and non-root bridges
How much down time a year do you get with the five 9s?
99.999% uptime = 5 min of downtime a year
Redundancy means you maintain uptime even if one device goes down.
SPB
Shortest Path Bridging
Used instead of STP (802.1D) for larger network environments
What happens if STP is not used?
MAC address table corruption can occur.
Broadcast Storms
If broadcast frame is received by both switches, they can forward frame to each other. Multiple copies of the frame are forwarded, replicated, and forwarded again until the network is consumed with the forwarding many copies of the same initial frame.
Root Bridge
A switch is elected to act as a reference point for a spanning tree.
The Switch with the lowest bridge ID (BID) is elected as the root bridge.
BID
Bridge ID is made up of a priority value and a MAC address (with the lowest value considered root).
Root Port
Every non-root bridge has a single root port.
This is the port closest to the root bridge in terms of cost.
If costs are equal, the lowest port number is chosen.
Link Costs
Associated with the speed of the link.
-the lower the link’s speed, the higher the cost
Faster cables have a lower cost.
Slower cables have a higher cost.
Designated Port
Every network segment has at least one designated port.
This is the port closest to the root bridge in terms of cost.
All ports on the root bridge are designated ports.
Non-Designated Port
Ports that block traffic to create a loop-free topology.
Ports involved in STP can go through different states:
- Non-designated ports do not forward traffic during normal operation BUT they doe receive bridge protocol data units (BPDUs)
- -If a link in the topology goes down, the non-designated port detects the failure and determines whether it needs to transition to a forwarding state
- -Blocking - BPDUs are received but not forwarded; used in the beginning and on redundant links
- -Listening - Populates MAC address table; does not forward frames
- -Learning - Processes BPDUs; the switch determines its role in the spanning tree
- -Forwarding - if the port decides it needs to become a designated port or a root port, it will start forwarding the frames
VLAN
Virtual Local Area Network
Allows different logical networks to share the same physical hardware and provides added security and efficiency
VLAN Trunking
- 1q
- Multiple VLANs transmitted over the same physical cable.
- VLANS are each tagged with a 4-byte identifier
- Tag Protocol Identifier (TPI)
- Tag Control Identifier (TCI)
VPN Concentrator
One of the devices that can terminate VPN tunnels, although firewalls can also perform this function
Stateful Firewalls
Allows traffic that originates from inside the network and goes out to the internet AND
It blocks traffic originating from the internet from getting into the network
NGFW
Next-Generation Firewall conducts deep packet inspection at Layer 7. It detects and prevents attacks and is much more powerful than a basic stateless or stateful firewalls.
It continually connects o cloud resources for latest information on threats
At what level of the OSI model do basic firewalls work?
basic stateless or stateful firewalls work at the Network Layer or the Transfer Layer.
NGFW work at the Application Layer
IDS / IPS
Intrusion Detection or Prevention Systems
IDS recognizes attacks through signatures and anomalies
IPS recognizes and responds to threats.
These are host or network based devices.
DNS
Domain Name System converts domain names to IP addresses (like the contact list on a smartphone)
FQDN
Domain name under a Top-Level Domain and represents a web server, mail server, or file server
- service (www/ftp/mail).domain name.top level domain
- www.diontraining.com
- ftp.arris.com
URL
Uniform Resource Locator
- -https://www.diontraining.com
- -http://ftp.wingnut.edu
A record
DNS Address record maps hostname to IPv4 address
AAAA record
DNS Address record maps hostname to IPv6 address
CNAME
DNS Cononical name is an alias for existing record;
-diontraining.com = www.diontraining.com
MX
DNS Mail exchange record maps domain name to email server
NS
DNS, Name Server – it denotes the authoritative name server for the domain
PTR
DNS, Pointer record refers to canonical name; used for reverse DNS lookups
SOA
DNS, Start of Authority provides authoritative info about DNS zone; contact information, primary name server, refresh times
SRV
DNS, Generalized service location record; newer protocol that doesn’t require specific protocols records like MX, CNAME, etc.
TXT
DNS, designed to hold human readable code originally; used now to hold machine readable data like DomainKeys Identified Email (DKIM), Sender Policy Framework (SPF), and opportunistic encryption
DHCP
Dynamic Host Configuration Protocol automates process so the majority of devices on a network automatically receive IP addresses, subnet masks, default gateways, and DNS server addresses
What are the four steps of DHCP to a new device?
