CompTIA Network Obje..

elbowshelmetΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 3 χρόνια και 5 μήνες)

127 εμφανίσεις




O
b
je
c
t
i
v
es
:
N
1
0
-
0
04


D
o
main

%

of

E
x
a
m
ina
t
ion

1.0

N
e
t
w
ork

T
e
c
h
n
o
l
o
g
i
es

20%

2.0

N
e
t
w
ork

M
e
d
i
a

a
nd

T
o
p
o
l
o
g
i
es

20%

3.0

N
e
t
w
ork

De
v
i
c
es

17%

4.0

N
e
t
w
ork

M
a
n
a
g
e
m
e
n
t

20%

5.0

N
e
t
w
ork

T
o
ol
s

12%

6.0

N
e
t
w
ork

S
e
c
uri
t
y

11%

T
o
t
al

1
0
0
%


1
.
0

N
e
t
w
ork

T
e
c
h
nol
o
gies

1.1

E
xpl
a
in

t
he

f
u
ncti
o
n

of

c
o
m
m
on

ne
tw
o
r
king

pro
t
o
c
ols



T
CP

Transmi ssion Control Protocol


One to One



Connection oriented
: means that a connecti on must be
establ i shed before data can be exchanged


reliable communication



uses a
three
-
way handshake

to
establ i sh thi s connecti on



works
at TRANSPORT Layer (

4 ) of the OSI
and TCP/IP
model

(Layer 3)



F
T
P

(TCP)

File Transfer Protocol


provides
connection oriented file transfer

between a client and a server


it was
originally used to transfer files between UNIX systems, and is now the most popular file transfer protocol on
the Internet


uses
TCP port 21

for
control

and
TCP port 20

for
data transport



works at APPLICATION
Layer ( 7 ) of the OSI

model and TCP/IP model (Layer 4)



UDP

User Datagram Protocol



Connectionless
: we don’t need to establ i sh a connecti on fi rst (we just hope the
other recei ves the message)


unreliable communications



typi cal ly
used in streaming
, because i n a
streami ng i f you mi ss a protocol you can’t ask agai n for i t, musi c/vi deo wi l l just ski p



works at TRANSPORT
Layer ( 4 ) of the OSI
and TCP/IP
model

(Layer 3)



T
C
P
/IP

s
u
i
t
e

stands for Transmission Control Protocol / Internet Protocol


it’s the
basic communication protocol of the
Internet



although it was designed to be an Internet protocol, it can also be used as a communication protocol
in a private network


TCP/IP architecture is based off the 4 layer
DARPA model
, where
each layer
corresponds to one or more of the layers of the 7 laye
r OSI model



each of the 4

layers have individual
protocols which all work together to form a
protocol stack



DHCP

(UDP)

Dynamic Host Configuration Protocol


used for
assigning dynamic IP addresses

to devices on a network


simplifies network administration by keeping track of IP addresses in a database rather than an administrator
having to manage and assign them manually


uses
UDP ports 67

and
68

-

works at APPLICATION Layer ( 7
) of the OSI
model and TCP/IP model (Layer 4)



T
F
T
P

(UDP)

Trivial File Transfer Protocol


provides
connectionless file transfer

functions


is a simple and small
protocol, which makes it
suitable for transferring small amounts of data



it’s primarily used for updating
devices such as routers and switches


another common use is transferring the data required to boot a diskless
system over the network


uses
UDP port 69



works at APPLICATION Layer ( 7 ) of the OSI model and
TCP/IP mod
el (Layer 4)



DNS

(TCP/UDP)

Domain Naming System


is a standard name service
that allows your computer to register and resolve
domain names

(or host names)


uses
TCP port 53

for
zone transfer

(when you transfer DNS data) and
UDP
port 53

for
lookups

(client to server)



works at APPLICATION Layer ( 7 ) of the OSI model and TCP/IP
model (Layer 4)






H
T
T
P
(
S
)

(TCP)

Hypertext Transfer Protocol


was originally designed for transferring World Wide Web documents and has
been extended to transfer other
types of files as well



its most common use is transferring web pages between
a web browser and a web server


uses
TCP port 80

by
default

(it can be changed in your web browser)

HTTPS
: i s used i n exactl y the same way as the HTTP protocol, the di fference i s that uses
SSL

(Secure Sockets
Layer) to send data i n an encrypted form and to authenti cate the server


uses
TCP port 443

by defaul t



works at APPLICATION Layer ( 7 ) of the OSI mod
el and TCP/IP model (Layer 4)


A
RP

Address Resol uti on Protocol


Resolves an IP address to hardware address

(MAC address)



works at the
Internet Layer ( 2 ) of the TCP/IP model , NETWORK Layer ( 3 ) of the OSI model



S
IP

(
V
o
I
P
)

Session Initiation Protocol


can
establish, modify and terminate multimedia sessions

(no data transfer!) or
calls


examples of multimedia sessions include multimedia conferences, distance learning, and Internet
telephony



works at APPLICATION Layer ( 7
) of the OSI model and TCP/IP model (Layer 4)



R
T
P

(
V
oI
P
)

Real
-
Time Transport Protocol


provides
end
-
to
-
end network transport functions suitable for applications
transmitting real
-
time data

such as audio, video or simulation data, over multicast or unicast network services
(doesn’t manage sessions, just transmits data)



works at APPLICATION Layer ( 7 ) of the OSI model and
TCP/IP model (Layer 4)



SSH

(TCP)

