Chapter 1 Introduction to Networking

1. How Networks are Used

Network services: resources a network makes available to its users, include applications and
data provided by the applications.
a. Client Server Application
First computer is client, request info from second computer: server. Communicate
through protocols
 Web service: serves up web pages to client. Primary protocol used is HTTP
(Hypertext Transfer Protocol) layer on top of SSL (Secure Sockets Layer) or TLS
(Transport Layer Security), it is HTTPS (HTTP Secure).give secure transmission.
 Email services: client-server application that involves 2 servers the client uses
SMTP (Simple Mail Transfer Protocol) to send a mail to the first server, SMTP
server, first server sends message to receivers server, stored until recipient
request delivery. Receiver mail delivers message to receiver using POP3(Post
Office Protocol version 3) email is downloaded to client computer, or
IMAP4(Internet Message Access Protocol version 4) client application manages
email stored on server.
 FTP service: client-server application that transfers files between 2 computers.
FTP is not secure does not provide encryption.
 Telnet services: Telnet protocol used by Telnet client-server command line
application to allow an administrator to remote in or control a computer
remotely.
 Remote Desktop: in Windows Remote Desktop application uses RDP
 Remote applications is an application that is installed and executed on a server
and is presented to a user working at a client computer, client computer require
less computing power and desk side support.

b. File and Print Services

File services are server’s ability to share data files and disk storage space, such a
computer is a file server, serves data to users, users do not keep copies of data on their
workstations. Data stored at a central location is more secure, easier for network
administrator to take charge of it, make backups.
Print services Share printers across a network

c. Communications Services
Same network to deliver multiple types of communications (Video, voice, fax) is
convergence. Unified communications (UC) is centralized management of multiple
network-based communications. Use one software program to manage all the
applications.
- Conversational voice: (VoIP) allows voice conversation over network, use
point-to-point model, not client-server model, so each computer involved is
independent from the other computers. Conference call use point-to-
multipoint model with transmitter and multiple transceivers.
- Streaming live audio and video: video teleconference (VTC) like Skype or
Google Talk, point-to-point model. Watching live sport is client-server model,
 client server called multicast distribution. Session layer protocol to transmit
audio and video in conjunction with VoIP is RTP (Real-time Transport
Protocol)
- Streaming stored audio or video: like videos on YouTube, client server model.

Voice and video transmission are delay sensitive- don’t want to hear breaks in
conversation. Loss of data can be tolerated (skipping a frame) = loss tolerant.

QoS (Quality of Service) provided by network

2. Controlling Network Access

Topology = how parts of whole work together.
- Physical topology: hardware layout
- Logical topology: software and how network is controlled.

Operating system control how users and programs get access to resources on network using:

a. Peer-to-Peer Network Model

Without centralized control, computers are nodes/ hosts on network and form logical
group of computers that let users share resources.
Administration, resources and security on a computer is controlled by that computer.
Examples: Windows 7, Windows 8.1, Linux, Mac OS X, for mobile devices: iOS, Android
and Blackberry

How it works:
Each computer has its own local account that works on that computer, each computer
has a list of the users and their rights on that PC, windows then allows a user to access
local resources. Using a homegroup, each computer shares files, folders, libraries and
printers with other computer in that homegroup. The homegroup limits how sharing
can be controlled for individual users.

Less than 15 computers it is a good method, simple to configure, less expensive.

BUT they are not scalable, not very secure

b. Client-Server Network Model

Managed by NOS (Network Operating System) via centralized directory database.
Windows server controls network access to a group of computers called domain.
Centralized directory database with user account info and security is Active Directory
(AD). Each user has own domain-level account called global account/global
username/network ID, assigned by network administrator and stored in AD, process
managed by Active Directory Domain Services (AD DS).
Example: Windows Server 2012 R2, Ubuntu Server, Red Hat Linux.
- Managing data and other resources for many clients
- Ensuring that only authorized users access the network
- Controlling which types of files a user can open and read
- Restricting when and from where users can access the network.
- Dictating which rules computers will use to communicate
 Servers with NOS require more memory, processing power and storage

Advantages:

- User accounts and passwords are assigned in one place

- Access to share resources centrally granted to users
- Problems are monitored, diagnosed and fixed in one location
- Easily scalable.

3. Networking Hardware and Physical Topologies

a. LANs and their Hardware
Small space, office or building. A switch receives incoming data from one of its ports
and redirects it to another port that sends the data to its destination.
Uses star topology, switch is central device. .
Onboard network port is embedded in motherboard, plug network cable into it
NIC (Network Interface Card) or network adapter, installed in an expansion slot on
motherboard, type of port.
Backbone is central conduit that connects the segments of a network. Use higher
transmission speed and different cabling, bus topology, from where each switch is
connected to its computers with star topology. Combination of topologies are hybrid
topology.
Ring topology: one node is connected to its neighbouring nodes.
Router: used to connect LAN with other networks. Device that manages traffic between
2 or more networks, finds the best path for traffic. Stands between LAN and internet.
Difference between switch and router: switch belongs only to its local network, ‘n
router belongs to 2 or more networks.
Host: a computer on a network that hosts a resource or application or data.
Node: computer or device on net work that can be addressed on the local network.

b. MANs and WANs

Group of LANs = MAN (Metropolitan Area Network) CAN (Campus Area Network), same
geographical area.
Wide geographical area = WAN

4. The Seven-Layer Model

OSI model developed to categorise layers of communication

All People Seem To Need Data Processing

a. Layer 7: Application Layer
Interface between 2 applications.
HTTP, SMTP, POP3, IMAP4, FTP, Telnet and RDP
Application programs provide service to user (like a browser)
Utility program that provide service to the system, SNMP

b. Layer 6: Presentation Layer

Reforming, compressing encrypting data so that the application on the receiving end
can read it.
An email are encrypted on this layer by email client or operating system.

c. Layer 5: Session Layer

How data between applications is synced and recovered if messages don’t arrive intact.
Skype application works with OS, establish and maintain a session between 2 end points
for as long as conversion lasts.

d. Layer 4: Transport Layer

Transporting application layer payloads from one application to another.
- TCP guarantees delivery: makes connection with end user, check if data is
received, resends if not. Connection-oriented protocol. Used by web
browsers.
- UDP: No guarantees, used for broadcasting, connectionless protocol, best-
effort protocol.
Protocols adds control info at beginning of payload called a header, called
encapsulation. Transport layers header addressed receiving application by a number
called port number. If message is too large, TCP divides it into smaller messages called
segments, UDP called datagram.

e. Layer 3: Network Layer

Also called internet layer. Moving messages from one node to another, until they
reached destination node.
 IP protocol used – adds its own network layer header to the segment or datagram.
Network layer message is now called a packet. The network layer header identifies the
sending and receiving hosts by their IP addresses.
IP address is an address assigned to each node on a network, uniquely identify them on
the network.
Routing protocols to find best route for packet: ICMP (Internet Control Message
Protocol) and ARP (Address Resolution Protocol)
Fragmentation: when the network layer divides packets into smaller packets

f. Layer 2: Data Link Layer

Layers 1 and 2 interface with physical hardware on local network. Protocols on these
layers are programmed into the firmware of a computer’s NIC and other networking
hardware.
Type of hardware used on a network determines the Data Link layer – or Link Layer –
protocol that will be used.
Examples are Ethernet and Wi-Fi
Link layer puts its own control information in a link layer headers and attaches control
information at end called trailer. Entire link layer message is now called a frame. The
frame header contains hardware addresses of the source and destination NIC’s . called
MAC (Media Access Control) address, physical address, hardware address or Data Link
layer address.

g. Layer 1: Physical Layer

Simplest layer and only sends bits via a wired or wireless transmission.
Only layers that deals with wireless or wired transmission is link layer and physical layer

h. Protocol Data Unit (PDU):

Group of bits as it moves from one layer to the next and from one LAN to the next. A
message or transmission

i. Summary of how layers work tighter

5. Staying Safe when working with Networks and Computers
a. Emergency Procedures
Know emergency procedures, exits
Fire suppression systems – emergency alarm system, portable fire extinguishers,
emergency power-off switch, suppression agent.
Fail open or Fail Close
Material Safety Data Sheet

b. HVAC Systems
Plenums or raised floors. Provide for network cabling, server rooms hotter
c. Protecting Against Static Electricity
Static electricity (or ESD Electrostatic Discharge) is an electrical charge at rest, 10 volt
can damage a component.
Components grounded inside computer case
NIC can be damaged by static electricity.
Catastrophic failure destroys beyond use, upset failure shorten the life of component
and cause intermittent errors.
Wear ESD strap around waist that clips onto the chassis of the computer case, it
eliminates any ESD

d. Installation safety.
Lifting heavy equipment.
Rack installations .

e. Electrical and Tool Safety in Data Centres

PPE , right tool for right job, trip hazards.

6. Troubleshooting Network Problems

a. Identify the problem and its symptoms
b. Establish a theory of probable cause
c. Test your theory to determine the cause
d. Establish a plan for solving the problem
e. Implement the solution or escalate the problem
f. Verify functionality and implement preventive measures
g. Document findings, actions and outcomes.
Chapter 2 How Computers Find Each Other on Networks
1. Overview of Addressing on Networks
- Application layer:
Every host on a network is assigned a Fully Qualified Host Name/ fully qualified domain
name (FQDN): www.damain.com. domain.com is domain name.
.com: top-level domain (TLD)
www is host name identify individual computer running on network. www is assigned
to computer running a Web server

- Transport layer port number:

Port number used by transport layer to find an application, web server application is
usually configured to listen for incoming request on port 80.

- Network layer IP address

IP address assigned to every interface. IP addresses used to find nodes on other
computers
 IPv4 : 32bits, four decimal numbers called octets: 12.123.12.123
 IPv6 : 128 bits written as 8 hexadecimal numbers: 2001:0DB8: x8.

- Data Link layer:

MAC address, physical address, embedded on NIC unique to that NIC. Nodes on a LAN
use MAC address to find each other.

MAC Address
MAC address is stamped on the NIC card. Hexadecimal number, 48bits long, separated by
colon. First 24 bits (00:60:8C) is OUI (Organizationally Unique Identifier) or block ID/
company ID, identifies NIC’s manufacturer, is assigned by Institute of Electrical and
Electronics Engineers.
Last 24 bits of MAC address is extension identifier or device ID, identifies the device.