DORA
- Discover
- Offer
- Request - Device requests to take the offered IP address
- Acknowledge - DHCP acknowledgement
Proxy Server
Device that makes a request to external network on behalf of a client.
It is used for security to perform content filtering and logging.
This middleman is added protection
the proxy server can also keep a local copy
Content Engine
aka Caching Engines
These dedicated appliances that perform the caching functions of a proxy server.
They are much more efficient that a proxy server.
–Branch office example; HQ doesn’t need one
Content Switches
aka Load Balancer
Distributes incoming request across the various servers in the server farm.
Content switch distributes requests to the various servers based on workload.
What is a native VLAN?
One of the VLANs that is untagged. All other VLANs are tagged with a 4 byte tag (Tag Protocol Identifier/Tag Control Identifier).
What are the advantages of using virtual servers?
- Considerable cost savings for an IT budget
- Allows physical servers to be consolidated, which also saves on power and cooling costs too
- Multiple NICs increase bandwidth available
What is a hypervisor?
A specialized software that enables virtualization to occur.
It emulates the physical hardware.
aka - VMM, virtual machine monitor.
–VMWare’s ESXi is freeware
–Virtual Box is also freeware
–Microsoft has Hyper-V
–VMWare’s Workstation (desktop environment)
Hypervisor - Type 1
Bare-metal hypervisor. The hypervisor is the O/S
What are Virtual Storage Solutions?
NAS (network attached storage) and SAN (storage area network)
NAS
Network attached Storage is disk storage delivered as a service over TCP/IP
SAN
Storage Area Network is a specialize LAN designed for data transfer / storage.
It transfers data at block level with special protocol (instead of TCP/IP).
–Use fiber for faster speed
FC
Fibre Channel is special purpose hardware providing 1-16 Gbps
-aka FCoE (fibre channel over ethernet) or iscsi
FCoE
Fibre Channel over Ethernet removes the need for specialized hardware and runs over Ethernet networks.
iSCSI
(IP Small Computer System Interface)
Lowers cost and is built using Ethernet switches (<10 Gbps).
It relies on configuration allowing jumbo frames over the network
–Not good for large networks that need fast, high quality storage
Infiniband
Virtualized Storage; switched fabric topology for high-performance computing which comes with very high throughput (>600 Gbps) and very low latency (half a microsecond)
Virtual desktops are NOT good for
…gaming, video editing, etc. (i.e. low performance requirements).
VDIs are good for low performance applications and they lower the Total Cost of Ownership (TCO).
SDN
Software Defined Networking.
Provides the admin with and easy-to-use front end to configure physical and virtual devices throughout the network
Private Cloud
Systems and users only have access with other devices inside the same private cloud or system. Most secure.
NaaS
Network as a Service (think virtual routers, virtual switches and virtual firewalls)
Outsourcing a network to a service provider; it is hosted off-site at the service provider’s data center and the customer is billed for usage.
IaaS
Infrastructure as a Service (think virtual servers and desktops, VDI)
Allows outsourcing of the infrastructure of the servers or desktops to a service provider where it is hosted off-site at the service provider’s data center and the customer is billed for usage.
SaaS
Software as a Service
User interacts with a web-based application for a monthly fee
PaaS
Platform as a Service
provides a development platform for companies that are developing applications without the need for infrastructure.
What is the standard for wireless networking?
IEEE 802.11
Infrastructure Mode for wireless devices
Wireless devices communicate with other wireless or wired devices though a wireless router or access point.
The alternative is Ad Hoc mode, where devices connect directly to each other (peer-to-peer)
What is an other name for wireless Ad Hoc mode?
IBSS (Independent Basic Service Set)
It contains only clients or devices, with no APs (Ad Hoc WLAN).
BSS
Basic Service Set
Only one AP connect to the network (ex. small office home office SOHO)
ESS
Extended Service Set
Contains multiple APs to provide coverage (ex. a college campus)
AP Placement
Need overlap to prevent holes
BUT should not use overlapping frequencies
How much coverage overlap should 2.4 GHz AP placement have?
10-15%
What should you avoid with 5 GHz AP placement?
The same channels should be separated by at least two cells instead of one.
What is a site survey?
A wireless survey used to determine coverage areas. They produce a heat map with coverage.
Types of wireless antennas
Omnidirectional
Unidirectional (ex. right, left, yagi antenna)
Parabolic (satellite dish)
What is a yagi antenna used for?