Secure Shell


can be used to provide
similar functionality as Telnet, but is much more secure



SSH
employs
encryption through certificates

and authenticates the server to the client


operates on
TCP port 22



works at
APPLICATION Layer ( 7 ) of the OSI
model and TCP/IP model (Layer 4)



P
O
P
3

(TCP)

Post Office Protocol


used
to retrieve email



can be used to access the Inbox folder only


clients connect to
TCP port 110



works at APPLICATION Layer ( 7 ) of the OSI model and TCP/IP model (Layer 4)



N
T
P

(UDP)

Network Time Protocol


used to provide accurate time synchronization by synchronizing the time of a
computer to a reference time source, such as an NTP server, a radio or a satellite receiver


is capable of
synchronizing distributed clocks to the
millisecond


uses
UDP port 123



works at APPLICATION Layer ( 7
) of the OSI model and TCP/IP model (Layer 4)



IM
A
P
4

(TCP)

Internet Message Access Protocol


also
used to retrieve email
, but unlike POP3 it
can be used to access all
server
-
based messaging

folders

thereby eliminating the need for a local repository


connect to
TCP port 143



works at APPLICATION Layer ( 7 ) of the OSI model and TCP/IP model (Layer 4)



T
e
l
n
e
t

(TCP)

is a terminal emulation protocol that
allows remote access to a system



can also refer to software which can
be used by a client to remotely connect to and configure operating systems and network devices


telnet is
considered insecure mainly because it sends username and password information in clear text, therefore
should

be replaced with SSH


uses
TCP port 23



works at APPLICATION Layer ( 7 ) of the OSI model and
TCP/IP model (Layer 4)



S
M
T
P

(TCP)

Simple Mail Transfer Protocol


used for
sending email

to and between email servers


uses
TCP port 25



works at
APPLICATION Layer ( 7 ) of the OSI model and TCP/IP model (Layer 4)



S
N
M
P
2
/
3

(TCP/UDP)

Simple Network Management Protocol


used for
network management



it works by having network devices,
acting as agents, collecting information and providing that information to SNMP managers


uses
UDP port
161



works at APPLICATION Layer ( 7 ) of the OSI model and TCP/IP model (Layer 4)



ICMP

Internet Control Message Protocol


Diagnostic and error reporting



used to attempt to make TCP/IP
communication more reliable


if you want to send data, and data is unable to get to destination, ICMP would
come back to let you know that



works at the
I
nternet Layer ( 2 ) of the TCP/IP model , NETWORK Layer (



3 ) of the OSI model



I
G
MP

Internet Group Management Protocol


Manages IP multicast group membership



works at the
Internet
Layer ( 2 ) of the TCP/IP model , NETWORK Layer ( 3 ) of the OSI model



T
LS

Transport Layer Security


protocol for establishing a secure connection between a client and a server


is
capable of authenticating both the client and the server creating an encrypted connection

between the two


is
considered to be a
replacement
for SSL

(Secure Sockets Layer)



works at APPLICATION Layer ( 7 ) of the
OSI model and TCP/IP model (Layer 4)


1.2

Ide
nt
ify

c
om
m
only

u
s
e
d

TCP

and

U
DP

d
efa
u
lt

p
o
r
t
s

Ports


16
-
bit

numbers between 0 and 65,535 assigned to a particular TCP/IP session → all TCP/IP packets
contain port numbers that the communicating computers use to determine both the kind of session (and thus
what software protocol to use) and how to get the packet re
sponse back to the sending machine → each packet
has 2 ports assigned:

1.
Destination port

(which is a fixed predeterminated number that defines the session type, commonly in the
range 0


1023)

2.
Ephemeral port

(arbitrary number generated by the sending machine for the receiver to return the packet;
they usually fall in the range 1024


5000)



1.3

Ide
nt
ify

the

follo
w
ing

ad
d
r
e
s
s

fo
r
ma
t
s


I
P
v
6




-

128 bits

long

-

displayed in
16 bit hexadecimal

blocks (Ex. FE80:0000:0000:0000:05EE:00FF:0238:47B1)

-

simplify by
suppressing the leading 0’s

(Ex. FE80:0:0:0:0:5EE:FF:238:47B1)

-

Further compress by
expressing a single contiguous set of 0 blocks into “::”

(Ex.
FE80::5EE:FF:238:47B1)



I
P
v
4

IP Address



a
32 bit

address that is used to uniquely identify a computer on a network


the
Network ID

portion of the IP address
identifies the network where the computer sits



the
Host ID

portion of the IP
address
uniquely identifies the computer on its network



each of the 4 numbers in an IP Address is called an
octet

(
8 bits
)



a
bit

is a 1 or a 0



Each octet can only have a
number from 0 to 255

(00000000 = 0 ; 11111111 = 255)



the
first octet cannot be 127

(reserved for diagnostic); 127.0.0.1 is known as the
loopback address

(or
localhost)



the
Host ID

cannot be all 0s or all 255s

(all 0s represents the
Network ID



all 255s is the
broadcast
address
)


M
A
C

a
d
d
r
e
ss
i
ng

Media access
control address

(
MAC

address or physical address) → is represented as
12 hex characters


first 6 are the Organizationally Unique Identifier (
OUI
) issued by the IEEE (Institute of Electrical and
Electronics Engineers) → last 6 are the
device ID
→ no 2 NICs

ever shar
e the same



1.4

G
iv
e
n

a s
c
e
n
a
r
io,

e
v
a
lua
t
e

t
h
e

pro
p
e
r

use

of

the

f
o
llo
w
ing

ad
d
r
e
s
sing
t
e
c
hnolo
g
ies

and

ad
d
r
es
sing

s
c
h
e
mes

A
d
d
r
e
ssi
ng

T
e
c
h
n
o
l
o
g
i
es


S
u
b
n
e
t
t
i
n
g

Subnetting



is the
process of taking a large network and dividing it into smaller
networks

to increase
efficiency and manageability


C
l
a

f


v
s
.


a

l
e
s
s

(e.
g
.