2. How Host Names and Domain Names Work

- Domain names must be registered with internet naming authority ICANN. Ex: .gov, .edu,
.org. This is the TLD (Top Level Domain part of the internet address)
- Name resolution: process of discovering the IP address of a host when you know its fully
qualified domain name.
a. DNS Domain Name System
Application layer client-server system
 Namespace: DNS namespace is entire collection of computer names and their
associated IP addresses stored in database on DNS name servers
 Name servers: DNS name servers hold these databases, organised hierarchical.
 Resolvers: a DNS client that requests information from DNS name servers.

i. How name serves are organized.

 ii. Recursive and iterative queries:
Recursive query demands a resolution or the answer “it can’t be found”
Iterative query does not demand a resolution.

iii. DNS Zone and Zone transfers

Distributed database model, fail-safe
DNS zone
Zone transfer
iv. DNS server software
BIND (Berkeley Internet Name Domain)
v. How a namespace Database is organized.
 An A record (address) stores the name-to-address mapping for host.
IPv4 addresses.
 AAAA (Quad-A record) holds name-to-address mapping for IPv6
addresses.
 CNAME(Canonical Name) holds alternative names for host.
 PTR(Pointer record) reverse lookup. Provide host name when you know
IP Address
 MX (Mail Exchanger) record identifies mail server, used for email traffic.

Time to Live field: how long a record should be saved in cache, included in zone
transfer. Depends on how volatile(how often IP address will change)

vi. DDNS (Dynamic DNS)

To maintain a web server and web site without leasing static IP address.
Can sign up with Dynamic DNS provider. dynDNS.org or TZO.com

3. How Ports and Sockets work

Port numbers make sure data is transmitted to correct application on computer. 0 – 65535
 Well-known ports: 0-1023 assigned by IANA to well-known protocols like Telnet, FTP,
HTTP.
 Registered ports: 1024 – 49151 network users and non-standard processes.
 Dynamic and private ports: 49152 – 65535 assigned when need arise.
Well-known ports:
 SNMP (Simple Network Management Protocol) monitor and manage network traffic
 TFTP (Trivial File Transfer Protocol) computers use it as they are booting up to request
configuration files from another computer on the local network.
 NTP(network Time Protocol) synchronize clocks on a network
 SMB(Server Message Block) earlier windows for file sharing.
 SIP(Session Initiation Protocol) make initial connection between hosts for multimedia
data transfer.
 H.323 connection between hosts prior to communicating
 MGCP (Media Gateway Control Protocol
 NetBIOS over TCP/IP old application to work on TCP/IP

Socket consist of a host’s IP address and the port number

4. How IP addresses are formatted and assigned

a. How IPv4 Addresses are formatted and Assigned
4 groups of 8 bits each,
11111111.11111111.11111111.11111111 = 255.255.255.255

Class D: 1st octet = 224 – 239 used for multicasting, like video conferencing.
Class E: 1st octet = 240 – 254 reserved for research.
Address starting with 127 reserved for loopback and research addresses.
Reserved IP addresses:
255.255.255.255: Broadcast messages by TP/IP background processes, read by
every node
0.0.0.0: Not assigned
127.0.0.1: Own computer, loopback address.

i. How a DHCP Server Assigns IP Addresses

Computer connects to network, unable to lease IPv4 address from DHCP
server, uses APIPA (Automatic Private IP Addressing), range from
169.254.0.1 to 169.254.255.254

ii. Public and private IP Addresses: Class A, B, C public IP Addresses. To save

public IP addresses, company can use private IP addresses on its private
networks, not allowed on internet. IEEE recommend these:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

iii. Address Translation, NAT and PAT

Gateway: stands between network and private network.
Uses gateway IP address for incoming packets, only need one public IP
address, hides private network behind one address.
Gateway translate where packet must go to , called address translation.
PAT assigns separate TCP port number to each ongoing
conversation/session between local host and Internet host. When
internet host sends message back, PAT decides which local host is
recipient.

NAT is a feature of a router that translates IP addresses. A packet comes

in, is rewritten to forward it to the host that is not the IP destination.
Router keeps track of this translation, when host sends replay, it translate
back the other way.
2 variations of NAT
  SNAT
Static Network Address Translation: gateway assigns same IP
address to host each time it makes a request to access the
internet, used on home networks with single public IP address
provided by ISP
 DNAT
Dynamic Network Address Translation: gateway has pool of IP
addresses that is free to assign to a local host when needed.

b. How IPv6 Addresses are formatted and assigned

128bits written as 8 blocks in hexadecimal, each block is 16 bits.
Link: local link, any LAN bounded by routers, interface is nodes attachment to the
link. Physical attachment with wire or wireless connection. Tunneling is method
used by IPv6 to transport IPv6 packets through or over IPv4 network.
Last 64 bits/4 blocks are interface ID
Neighbors are 2 or more nodes on same link.

Types of IP addresses:
 Unicast address: single node on network
 Global address: can be routed on the internet, similar to public IPv4
addresses.
 Link local addresses: used to communicate with nodes in the same
link.

 Multicast address: packets are delivered to all nodes in the targeted,

multicast group.
 Anycast address: identify multiple destinations, packets delivered to closest
destination
%12 is called Zone ID or scope ID, identify the link the computer belongs to

IPv6 Auto configuration

Tunneling

Network configured to use both IPv4 and IPv6protocols, it is dual stacked. Where dual stacking
is not used, tunneling is used, like with Internet.

3 protocols for tunneling:

 6to4: most common protocol. IPv6 addresses indented to use this protocol always start
with same 16bit prefix: 2002::/16. Next 32bits are sending host’s IPv4 address.
 ISATAP: Intra-Site Automatic Tunnel Addressing Protocol, works on single organizations
intranet.
 Teredo:IPv6 addresses intended to use this protocol starts with 2001, written as
2001::/32

5. Tool for troubleshooting IP Address Problems

a. Ping
Verify TCP/IP is installed, bound to NIC, configured correctly and communicating
with the network. Sends echo request to computer, computer responds with echo
reply.
First tool used to test basic connectivity.
ping6 on Linux computers verify if IPv6 host is available
ping-6 on windows computers verify if IPv6 host is available.

b. ipconfig
IP Configuration information, which local area connections are available on your
computer, which ones are connected, located your connection’s IPv4 or IPv6
address, subnet mask and default gateway.
ipconfig/all gives more detailed information
c. ifconfig
view and manage TCP/IP settings

d. nslookup
Name Space Lookup: query DNS database and find host name of a device. Used to
verify if host is configured correctly
Interactive mode: type nslookup, dos screen prompts for entry
Non-interactive mode: type nslookup plus IP address or domain name.
Chapter 3: How Data Is Transported Over Networks

1. TCP/IP Core Protocols

a. TCP (Transmission Control Protocol)

Transport layer
3 characteristics of TCP is managed by posting data to fields in the TCP header at the
beginning of a TCP segment:
 Connection-oriented protocol: use three-way handshake to establish TCP connection
before starting to submit data.

 Sequencing and checksums: TCP sends character string called checksum, the TCP on
destination host generates similar string, if 2 checksums don’t match, destination host
request re-transmittal. TCP also attach sequence number to each segment, if necessary
segments can be re-ordered at destination.
 Flow control: process of evaluating right rate of transmission based on how quickly the
recipient can accept it

Fields in a TCP Segment:

  Source port: 16 Bits: port number of source node. Port identifies application on a host,
port number allows application to be available for incoming or outgoing data.
 Destination port: 16 Bits: port number at destination node
 Sequence number : 32bits: segments position in stream of data
 Acknowledgment number (ACK): 32bits: confirms receipt of data via return message
 TCP header length: 4bits: indicate length of header in bytes, min 20bytes, max 60bytes
. also called data offset field: indicate beginning of segment until start of data carried
by next segment.
 Reserved: 6bits: field reserved for later used
 Flags:6bits: collection of 6 1bit fields/flags to signal special conditions.
 URG: Urgent. Set to 1 segment contains information for receiver later in
segment.
 ACK: Acknowledge: set to 1 segment contain information earlier in segment for
receiver.
 PSH: set to 1 indicate should be sent to an application without buffering
 RST: set to 1 sender is requesting connection be reset
 SYN: set to 1, sender requests sequence numbers between nodes should be
synchronized.
 FIN: set to 1 on last segments, close connection after
 Sliding window size: 16 Bits: how many bytes can be issued to receiver while
acknowledgment for that segment is outstanding. Perform flow control, prevent
receiver’s buffer from being overloaded with bytes.
 Checksum: 16Bits: allow receiving node to determine if segment became corrupt
during transmission
 Urgent Pointer: 16Bits: location where urgent data resides.
 Options: 0-32 bits: special options, like max segment size the network can handle.
 Padding: Variable: filler information to ensure size of segment is multiples of 32 bits
 Data: variable: data sent to source host. Encapsulated by header. Size depends on how
much data needs to be transmitted, constraints on TCP segment size (determined by
network type) and limitations the segment must fit within an IP packet at next layer.

b. UDP (User Datagram Protocol)

No error checking or sequencing, useful for big volume of data to transmit quickly, live
audio or video. Efficient to carry message that fit in one data packet.
 c. IP (Internet Protocol)
Network layer
How and where data should be delivered, including data’s source and destination
addresses. IP is the protocol that enables TCP/IP to internetwork: to traverse more than
one LAN segment and more than one type of network through a router.
In Network layer data packaged into packets, IP packets acts as an envelope for data
and contain information needed by routers to transfer data between LANS.
IP is unreliable, connectionless, can be used reliably, only it does not guarantee delivery
of data, connection is not first established before data is transmitted.