Puts out power over a longer distance, usually to connect one building to another
What are the three types of Spread Spectrum Wireless Transmissions?
1) Direct-Sequence Spread Spectrum (DSSS) – Commonly used today
2) Orthogonal Frequency-Division Multiplexing (OFDM) – Commonly used today
3) Frequency-Hopping Spread Spectrum (FHSS) – not used much in commercial applications
DSSS
Direct-Sequence Spread Spectrum
Modulates data over an entire range of frequencies using a series of signals known as chips.
Cons:
–They are more susceptible to environmental interference and use entire frequency spectrum to transmit
–Have slower bandwidth
–Popular on 2.4 GHz
–Used on wireless B, G, N
FHSS
Frequency-Hopping Spread Spectrum is not used much in commercial applications
- -Frequency-hopping is used as a security measure like the military
- -It wastes bandwidth when we’re not communicating on that frequency.
OFDM
Orthogonal Frequency-Division Multiplexing
Uses slow modulation rate with simultaneous transmission of data over 52 data streams.
This allows for higher data rates while resisting interference between data streams
Which channels will avoid overlapping frequencies in the 2.4 GHz band?
Channels 1, 6, and 11 if you’re talking about Wireless B, G or N
What are the band, maximum bandwidth and transmission meth for 802.11a?
5 GHz, 54 Mbps, OFDM
It was fast, but expensive to make.
Most used by businesses in the 1990s.
What are the band, maximum bandwidth and transmission meth for 802.11b?
2.4 GHz, 11 Mbps, DSSS
Commonly used by household devices such as security cameras, baby monitors, walkie talkies
What are the band, maximum bandwidth and transmission meth for 802.11g?
2.4 GHz, 54 Mbps, OFDM or DSSS
What are the band, maximum bandwidth and transmission meth for 802.11n?
2.4 GHz, 5 GHz, Both!
> 300 Mbps (channel bonding), OFDM
What are the band, maximum bandwidth and transmission meth for 802.11ac?
5 GHz, >3 Gbps (with MU-MIMO), OFDM
RFI
Radio Frequency Interference is caused by using similar frequencies to WLAN
Examples of things that cause RFI:
- Other Wi-Fi devices (overlapping channels)
- Microwave ovens (2.4 GHz)
- Wireless security systems (2.4 GHz)
- Physical obstacles
- Signal Strength (configurable on some devices)
CSMA/CA
Carrier Sense Multiple Access/Collision Avoidance
WLAN uses CSMA/CA to control access to medium, which Ethernet uses CSMA/CD.
CSMA/CA listens for transmission to determine if it is safe to transmit.
What are steps that CSMA/CA uses?
1) Sends RTS (Ready to Send) packet if channel is clear
2) The device waits for acknowledgment
3) If a device receives an RTS, it will respond with a CTS packet (Clear to Send)
4) If no CTS is received, it will back off and resend an RTS
What is a Pre-shared Key (wireless)?
Both AP and client uses the same encryption key. Three examples of pre-shared keys: 1) WEP (wired equivalent privacy) 2) WPA (Wi-Fi Protected Access) 3) WPA2 (Wi-Fi Protected Access 2)
What are the cons of a pre-shared key?
1) Scalability is difficult if the key is compromised
2) All the clients must know the password.
This is only for small environments.
TKIP
Temporary Key Integrity Protocol was used by WPA to replace the initialization vector.
TKIP uses 48 bit
What did WPA use for encryption?
RC4 (Rivest Cipher 4)
What did WPA use to make sure data was not modified in transit?
MIC (Message Integrity Check), like a hash
WPA2 (Wi-Fi Protected Access 2)
Created as part of 802.11i
Integrity checking through Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
AES encryption 128 or 256 bit key
2 different modes:
- -personal mode (with pre-shared keys)
- -Enterprise mode with centralized authentication
What should I think about when I see CCMP?
WPA2 security
What should I think about when I see WEP?
IV (initialization vectors), 24 bit code in the clear
This is the biggest flaw in WEP
WEP is weak; WEP is bad; WEP uses initialization vectors
What should I think about when I see WPA?
TKIP and RC4
What should I think about when I see WPA2?
CCMP is the integrity protocol
AES is encryption
Air Crack-ng
Utility to capture wireless packets and use algorithms to determine th pre-shared key.
