Securing & Supporting the Network

Question 1

Firewall

Answer 1

Filters (permits or denies) traffic based on a set of criteria

Rules created for inbound and outbound connections

Network Based or Host-Based

Question 2

Network Based Firewall

Answer 2

Physical hardware on the edge of the network

Usually also a router or just in line filter

Usually capable of NAT (Network Address Translation) because they’re internet facing devices

Question 3

Host-Based Firewall

Answer 3

Software on a computer like Windows Firewall

Controls which applications and ports are allowed to talk inbound and outbound on an individual workstation or host computer

Question 4

Dedicated Network Firewalls

Answer 4

Can provide multiple security services

Firewalling, VPN services, Anti-Malware, Content Filtering

Usually for corporate environments

This is called UTM (Unified Threat Management)

Question 5

UTM

Answer 5

Unified Threat Management

A device that provides multiple security services like Firewalling, VPN services, Anti-Malware, Content Filtering

Question 6

ACL

Answer 6

Access Control List

Used on routers and firewalls to create a list of rules for permitting and denying traffic. Can define the protocol such as IP, Source network, destination network, and the TCP/UDP port # for matching traffic

Question 7

Stateless Firewall

Answer 7

Employs only Access Control Lists to control inbound and outbound traffic

Modern Firewalls are both stateful and stateless because they use ACLs and also keep track of connections

Question 8

Stateful Firewall

Answer 8

Keeps track of connections and can allow return traffic as long as it was first generated from inside the network

Modern Firewalls are both stateful and stateless because they use ACLs and also keep track of connections

Question 9

Deep Packet Inspection

Answer 9

Advanced Firewalls are capable of inspecting the contents of packets

Allows a firewall to determine the context of the connection (what it’s really doing) “What is the purpose of this traffic?”

Question 10

Application Aware Firewall

Answer 10

AKA Context Aware Firewall

Can understand what devices, and what services and applications, the packets are for

Makes Network Based anti-malware possible

Decisions can be made on what is deep inside the packets rather than just where its coming from and where it’s going

Question 11

Context Aware Firewall

Answer 11

AKA Application Aware Firewall

Can understand what devices, and what services and applications, the packets are for

Makes Network Based anti-malware possible

Decisions can be made on what is deep inside the packets rather than just where its coming from and where it’s going

Question 12

VPN

Answer 12

Virtual Private Network

Establishes a private network connection over public networks and incorporates encryption to protect the tunnels between two end points

Normally incorporates encryption to protect the VPN tunnel

Host to Host VPN
Site to Site VPN

Question 13

VPN Concentrator

Answer 13

Virtual Private Network Concentrator

A vpn concentrator is a device that is dedicated to handling large amounts of VPN connections. Most of the time the firewall also acts as a VPN Concentrator, but it could be a separate device

Question 14

VPN Protocols

Answer 14

PPTP (Point-to-Point Tunneling Protocol)
GRE Tunnel (Generic Routing Encapsulation Tunnel)
IPSec (Internet Protocol Security)
SSL VPN (Secure Sockets Layer VPN)

Question 15

PPTP

Answer 15

Point-to-Point Tunneling Protocol)

VPN Protocol

Uses PPP for authentication and modified GRE (Generic Routing Encapsulation) for the tunnel. No inherent encryption, unsecure, mostly obsolete

Question 16

GRE Tunnel

Answer 16

Generic Routing Encapsulation Tunnel
VPN Protocol

Used with routers to create a generic tunnel. In combination with IPSec (Internet Protocol Security) to create an encrypted VPN Tunnel

Question 17

IPSec

Answer 17

Internet Protocol Security

VPN Protocol

Provides a method for authentication and negotiation of crypto keys. Uses IKE (Internet Key Exchange) to negotiate the key and ISAKMP (Internet Security Association and Key Management Protocol) for key exchange

Authentication Algorithms: HMAC-MD5, HMAC-SHA-1

Encrypted Algorithms: DES, 2DES, Blowfish, AES

Question 18

SSL VPN

Answer 18

Secure Socket Layer Virtual Private Network

Uses SSL to establish VPN connectivity. For host to site VPN. A web browser can be used to connect the VPN which is easier for VPN users.