IPv4 Packets

 Version: 4Bits: version of protocol, 4 or 6, looks at this field first, if it can’t read incoming
data, rejects the packet.
 Internet Header length (IHL): 4Bits: length of TCP header, min of 20bytes, max of 60
bytes, groups of 20bytes increments.
 Differentiated services (DiffServ): 8Bits: inform the router the level of precedence to
apply when processing incoming packet.
 Total Length: 16Bits: total length of IP packet, including header and data, max 65 535
bytes.
 Identification: 16Bits: Identifies messages to which a packet belongs and enables the
receiving host to reassemble fragmented messages.
 Flags: 3Bits: indicate if message is fragmented. If it is, is it the last fragment.
 Fragment offset: 13Bits: Identifies where the packet fragment belongs in the incoming
set of fragments.
 Time To Live (TTL): 8Bits: maximum duration packet can remain on network before it is
discarded. Set to 32 or 64, each time packet passes a router, TTL is reduced by 1. L When
router receives a packet with TTL = 0, rejects the packet and sends ICMP TTL expired
message back to source.
  Protocol: 8 Bits: Identify type of protocol that will receive packet
 Header Checksum: 16Bits: receiving host calculate if IP header has been corrupted
during transmission, if message’s checksum does not match calculated checksum when
packet is received, packet is assumed to be corrupt and is discarded.
 Source IP address: 32Bits: IP address of source host
 Destination IP address: 32Bits: IP address of destination host.
 Options: Variable: optional routing and timing information
 Padding: Variable: filler bits to ensure header is multiples of 32 bits.
 Data: variable: data sent by source host + TCP or UDP header in transport layer, data is
encapsulated by header.

IPv6 Packets

 Version: 4Bits: version the packet uses

 Traffic class: 8 bits: Identifies the packet’s priority, similar to DiffServ.
 Flow Label: 20bits: Indicate if packets belong to the same flow, routers use it to
ensure packets from the same flow arrive together. Help with traffic prioritization.
 Payload Length: 16bits: Size of payload carried by the packet.
 Next header: 8 Bits: identifies the type of header that follow the IP packet header
 Hop Limit: 8 bits: number of times a packet can be forwarded by routers
 Source address: 128 bits: IP address of transmitting host.
 Destination address: 128bits: IP address of receiving host.
 Data: Variable: data sent by source, plus TCP or UPD header in transport layer.

d. ICMP (Internet Control Message Protocol)

Network layer
Reports success or failure of data delivery. Indicate when part of network is congested,
when data fails to reach destination, when data was discarded due to TTL. ICMP
announce these transmission failures to sender. To correct the errors, higher protocol
is used, like TCP.
 e. IGMP (Internet Group Management Protocol) On Ipv4 Networks
Network Layer
Manage multicasting, used for teleconferencing. IGMP determine which nodes belong
to a multicast and sends data to all the nodes in that group.

f. ARP (Address Resolution Protocol) On Ipv4 Networks

Data Link Layer – layer 2
Work with IPv4 to find MAC (physical) address of host or node on local network. Uses
IP in layer 3, work only within its local network bound by routers.
Relies on broadcasting which transmits to all nodes on network segment.
Ex.: a node wants to know a MAC address of another node on the same network,
broadcast message to network using ARP that asks the computer with IP address to
send its MAC address.
Database of IP-to-MAC address mappings galled ARP table or ARP cache, kept on
computer harddrive.
 Dynamic ARP table entries: created when client makes an ARP request and the
result is not in existing ARP table.
 Static ARP table entries: are entered by someone using ARP utility
arp command: display, modify, diagnose and repair problems on ARP tables
arp –a display a cache entry for a specific IP address

2. Routers And How They Work

Router joins 2 or more network, passing packets to another, determine next network packet
should be forwarded to.
Router has: 1. Internal processor. 2. Operating system. 3. Memory . 4. Input and output jacks.
5. Management console interface.
Router can:
 Connect dissimilar networks. LAN to WAN uses different protocols.
 Interpret layer 3 and sometimes layer 4 addressing
 Determine best path for data to follow, most efficient route
 Reroute traffic if first path is down or congested
 Filter broadcasting transmissions to alleviate network congestion
 Prevent certain types of traffic from entering network, enable customized
segregation and security
 Support local and remote connection
 Provide fault tolerance through redundant components like power supplies and
network interfaces
 Monitor network traffic and report statistics
 Diagnose internal and other connectivity problems and trigger alarms.

Routers are categorized according to scope of network they serve:

 Interior routers: networks of same autonomous system (AS: group of networks,
mostly in same domain, operated by same organization)
 Border Routers: (gateway routers): connect AS with outside network
 Exterior routers: direct data between AS’s. routers operating on internet backbone.
a. Multilayer Switches
Layer 3 switch: interpret layer 3 data, work on large LAN’s, much like router
Layer 4 switch: (content switch or application switch) layer 4 data. Operate between
layer 4 and 7

b. Routing Tables
Database that maintain information about where hosts are located and best way to
reach them. Router relies on routing table to figure out best paths. It contains IP address
and network masks

c. Static Or Dynamic Routing

Static: Network administrator configure routing table. Best to setup static route
between small business and its ISP
Dynamic routing: automatically calculates best path, accumulate the info. When there
is an error, it can re-direct.
Gateway of last resort: the router that accepts all unroutable message from
other routers. Statically added to routing table as default route (a backup route
when no other route can be determined) if router cannot determine the
destination. Continue using default route until hop limit has been reached and
message can be re-sent, or until path to destination has been determined.
Default gateway is a router or layer 3 switch where messages are sent when
the destination is not on the hosts local network.

d. The Route Utility

route command: LINUX: route; windows: route print. Cisco: show ip route. View the
routing table (database)

e. Routing Metrics
Routers use properties of the route, routing metrics, to determine the best path
 Hop count
 Theoretical bandwidth and actual throughput of path
 Latency (delay)
 Load (traffic) of processing
 MTU (maximum transmission unit) or largest IP packet size in bytes allowed by
routers, without fragmentation and excluding frame size on local network.
  Routing cost: value assigned to route by network administrator. More desirable
paths = less cost
 Reliability of path, based on historical performance.
 Topology of network.

f. Routing Protocols
Used by routers to communicate. Methods to judge routing protocols:
 AD (Administrative distance): each routing protocol is assigned a default AD,
number indicate protocols reliability. Lower value = higher priority.
 Convergence time : time it takes to see best path
 Overhead: burden placed on network to support protocol.

g. Interior And Exterior Gateway Routing Protocols

 IGP (Interior gateway protocols): routing protocols used by interior and border
routers in AS. Grouped according to the algorithms they use to calculate the
best path:
o Distance-vector routing protocols: best path based on distance, can
used number of hops, latency and network traffic. Routers relying on
distance-vector protocols must accept data from neighbors, cannot
independently asses network conditions 2 or more hops away.
o Link-state routing protocols: enable routers to communicate beyond
neighboring routers. Each router can independently map the network.
Adapt quickly to changes in network, complex to configure and
troubleshoot.

 EGP (exterior gateway protocols): border and exterior routers. BGP is a EGP,
only routing protocol that communicates across internet.

All routing protocols has own way of calculating best route, their information can be shared
among routers, done through manual process called route distribution.

 RIP (routing information protocol)

Distance-vector protocol.
Oldest protocol , only count hops, does not consider network congestion, link speed.
Routers using RIP broadcast their routing tables every 30 seconds, regardless of
changes. Create unnecessary traffic, convergence time for RIP is poor.
Is stable, prevent routing loops by limiting number of hops to 15.
  RIPv2
Can handle more than 15hops, more secure.

 OSPF (Open Shortest Path First): interior and border router. No hop limits. , use complex
algorithm to determine best path. Optimal conditions best path is most direct path, in
case of traffic, best path is most efficient path.
 IS-IS (Intermediate System to intermediate system): interior systems only.
 BGP: cross-country. Path-vector routing protocol. Speed up routing by grouping
networks together based on IP routing prefix and common network administrator (ISP),
can be identified by ASN (Autonomous System Number) = work similar to IP addresses,
identify individual nodes on computer.

3. Troubleshooting Router Issues

a. Troubleshooting Tools
- netstat: displays TCP/IP statistics and details about TCP/IP components and
connections to host, show port TCP/IP is running from

- nbtstat: NetBIOS
- nbstat –A to get NetBIOS name of MAC address.
 - tracert: Windows: uses ICMP echo to trace path from one network node to
another, show hops in between
- traceroute: Linux, Unix, OS X same concept but sends UDP message to random
port on destination node
- pathping: windows: ping and tracert combined. Provide deeper info about
network issues along a path.

b. Solving Common Routing Problems

- Interface error: when logical connection between node and network is not
working. Use ping to narrow down where. netstat gives list of interfaces on
device.
- Hardware failure: when router, switch, NIC is down. tracert or traceroute to
track down malfunctioning device.
- Discovering neighboring devices: router learn about devices on their network
through process neighbor discovery. Use arp command to diagnose and repair
ARP tables
- Path MTU black hole: if router receive a message that exceeds the next
segment’s MTU, the router must respond with an ICMP error message to the
sender. If something goes wrong with this response, it results in MTU black
hole, so message are lost for no apparent reason., use ping to determine the
size of messages
- Missing IP routes: when statically routed IP routes gets lost, use netstat –r
command to display routing tables contents.
Chapter 4: Structured Cabling And Networking Elements

1. Network Equipment In Commercial Buildings

TIA (Telecommunications Industry Association) = cabling standard, former parent company
EIA (Electronic Industries Alliance).
TIA/EIA-568 Commercial Building Wiring Standard, structured cabling

a. Components of Structured Cabling

- Entrance facility: location where incoming network interface enters building

and connects with buildings backbone cabling, include demarc, entry through
wall to access demarc, space surrounding this point, service providers
equipment like cabling and protective boxes.
- MDF (Main Distribution Frame): Main cross connection, first point of
interconnection between organizations LAN or WAN and ISP facility.
Organisations main servers. This room is called data closet.
- IDF (Intermediate Distribution Frame) junction point between MDF and end
user equipment. TIA/EIA standard specifies at least one IDF per floor
- Horizontal wiring: connects workstation to closest data closet, max 100m: 90m
from data jack on wall to data closet plus 10 from workstation to data jack. .
- Backbone wiring: cables or wireless links that provide interconnection between
entrance facility and MDF’s, and MDF’s and IDF’s. component of backbone is
vertical cross connect runs between building floors
- Work area: all cables and horizontal wiring that connects NIC’s in workstations,
printers and other network devices to data closet. A patch cable is a short cable
(3 to 25 feet) with connectors on both ends. Each wall jack must have at least
one voice and one data outlet
b. Cable Management
- Termination: when terminating twisted-pair cabling, don’t’ leave more than
1inch of stripped cable, it increases cross-talk.
- Bend radius: each cable has prescribed bend radius, radius of maximum arc.
Twisted pair cable’s bend radius => 4times the diameter of the cable.
- Verify continuity: use cable tester to verify each segment of cable transmits
data reliably.
- Cinch cable loosely: don’t cinch cables too tightly
- Protect cables: don’t lay cables on floor
- Avoid EMI (electromagnetic interference) by installing cables at least 3 feet
away from fluorescent lights.
- Plenum cabling: cables in plenum must have sheath that is plenum rated, it is
coated with flame resistant jacket
- Grounding: follow cable grounding requirements
- Slack in cable runs: leave some slack in cable runs.
- Cable trays: use cable trays but don’t overfill.
- Patch panels: to organise and connect lines
- Company standards and stock:
- Documentation:
 Keep cable plant documentation centrally available
 Update documentation after changes
 Label data jacks and ports
 Use color coded cables for different purposes.