CIDR,
S
u
p
ernet
t
i
n


Originally IP Addresses where divided into different
class ranges
:

-

A Class
: 1


126



255.0.0.0

-

B Class
: 128


191


255.255.0.0

-

C Class
: 192


223


255.255.255.0

-

D Class
: 224


239


Multicast transmissions

-

E Class
: 240


243


Experimental


Class A



Networks 126


Hosts

16,777,214


Class B



Networks 16,384

Hosts

65,534



Class C



Networks 2,097,152

Hosts

254




Total of 3,720,314,628 host add
resses available

What do you do if you have 2,000 Hosts?

-

Pick Class B and waste 63,000 + addresses

-

Take 8 Class C’s and have cluttered routing table entries

Solution: Classless Interdomain Routing (
CIDR
) with Variable Length Subnet Masks (
VLSM
)

Without
CIDR Notation: 192.168.10.1


255.255.255.248

With CIDR Notation: 192.168.10.1
/29



number of
bits that represents the Network ID

in binary



N
A
T

Hosts assigned private IP Addresses can get to the Internet through a technology called Network Address
Translation (
NAT
)


NAT Server changes the header of packets, replacing the private address of the client
with its own public address, and when the receiving packets get back it reverses the process

and changes its
public destination address with the clien
t private address


helps to
deal with IP addresses shortage

problem
and
helps securing the LAN

hiding the private IP addresses
-

Proxy servers works similarly, but have more
features (ex. Web pages caching)


PAT

Port Address Translation
is a mean

for multiple devices on a private network to share one public network
address
-

It is a network device feature which modifies incoming and outgoing Internet Protocol (IP) packets
-

The IP address and port number are both altered, preventing the public net
work from directly accessing hosts
on the private network.


S
N
A
T

Static NAT

is done through one to one IP address translation of one internal IP address to one external IP
address where NAT is effectively one external address to many internal IP addresses.



P
u
b
li
c

v
s
.

p
ri
v
a
te

Private addresses

have been reserved from Public Internet use:

-

10.0.0.0





10.255.255.255 (1 class A license)

-

172.16.0.0



172.31.255.255 (16 class B licenses)

-

192.168.0.0



192.168.255.255 (256 class C licenses)

-

169.254.0.0



169.254.255.255 (reserved for
APIPA



Automatic Private IP Addressing)

Private means that they
cannot be used on Internet
, but just for internal local networks


more networks can
use these addresses ranges (internally), because they will never happen to

see each other and never go in
conflict





DHCP

(
s
ta
t
i
c
,

d
y
n
a
m
i
c

A
P
I
PA
)

Computers get IP addresses
:

1


Statically
: means you
manually type the IP address/subnet mask/default gateway

when you configure the
hosts

2


From a DHCP

(Dynamic Hosts Configuration Protocol)
Server
: you have a server that has a pool of IP
addresses and a client would dynamically ask for one

3


Using APIPA

(Automatic Private IP Addressing):
when no DHCP server answers the DHCP request
from client
, client

will automatically assign itself an APIPA address (169.254/16)


works only for small
networks


no way to get on the Internet with this address

Older Dynamic IP addressing used
BOOTP

(Bootstrap Protocol)


A
d
d
r
e
ssi
ng

sc
h
e
m
es





i
c
a
s
t

One to One


M
ul
t
i
c
a
s
t

One to Many


used mainly in streaming



B
r
o
a
d
c
a
s
t

One to All


uses UDP protocol


1.5

Ide
nt
ify

c
om
m
on

I
P
v4

a
n
d

I
P
v
6

r
ou
t
ing

pro
t
ocols

L
i
nk

s
ta
t
e

Link State Routing



based on the concept to announce and forward individual route changes as they appear
-

each
router builds a map of the entire network



LSA
s (Link State Advertisements, or hello packets) are
used
to communicate information about networks they are
connected to



communication
only takes place when a
change has been made


O
SP
F

Open Shortest Path First


most common IGP protocol, used in
medium to large networks



bases its paths off
“link states”


can also use
cost metrics

to give preference to certain paths


I
S
-
IS

Intermediate System to Intermediate System


uses the concept of areas and send only updates to routing
tables
-

Intermediate system is another name for a router



originally designed with the OSI model


D
i
s
ta
n
c
e

v
e
c
t
or

Distance Vector Routing



each
router communicates all the networks it knows about to the other routers to
which it is directly attached, transferring the entire routing table



communication takes place
on a regular
basis


RIP

Routing Information Protocol


maximum 15 hops



originally had
updates sent every 30 seconds



does
not
support authentication

and CIDR


uses
broadcast communication


RI
P
v
2

Maximum
15 hops



supports authentication

and CIDR


uses
multicast communication


B
G
P

Border Gateway Protocol


core routing protocol of the Internet



typically used by ISPs


H
y
br
i
d


E
I
G


Enhanced Interior Gateway Routing Protocol


evolved from
IGRP



uses the Diffusing
-
Update Algorithm
(
DUAL
)


each router
keeps a copy of its
neighbor’s routing tables



each
router periodically sends out a
“hello” packet to keep track of the “state” of its neighbors

(link state aspect)


1.6

E
xpl
a
in

t
he

p
u
r
pose

and

p
r
ope
r
t
i
e
s

of

r
ou
t
ing


I
G
P

v
s
.