NOT for site to site

Question 19

Network Segmentation

Answer 19

An architecture that divides a network into smaller sections or subnets

Question 20

DMZ

Answer 20

Demilitarized Zone

Private network that sits between a private LAN and the public internet

Used to expose webservers and other servers to the public internet without exposing the private LAN to the internet

If a machine on the DMZ becomes compromised the attacker will not have access to the LAN

Web servers place on the DMZ server with port 80 open from the outside to the DMZ only

Question 21

Honey Pot

Answer 21

a host that is exposed or partially exposed to invite attacks while monitoring and collecting information

Question 22

Honey Net

Answer 22

an entire network that is made to seem like a live production environment with weak security that invites attacks for monitoring purposes

Question 23

Testing Lab

Answer 23

Separated from the production network

Useful for :
Testing patches and updates before deploying to the production network
Test new/different hardware/software set ups
Test fixes to complex problems
Train others on lab equipment without interfering with the production network

Question 24

VLANs

Answer 24

Virtual Local Area Networks

Used for applying segmentation across the entire network and implement security in different ways for each VLAN

Can set up ACL that apply to each VLAN Gateway

Question 25

Malware

Answer 25

Software written specifically to harm and infect a host system.

Includes viruses, worms, trojan horses, spyware, adware, ransomware, etc.

Question 26

Compromised System

Answer 26

A host, server, network node, or other computer system that has been infected with malware or otherwise successfully attacked and exploited.

Compromised system sometimes give themselves

Question 27

Attacks and Threats

Answer 27

Most attacks are performed by compromising computers with Malware that is designed to perform a specific type of attack

DoS (denial of Service)
DDos (Distributed Denial of Service)

Question 28

DoS

Answer 28

Denial of Service

Floods the target with traffic

Question 29

DDoS

Answer 29

Distributed Denial of Service

Bonet, zombie computers, coordinated attack, target cannot handle all the traffic and it goes offline

Question 30

Smurf Attack

Answer 30

DDoS attack

Floods the target with spoofed ICMP (Internet Control Message Protocol) which spoofs the source IP on ICMP or on the ping

Attacker sends an IP directed broadcast ping to large networks with a spoofed IP source of the target victim and the ICMP replies to the target causing a DDoS attack

Most modern routers have directed broadcast turned off by default

Question 31

VLAN Hopping

Answer 31

Virtual Local Area Network Hopping

A malicious user on one VLAN gains access to traffic on another VLAN that it shouldn’t have access to

Either acts as trunking switch (switch spoofing) or double tags its Frames with two VLANS

Can also exploit VoIP (Voice over IP) ports as they use data VLAN and voice VLAN

Question 32

MITM

Answer 32

Main in the Middel attack

An attacker causes traffic between two endpoints to be sent through the attacker

Attacker can then intercept and manipulate the data

Could be on a local LAN with a malicious user or via the public internet

Many kinds of MITM attacks:
ARP Poisoning
Session Hijacking

Question 33

ARP Poisoning

Answer 33

MITM attack

Malicious user poisons the ARP cache of devices communicating with each other so that their layer 2 frames will be redirected to a machine used to intercept the communication

Question 34

Session Hijacking

Answer 34

MITM Attack

Malicious user intercepts the authentication cookies for an unsecure (HTTP port 80) web session and gains access to the web session

Various methods, may require the attacker to be in the same broadcast domain as the target or includes cross-site scripting and browser jacking malware that allows attackers to hijack session remotely

Question 35

Brute Force Attack

Answer 35

Attack uses cracking softrware, disctionary lists, and other username and password lists with the hope of eventually getting the correct combination

Question 36

Zero-Day Attachs

Answer 36

Attackers using new exploits that are not made public, leaving organizations unprotected from the exploit until it’s exposed and patched / mitigated

Question 37

Social Engineering

Answer 37

Attackers trick people and use their trust to gain access to systems and critical or private information such as usernames, passwords, accounts numbers, ip addresses, etc.

Phishing, spear phishing, baiting, tailgating, dumpster diving

Use a shredder

Security policies, procedures and end user awareness training are the best ways to stop most social engineering attempts

Question 38

Spear Phishing

Answer 38

Specific email, like your boss’s emailB

Question 39

Baiting

Answer 39

Trojan horse malware on flash drive hoping someone will plug it in

Question 40

Vulnerabilities

Answer 40

Unnecessary programs and services running on a machine (Bit Torrent Emule)

Open TCP/UDP ports
Old or unpatched systems
Clear text credentials and unencrypted channels
Unsecure protocols: Telnet, http, slip, ftp, tftp, snmpv1, smnpv2

Question 41

RF Emanating / Emanations / EMR

Answer 41

Sensitive systems should be protected from potential snooping/eavesdropping on RF emanations and the TEMPEST standards can be followed to ensure the proper RF shielding is in place

Question 42

Ransomeware

Answer 42

Attackers use a form of Malware that encrypts all files on the device, holding them hostage for ransom

If ransom is not paid the files will never be decrypted

Question 43

Phising

Answer 43

Attacker uses electronic communication (like email) to obtain information such as usernames and passwords, bank information, etc.