c. Device Management
Labelling and naming conventions.
Suppression
d. Rack Systems
Two-post rack and four-post rack
Racks are measured in rack units (RU or U) industry standard is 42U tall – 6 feet
Half-racks: 18U – 22U tall.
Airflow – hot air rising

e. NAS (Network Attached Storage)

Fault tolerance: technique that allow data storage or other operations to continue in the
event of failure or fault of components.
NAS is form of fault tolerance. Provide specialised storage/ group of storage devices that
provides centralized fault-tolerant data storage for a network. Like server dedicated to
data sharing. Contains its own file system optimised for file saving and serving. Reads and
writes faster from its disk. Can be expanded without interrupting service, physically install
new hard drive without shutting down.
Cannot communicate directly to clients on network, go through file server, it
communicates with NAS device.
ISP use NAS to host customer web pages. Organizations that use mix of Operating systems.
 f. SANs (Storage Area Networks)
Large enterprises might prefer SAN.
Multiple storage devices are connected to multiple identical servers, mesh topology.
SAN communicate directly with devices and with each other. Extremely fault tolerance
and extremely fast.
Can be installed separate from LAN it serves.
Use 2 types of Transport layer protocols:
- Fiber Channel (FC) Transport layer protocol used on fiber-optic media instead
of TCP or UDP. Fiber Channel connects devices within SAN and also connects
SAN to other networks. Over 5Gbps throughput.
Using fibre channel and not Ethernet, it is not limited to the client-server
network speed for which it provides storage.
Expensive and requires expensive training for IT personnel to support it.

- iSCSI (internet SCSI) (i-scuzzy). Transport layer protocol that runs on top of TCP
to allow fast transmissions over LANs, WANs and internet. Can work on twisted
pair Ethernet network with ordinary Ethernet NICs.
are not expensive, can run on existing Ethernet LAN by installing the iSCSI
software (iSCSI initiator)

2. Managing Power Sources And The Environment

Managing power sources to account for outages and fluctuations.

a. Power Management
Blackout(complete out) or brownout (dimming)
 Power Flaws:
- Surge: momentary increase in voltage du to lighting strikes, solar flares,
electrical problems.
 Plug computer into a surge protector, it redirects excess voltage away
from device to a ground
- Noise: fluctuation in voltage levels cause by other devices on network or EMI.
 Pass circuit through electrical filter to make clean from noise.
- Brownout: momentary decrease in voltage, sag. Overloaded system causes it.
- Blackout: complete power loss:
 Install backup power source, UPS, to provide power long enough to
shut off. (Uninterrupted power supply)

 UPS (Uninterrupted power supply)

Battery operated power source, attached to computer and power supply (wall
outlet): prevents fluctuations from wall outlet’s AC power
Standby UPS: gives power to device, switch on when power cuts off (Offline UPS)
Online UPS: use power from wall outlet to charge battery and device is relies on
power from UPS.
UPS vary in amount of power needed/supplied, period of time to keep device
running, line conditioning it provides (surge suppression), cost.
 Generators
 b. Monitoring the Environment and Security
Protect data rooms from moist, overheating. Lock doors.

3. NIC And Ethernet

a. Characteristics of NICs (Network Interface Card)
Network adapter or network card. Has transceiver that transmits and receives data signals
over the network. Interpret physical addressing info to deliver data to correct destination.
Determine which nodes has rights to transmit data over network.
Perform prioritization, network management, buffering, traffic filtering.
Do not analyse information added by protocols in layer 3 and 7.
Types depend on:
- Connection type (Ethernet or Wi-Fi)
- Max network transmission speed
- Connector interface (RJ45 or SC)
- Number of ports
- Manufacturer
- Support for enhance features PoE+, buffering, traffic management
- Method of interfacing with motherboard.

Can be integrated into motherboard or older types expansion slot on motherboard

Or it can be installed as peripheral device.

Installing NIC:

- Installed hardware, then software (device driver/ driver)

- Install a peripheral NIC: insert device in correct port, make sure firmly inserted,
should not wiggle. OS autodetect the device and install drivers.
- Install an expansion card NIC:
- Install multpiple NIC’s

b. Simplex, Half-Duplex and Duplex

Change settings on NIC to comply with network transmission settings
- Full duplex, duplex: signals free to travel in both directions at same time.
Telephone.
- Half-duplex: can travel in both directions but not same time
- Simplex: one direction.

On windows use device manager to set this, Linux or unix, the ethtool utility.
 c. Ethernet Frames
Ether net is layer 2 standard (data link layer) that is flexible, running on variety of network
media, excellent throughput, reasonable cost. Most popular network technology used on
LANs
Ethernet II is current Ethernet standard, developed by DEC, Intel and Xerox

Legacy networking:
IEEE release first Ethernet standard in 1980, called IEEE802.3 CSMA/CD, unofficially called
Ethernet.
CSMA/CD frame used different layout than Ethernet ll frame used today, was called 802.3
frame. Frame today called DIX frame. CSMA/CD networks used hub at physical layer. Hubs
repeat signals to all nodes like a broadcast, collision happened. All nodes connected to the
hub competed for access to the network. The MAC (Media Access Control) method used
by the nodes for arbitration on the network is CSMA/CD (Carrier Sense Multiple Access
with Collision Detection) carrier sense = refer to ethernet NIC listening and waiting until
there is a gap from nodes transmitting data. Multiple access = several nodes accessing the
same media. Collision detection = what happens when 2 nodes attempt a transmission at
the same time. After a collision, each node waits a random amount of time and resent
their transmission. Collision domain is portion of the network in which collisions could
occur.

4. Troubleshooting Network Devices

a. Look at the NIC itself, normally there is a LED light that will act to a situation, the
documentation of the manufacturer or your NIC card will tell you how to interpret the
light. Normally green is working, flickering yellow/orange is data being received.
b. Test the NIC or cable with a loopback plug, or loopback adapter, it plush into a port like a
RJ-45 and crosses the transmit line with the receive line to test the port or cable for
connectivity
c. Update the drivers
 d. Use the configuration utility provided by the NIC’s manufacturer: It will test the NIC’s
physical components and connectivity.
e. Check the CIP/IP configuration for the NIC’s interface and access to the network: Ping the
loopback address 127.0.0.1 for IPv4 and ::1 for IPv6.

Building and Maintaining Network Documentation

Chapter 5 Network Cabling

1. Transmission Basics:
a. Analog Signalling.
Digital signals is electrical current, pressure measure in volts, travel over copper cabling as
electrical current, fibre optic cable as light pulses, through atmosphere as electromagnetic
waves.
Analog also generated as voltage, but varies in strength: Amplitude, frequency, wavelength
and phase.

Amplitude: measure the waves strength

Frequency is number of times wave’s amplitude cycles, measured in cycles per second, Hertz
(Hz)
b. Digital signal – 0’s and 1’s, electrical pulses, on and off.

c. Data Modulation
It is a technology used to modify analog signals to make them suitable for carrying data over
a communication path. A simple wave, called carrier wave, is combined with another analog
signal (the data wave) to get a unique signal that gets transmitted from one node to the next.
The carrier wave as pre-set properties (frequency, amplitude, and phase) and is only to help
carry information. The data or information wave is added to the carrier wave. When the signal
reaches its destination, the receiver separates the data from the carrier wave.
A modem does the translation of the analog to digital (modulator/demodulator) and back to
analog at the receiving end.

i. Simplex, half duplex and duplex

Simplex: microphone, travel one direction
Half duplex: can travel both ways, one way at a time, walky talky or intercom
Duplex: telephone.

d. Baseband and broadband

Baseband: transmissions that are carried on single channel, no other transmission shares the
media. Eg.: ethernet.
 Broadband: technology where multiple transmissions share single media. Cable TV, cable
Internet where they share the same coaxial cable, uses multiplexing to manage multiple
signals.

- Multiplexing:
 Multiple signals travelling simultaneously over one medium, the mediums channel is
separated into multiple smaller channels, sub channels. Get different types of
multiplexing, dependant on what the media, transmission and reception can handle.
For multiplexing you need a multiplexer (mux) at the transmission end of the channel,
it is a device that combines many signals. On the receiving end you need a
demultiplexer (demux) that separates the combined signals.
 TDM (Time Division Multiplexing): divide a channel into multiple intervals of time,
assigns time slots to every node. If the channel does not have data to send, it wastes
time.

 Statistical multiplexing: assigning slots to nodes according to priority or need. If a

node does not use its time slot, statistical multiplexing devise recognize that and
assign its slot to another node
 FDM(Frequency division multiplexing): assigns a unique frequency band to each
communications sub channel. Signals are modulated with different carrier
frequencies, then multiplexed to simultaneously travel over a single channel and
demultiplexed when brought into a home.
 WDM (Wavelength division multiplexing) is used in fiber optic cable, it enables one
fiber optic connection to carry multiple light signals simultaneously . First WDM divide
a beam of light up into (up to) 40 different carrier waves, each with a different
wavelength(and colour).
o DWDM (Dense wavelength division multiplexing) carry between 80 and 160
channels.
o CWDM(Coarse Wavelength division multiplexing) defined by wavelength and
not frequency. Was developed by DWDM to try lower cost of transceiver
equipment, channels are spaced more widely apart. Uses 8 or less channels
of fiber, limits the distance because signal is not amplified.