Comes standard on Kali Linux which is used for Pentesting
Network Authentication 802.1x
Each user authenticates with their own credentials (used in wired and wireless networks).
Protects against Air Crack-ng
What is EAP?
Extensible Authentication Protocol is authentication performed using 802.1x
There are 3 modes of EAP:
1. EAP-FAST (Flexible Authentication via Secure Tunneling
2. EAP-MD5
3: EAP-TLS
What is NAC?
Network Admission Control permits or denies access to the network based on characteristics of the device instead of checking user credentials.
Machine gets put into a quarantine area before admitting them to the network
e.g. checking the O/S and antivirus version
What is a captive portal?
Web page that appears before the user is able to access the network resources
What is geofencing?
GPS or RFID defines real-world boundaries where barriers can be active or passive. Device can send alerts if it leaves the area.
What is dotted decimal notation?
IPv4 address are divided into 4 separate numbers, divided by dots.
- Each of these divisions are called octets
- Octets have an 8-bit assigned value.
- networkbits.networkbits.networkbits.Hostbits
Classes of IP addresses?
Default subnet mask is assigned by first octet, classful masks if using default subnet mask
There are four classes:
Address 1st Classful Classful
–Class– –Octet– –Mask– –Mask–
Class A: 1 - 126 255.0.0.0 /8
Class B: 128 - 191 255.255.0.0 /16
Class C: 192- 223 255.255.255.0 /24
Class D: 224 - 239 N/A N/A
What are Routable IPs?
Publicly-routable IP addresses are globally managed by ICANN.
Public IPs must be purchased though your ISP before usage
What is ICANN?
Internet Corporation for Assigned Names and Numbers
It’s broken up into sub organization by region:
ARIN, LACNIC, AFNIC, APNIC, and RIPE NCC
ISPs buy them and lease them to individuals
What are Private IPs?
Private IPs can be used by anyone but it’s only routable inside your local area network.
What is NAT?
Network Address Translation allows for routing of private IPs though a public IP
What are the ranges for Private IP addresses?
There are three classes.
Address Address Default Subnet
–Class– –Range– –Mask–
Class A: 10.0.0.0 - 10.255.255.255 255.0.0.0
Class B: 172.16.0.0 - 172.31.255.255 255.255.0.0
Class C: 192.168.0.0 - 192.168.255.255 255.255.255.0
What are the loopback addresses?
127.x.x.x
Refer tot he device itself and used for testing.
These are most commonly used as 127.0.0.1
What is APIPA?
Automatic Private IP Addresses
Dynamically assigned by OS when DHCP server is not available and when the IP address is not assigned manually.
Range of 169.254.x.x
What is unicast (IPv4 data flows)?
Data travels from a single source device to a single destination device.
What is multicast (IPv4 data flows)?
Data travels from a single source device to a multiple (but specific) destination devices.
What is broadcast (IPv4 data flows)?
Data travels from a single source device to all devices on a destination network.
What are the 4 pieces of information needed by a device (for IP address)?
- IP Address
- Subnet mask
- Default Gateway (router)
- DNS or WINS (Win Server)
DHCP gives these all out.
What is Zero Configuration (zeroconf)?
An automatic assignment technology (similar to APIPA, but with more features)
Can resolve computer names to IP addresses without DNS server on local network
–mDNS - Multicast Domain Name Server
Binary conversion chart
128 / 64 / 32 / 16 / 8 / 4 / 2 / 1
What is subnetting?
It’s when you take a large network and split it up into small networks.
Creating a subnet involves borrowing bits from the original host portion and adding them to the network portion to make a smaller network.
Split Horizon
Prevents loops
OTDR
Think: Optical, Fiber
Number of Created Subnets =
2 to the power of s
-s is the number of borrowed bits
Number of assignable IP Addresses =
2h-2
h is the number of host bits
*** -2 is because every network has to have two IP addresses
What does a subnet mask do?
It defines the network portion of an IPv4 address.
Network portion if a binary 1
Host portion if binary 0
What are the network and host sections of Class A, Class B, and Class C email addresses?