Phishing emails are disguised as official email from a trusted source and usually attempt to make you click on a link

Question 44

Deauthentication

Answer 44

Attacker deauthenticates (logs out) a user

Wifi deauthentication attack

Attacker sends deactivation frame AP
Users gets kicked off and attacker can have user reconnect to evil twin access point
Sniff the WPAv 4 way handshake upon user reconnecting
Hijack the wifi connection
Mount a MITM attack

Question 45

Insider Threat

Answer 45

Malicious employee
Trusted person on the inside who takes advantage of their network access to cause harm or steal data

To identify, check weird login times, downloading large amounts of data, etc.

Question 46

Logic Bomb

Answer 46

Malicious code that sets off a mlicious function or activity when certain conditions are met

Called a bomb because it is set off or triggered by some condition or certain time

Code, inserted bye an employee, that deletes certain files if they are terminated from the company

Question 47

NAC

Answer 47

Network Access Control

Define authorized nodes and MAC addresses

Performs posture assessment on connecting hosts for things like antivirus and places them in quarantine if they fail the posture assessment

Persistent agent – reoccuring scanning

Non-persistent – one time scan

Question 48

Anti-malware Software

Answer 48

Host based:

Cloud server based:

Network based

No single type of anti-malware protection is the best option, it’s best to use multiple forms of anti-malware implementations to provide a wider coverage

Question 49

Host based Anti-malware

Answer 49

Installed directly on the host computer

All the devices need to signatures updated constantly which is hard to mange
Large organization requires an anti-malware server to track, push and manage updates

Question 50

Cloud server based Anti-Malware

Answer 50

Centralized anti-malware service that runs in the cloud or on a local server

inbound outbound communication requests are examined

Easy to Manage

Question 51

Network based Anti-Malware

Answer 51

runs on firewalls or other nodes that process internet traffic like proxy servers

All traffic that passes through it is examined and uses signatures to identify malware

Doesn’t require any software on the host - the entire network is protected

Question 52

Arp Inspection

Answer 52

Switch Security

With dynamic ARP Inspection (DAI) switches can intercept all ARP requests and replies and determine the validity of the IP to MAC binding

Drops invalid and spoofed ARP packets

Prevents ARP poisioning / spoofing and some MITM attack

Question 53

DHCP Snooping

Answer 53

Switch Security

Identifies trusted DHCP servers

Acts like DHCP firewall between the servers and hosts

Filters all abnormal/ invalid DHCP traffic

Question 54

MAC Filtering

Answer 54

Switch Security

Switches can keep a list of MAC addresses to permit or deny access

Question 55

Port Security

Answer 55

Switch Security

Allows only specified MAC addresses to use the switch port

IF an invalid MAC address is connected the switch port will shut down

Question 56

VLANS

Answer 56

Virtual Local Area Connections

Switch Security

VLANS allow us to segment the network into smaller parts and apply security to each VLAN seperately

Can restrict which VLANS can talk to each other and restrict other network access with VLAN ACL (Access Control List)

Question 57

SSH

Answer 57

Secure Protocol that encrypts terminal session

TCP port 22

Question 58

SNMP v3

Answer 58

Secure Protocol that uses user/password, hashes and encrypts the SNMP traffic (Simple network management protocol)

tcp port 161

Question 59

SFTP

Answer 59

Secure File Transfer Protool
Secure Protocol

uses SSH to encrypt file transfer

tcp port 22 (same as SSH as it’s using SSH)

Question 60

HTTPS

Answer 60

Hyper-Text Transfer Protocol Secure
Secure Protocol

uses SSL/TLS encrypts web session

tcp port 443 (for both SSL/TLS)