Throughput and bandwidth

Throughput (capacity) is the measure of how much data is transmitted during a certain period,
measure in bits.
Bandwidth is the difference between the highest and lowest frequencies that a medium can
transmit.
 Relationships between nodes
Only one receiver and one transmitter: point-to-point
Multiple receivers and one transmitter: point-to-multipoint. 2 types:
1. Broadcast: one transmitter and multiple undefined receivers. Like radio.
2. Non-Broadcast: one transmitter and multiple defined receivers. Like sending
something to a specific group at work.

2. Coaxial cable

RG specifications (Radio Guide) measure materials used for shielding and conducting cores,
which influence on transmission characters, impedance (resistance that contributes to
controlling the signal, in ohms) attenuation and throughput.
Every type of coax is suited for different purpose. Size of conducting core in coaxial cable is
American Wire Gauge(AWG) size. Larger AWG size, smaller core
 RG-6 and RG59 is 2 coaxial cable types most commonly used in networks today. Can terminate
with 2 types of connectors:

- F-type: The pin in the centre of the connector is the conducting core of the cable so requires
the cable to have solid metal core. Attached to cable by crimping or compression, then
threaded and screwed together like nut and bolt assembly.
Male type F-type connector(in picture), attaches to the female F-type.

- BNC connector connects to another BNC connector with turning and locking mechanism.
Does not use the central conducting core of the cable as part of this connection, provide
own conducting pin. Found mostly with RG-59

3. Twisted-Pair Cable

Color-coded pairs of insulated copper wires with diameter of 0.4 to 0.8. Every 2 wires are
twisted around each other to form pairs. All pairs are encased in plastic sheath. More twists per
foot = more resistance to cross talk. Higher quality , more expensive has more twists. Too high
twist ratio increases attenuation, so has to get a good balance.
Can contain 1 to 4200 wire pairs. Modern networks use cables that contain 4 wire pairs, 1
dedicated to sending and one to receiving data.
TIA/EIA 568 standard divides twisted pair wiring into categories: Cat 3, 5, 5e, 6, 6a and 7.
Modern LAN uses cat 5e or higher.

a. STP (Shielded Twisted Pair)

Twisted pairs are individually insulated and surrounded by shielding of foil which protects
against outside electromagnetic forces.
b. UTP (Unshielded Twisted Pair)
Insulated wire pairs encased in plastic sheath

i. Cat 3: Form of UTP that contains 4 wire pairs and can carry up to 10 Mbps with
bandwidth of 16MHz. Used for 10 Mbps Ethernet or 4 Mbps token ring networks.
ii. Cat 5: form of UTP that contains 4 wire pairs and supports up to 1000Mbps throughput
and 100 MHz signal rate.
iii. Cat5e: (Enhanced Cat5): higher grade version of Cat 5. Contains high quality copper,
high twist ratio and advance methods to reduce cross talk. Signal rate as high as 350MHz
iv. Cat6: twisted pair cable that contains 4 wire pairs, each wrapped in foil insulation and
foil insulation covers the bundle of wire pairs.
v. Cat 6a: (Augmented Cat 6): higher grade version of Cat 6 wiring that reduces attenuation
and cross talk and allows for potentially exceeding traditional network segment length
limits. Signalling rate of 500MHz, backward compatible with Cat 5, 5e and 6 (replace
lower level cabling without requiring connector or equipment changes).
vi. Cat 7: twisted pair cable that contains multiple wire pairs, each surrounded by its own
shielding, then packaged in additional shielding beneath the sheath. Can support signal
rates up to 1GHz but requires different connectors than other versions of UTP because
must be more isolated from each other to ward off cross talk.
vii. Cat 6 and Cat 7 are more similar to shielded twisted pair.

c. Comparing STP and UTP

Characteristic STP UTP

Throughput Both transmit data at 10 Mbps, 100 Mbps, 1 Gbps, 1- Gbps, depends on
grade of cabling and transmission method.

cost More expensive generally, more High-grade UTP is expensive

material, requires grounding =
expensive installation
 Connector RJ-45 RJ-45

Noise immunity More resistant because of Can undergo filtering and balancing
shielding techniques to counteract effects of
noise.

Size and 100m max segment length, 100m max segment length,
scalability maximum of 1024 nodes maximum of 1024 nodes

Ethernet standards used with twisted pair cabling

Cable pinouts.

2 methods to of inserting twisted pair wires into RJ45 plugs: TIA/EIS568A and
TIA/EIA568B.Use same standard on every plug on network

TIA/EIS 568A standard terminations

TIA/EIAB standard terminations

Using the same standard on every plug on the network ensure you create a straight-through
cable, or patch cable.

Crossover Cable:
Mostly obsolete because modern devices have autosense function to detect the way wires are
terminated. Transmit and receive cables are reversed, works with 10 or 100Mbps Ethernet.

Rollover cable:
Also called Yost cables or Cisco console cables, mirror image. Ethernet ports allow for network
communication, tube of port used to create LANs through router, creates interface with the
device itself.
 Copper connectors and couplers
Connector connects cable to network device, they are specific to a media type, integrate
2 media types through converters – the hardware that enables different media devices
to connect.
Examples: Coupler: passes data through homogenous connection without modification
UTP coupler connects 2 UDP cables

PoE (Power over Ethernet)

802.3af standard, supply electrical power over twisted pair ethernet connections. Require
Cat5 or better copper cable
2types of devices:
- PSE (Power sourcing equipment): device that supplies the power
- PDs (Powered devices): receive power from the PSE.

4. Fibre optic cable

Fibre, contains one or several glass or plastic fibers at its centre/core. Data is transmitted is
pulsing light sent from a laser or an LED (light emitting diode) through the central fibers. Each
strand transmit one direction only, needs 2 strands to be full-duplex. Use zipcord cable: 2
strands combined side by side in conjoined jackets.

Benefits of fiber:
- High throughput
- High resistance to noise
- Excellent security
- Carry signals for longer distances before needing a repeater
- Industry standard of high-speed networking.
Disadvantage:
- More expensive than twisted pair cables
- More difficult to fix broken cables in field.

Common Media Characteristics

To decide what type of transmission media to use must look at networking needs with
characteristics of the media.
a. Throughput
Most significant factor in choosing transmission method. Throughput is limited by
signalling and multiplexing techniques.
b. Cost
i. Cost of installation: do it yourself or hire someone. Is there building cost also
involved.
ii. New infrastructure vs reusing existing infrastructure will new integrate with the
old.
iii. Maintenance and support: do it yourself or hire someone, re-using existing
infrastructure, will it cost more in support to maintain.
iv. Lower transmission rate affecting productivity: save money with lower
transmission rate but loose productivity due to it.
v. Obsolescence: is the media going to become out of date soon.
c. Noise Immunity: take measure to lower noise interference. Fibre optic cabling less
susceptible to noise. Look at where you install cabling, not be close to electromagnetic
forces. Choose the type of transmission noise that is protected against noise (cabling over
wireless)
d. Size and Scalability: 3 specifications determine the size and scalability:
i. maximum nodes per segment: depends on attenuation and latency. Each node
added cause it to increase.
ii. maximum segment length: depends on attenuation and latency AND the
segment type. A populated segment is a part of the network that contains end
nodes. Ex a switch connecting users in a classroom. An unpopulated segment
or link segment does not contain end nodes, just connects 2 networking devices
like routers. After a certain distance, signal loses so much strength it cannot be
accurate interpreted.
iii. maximum network length: same principle of data loss applies to maximum
network length which is the sum of the segment lengths.

e. SMF (Single-Mode Fibre)

Narrow core(less than 10 microns in diameter). Little reflection, low loss of signal, travels
far without repeaters. Accommodate high bandwidths and longest distances.
High cost. Not for LANs or WANs
f. MMF (multimode Fibre)
Large diameter (50 – 115microns in diameter), most common size 62.6microns. many
pulses of light

Fiber connections and couplers

MMF classified by number of fibers
SMF by size and shape of ferrule (the extended tip of a connector that makes contact with the
receptacle in the jack or other connector). SMF connectors designed to reduce back reflection
(the return of the light signal, measure as optical loss in dB(decibels)). Shapes and polishes
used are:
- Physical contact (PC) ferrule is curved
- Ultra Polished Connector (UPS) extensive polishing of the tips creates UPC
and increase connection efficiency.
- Angle polished connector (APC): latest ferrule technology, uses reflection,
uses polished curved surface and end faces are placed at 8º angle.

Fiber-Optic Converters and modular interfaces:

Regeneration is process where bidirectional converter accepts signal from one part of network
then transmits or regenerate to next part of network. Used where fiber and copper based parts
exist on a network, or SMF to MMF.
Hot-swappable is hardware than can be expanded in future
GBIC (Gigabit interface converter): RJ-45 or fiber optic cable ports
SFP(small form-factor pluggable) transceivers is same as GBIC but with more ports
 Ethernet standards for Fiber Optic cables

100Base-FX: fiber version of Fast ethernet, baseband transmission, mostly outdated, needs at
least 2 strands of multimode fiber.
1000Base-LX: more common fiber version of Gigabit Ethernet, long wavelength, used as
backbones because of long segments
1000Base-SX gigabit Ethernet with short wavelengths, multimode fiber-optic, less expensive
than LX. Modal bandwidth is measure of highest frequency of signal a multipmode fiber can
support over a specific disctance

IEEE published 802.3ae standard for fiber-optic ethernet, transmitting data at 10Gbps. Used by
NSP’s who sell direct access to internet backbone and ISPs

7. Troubleshooting Cable Problems

a. Transmission Flaws

- Noise: influence that degrade or distort a signal. Measured in decibels (dB), can be
prevented by having strength of signal exceeding strength of noise or good cable design.
 EMI: (Electromagnetic interference): waves that originate from electrical devices, one
type is RFI (radio frequency interference) caused by radio waves. Result in incorrect
transmission of data.
 cross talk when signal travelling on one cable interfere with the signal travelling on
adjacent wire. When it occurs between 2 cables it’s called alien cross talk, when it
occurs wire pairs near the source of the signal, its known as NEXT (near end cross talk)
and could be improper termination. Crosstalk measured at far end of cable: far end
cross talk (FEXT).
- Attenuation: loss of signal strength, use amplifier to increase strength of signal, repeater
to regenerate digital signal. For analog signals an amplifier is used for this. The signal passes
through the amplifier and it increases the voltage of the signal
For digital signals a repeater is used which regenerates the signal.
- Latency: the time it takes for the data to travel over a medium. The delay is latency.
Length of cable affects latency. Can measure latency by calculating a packets RTT (Round-
trip time), measured in milliseconds.
 Common fiber cable problems:
- Fiber type mismatch: fiber core mismatch, when connecting SMF to MMF the
cable will prevent transmission from traversing the connection successfully.
- Wavelength mismatch: SMF, MMF and POF (Plastic Optical Fiber) use
different wavelengths, mismatch is when transmission is optimized for one
type of cable but sent through a different type.
- Dirty connectors: dirty fiber, or dusty, will lose signal.