- In a Class A network address (1-126), the first octet is for the network & the last three octets are for the host – 16.7 million possible hosts
- In a Class B network address (128-191), the 1st and 2nd octet are for the network, the 3rd & 4th octets are for the host – about 64k IPs available to be assigned to hosts
- In a Class C network address (192-223), the 1st 2nd 3rd octets are for the network, only the 4th is for the host – Only 256 IPs available to be assigned to hosts
There are four classes:
Address 1st Classful Classful
–Class– –Octet– –Mask– –Mask–
Class A: 1 - 126 255.0.0.0 /8
Class B: 128 - 191 255.255.0.0 /16
Class C: 192- 223 255.255.255.0 /24
What are subnet masks?
Subnetting takes a large network and splits it up into small network.
Default Classful Subnet masks are rarely going to be the optimal subnet for the subnet size.
Subnet masks modify the subnet to create networks that are better scoped.
What numbers are on the binary conversion chart?
128 / 64/ 32/ 16/ 8/ 4/ 2/ 1
Why are subnets beneficial?
1) More efficient use of IP addresses than classful default
2) Subnets enable the creation or more networks (VLANs, etc) so that’s good for security.
What makes a classful subnet mask?
Having either all 1s or all 0s in an octet (ex. /8, /16, /24)
What makes a classless subnet mask?
Having octets that are not homogenous.
What is the formula to calculate the number of subnets you can create?
Number of created subnets = 2 to the s power
s = the number of borrowed bits
For example:
- 11111111.11111111.00000000 (/24)
- 11111111.11111111.10000000 (/25)
What is the formula for the number of assignable IP addresses you can create?
The number of assignable IP addresses = 2h-2
Why does the formula for the number of assignable IP addresses have -2?
Because every network must have a
- Network ID (the first IP address)
- Broadcast (the last IP address)
CIDR
Classless Inter-Domain Routing
Used to summarize contiguous networks; called route aggregation
Instead of advertising multiple individual routes,
the routes can be summarized and advertised as a single route
VLSM
Variable Length Subnet Mask
Allows subnets of various sizes to be used and requires a routing protocol that supports it including:
RIPv2, OSPF, IS-IS, EIGRP, BGP
How many Subnets and IPs are in a /24 subnet?
1 subnet
256 IPs
How many Subnets and IPs are in a /25 subnet?
2 subnets
128 IPs each
How many Subnets and IPs are in a /26 subnet?
4 subnets
64 IPs each subnet
How many Subnets and IPs are in a /27 subnet?
8 subnets
32 IPs each subnet
How many Subnets and IPs are in a /28 subnet?
16 subnets
16 IPs per subnet
How many Subnets and IPs are in a /29 subnet?
32 subnets
8 IPs per subnet
How many Subnets and IPs are in a /30 subnet?
64 subnets
4 IPs per subnet
How many bits in a IPv4 vs IPv6?
IPv4 has 32-bit address
IPv6 has a 128-bit address
What are the benefits of IPv6?
- Much larger address space
- No broadcast IP
- No fragmentation
- No Maximum Transmission Unit (MTU) size
- IPv6 can co-exist with IPv4 (aka dual-stack)
- Simplified header (only 5 fields vs 12 field on IPv4)
What is MTU (only in IPv4)?
Maximum Transmission Unit is the max packet size.
if the packet went over that size, the packet would have to be fragmented and the pieces sent separately.
This was inefficient
Hexadecimal notation is used for IPv6
0-9 & A,B,C,D,E,F
Each digit is 4 bits
Consecutive groups of 0s can be summarized as “::”
ex. 2018::4815:54ae
How can you tell the difference between a MAC address and an IPv6 address?
MAC address always have 12 digits
What are the three types of IPv6 addresses?
1) Globally Routable Unicast Addresses - Begins with 2000 to 3999
2) Link-Local Address - Begins with FE80; only used on the LAN
3) Multicast address - Begins with FF
What is the EU164 process?
IPv6 uses auto configuration to discover the current network and selects its own host ID based on it’s MAC using this process
NDP
Neighbor Discovery Protocol Used by IPv6 to learn the Layer 2 addresses on the network. It performs the following services: -Router Solicitation -Router Advertisement -Neighbor Solicitation -Neighbor Advertisement -Redirect
What are the three types of IPv6 data flows?
- Unicast
- Multicast
- Anycast (replaces broadcast) - Designed to let one host initiate the efficient updating of router tables for a group of hosts
What are the main functions of a router?
1) Route traffic to flow between subnets or networks
2) Each subnet or network will be on its own broadcast domain
3) Routers are Layer 3 devices that separate broadcast domains, but multilayer switches are used also
What are Routing Decisions?