E
G
P




IGP
: Interior Gateway Protocol


a
routing
protocol used to exchange information between routers within a
LAN

(ex. BGP)

EGP
: Exterior Gateway Protocol


a
routing protocol used to route information outside a local network,
typically out to the Internet

Protocol

Type

IGP or BGP?

Notes

RIPv1

Distance
vector

IGP

Old; only used classful subnets

RIPv2

Distance
vector

IGP

Supports CIDR

BGP
-
4

Distance
vector

BGP

Used on the Internet, connects Autonomous

Systems

OSPF

Link state

IGP

Fast, popular, uses Area IDs (Area
0/backbone)

IS
-
IS

Link state

IGP

Alternative to OSPF

EIGRP

Hybrid

IGP

Cisco proprietary


S
ta
t
i
c

v
s
.

d
y
n
a
m
i
c

Static Routing



all routers have to have their routing table configured and updated manually

Dynamic Routing



routers communicate with each other to share their routing
information

with each other


Ne
x
t

h
o
p

Hop



number of routers the packets have to travel to in order to get to their destination


Und
e
rs
t
a
n
d
i
ng

r
o
ut
i
ng

t
a
bl
es

a
n
d

h
o
w

th
e
y

p
ert
a
i
n

t
o

p
a
th

s
e
l
e
c
t
i
on

Routing tables

are used by network devices in order to
determine where a packet should be sent

in an attempt
to get it routed to its final destination


you can see it typing “route print” in CLI

Network Destination

and
Netmask



determine the list of potential destinations

Gateway



express
IP address for the

next router



on
-
link

means directly to the destination IP address

Interface

-

which
network card

we are going to send the packet out on to get to the gateway

Metric



is a number which
determine which would be the best route if there are more than one



smaller is
faster

All of these information will be lost after reboot.

Persistent Routes



indicates the
routes that will be stored and available after reboot


E
x
p
l
a
i
n

c
o
n
v
erg
e
n
c
e

(
s
te
a
d
y

s
t
a
te)

Convergence
(or
steady state
): when changes are made to a network every router on the network will need to
make the appropriate changes to their routing tables in order to accommodate the changes


this could be the
addition or deletion of a router or could simply be a change in metr
ics for a path


convergence is the process
of all routers becoming aware of changes to a network


1.7

C
o
m
p
a
r
e

t
h
e

ch
a
r
a
c
t
e
r
is
t
ics

of

w
i
r
el
e
s
s

c
om
m
un
ic
ati
o
n

standa
r
d
s


8
0
2
.
11

a
/b
/
g
/n

o
S
p
e
e
d
s

o
D
i
s
ta
n
c
e

o
Cha
n
n
el
s

o
Fr
e
q
u
e
n
c
y

802.11a



uses the
5Ghz

frequency


data rates up to
54 Mbps



Ranges less than
100 feet

and easily
obstructed

802.11b



uses
2.4Ghz

frequency


data rates up to
11 Mbps



ranges up to
300 feet outdoors

and
100 feet
indoors

(where there are walls or other obstructions)


sometim
es you get interference with other devices
because 2.4Ghz is very populated

802.11g



uses
2.4Ghz

frequency


data rates up to
54 Mbps



ranges up to
300 feet outdoors

and
100 feet
indoors



backward compatibility with .b

802.11n



uses both the
2.4Ghz

and

5Ghz

frequencies


data rates up to
100 Mbps



ranges up to
1000 feet



uses
MIMO

(Multiple In Multiple Out)
sends more than one signal at a time

RF Channels used by 802.11 b/g





Each
channel

has a
frequency range

(approximately
30 Mhz
)
-

if you have more than a access point, you can
avoid overlap by configuring them work in different channels


channels
1, 6, 11

don’t overlap

RF Channels used by 802.11a



A
ut
h
e
n
t
i
c
at
i
on

a
n
d

e
n
c
r
y
p
t
i
on

o
W
P
A

Wi
-
Fi Protected Access


designed as an improvement to WEP


utilizes TKIP which uses a hashing
algorithm to scramble the encryption keys



uses the Extensible Authentication Protocol (
EAP
) which is
based off public
-
key encryption technology

which is a muc
h more secure way
to verify authorized network
users

(not only machines)

o
W
E
P

Wired Equivalency Privacy


it was used in the early stages of wireless networking


it is very easy to
configure


it
provides encryption

for all data transmitted over the wireless network


originally used a 40 bit
encryption key, but later advanced to using 128 bit encryption



was later found to be very easily cracked

o
R
A
DI
U
S

802.1x



requires the use of
Certificates

and
RADIUS



certificates

can be used to provide a
higher level of
authentication

of the user and/or computer attempting to connect


A
RADIUS server

is used to
centralize
the connection requests

to the wireless network (but can be used on any network)

o
T
K
IP




2
.
0

N
e
t
w
ork

M
edia

a
n
d

T
opologi
e
s


2.1

Categ
o
r
i
z
e

sta
n
da
r
d

c
a
b
l
e

types

and

their

p
r
ope
r
t
i
es

T
y
p
e
:


C
A
T


C
A
T


C
A
T
5
e
,

C
A
T
6


S
T
P
,

U
T
P


M

t
i
m
o
d
e

f
i
b
e
r
,


n
g
l
e
-
m
o


f
i
b
e
r


Coa
i
a
l

o
R
G
-
59

o
R
G
-
6


S

i




e
n
u
m

v
s
.