b. Troubleshooting Tools
Tone generator (toner): issue a signal on wire pair, tone locater (probe) emits a tone when it
detect electrical activity on a wire pair.
Multimeter measure characteristics of electric circuit like resistance, voltage, impedance
Cable continuity testers troubleshoots a physical layer problem.
Chapter 6 : Wireless Networking

1. Characteristics of Wireless Transmission

a. The Wireless Spectrum
Wireless signals are carried through air by electromagnetic waves. Wireless spectrum
is range of electromagnetic waves used for data and voice communications. On the
spectrum waves are arranged by frequency, lowest to highest, between 9 KHz and
300GHz. Each type of wireless service is associated with one area of wireless spectrum
AM broadcasting on low frequency: 535 – 1605 KHz
Infrared high frequency: 300 - 300 000 GHz
Wi-Fi: 2.4 – 5 GHz
ITU (International Telecommunication Union) United Nation agency that sets standards
for international telecommunications like wireless services (frequency allocations,
signalling and protocols)
No fixed path when signal travels through air.
Originate from electrical current traveling along conductor, from transmitter to
antenna, it emits the signal as series of electromagnetic waves into air, travels through
are until reaches destination.
At destination another antenna receives the signal, a receiver converts it back to current

b. Antennas
Antennas designed for specific wireless service.
Radiation patter is relative strength over a 3-dimentional area of all electromagnetic
energy antenna sends or receive.
Unidirectional/directional antenna issues wireless signals along single direction
Point-to-point link, satellite downlink (receive digital TV signals)
Omnidirectional antenna sends and receive equal strength and clarity signals both
directions.
Range: geographical area an antenna can reach

c. Signal Propagation
LOS (line of sight) ideal: signal travel in straight line
- Reflection: (bounce) wave reflect on obstacle.
- Diffraction: signal splits, objects with sharp edges.
- Scattering: diffusion or reflection in multiple directions, object with small
dimensions. hail, snow, rain, books computers causes it

Multipath signals: signal follow multiple paths due to reflection, diffraction and
scattering. Can help to get signal to destination but can also cause multiple signals to
reach destination at different times causing data error. Error-correction algorithms
detect errors and sender will have to retransmit signals. , more errors = slower
throughput

d. Signal Degradation
Fading: signal run into obstacle and looses strength.
Goodput: the throughput experienced at the application level
Speed test sites measure upload and download speeds
 Range extender is like amplifier, strengthens signal again if it moves to far from origin
SNR (Signal-to-noise) The proportion of noise to the strength of a signal.

e. Frequency Ranges
2.4GHz band: network relied on frequencies in the rand of 2.4 - 2.4835 GHz, had
11communication channels. Carried cordless telephone signals, highly susceptible to
interference.
Unlicensed frequency is one for which the FCC does not require users to register their
service and reserve it for their sole use.
Wireless LANs can use 5 GHz band: comprises 5.1, 5.3, 5.4, 5.8 GHz frequency bands,
consist of 24 unlicensed bands, each 20MHz wide

2. Wireless PAN (WPAN)

Wireless Personal Area Network, few meters in width, contain your personal home
devices:
- Bluetooth
Unite separate entities (PC, mobile, etc) under single communication standard,
operate on 24GHz to 2.485 GHz. Frequency hopping helps with interference.
Devices must be paired before sharing data, bluejacking is undesired connections
used to send unsolicited data, bluesnarfing is connection used to download data
without permission
- infrared (IR)
outdated, replaced with bluetooth. Used in remote controls of TV’s
- near-filed communications (NFC)
very close mobile devices can connect using NFC, a small antenna inside device
sends signal on 13.56MHz. can use NFC or smart tag as access cards

3. Wi-Fi WLAN (Wireless LAN) Architecture

- Ad hoc: smaller wireless networks, few nodes (stations), closely positioned
- Infrastructure: infrastructure WLAN topology, has intervening connectivity device =
wireless access point (WAP) or access point (AP)/base station: accepts wireless signals from
multiple nodes and transmits them to rest of network, in small offices include routing
functions, called wireless routers or wireless gateways.
- Mesh: WLAN with several access points (Wireless Mesh Network WMN)

a. 802.11 WLAN Standards

Developed by IEEE in 1997, WLAN standard committee, aka 802.11 committee
generated wireless standards 802.11b, 802.11a, 802.11g, 802.11n, 802.11ac, these
standards is known as Wi-Fi stands for wireless fidelity. All versions use half-duplex
signalling, although their physical layer services vary.
- 802.11b: separate 2.4GHz band into 22MHz channels, first standard to take hold.
Least expensive, not fastest
- 802.11a: released after b, work on it started before b, 5GHz band not as
congested as 2.4GHz band. Higher throughput than b, less likely to suffer
interference from microwave ovens, cordless phones. Require more power to
transmit, travel shorter distances, need more power to transmit, more access
points, become more expensive. Rarely used.
- 802.11g: just as affordable as 802.11b but increasing throughput, compatible
with b.
 - 802.11n: maximum throughput of 600Mbps, good for telephone and video
signals, backward compatible with a,b and g because it uses 2.4GHz and 5.0GHz
bands
- 802.11ac: 5GHz band, first standard to approach Gigabit Ethernet capabilities,
802.11ac access points acts more like a switch than a hub, they can handle
multiple transmission at one time over same frequency spectrum

b. How Wi-Fi Works

How Wi-Fi works:

Access Method:
802.11 MAC service append 48bit physical address to a data frame. Not designed to send and
receive at same time, use these methods to prevent collision:
- CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance): Station on CSMA/CA checks
for existing wireless transmissions before it begins to send data. If Source node detects no
transmission activity, it waits brief time and sends its transmission. If it does detect activity, it waits
brief time again before checking the channel again.
- Destination node receives transmission, verify accuracy, issues acknowledgement (ACK) packet
to source.
- When source receive packet it assumes transmission was proper. If it does not receive ACK
packet, it assumes transmission failed and starts again.

Hidden node problem: when nodes are physically too far apart to collaborate in preventing
collisions.
RTS/CTS (Request To Send/Clear to Send):
Enables a source node to issue an RTS signal to an access point, requesting to transmit, access point
agrees with CTS signal, access point temporarily suspends communication with all stations in its
range and waits for source node to complete transmission

Association:
Connecting through a hotspot through association. When station is on and wireless protocols
running: from time to time scan surroundings for evidence of access point, called scanning.
Active scanning: computer transmits special frame - probe - on all available channels within its
frequency range, when an access point finds the probe frame, it issues a probe response. The
response contains all info a computer needs to associate with access point (status code and station
ID number)
Passive scanning: computer listens on all channels in its frequency range for special signal – beacon
frame – issue from access point. Beacon frame has info that the wireless node needs to associate
with the access point, indicate network’s transmission rate and SSID (Service set identifier) – unique
character string to identify access point. After detecting beacon frame, computer can choose to
associate with access point. 2 nodes agree on frequency channel to communicate on.
Group of stations (nodes) sharing an access point are part of BSS (Basic Service Set)
Identifier of this group = BSSID (Basic Service Set Identifier)
ESS (Extended Service Set) = Group of access points connected to the same LAN
ESSID (Extended Service Set Identifier) = BSS’s that belong to same ESS share special identifier.
Rogue access point: wireless access point that has been installed on a secure network without
authorization from local network administrator, could be hacker trying to steal data or
unintentional, but will put your data at risk.
Reassociation: when mobile user moves out of one access point range into another and its device
reassociate to the network.

IEE 802.11 Frames:

Frames are divided in 3 groups:
- Management frames: involved in association and re-association: probe and beacon frames
- Control frames: medium access and data delivery: ACK, RTS/CTS frames
- Data frames: responsible for carrying data between stations

Unique to 802.11 frame is Sequence Control field that shows how a large packet is fragmented,
happens in the data link layer for 802.11 and handled by the MAC sublayer. On wire TCP/IP error
checking was on Transport layer and packet fragmentation on Network layer.

Wireless Innovations: innovations that makes 802.11 faster and more reliable:
- MIMO (Multiple Input-Multiple Output): first with 802.11n, multiple antennas on access
point may issue signal to one or more receivers
- MUMIMO (multiuser MIMO) newer than MIMO: multiple antennas to service multiple
clients simultaneously, will be available in 802.11ac wave 2.
 - Channel boding: 802.11n: 2 adjacent 20MHz channels can be combined/bonded to make a
40MHz channel. Channel bonding better suited on 5GHz band because it is less crowded
and has more channels.
- Frame Aggregation: 802.11n combine multiple data frames into one larger frame.
o Aggregated Mac Service Data Unit (A-MSDU)
- Aggregated Mac Protocol Data Unit (A-MPDU): default for 802.11ac

4. Implementing a WLAN BLADSY 302

a. Determining the Design
b. Configuring Wireless Connectivity Devices
c. Configuring Wireless Clients

5. 802.11 Wireless Network Security

a. WPA/WPA2 (Wi-Fi Protected Access)
b. Security Threats to Wireless Networks

6. Troubleshooting Wireless LANs

a. Wireless Network Tools
b. Avoiding Pitfalls
Chapter 7: Cloud Computing and Remote Access
1. Cloud Computing (web service)
- On-demand services available to user at any time.
- Elastic services and storage: scaled up or down
- Support of multiple platforms
- Resource pooling and consolidation: example of multi-tenant model: resources and
consolidated, one cloud computing provider hosts hundreds of websites for hundreds of
customers so customers share storage locations without knowing it
- Metered services: all services are measured and charged according to bandwidth used, or
processing power used, or storage space or client connections etc.