Contains Layer 3 –> Layer 2 mapping.
Routers use ARP caches to map an IP address to a given MAC address.
The router makes packet-forwarding decisions based on their internal routing tables.
What are Routing Tables?
A table kept by the router to help determine which route entry is the best fit for the network.
A route entry with the longest prefix is the most specific network.
What is a Split Horizon?
Prevents a route learned on one interface from being advertised back out of that same interface. This prevents routing loops.
What is a Poison Reverse?
Causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite (i.e. with a really high cost so no one would use it). This prevents routing loops.
What is RIP?
Routing Information Protocol is an interior gateway protocol (IGP) and a distance vector protocol; it wants the shortest hop count – max of 15 hops, 16 is infinite.
Oldest dynamic routing protocol.
Provides updates every 30 seconds (so it’s are to maintain convergence).
Easy to configure.
Runs over UDP.
What is OSPF?
Open Shortest Path First is an interior gateway protocol (IGP). It uses link-state protocol (i.e. cost) to determine route.
What is IS-IS?
Intermediate System to Intermediate System is an interior gateway protocol (IGP). It uses link-state protocol (i.e. cost) to determine route.
It functions like OSPF, but it is not as popular or as widely used.
What is EIGRP?
Enhanced Interior Gateway Routing Protocol is an interior gateway protocol (IGP). It is an advanced distance-vector protocol that uses bandwidth and delay, making it a hybrid of distance vector and link-state.
This is Cisco-only. Not as popular as OSPF.
What is BGP?
External Gateway Protocol. It is also path vector that uses the number of autonomous system hops (instead of router hops).
This is the backbone of the internet.
Slow convergence.
What is Route Believability?
Some routing protocols are considered more believable than others, so routers use an index of believability called AD (administrative distance).
If a route has lower AD, the route is more believable.
What are Metrics (as assigned to routes)?
Metrics are the values assigned to a route. Lower metrics are preferred over higher metrics. A metric is based on factors like: -Hop count -Believability -Reliability -Bandwidth -Delay -Cost
What is NAT?
Network Address Translation is used to conserve the limited supply of IPv4 addresses. It translates private IP addresses to public IP addresses for routing over public networks.
What is PAT?
Port Address Translation is when multiple private IP addresses share one public IP. It is a many-to-one translation. Commonly used in small networks.
What is DNAT?
Dynamic Network Address Translation IP address is automatically assigned from a pool. This gives us a many to many translation.
A public IP address is borrowed from and returned to a pool to get out to the internet (like a family of four with two cars; you use the car, then put the keys back on the hook).
What is SNAT?
Static NAT manually assigns IP addresses.
One to one translations.
Used as a security feature (smoke screen).
What are the four types of NAT IP addresses?
Inside local (private IP address referencing an inside devices) Inside global (public IP address referencing an inside device) Outside local (private IP address referencing an outside device) Outside global (public IP address referencing an outside device)
What is Multicast Routing?
Sending traffic to a Class D IP address (aka the Multicast group). The goal is to send the traffic only to the devices that want it.
- IGMP (Internet Group Management Protocol)
- PIM (Protocol Independent Multicast)
What is IGMP?
IGMP (Internet Group Management Protocol) is used by clients and routers to let routers know which interfaces have multicast receivers and allows clients to join a multicast group.
What is PIM?
Protocol Independent Multicast routes multicast traffic between multicast -enabled routers.
Multicast routing protocol forms a multicast distribution tree.
What is PIM-DM?
PIM Dense Mode uses periodic flood and prune behavior to form optimal distribution tree.
It causes a negative performance impact on the network and is rarely used in modern networks.
What is PIM-SM?
PIM Sparse Mode initially used a shared distribution tree, which may not be optimal, but eventually creates an optimal distribution tree through shortest path tree (SPT) switchover
What is HSPA+?
High-Speed Packet Access has advancements over LTE and 4G and can provided wireless broadband up to 84 mbps.
What is WiMAX?
Worldwide Interoperability for Microwave Access is an alternative to DSL/Cellular and a wireless fixed location service (set it up and leave it in one place, due mostly to it’s larger antenna).
Slower than WiFi.
What is a CSU/DSU?
Channel Service Unit / Data Service Unit terminates the digital signals from the ISP at the customer location.
You plug the CSU/DSU into the router.