Question 61

IPSec

Answer 61

Internet Protocol Security
Secure Protocol

VPN tunnel encryption (up to AES (Advanced Encryption Standards))

tcp port 500

Question 62

Telnet

Answer 62

Insecure Protocol
Clear text terminal

tcp port 23

Question 63

SNMP v 1/2

Answer 63

Simple Network Message Protocol
Insecure Protocol

unsecure network management

tcp port 161

Question 64

FTP

Answer 64

File Transfer Protocol
Insecure Protocol

unsecure file transfer

tcp port 20 and 21

Question 65

HTTP

Answer 65

Hyper-text Transfer Protocol
Insecure Protocol

unsecure web session

tcp port 80P

Question 66

PPTP

Answer 66

Point-to-Point Tunneling Protocol VPN

unencrypted vpn

tcp port 1723

Question 67

802.1x

Answer 67

User Authentication (Extensive user authentication)

Users have zero network access until authenticated

Question 68

802.1x Protocols

Answer 68

PPP (Point to Point Protocol)
PAP (Password Authentication Protocol, clear text)
MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol)

Username and password authentications

Used for remote server access, VPNs, etc.

Question 69

Kerberos

Answer 69

Centralized network authentication system

Used with Windows domain client authentication

Cane be used to secure any service requests

Question 70

SSO

Answer 70

Single Sign On

Allows access to multiple systems with a single set of credentials

Creds from a directory server provide access to multiple applications

LDAP) (Light weight directory access protocol)

Authentication token passed to configured SSO application

Question 71

Multi-Factor Authentication

Answer 71

Two factor authentication, adds a one time password texted to your phone, Security Qs, OPINS, Biometrics, physical token, mobile phone token.

Five factors of MFA

Something you know – PIN, username and password, seurity questions

something you have - phone, authenticator token, usb memory stick, etc

something you are - finger print, retina scan, voice signatures

somewhere you are - factor based on your location, geolocation, ip address

somethingn you do - typing techniques, hand written signature, techniques in writting, hand drawn patterns

Question 72

Mantraps

Answer 72

Separate room before you go into the main facility

Area to check you for security before you go into a building

Room usually has a locking mechanism

Question 73

Network CLosets and Locked Racks

Answer 73

Put locked server racks into locked closets

Question 74

Video Monitoring

Answer 74

IP Cams or CCTV

Question 75

Door Access Controls

Answer 75

Keypads and cipher locks

proximity readers / key fob

Biometric scans

Question 76

Security Guards

Answer 76

To keep things secure

Question 77

IDS

Answer 77

Intrusion Detection System

IDS analyzes traffic that passes through the network, if it sees something abnormal it sends an alert

Question 78

HIDS

Answer 78

Host based Intrusion detection

On computers

Question 79

NIDS

Answer 79

Network based Intrusion detection

On network

Question 80

IPS

Answer 80

Intrusion Prevention System

Actively defends the network and sends alerts

Question 81

Risk Management

Answer 81

About Assessing and minimizing risk

Question 82

Security Policies

Answer 82

Outlines the security standards of the network.

Requires users to sign AUP (Acceptable Use Policy) before they can use the network

Question 83

Security Controls

Answer 83

Enforces security policies

Good end user training is one of the best security measures

Question 84

Patch Management

Answer 84

Helps to keep on top of patches and updates

Question 85

Vulnerability Scanning

Answer 85

Assesses network security

Question 86

PEN Testing

Answer 86

Penetration testing

Assesses network security

Question 87

First Responders

Answer 87

First person on the scene of a computer crime

Must preserve and safe guard the digital evidence

Must also follow escalation policy and document the scene after securing the area

Question 88

eDiscovery

Answer 88

Electronic Discovery

Identifying, discovering, collecting, and exchanging ESI (Electronically Stored Information)

Digital documents, emails, texts, audio, video, databases, voicemail, spreadsheets, websites, any kind of electronic information

Question 89

Evidence / Data Collection

Answer 89

Only a digital Forensics expert should attempt recovery

Question 90

Storage Imaging / Duplication

Answer 90

Copies of the data can be made for preservation

Only perform imaging if authorized to do so

Question 91

Handling the Evidence

Answer 91

Chain of Custody - evidence must be handled carefully, record all changes of hands, and should be traceable all the way back to the original scene

Data Transport - keep evidence away from magnetic fields, speakers, magnets, radio transmitters, etc. package during travel and prevent shock and vibration, and document all transportation activities

Question 92

Forensic Report

Answer 92

Evidence is examined and analyzed
Report provided after digital forensics completed
Written case report to present gathered information
May be provided by authorities or forensic analysists

Question 93

Legal Hold

Answer 93

If organization becomes part of an investigation a legal hold may be placed on the computer systems and data

Provided notice from legal counsel in anticipation of litigation

Includes precise instructions to preserve digital records, tape backups, archived media and other types of ESI (electronically stored information)