Cloud Computing Categories

Cloud computing categorized by types of service they provide. NIST developed standard definition
of each category
- Iaas (Infrastructure as a Service) Hardware provided virtually, including network
infrastructure devices like virtual servers, can provide hosted virtual desktops (HVD):
desktop operating environments hosted virtually on a different physical computer from the
one the user interacts with.
In Cloud: network infrastructure
Local: application installations, data management and backup, possibly operating system.
- Paas (Platform as a Service): Platform includes the operating system, runtime libraries,
hardware. So customers do not need to purchase and maintain a separate device for each
platform and developers can build and test applications in virtual environments
In Cloud: any platform managed by vendor’s hardware and that relies one their uptime and
accessibility to meet performance parameters.
Local: applications and data
- SaaS (Software as a Service): Applications provided through online user interface, Gmail an
example.
In Cloud: All support from network infrastructure to data storage
Local: hardware(device used to connect) browser.
- XaaS (Anything as a Service or Everything as a Service): Cloud provide any combination of
functions, depending on clients needs

Deployment Models
- Public Cloud: Service provided over public transmission lines: Internet.
- Private Cloud: Services on organizations own data center.
- Community Cloud: service shared between multiple organizations
- Hybrid cloud: combination of other services.

Remote Access
Remote access methods:
1. Point-to-Point Remote Access : dedicate line, like DSL or T-1 access to an ISP
2. VPN(Virtual Private Networks) Virtual connection between client and remote network
 3. Remote virtual computing (remote terminal emulation): remote client to take over and
command a host computer. Telnet, SSH, Remote Desktop, Virtual Network Computing
(VNC)
All require type of remote access server (RAS) to accept a remote connection and grant
privileges to the network resources. 2 types of RAS:
1. dedicated devices: Run software that performs authentication for clients to access
resources and internet.
Software running on a server: Direct Access is a service in Windows server 2008 that
automatically authenticate remote users

Point-to-Point Remote Access Protocols:

- SLIP (Serial Line Internet Protocol): Data link Layer protocol originally designed to connect
WAN endpoints in direct connection. Earlier protocol, does not support encryption, can
carry only IP packets, works on serial connections like dial-up DSL , replaced by PPP.
- PPP (Point-to-Point Protocol): Data link Layer protocol originally designed to connect WAN
endpoints in direct connection. PPP headers and trailers used to create a PPP frame to
encapsulate Network layer packages total only 8 or 10 bytes.
o As connection protocol it negotiates and establish connection between 2
computers
o Used as authentication protocol
o Support Network layers protocol that might use the connection
o Can encrypt the transmission, although not so good.
- PPPoE (PPP over Ethernet): when PPP is used over Ethernet/

Virtual Private Networks (VPN)

VPNs are virtual networks, logically defined for secure communication over public transmission
systems. Classified on 2 models:
- Site-to-site VPN: at each site a VPN gateway establish the secure connection, found at edge
of LAN, each gateway is a router or remote access server with VPN software installed and
encrypts and encapsulates data to exchange over the tunnel.
- Client-to-site VPN (host-to-site VPN or remote-access VPN): remote clients, servers and
other hosts establish tunnels with private network using VPN gateway on edge of LAN. Each
remote client must run VPN software, must be connected to VPN gateway so that a tunnel
can be created between them and data can be encrypted and encapsulated.
Software needed to establish VPN:
- Software embedded in the OS: (RRAS – Routing and Remote Access Service) is Microsoft’s
remote access server software, can implement a VPN, enables computer to accept multiple
remote client connections, manages data encryption, route incoming packets to
destinations on the local network.
- Third-party solutions: Third party software companies also provide VPN programs that work
with OS, ex OpenVPN.
- Implemented by routers or firewalls: Many routers or firewalls have embedded VPN
solutions, most common implantation of VPN.
VPN Concentrator: (Aka encryption device because it also does encryption) where more than a few
simultaneous VPN connections are maintained in large organisations.
2 encryption techniques used in VPNs are IPsec and SSL.
VPN Tunneling Protocols
VPN Tunneling protocols encrypt, encapsulate and transport complete frames inside normal IP
packets and data link layer frames. So, a frame travels across a network as the payload inside
another frame.
- PPTP: Layer 2 protocol by Microsoft, encapsulates PPP data frames so the frame traverse
the Internet masked as an IP transmission, uses TCP segments at the transport layer
PPTP supports the encryption, authentication and access services provide by RRAS. Users
can directly contact an RRAS access server that is part of the VPN or access their ISPs remote
access server first then contact the VPN.

GRE (Generic Routing Encapsulation) developed by Cisco. Used to transmit PPP data frames
through the tunnel. PPTP establish the VPN tunnel, GRE then encapsulates the PPP frame
to take temporary IP packet identity. Layer 3. The WAN sees messages that look like IP
traffic, at the end of the tunnel the original protocols that was wrapped in the GRE is seen.
IPsec is an encryption protocol that increase the security of the transmissions

Windows, Unix, Linux and Mac OS capable of connecting to VPN, but no longer secure, L2TP
recommended.
- L2TP: (Layer 2 Tunneling Protocol): VPN tunneling protocol, based on technology from
Cisco, standardized by IETF( Internet Engineering Task Force) – organization of volunteers
who help develop Internet Standards. L2TP encapsulates data like PPTP, differences are:
o L2TP is a standard accepted and used by multiple vendors
o L2TP can connect 2 routers, router and remote access server or client and remote
access server.

Terminal Emulation or Remote Virtual Computing

User on one computer(client) control another computer (host/server) across network
connection. Telnet and SSH, Remote Desktop for Windows, join.me, VNC and
TeamViewer.

Encryption Techniques, Protocols and Utilities

Encryption is the use of mathematical code, cipher, to scramble data into format that can be
read by reversing the cipher, called deciphering, decrypting. Keep information private, some
encryption more secure than others.
3 views that form standard security called CIA (Confidentiality, Integrity and Availability) triad.
- Confidentiality: data can only be viewed by intended recipient
- Integrity: data was not modified after sender transmitted it and before receiver received it.
- Availability: sender accountable for delivery of data, data then available and accessible to
intended recipient.
More security principles:
- Utility: (like availability) data arrives in format that is useful to receiver.
- Authenticity: (like Integrity): data received is the data that was issued, not forged.
- Non-repudiation (like confidentiality and authenticity): Provides proof of delivery to protect
the sender and proof of sender’s identity to protect the receiver.
 Endpoint vulnerability: when data is vulnerable when it is exposed, like writing down a
password or when entering it on a smartphone when someone can see.

Key Encryption
Private Key encryption data encrypted with one key the sender and receiver know. Aka
symmetric encryption.
Public key encryption: data encrypted using 2 keys, one key only known to user(private key)
other is a public key associated to the user. Can get public key by asking for it, or from 3rd party
source, public key server, key pair, asymmetric encryption.
Digital certificate: small file with info about user and user’s public key, maintained by certificate
authority (CA), use of certificate authorities to associate public keys with users is called PKI
(Public Key Infrastructure)

IPsec (Internet Protocol Security)

Works at Network layer, adds security information to the header of IP packets and transforms
data packets. Encryption protocol that defines the rules of encryption authentication and key
management for TCP/IP transmission. Enhancement to IPv34 and native to IPv6.
Creates security connection in 5 steps:
- IPsec initiation: noteworthy traffic triggers the initiation of IPsec encryption process.
- Key management: the way 2 nodes agree on parameters for the key they will use. 2 services
are IKE (Internet Key Exchange): Negotiates the exchange of keys, authentication and keys
and ISAKMP (Internet Security Association and Key Management Protocol) that works
within the IKE process to establish policies for managing the keys.
- Security negotiations: IKE continues to establish security parameters and associations that
will server to protect data while in transit.
- Data transfer: after parameters and encryption techniques are agreed on a secure channel
is created that is used for secure transmissions until it is broken. Data is encrypted and the
transmitted with AH (Authentication Header) or ESP (Encapsulating security payload)
encryption that provide authentication of IP packet’s data payload through public key
techniques. ESP encrypts whole IP packet.
- Termination: require regular reestablishment of a connection to minimize the opportunity
for interference.

SSL (Secure Sockets Layer) and TLS (Transport Layer Security)

Methods to encrypt TCP/IP transmissions.
SSL developed by Netscape, work on Application Layer, IETF standardized SSL since, more like
TLS now. TLS work on Transport layer, different encryptions algorithms than SSL.
Each time client and server establish SSL/TLS connection, establish unique SSL session, created
by SSL handshake protocol where client and server introduce themselves and establish terms
for how they will securely exchange data. Client sends client_hello to server, it contains
information about what level of security the client is capable of accepting and what type of
encryption it can decipher. Establish a randomly generated number that uniquely identifies the
client and a number that identifies the SSL session. Server responds with server_hello message
that confirms the information it received from the browser and agrees to certain encryption
based on the options supplied by the client. Depending on the server’s preferred encryption
 method it chooses a public key or digital certificate, if the server requested a certificate, the
client sends it, data send by client to server is encrypted using server’s public key.
TTLS (Tunneled Transport Layer Security) provides authentication like SSL/TLS but does not
require a certificate for each user, it authenticates the server end of the connection by
certificate and users are authenticated by password only.

SSL VPN
VPN that is configured to support SSL transmissions to and from services running ont is
protected network. Accessed by user through web browser

SSH (Secure Shell)

A collection of protocols that helps to securely log on to a host, execute commands on that host,
copy files to or from the host. It encrypts data exchanged throughout the session

SFTP (Secure File Transfer Protocol)

FTP is utility that transfer files to and from a host computer running the FTP server software.
SFTP is the secure version of it, uses SSH for encryption

Hashes: MD5 and SHA

Encrypted data can be decrypted, but hashed data cannot. Hashed data is data that has been
transformed through a particular algorithm that generally reduces the amount of space needed
for the data and mathematically nearly impossible to reverse. MD5 is a form of hashing, uses
128bit hash values to replace actual data with values computed according to the hash
algorithm. Its biggest weakness is collisions – 2 different input values have the same output
value. SHA is an advanced over MD that collisions do not occur.