Digital signal measurements
T1 = 1.544 Mbps / 24 voices channels T3 = 44.736 Mbps / 672 voice channels E1 = 2 mbps / 30 voice channels
What is PPP?
PPP is commonly used Layer 2 protocol on dedicated leased lines to simultaneously transmit multiple Layer 2 protocols (IP, IPX, etc)
- Multilink interface; allows multiple physical connections to be bonded together into a logical interface
- Looped link detection
- Error detection; frames with errors can be detected and discarded
- Authentication; device on the other end can authenticate the connection
What is PAP?
Password Authentication Protocol performs one-way authentication betwn client and server
-Credentials are sent in clear text (BAD!)
What is CHAP?
Challenge Handshake Protocol is safer because credentials are hashed (also MS-CHAP)
What is PPPoE?
PPP over Ethernet allows authetication using PAP or CHAP at Layer 2
What is DSL?
A Digital Subscriber Line
- ADSL; 8 mbps download, 1.54 upload - voice and data on the same line. Max distance DSLAM 18000 ft
- SDSL; symmetric DSL, 1.54 upload and download; no simultaneous voice and data; dedicated access
- VDSL; 52 mbps upstream, 12 mbps downstream; max DSLAM is 4000 ft.
What is HFC and DOCSIS?
These are terms indicate a cable network or cable modem.
- HFC is Hybrid Fiber-Coax is CATV infrastructure containing coax and fiber cabling.
- DOCSIS is Data-over-Cable Service Interface Specifications specifies ranges for upstream and downstream data transmission
What are the primary issues with satellite connections?
Delays (due to distance traveled) and weather conditions can interrupt service.
What is POTS?
Plain Old Telephone Service runs on public switched telephone network (PSTN; aka analog phone service) consists of telephone carriers from around the world.
What is SONET?
Synchronous Optical Network is a Layer 1 technology using fiber as media. It has high data rates (155mbps-10gbps). It transports Layer 2 encapsulation (like ATM).
Covers large areas.
What is ATM?
Asynchronous Transfer Mode is a Layer 2 WAN technology that operates using PVCs (Permanent Virtual Circuits) and SVCs (Switched Virtual Circuits).
It’s similar to Frame Relay, except all frames are transferred as fixed-length (cells) as its protocol data unit (PDU)
How many bytes are the payload and header in ATM?
53 byte cell:
-payload is 48 bytes
-header is 5 bytes.
Because the size is standard, it enables really fast transfer.
WAN Technology bandwidths
- Frame Relay: 56kbps - 1.544 mbps
- T1 - 1.544 mbps
- T3 - 44.736 mbps
- ATM - 155 mbps (OC-3) – 622 mbps (OC-12)
- SONET: 51mbps (OC-1) - 159 gpbs (OC-3072)
What are three types of symmetric encryption? (Confidentiallity)
Both the sender and the receiver have the same key:
- DES (Data Encryption Standard)
- 3DES (Triple DES)
- AES (Advanced Encryption Standard)
What is DES?
Data Encryption Standard is symmetric encryption.
- 56-bit key
- Used by SNMPv3
- Considered weak by today’s standards
What is 3DES?
Triple DES is symmetric encryption.
- Uses three 56-bit keys (168-bit total)
- Encrypt, decrypt, encrypt
What is AES?
Advanced Encryption Standard is symmetric encryption.
- Used by WPA2
- It is available in 128, 192, and 256-bit keys
What is Asymmetric Encryption?
Uses different keys for sender and receiver. It can be used to securely exchange emails.
- public key
- private key
How do you confirm Integrity (CIA)?
Hashing is an algorithm that runs a string of data and creates a hash or hash digest. It serves as a unique fingerprint for that file.
What is MD5?
Message Digest 5 is a hashing algorithm
-128-bit hash digest
What is SHA-1?
Secure Hash Algorithm 1
-160-bit hash digest
What is SHA-2?
Secure Hash Algorithm 256
-256-bit hash digest
What is CRAMMD5
Challenge-Response Authentication Mechanism MD5
What are are common vulnerability scanning tools used by network administrators?
Nessus, Zenmap, and nmap
What is Syslog?
Routers, switches and servers can send their log info to a common syslog server for analysis.
What are the levels of Syslog?
0 - Emergencies 1 - Alerts 2 - Critical 3 - Errors 4 - Warnings 5 - Notifications 6 - Informational 7 - Debugging
What are the Troubleshooting steps?