Non
-
p
l
e
n
u
m

P
r
o
p

t
i
e
s
:


T
r
a

m

s
i


s
p
e
e



D
i
s

n
c
e


Dup
l




i
s
e

i
m
m
u

t
y

(
s
e
c
uri
t
y
,

E
MI)


F
r
e
q
u
e
n
c
y


2.2

Ide
nt
ify

c
om
m
on

co
n
n
e
ct
o
r

types




R
J
-
11




R
J
-
45




B
NC




SC




ST




LC




R
S
-
2
3
2


2.3

Ide
nt
ify

c
om
m
on

p
h
y
s
ic
a
l

ne
tw
o
r
k

t
o
polo
g
ies




S
tar




M
e
s
h




B
us




R
i
ng




P
o
i
nt

t
o

p
o
i
nt




P
o
i
nt

t
o

m
u
l
t
i
p
o
i
nt




H
y
br
i
d


2.4

G
iv
e
n

a s
c
e
n
a
r
io,

d
if
f
e
r
e
n
t
iate

and

im
p
l
ement

ap
p
r
op
r
iate

w
i
r
ing

stand
a
r
ds




56
8
A




56
8
B




S
tra
i
g
h
t

v
s
.

cr
o
s
s
-
o
v
er




Ro
l
l
o
v
er




L
o
o
p
b
a
c
k




2.5

Categ
o
r
i
z
e

W
AN

t
e
c
hnol
o
gy

types

and

pro
p
e
r
t
ies

T
y
p
e
:




F
r
a
m
e

re
l
a
y




E
1/
T
1




A
D
S
L




S
D
S
L




V
D
S
L




Cab
l
e

m
o
d
em




S
at
e
l
l
i
te




E
3/
T
3




O
C
-
x




W
i
r
e
l
e
s
s




A
T
M




S
O
N
E
T




M
P
L
S




I
S
DN

B
RI




I
S
DN

P
RI




P
O
T
S




PS
T
N
P
r
o
p
er
t
i
es




C
i
rc
u
i
t

s
w
i
t
c
h




P
a
c
k
et

s
w
i
t
c
h




S
p
e
ed




T
r
a
ns
m
is
s
i
on

m
e
di
a




D
i
s
ta
n
c
e


2.6

Categ
o
r
i
z
e

LAN

te
c
hnol
o
gy

types

and

pro
p
e
r
t
ies

T
y
pe
s
:




E
th
e
r
n
e
t




1
0
B
a
s
eT




1
0
0
B
a
s
e
T
X




1
0
0
B
a
s
eFX




1
0
0
0
B
a
s
eT




1
0
0
0
B
a
s
eX




1
0
G
B
a
s
e
S
R




1
0
G
B
a
s
e
LR




1
0
G
B
a
s
e
E
R




1
0
G
B
a
s
e
S
W




1
0
G
B
a
s
e
L
W




1
0
G
B
a
s
e
E
W




1
0
G
B
a
s
eT
P
r
o
p
er
t
i
es




C
S
M
A
/CD




B
r
o
a
d
c
a
s
t




Co
l
li
si
on




B
o
n
d
i
ng




S
p
e
ed




D
i
s
ta
n
c
e




2.7

E
xpl
a
in

com
m
on

lo
g
i
c
al

net
w
o
r
k

t
o
polo
g
ies

and

their c
h
a
r
a
cter
i
stics




P
e
e
r

t
o

p
e
e
r




C
l
i
e
n
t/
s
e
r
v
er




VPN




V
L
A
N


2.8

Ins
t
all

componen
t
s

of

w
i
r
ing

dis
t
r
ib
ut
ion




V
ert
i
c
a
l

a
nd

h
o
ri
z
o
nt
a
l

cr
o
s
s

c
o
n
n
e
c
ts




P
atch

p
a
n
e
l
s




66

b
l
o
c
k




MDFs




IDFs




25

p
a
i
r




1
0
0

p
ai
r




1
1
0

b
l
o
c
k




De
m
arc




De
m
a
r
c

e
x
te
n
s
i
on




S
m
art

j
a
c
k




V
eri
f
y

w
i
ri
ng

i
n
s
t
a
ll
a
t
i
o
n




V
eri
f
y

w
i
ri
ng

t
er
m
i
n
a
t
i
on


3
.
0

N
e
t
w
ork

D
e
v
i
c
es



3.1

Ins
t
al
l
,

c
on
f
ig
u
r
e

a
nd

di
f
f
e
r
en
t
iate

be
tw
e
e
n

c
o
m
m
on

ne
tw
o
r
k

dev
i
c
e
s




Hub




Rep
e
at
e
r




Modem




NIC




M
e
d
i
a

c
o
n
v
erte
r
s




B
a
s
i
c

s
w
i
t
c
h




B
r
i
d
ge




W
i
r
e
l
e
s
s

ac
c
e
s
s

p
oi
nt




B
a
s
i
c

ro
u
ter




B
a
s
i
c

f
i
r
e
w
a
l
l




B
a
s
i
c

D
H
CP

s
e
r
v
er


3.2

Ide
nt
ify

t
h
e

f
u
ncti
o
ns

of

s
pe
c
ia
l
i
z
ed

ne
tw
o
r
k

d
e
vi
c
es




M
ul
t
i
l
a
y
e
r

s
w
i
t
c
h




Con
t
e
nt

s
w
i
t
c
h




ID
S
/
I
P
S




L
o
ad

b
a
l
a
n
c
er




M
ul
t
i
f
u
n
c
t
i
on

n
e
t
w
ork

d
e
v
i
c
es




DNS

s
e
r
v
er




B
a
n
d
w
i
dth

s
h
a
p
er




P
r
o
x
y

s
e
r
v
er




C
S
U/
D
S
U




3.3

E
xpl
a
in

t
he

a
d
v
anced

f
ea
t
u
r
es

of

a switch




P
o
E




S
p
a
n
n
i
ng

tree




V
L
A
N




T
r
u
n
k
i
ng




P
ort

m
i
rr
ori
n
g




P
ort

a
ut
h
e
n
t
i
c
at
i
on


3.4

Im
p
lement

a

b
a
s
i
c

wir
e
l
e
ss

ne
tw
o
r
k




Insta
l
l

cl
i
e
n
t




A
cc
e
s
s

p
oi
nt

p
l
a
c
e
m
e
n
t




Insta
l
l

a
cc
e
s
s

p
o
i
nt

o

Con
f
i
g
u
r
e

a
p
propr
i
ate

e
n
cr
y
pt
i
on

o

Con
f
i
g
u
r
e

c
h
a
n
n
el
s

a
n
d

fr
e
q
u
e
n
c
i
es

o

S
et

E
S
S
ID

a
n
d

b
e
a
c
on




V
eri
f
y

i
n
s
t
a
l
l
at
i
on


4
.
0

N
e
t
w
ork

M
anag
e
m
ent



4.1

E
xpl
a
in

t
he

f
u
ncti
o
n

of

e
a
ch

l
a
y
e
r

of

t
he

O
S
I

m
o
del




L
a
y
er

1



p
h
y
s
i
c
a
l




L
a
y
er

2



d
a
t
a

li
nk




L
a
y
er

3



n
e
t
work




L
a
y
er

4



tra
n
s
p
ort




L
a
y
er

5



s
e
ss
i
on




L
a
y
er

6



pre
s
e
n
ta
t
i
on




L
a
y
er

7



a
p
p
l
i
c
at
i
on


4.2

Ide
nt
ify

types

of

co
nf
ig
u
r
ati
o
n

manage
m
ent

d
o
c
u
me
nt
ati
o
n




W
i
r
i
ng

sc
h
e
m
at
i
c
s




P
h
y
s
i
c
al

a
n
d

l
o
gi
c
a
l

n
e
t
w
o
r
k

d
i
a
g
r
a
m
s




B
a
s
e
l
i
n
es




P
o
l
i
ci
e
s
,

pro
c
e
d
ures

a
n
d

co
n
f
i
g
u
r
a
t
i
o
ns




Reg
u
l
a
t
i
o
n
s


4.3

G
i
v
en

a

s
c
e
n
a
r
io,

e
v
alua
t
e

t
h
e

net
w
o
r
k

bas
e
d

on

c
on
f
ig
u
r
ati
o
n

manage
m
ent
docu
m
en
t
ati
o
n




Co
m
p
a
r
e

w
i
r
i
n
g

s
c
h
e
m
at
i
c
s
,

p
h
y
s
i
c
al

a
n
d

l
o
g
i
c
a
l

n
e
t
work

d
i
a
g
r
a
m
s
,
b
a
s
e
l
i
n
e
s
,

p
o
li
ci
es

a
n
d

pr
o
c
e
d
ures

a
n
d

co
n
f
i
g
urat
i
o
n
s

to

n
e
t
w
ork

d
e
v
i
c
es
a
n
d

i
n
f
r
a
s
tru
c
ture




Upd
a
t
e

w
i
r
i
n
g

s
c
h
e
m
at
i
cs
,

p
h
y
s
i
c
al

a
n
d

l
o
g
i
c
a
l

n
e
t
w
o
r
k

d
i
a
g
r
a
m
s
,
c
o
n
f
i
g
u
r
a
t
i
o
n
s

a
nd

j
ob

l
o
gs

as

n
e
e
d
e
d


4.4

C
o
nduct

n
et
w
o
r
k

monito
r
ing

to

iden
t
ify

pe
r
f
o
r
m
a
n
ce

and

co
n
ne
c
t
iv
i
t
y

i
s
s
u
e
s
using

t
h
e

f
o
llo
w
in
g
:




Ne
t
w
ork

m
o
ni
tor
i
ng

u
t
i
li
t
i
es

(
e.
g
.

p
a
c
k
et

s
n
i
f
f
er
s
,

c
o
n
n
ec
t
i
v
i
t
y

s
o
f
t
w
ar
e
,

l
o
a
d

test
i
n
g,

thr
o
u
g
h
p
ut

t
e
s
ter
s
)




S
y
s
tem

l
o
g
s
,

h
i
s
to
r
y

l
o
g
s
,

e
v
e
n
t

l
o
g
s




4.5

E
xpl
a
in

d
if
f
e
r
ent

m
et
h
ods

a
nd

r
ati
o
na
l
es

for

ne
tw
o
r
k

pe
r
f
o
r
m
ance
op
t
imi
z
ati
o
n

M
e
t
h
o
d
s
:




Q
oS




T
r
a
f
f
i
c

s
h
a
p
i
n
g




L
o
ad

b
a
l
a
n
c
i
ng




H
i
gh

a
v
a
i
l
a
b
i
li
t
y




Ca
c
h
i
n
g

e
n
g
i
n
e
s




Fa
ul
t

to
l
eran
c
e

Reaso
n
s
:




L
a
t
e
n
c
y

s
e
n
s
i
t
i
v
i
t
y




H
i
gh

b
a
n
d
w
i
d
t
h

a
p
p
l
i
c
at
i
o
n
s

o

V
o
I
P

o

Vi
d
eo

a
p
p
li
c
a
t
i
o
ns




Upt
i
m
e


4.6

G
i
v
en

a

s
c
e
n
a
r
io,

im
p
le
m
ent

the

f
o
llo
w
ing

ne
t
w
o
r
k

tro
u
ble
s
hoo
t
ing
me
t
hodolo
g
y




In
f
o
r
m
at
i
on

g
at
h
eri
n
g



i
d
e
nt
i
f
y

s
y
m
p
t
o
m
s

a
n
d

p
r
o
b
l
em
s




Id
e
n
t
i
f
y

t
h
e

a
ff
e
c
ted

areas

of

t
h
e

n
et
w
ork




Det
e
r
m
i
ne

i
f

a
n
y
t
h
i
ng

h
a
s

c
h
a
n
g
ed




E
s
ta
b
li
s
h

t
he

m
o
s
t

p
r
o
b
a
b
l
e

ca
u
s
e




Det
e
r
m
i
ne

i
f

es
c
a
l
a
t
i
o
n

i
s

n
e
c
e
ss
a
r
y




C
r
e
a
te

an

ac
t
i
o
n

p
l
an

a
n
d

s
o
l
u
t
i
o
n

i
d
e
n
t
i
f
y
i
ng

p
o
t
e
n
t
i
al

e
ff
e
c
ts




I
m
p
l
e
m
e
n
t

a
n
d

test

t
h
e

so
l
ut
i
o
n




Id
e
n
t
i
f
y

t
h
e

re
s
u
l
ts

a
n
d

e
ff
e
c
ts

of

t
h
e

so
l
u
t
i
o
n




Do
c
u
m
e
n
t

t
h
e

s
o
l
u
t
i
on

a
n
d

the

e
nt
i
r
e

pro
c
e
s
s




4.7

G
iv
e
n

a s
c
e
n
a
r
io,

t
r
oubl
e
sh
o
ot

comm
o
n

co
n
ne
c
t
i
v
ity

i
s
s
u
es

and

s
e
l
e
c
t

an
ap
p
r
op
r
iate

solu
t
ion

P
h
y
s
i
c
al

i
ss
u
e
s
:




C
r
o
s
s

ta
l
k




Near

E
nd

cr
o
ss
ta
l
k




A
tt
e
n
u
a
t
i
o
n




Co
l
li
si
o
n
s




S
h
o
r
ts




O
p
e
n




I
m
p
e
d
a
n
c
e

m
is
m
atch

(e
c
h
o)




In
t
er
f
eren
c
e

L
o
g
i
c
al

i
ss
u
e
s
:




P
ort

s
p
e
ed




P
ort

d
u
p
l
ex

m
is
m
atch




Incor
r
e
c
t

V
L
A
N




Incor
r
e
c
t

IP

a
d
dre
s
s




W
r
o
n
g

g
at
e
w
a
y




W
r
o
n
g

DNS




W
r
o
n
g

su
b
n
e
t

m
a
s
k

I
ss
u
e
s

t
h
at

s
h
o
u
l
d

b
e

i
d
e
n
t
i
f
i
ed

b
u
t

es
c
a
l
a
te
d
:

o

S
w
i
t
c
h
i
n
g

l
o
o
p

o

Rou
t
i
ng

l
o
op

o

Rou
t
e

pro
b
l
e
m
s

o

P
r
o
x
y

arp

o

B
r
o
a
d
c
a
s
t

s
t
or
m
s

W
i
r
e
l
e
s
s

I
ss
u
e
s
:

o

In
t
er
f
eren
c
e

(
b
l
e
e
d,

e
n
v
i
r
o
n
m
e
n
tal

f
a
c
tor
s
)

o

Incor
r
e
c
t

e
n
c
r
y
p
t
i
on

o

Incor
r
e
c
t

c
h
a
n
n
el

o

Incor
r
e
c
t

f
r
e
q
u
e
n
c
y

o

E
S
S
ID

m
is
m
atch

o

S
ta
n
d
a
r
d

m
is
m
atch

(80
2
.
1
1

a
/
b
/g
/
n)