In this case, data must not be destroyed

Question 94

Change Management

Answer 94

A formal process to introduce change in a controlled and coordinated manner

Ensures changes are properly communicated

Attempts to prevent downtime or outage of system

Question 95

Change Request

Answer 95

First document the reason for change

Submit a request for this change

Request should include:
Configuration Procedures
Potential Impact of Change
Notification Process
Rollback Process

Question 96

Approval and IMplementation

Answer 96

Approval process differs based on the size, impact, and urgency

Maintenance window must be established for implementation

Impacted users must be notified of the change

Question 97

Documentation

Answer 97

After successful implementation of the change, update all documents

Network configurations, additions to the network diagram, and changes to physical locations

Question 98

Business Continuity

Answer 98

A plan to ensure an organization has a speedy recovery and can continue to operate after a business disruption

Includes Disaster Recovery, mainly concerning IT systems

Question 99

Disaster Recovery Plan

Answer 99

Documented process to recover and protect a business IT infrastructure in the event of a natural or man-made disaster

DR Data Center
Network Redundancy
Fail over procedures
Storage archives and Backups
Hot Sites / Cold Sites
Power Redundancy
Fire suppression systems

Question 100

NOC

Answer 100

Network Operations Center

Where network administrators monitor and manage the network

Network health visuals in real time
Automated alerting and after hours paging
Focal point for troubleshooting and maintaining the network devices like routers, switches, firewalls, etc.

Question 101

Ping Monitoring

Answer 101

Reachability statistics
Up/Down status

Question 102

SNMP Monitoring and Graphing

Answer 102

Simple Network Messaging System

Reachability stats
Up/Down status
Interface Bandwidth graphic
SNMP Traps

Question 103

NetFlow and sFlow

Answer 103

Cisco Proprietary, based on IP (Internet Protocol), layer 3 and some layer 2

sFlow is in layer 2

Question 104

Servers and software for network management

Answer 104

There are many servers and software

Paid:
SolarWinds NPM
Cisco Prime Infrastructure
What’s up Gold

Free:
Nagios
Spiceworks
Cacti

Question 105

Syslogs

Answer 105

(system logs)

able to receive system level event logs from network infrastructure devices. Normal/standard to have a syslog server on the network to capture this type of info

Question 106

Configuration Management

Answer 106

How and why to back up device configs

Automated backup jobs or manually set them up in CLI

Once the configuration is backed up it can be used for new devices, or in case the configuration is ever erased or changed

Question 107

Authentication

Answer 107

AAA
Authentication - is the user a valid user
Authorization - what activity is the user authorized to do
Accounting - what did the user do while they were logged in

Question 108

Remote Authentication

Answer 108

We can authentication remotely using TACACS (Terminal Access Controller Access-Control System) or RADIUS

Question 109

Plugs/Connectors

Answer 109

Power plugs and connectors must match, especially with voltage

Question 110

UPS

Answer 110

Uninterrupted power source unit provides temporary battery back up for racks/hardware

Question 111

Power Redundancy

Answer 111

Primary Power, battery backups, generators

Question 112

Rack Mounting

Answer 112

Be aware of airflow and placement for optimal air flow

Label - ports, circuits, patch panel, hardware

Use a naming convention

Question 113

Rack Monitoring and Security

Answer 113

mointoring systems provide environmental mointoring and security such as door switches and video surveillance

Motion detectors
Fire/smoke/gas detectors
door switch
airflow
temperature
humidity
leaks
video surveillance
web managemnt
alerts via network/email

Question 114

ICS

Answer 114

Industrial Control System

Monitors, automates, and enables human controls of industrial processes

Enables speed, responsiveness, and reliability in production and industrial controls

Encompasses DCS and Scada

Question 115

DCS

Answer 115

Distributed Control System

A closed, complete, working integrated and tested ICS system (reliable and secure)

Typically less vulnerable to cyber security attacks than SCADA based systems

Question 116

SCADA

Answer 116

Supervisory Control and Data Acquisition System

System for monitoring and controlling industrial and manufacturing equipment

Uses PLCs (Programmable Logical Controllers) for controlling machines, equipment, valves, etc.

Electrical, water, oil, gas, automotive, manufacturing, mass transit, traffic signals

Provides ICS (Industrial Control System) over long distance and interfaces with many types of systems and networks

Question 117

Basic SCADA Components

Answer 117

Machine - industrial machines controlled by SCADA

PLCs (Programmable Logic Controllers) industrial digital computers, control switches, valves, etc.