- Define the problem.
- Hypothesize the probable cause.
- Test the hypothesis
- Create an action plan
- Implement the Action plan
- Verify the problem resolution
- Create a post-mortem report.
What is an ESD strap?
It’s a strap with an alligator clip that discharges the static buildup in your body into a grounded object instead of damaging the electrical components.
Why is static electricity dangerous?
Static discharge can be several thousands of volts at a low amperage.
THis can damage routers, switches and chips.
When do you use a multimeter?
It can verify if a cable is broken.
–A copper cable should have 0 resistance.
–If it has high resistance or overload means it’s broken.
Use a multimeter with copper cabling to verify continuity, resistance, amperage, or voltage.
Also used to test source power to a device or a device’s own power supply.
What is a Loopback device?
Connects transmit pins (or fibers) to receive pins to test network interfaces.
What is a Cable Tester?
It verifies the continuity for each wire in the cable to ensure there are no breaks.
Verifies the pinouts of the connectors.
What is a Cable Certifier?
Used with existing cable to determine its category or test data throughput.
- -It works as a cable tester, but also does a lot more.
- -Can be used to determine the length of the cable and make sure it’s crimped properly.
- -It identifies the frequency range supported by the cable, data throughput
What is a Butt Set?
Test equipment tools used by telephone technicians to check for dial tone or verify that a call can be placed from the line. Telephone or DSL
What is a Toner Probe?
It allows technicians to generate a tone at one end of a connection and use the probe to audibly detect the wire pair connected to the tone generator.
–AKA, Fox and hound
What is a TDR or an OTDR?
- -Time Domain Reflectometer (TDR) Locates breaks in copper cables and provides an estimate of severity and distance to the break
- -Optical TDR is for fiber
What does a Speed Test do?
Verifies the throughput from client to Internet and determines overall connection speed to the Internet by downloading a large file from the test server and uploading the file to the server
What is a Throughput Tester?
A device you put in your network that has multiple network interfaces and can generate high volumes of pseudo-random data for wired and wireless networks.
Used on networks to observe how the network performs under heavy load.
What is a BERT?
Bit Error Rate Tester;
generates patterns at one end of a link and analyzes the received patterns for errors.
Useful for troubleshooting interference on cable or fiber
What is a Protocol Analyzer?
-AKA – Network sniffer (ex. Wireshark, Ethereal)
Traffic can be captured from the network and reviewed for problems in the communications between devices.
What is a Wireless Analyzer?
Software that conducts wireless survey to ensure proper coverage and prevent non-desired overlap.
What does the ARP command show?
The MAC address (Layer 2) for a known IP address (Layer 3)
arp-a: displays the current arp table
arp-d: deletes the ARP mapping
arp-s:
What does Tracert (Trace rt)?
Displays the path between your device and the destination IP address; shows each route hop
What does nbtstat do?
Displays NetBIOS information for IP-based networks and a listing of the NetBIOS device names learned by the the PC.
What does netstat do?
Displays information for IP-based connections on a PC including current sessions, source and destination addresses and port numbers
What is Route poisoning?
Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks.
What must be added to a VLAN with a gateway to add security to it?
VLANs can be protected with an ACL. Without a properly configured ACL, there is no additional security provided by a VLAN.
What should be implemented to allow wireless network access for clients in the lobby using a password key?
WPA2 allows the use of a preshared key for wireless network access.
What is MIB?
Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow whatever tool to interpret the information received correctly.
Which encryption type is MOST likely used for securing the key exchange during a client-to-server VPN connection?
ISAKMP is used in IPSec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection.
Which WAN technology relies on virtual circuits and point-to-multipoint connections?
Frame Relay is a WAN technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology.
It supports the use of virtual circuits and point-to-multipoint connections.
It is commonly used to connect multiple smaller corporate office locations back to a larger centralized headquarters.
Which device should you use to allow different network segments to communicate with each other?
A router or a layer 3 switch is used to allow different network segments and broadcast domains to communicate with each other.
What type of cable would you use to connect to a console port on a router or switch?
a router or switch’s console port is connected using a rollover cable, which has an RS-232 (DB-9) port on one side and an RJ-45 on the other.
Would an AM radio station interrupt a DOCSIS connection?
Yes. DOCSIS is how cable modems operate by sending radiofrequency waves over coaxial cables. AM frequencies can interfere with DOCSIS.
