Troubleshoot Device and Security Issues

Question 1

Rogue DHCP Issues

Answer 1

• Clients have no means of preferring a DHCP server
• If two are running client can pick up lease with incorrect information
• Could be accidental or malicious
• Attacked would normally use rogue DHCP to change default gateway or DNS resolver to route traffic to their machine in a on path attack

Question 2

DNS troubleshooting: Local Cache

Answer 2

• diffrent types of cache and separate caches for individual apps, use ipconfig/displaydns and ipconfig/flushdns to monitor and clear system cache

Question 3

DNS Troubleshooting: Check HOSTS

Answer 3

• HOSTS file is static list of host name to IP address mappings
• Default location is %Systemroot%\system32\drives\etc\
• In most casts HOSTS should not contain entries other than loopback address
• If there are static entries, they could be causing issue

Question 4

DNS Troubleshooting: Query DNS

Answer 4

• Host uses name servers defined in its IP configuration to resolve queries
• Confirm name servers are reachable

Question 5

DNS configuration issue

Answer 5

• Host will not be able to connect to server but name, but can with IP address
• Verify DNS issue by editing HOSTS file with the correct name and address then try pinging again
• Client could be configured with wrong DNS server address or none
• Could also have incorrect DNS suffix
• Could also be DHCP options issue
• If multiple hosts have issue, could be DNS server issue

Question 6

VLAN Issues

Answer 6

• Must ensure that each VLAN has access to DHCP an DNS
• If device cannot communicate between VLANs, ensure that VLAN to VLAN routing has been configured
• Make sure all devices are in correct VLAN

Question 7

Unresponsive Service and Network performance issues

Answer 7

• If connectivity issues have been ruled out on client and subnet, issue may be with server
  Problems may include:
• Application or host OS is offline or crashed
• Server is overloaded
• Congestion on network. Use ping to verify latency
• Broadcast storm is causing loss of bandwidth
• DoS attack, compare current access patterns to baseline

Question 8

Firewall Issues

Answer 8

• Firewall may be blocking addresses, services or ports that should be allowed
• Users will report incidents with failure of data traffic
• Try to connect from both inside and outside firewall
• Also verify if issue may come from firewall running on host
• FW could also be configured to allow traffic it should not.
• Necessitate regular firewall audits

Question 9

Certificate issues

Answer 9

• Most common issue is that certificate issuer is not trusted
• Usually can be ignored, but should only be done if lack of trust is understood
• You can add certificate to root store with certmgr.msc console
• Often certificates for web management devices and server applications are self signed
• Certificate might no match URL, usually indicates error on part of web server but could be malicious
• Could not be being used for its stated purpose