RTU (Remote Terminal Unit) - remote long distance PLC

ICS Server (Industrial Control System) - Runs SCADA software to control PLC (Programmable Logic Controllers) and control units

HMI (Human Machine Interface) - enables monitoring and control by a human

Question 118

PLCs

Answer 118

(Programmable Logic Controllers) industrial digital computers, control switches, valves, etc.

Question 119

RTU

Answer 119

(Remote Terminal Unit) - remote long distance PLC

Question 120

ICS Server

Answer 120

(Industrial Control System) - Runs SCADA software to control PLC (Programmable Logic Controllers) and control units

Question 121

HMI

Answer 121

(Human Machine Interface) - enables monitoring and control by a human

Question 122

Asset Management

Answer 122

Track and manage device inventory and the employees that end user devices are assigned to

Question 123

Network Diagrams

Answer 123

Useful for many things including planning for network upgrades and installs

Question 124

IP Address Utilization

Answer 124

Document IP Address utilization and create complete list of all private and public network ID’s and IP address assignments

Question 125

Vendor Documents and Contracts

Answer 125

SLA (Service Level Agreement)

SOW (Statement of Work)

MSA (Master Service Agreement)

MOU (Memorandum of Understanding)

Question 126

SLA

Answer 126

(Service Level Agreement)

Defines the aspect of a service provided by a service provider such as quality and availability and responsibility

Question 127

SOW

Answer 127

(Statement of Work)

Defines work to be accomplished during a project

Usually between a consultant/provider and a customer

Question 128

MSA

Answer 128

(Master Service Agreement)

Payment Terms, warranties, intellectual property

Question 129

MOU

Answer 129

(Memorandum of Understanding)

Multi-party agreement indicating a common line of action

Not legally binding

Question 130

Small Office LAN Deployment

Answer 130

Implementation Considerations

List of requirements
Device types and requirements
Environment Limitations
Compatiblity Requirements
Wired/Wireless Considerations
Security Considerations

Question 131

List of requirements

Answer 131

Create a list of requirements

how many users and work areas
power over ethernet support needed
how many computers will be on the network
wireless access needed
servers and domain services required
LAN cabling needs
closets for LAN Equpiment and patch panel
local internet access or coming from remote site
private WAN for connecttivity
host to host or site to site vpn needed

Question 132

Device Types / Requirements

Answer 132

Based on the requirements, what network devices do we need?

Create a diagram

Question 133

LAN Requirements

Answer 133

Map out the connections needed and determine size of switch

Determine if multiples switches will be needed and their locations

WLAN: Determine SSIDs (business, guest) and numbers/location of WAPS

Question 134

WAN Requirements

Answer 134

If Private WAN connectivity is required then a router will be needed that can accept the wan connection and run the required protocols

Question 135

Internet Requirements

Answer 135

A basic business grade router/firewall can be use for SOHO internet connectivity

If VPN access is required a more robust firewall/router will be needed

Question 136

Environmental Limitations

Answer 136

Space
Where to place things
Cooling of equipment
Plenum space where cables need to be placed
Enough power available for the equipment

Question 137

Equipment Limitations

Answer 137

How much room does the equipment allow for growth
What types of protocols and technologies does the equipment support
Does the equipment contain expansion modules
How will you manage the equipment remotely
What type of remote access can use set up

Question 138

Compatibility Requirements

Answer 138

Everything must be compatible and work together flawlessly
Ethernet LAN consider bandwidth capabilities
Don’ create unnecessary bottlenecks
Carefully choose WAN connections
Fiber Optics and SPFS (optical transceiver module) types must match

Question 139

Wired / Wireless Considerations

Answer 139

Follow standards for wired connectivity
Ethernet distance limitation is 100 meters
Structured LAN cabling can be out sourced
Follow structured cabling standards
WAP placement - best coverage
Be sure to have enough WAPS
Other WLANs can conflict (some channels used)

Question 140

Security Considerations

Answer 140

Physical security - keep the equipment safe

LAN Security - implement switch security features WAN

Security - protect internet connection with an ACL (Access Control List)

Routers and hardware firewalls may not have an ACL (Access Control List) configured by default

Do not connect to the internet unprotected (without an ACL)

Hosts should be running software firewalls (default with windows)
Wireless security - hide ssids, use wPA3, consider adding another form of authentication

Administrator passwords - only administrators should have these. Do not share passwords over regular email or other unsecure messaging platforms