o

D
i
s
ta
n
c
e

o

B
o
u
n
c
e

o

Incor
r
e
c
t

a
n
t
e
n
n
a

p
l
a
c
e
m
e
n
t




5
.
0

N
e
t
w
ork

T
oo
l
s



5.1

G
iv
e
n

a s
c
e
n
a
r
io,

s
e
l
e
c
t

t
he

a
pp
r
op
r
i
ate

co
m
m
and

line

in
t
e
r
f
a
ce

tool

a
nd
in
t
e
r
p
r
et

t
he

o
ut
put

to

v
e
r
ify

f
u
ncti
o
nal
i
t
y




T
r
a
c
eroute




Ipco
n
f
i
g




I
f
c
o
n
f
i
g




Pi
n
g




A
r
p

p
i
ng




A
r
p




N
s
l
o
o
k
up




Ho
s
tn
a
m
e




D
i
g




Mtr




Rou
t
e




Nbt
s
tat




Net
s
tat


5.2

E
xpl
a
in

t
he

p
u
r
pose

of

n
e
tw
o
r
k

s
c
a
n
n
e
r
s




P
a
c
k
et

s
n
i
ff
ers




In
t
r
u
s
i
o
n

d
e
tect
i
on

s
o
ft
w
are




In
t
r
u
s
i
o
n

p
r
e
v
e
nt
i
on

s
o
ft
w
a
r
e




P
ort

sc
a
n
n
ers


5.3

G
iv
e
n

a s
c
e
n
a
r
io,

ut
ilize

the

a
pp
r
op
r
i
ate

h
a
r
d
w
a
r
e

t
o
ols




Cab
l
e

t
e
s
t
ers




P
r
ot
o
c
o
l

a
n
a
l
yz
er




Cert
i
f
i
ers




T
DR




O
T
DR




M
ul
t
i
m
et
e
r




T
o
n
er

p
r
o
b
e




B
utt

s
e
t




P
u
n
c
h

d
o
wn

t
o
ol




Cab
l
e

str
i
p
p
e
r




S
n
i
ps




V
o
l
ta
g
e

e
v
e
nt

r
e
c
order




T
e
m
p
e
r
at
u
r
e

m
o
ni
tor




6
.
0

N
e
t
w
ork

S
e
c
ur
i
t
y



6.1

E
xpl
a
in

t
he

f
u
ncti
o
n

of

h
a
r
d
w
a
r
e

and

so
ftw
a
r
e

s
e
c
u
r
ity

de
v
ic
e
s




Ne
t
w
ork

b
a
s
ed

f
i
r
e
w
a
l
l




Ho
s
t

b
a
s
e
d

f
i
r
e
w
a
l
l




IDS




I
P
S




VP
N

c
o
n
c
e
n
t
r
at
o
r



6.2

E
xpl
a
in

com
m
on

fe
a
t
u
r
es

of

a

f
i
r
ewa
l
l




A
p
p
li
c
a
t
i
o
n

l
a
y
er

v
s
.

n
e
t
work

l
a
y
er




S
ta
t
e
f
ul

v
s
.

s
t
at
e
l
e
s
s




S
c
a
n
n
i
n
g

ser
v
i
c
es




Con
t
e
nt

f
il
t
eri
n
g




Si
g
n
a
t
ure

i
d
e
n
t
i
f
i
c
a
t
i
on




Zo
n
es


6.3

E
xpl
a
in

t
he

met
h
ods

of

n
et
w
o
r
k

a
c
c
e
ss

s
e
c
u
r
ity

F
il
te
r
i
n
g
:




A
CL

o

M
A
C

f
i
l
ter
i
ng

o

IP

f
il
t
eri
n
g




T
u
n
n
el
i
ng

a
n
d

e
n
c
r
y
p
t
i
on


o
o
o
o
o

S
S
L

V
P
N
VPN
L
2
T
P
PP
T
P
I
P
S
E
C




m


e


c
e
s
s


o

R
A
S


o

RDP


o

P
P
P
o
E


o
o

P
P
P

V
NC


o

ICA


6.4

E
xpl
a
in

m
et
h
ods

of

us
e
r

au
t
hen
t
ic
a
t
ion




PKI




K
erberos




A
A
A

o

R
A
DI
U
S

o

T
A
C
A
C
S
+




Ne
t
w
ork

ac
c
e
s
s

c
o
n
trol

o

8
0
2
.
1x




CH
A
P




M
S
-
C
H
A
P




E
A
P




6.5

E
xpl
a
in

iss
u
es

that

af
f
e
ct

d
e
v
i
c
e

s
e
curity




P
h
y
s
i
c
al

s
e
c
uri
t
y




Re
s
tr
i
c
t
i
n
g

l
o
c
al

a
n
d

re
m
ote

ac
c
e
s
s




S
e
c
ure

m
et
h
o
d
s

v
s
.

u
n
s
e
c
ure

m
et
h
o
d
s

o

SS
H
,

H
TT
PS
,

S
N
M
P
v
3,

S
FT
P
,

S
CP

o

T
E
LN
E
T
,

HT
T
P
,

F
T
P
,

R
S
H,

RC
P
,

S
N
M
P
v
1
/2


6.6

Ide
nt
ify

co
m
m
o
n

s
e
c
u
r
i
t
y

th
r
e
a
t
s

and

mi
t
iga
t
ion

t
e
ch
n
iq
u
es

S
e
c
uri
t
y

t
hre
a
ts




DoS




Vi
r
u
s
es




W
o
r
m
s




A
tt
a
c
k
ers




M
a
n

i
n

t
he

m
i
d
d
l
e




S
m
u
r
f




Rog
u
e

a
cc
e
s
s

p
o
i
nts




S
o
c
i
a
l

e
n
g
i
n
e
eri
n
g

(p
h
i
s
h
i
n
g)
M
i
t
i
g
a
t
i
o
n

t
e
c
h
n
i
q
u
es




P
o
l
i
ci
es

a
n
d

pro
c
e
d
ures




U
s
er

t
r
a
i
n
i
ng




P
atch
e
s

a
n
d

u
p
d
a
tes