2. Authentication Protocols
The rules that computers follow to accomplish authentication
a. RADIUS and TACACS+
AAA: Authenticate a client’s identity by asking username and password, authorise a
user for certain privileges on a system and keep account of the client’s system and
network usage.
Radius(Remote Authentication Dial-In User Service) is service that runs AAA. Radius can
operate as a software application on a remote access server, called RADIUS server, used
by ISP’s. Runs on Application layer, transported over UDP in Transport layer. Only
encrypts the password.

TACACS+(Terminal Access Controller Access Control System Plus) offer toption to

separate access, authentication and auditing. Relies on TCP in Transport layer, only
works on Cisco products, installed on router or switch, not server, encrypts all
information transmitted for AAA.

Protocols in AAA:
PPP (Point-to-Point Protocol) is on data link layer provide the foundation for direct
connections but does not secure authentications, it establishes a link with a server.
 PAP(Password Authentication Protocol): After link has been established using PPP, PAP
authenticates request with user credentials. If credentials match the server responds
with acknowledgement of authentication and grants the client access to secured
resources. Simple authentication but not very secure, it does not encrypt the
credentials, rarely used.

b. CHAP and MS-CHAP

Challenge Handshake Authentication Protocol: operate over PPP, encrypts user name
and passwords for transmission, 3 step process to get authentication: Challenge,
response, accept/reject. MS-CHAP is Microsoft’s version of CHAP for windows PCs.

c. EAP (Extensible Authentication Protocol)

Does not encrypt or authenticate its own, only provides authentication for clients and
servers. Works with other encryption and authentication schemes to verify the
credentials of clients and servers.

d. 802.1X (EAPoL: EAP over LAN)

Codified by IEEE, specifies the use of one of many authentication methods, plus EAP to
grant access, dynamically generate and update authentication keys for transmissions to
a port. Primarily used with wireless networks. 802.1X defines process of authentication,
does not specify the type of authentication or encryption protocols a client or server
must use.

e. TKIP (Temporal Key Integrity Protocol) and EAS (Advanced Encryption Standard)
802.11i include subset standard WPA and uses 802.11X(EAPoL) to authenticate devices
and dynamically assigns every transmission its own key. WPA relies on an encryption
key generation and management scheme known as TKIP. WPA2 improved the security
of WPA with AES which provides faster and more secure encryption than TKIP.

f. Kerberos
Cross-platform authentication protocol that uses key encryption to verify client ID,
private key encryption service, NOS client-server logon process assumes a client is who
they say they are and only verify usernames and passwords, Kerberos also wants clients
to prove IDs through third party, all communication is encrypted.
KDC(Key Distribution Center): the server that issues keys to clients during initial client
authentication
AS (Authentication Service) the process that runs on KDS to initially validate a client
Ticket: a temporary set of credentials that a client uses to prove that its identity has
been validated
Principal: a Kerberos client or user
TGS(Ticket Granting Service): Application running on KDC, separate from AS, TGS issues
a TGT (Ticket granting ticket)
 g. SSO (Single Sign-On)
Multifactor Authentication (MFA): 2 pieces of information to get access, 3 categories:
 Knowledge: something you know, like password
 Possession: something you have, like ATM card
 Inherence: something you are, like fingerprint.

3. Troubleshooting Cloud Computing and Remote Access

a. Passwords

b. Misconfigurations
Chapter 8: Network Risk Management

1. Security Assessment
Data Breach: unauthorized person gains access to network.
Posture assessment: thorough examination of each aspect of the network to determine how it
might be compromised. At least annually, preferable quarterly and after making big changes to
network.
Security Audit if posture assessment was done by qualified consulting company

2. Security Risks
Hacker: someone who masters inner workings of software and hardware
Vulnerability : a weakness in the system, process or architecture
Exploit: act of taking advantage of the vulnerability.
Zero-day exploit/ zero day attack on exploit or attack that is not yet public, only the hacker
knows about it.

a. Risks Associated with People

Social engineering: manipulation social relationships
Phishing: posing as someone who needs the information

b. Risks Associated with Transmission and Hardware

Risk in Physical, Data Link and Network Layers (transmission media, NICs, network
access methods, switches, routers, access points and gateways
Jamming: when transmission is intercepted or interfered with.
RF (radio frequency) emanation: leaking of radio or electrical signals from computer
equipment, signal intercepted by 3d party. TEMPEST specification by NSA define
protection, when implemented called emission security (EmSec)
Leased lines vulnerable to eavesdropping and demarc point of building
Sniffing: repeating device broadcast traffic over entire segment increate chances of
sniffing
ARP cache poisoning: Hackers use fake ARP replies to alter ARP tables in the network

c. Risks Associated with Protocols and Software

Transport, session, Presentation and Application Layers
FTP bounce: hackers take advantage of insecure FTP protocol. (HTTP, Telnet, SLIP, TFTP
and SNMPv1 and SNMPv2 also insecure) use rather HTTPS with SSL/TLS, Telnet along
with IPsec, PPP, SFTP and SNMPv3 instead)
Banner-grabbing attack: hackers transmit bogus requests for connection to servers
Session hijacking attack when hacker gets encryption key, man-in-the-middle (MitM)
attack
DHCP Snooping security feature that monitors DHCP servers, similar security feature
dynamic ARP inspection (DAI) detect faked ARP messages.
Backdoors: security flaws that allow unauthorized users to gain access to system
Buffer overflow: vulnerability of older systems, buffers temporarily stores information
in memory. Can program buffer size larger that allotted space, let data save to other
memory space.
 Ping of death: create buffer overflow condition by sending and ICMP packet that
exceeds max 65535 bytes, resulting in system crash.

d. Risks Associated with Internet Access

IP spoofing Firewall allow outside users access to IP address, they then use the IP
address to pretend they have authority to access your internal network
Flashing: your screen fill with garbage characters and you have to end the chat session
Denial of service attach (DoS): to many requests for service sending to your system and
can’t respond, make system stop working,
Distirbuted DoS: several sources called zombies, owner unaware. Zombie army,
botnet, master zombies, slave zombies.
Distributed reflector DoS attack: attack goes through an uninfected computer
(reflector) to targets.
Permanent DoS attack. Physical attack on device alter management interfaces within
hardware to point where it is irreparable.
Unintentional DoS attack: friendly attack, not with malicious intent.

3. Effective Security Policies

a. Security Policy Goals
- Ensure that authorized users have appropriate access to the resources they need.
- Prevent unauthorized users from gaining access to the network, systems, programs, or
data.
- Protect sensitive data from unauthorized access, both from within and from outside
the organization.
- Prevent accidental damage to hardware or software.
- Prevent intentional damage to hardware or software.
- Create an environment in which the network and systems can withstand and, if
necessary, quickly respond to and recover from any type of threat.
- Communicate each employee’s responsibilities with respect to maintaining data
integrity and system security.
- For each employee, obtain a signed consent to monitoring form, which is a document
that ensures that employees are made aware that their use of company equipment
and accounts can be monitored and reviewed as needed for security purposes.

b. Security Policy Content

- Password policy
- Software installation policy
- Confidential and sensitive data policy
- Network access policy
- Email use policy
- Internet use policy
- Remote access policy
- Policies for connecting to customer’s and vendor’s networks
- Policies for use of personal smartphones and laptops
- Computer room access policy
4. Security in Network Design
a. NOS Security
i. Active Directory Groups
ii. Logon restrictions
- Time of day: restrict the time of day users can logon
- Total time logged on: restrict the duration of log on session
- Sources address: restrict the area and address from where users can log
on.
- Unsuccessful logon attempts: restrict the amount of time a user can
incorrectly type the password before the logon attempt is locked.

b. Network Access Control

i. Network Access Control (NAC) solution, set of rules, called network policies.
Determine level and type of access granted to devices connecting to network.
ii. Agent is software that must first be installed on device before it can be used
- Nonpersistent agent or dissolvable agent: just to verify compliance of
device then uninstalls again
- Persistent agent is permanently installed on device.
iii. Quarantine network: devices that do not meet compliance requirements are
placed in a quarantine network
iv. Network segmentation: separating portions of network protect some resources
and grants access to others.

c. Access control Lists Used by Routers

A routers main function is to examine a packet and determine where to direct them
based on their Network Layer addressing information. The ACL (Access Control
List/Access List) of the router can decline to forward certain packets depending on their
content, acts as a filter to instruct the router to permit or deny traffic according to the
variables:
 Network Layer protocol
 Transport layer protocol
 Source IP address
 Destination IP address
 TCP or UDP port number

Router receive packet > examines packet and refer to ACL to see if packet meets criteria for
permitting/denying travel on network.
Each statement in ACL is a permit or deny flag, router starts at top of list and make test based
on first statement. Packet characteristics match a permit statement, move to network, match
deny statement, packet discarded, don’t match statement, move down the list to next
statement on ACL. Last statement still no match, implicit deny rule, denied by default.

On most routers, each interface must be assigned an ACL, associated with inbound and
outbound traffic. When ACLs are installed on routers, each one is assigned a number and name.

Access-list command used to assign statement to already-installed ACL. The command must
identify the ACL and include a permit or deny argument
 Examples of the ACL named acl_2 statements:
- To permit ICMP traffic from any IP address or network to any IP address or network:
access-list acl_2 permit icmp any any
- To deny ICMP traffic from any IP address or network to any IP address or network:
access-list acl_2 deny icmp any any
- To permit TCP traffic from 2.2.2.2 host machine to 5.5.5.5 host machine:
access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5
- To permit TCP traffic to destination Web port 80 (eq www) from 2.2.2.2 host machine to
3.3.3.3 host machine:
access-list acl_2 permit tcp host 2.2.2.2 host 3.3.3.3 eq
www

Statements can specify network segments by using wildcard mask (network address for the
segment). 0 in wildcard mask = match the IP address bits to network address, 1 = IP address
bits does not matter.
Example: wildcard mask of 0.0.0.255 = 00000000. 00000000. 00000000.11111111 this means
that the first 3 octets of the IP address must match the given network address. The last octet
can be any value.
No ACL installed = router allows all traffic through. More statements can slow down router. If
ping works but traceroute does not, start looking at ACLs for problem.

d. Intrusion Detection and Prevention

IDS (Intrusion Detection system) stand-alone device or software to monitor network
traffic, log suspicious activity. Port mirroring: one port is configured to send a copy of
all its traffic to a second port on the switch, the second port issues the copied traffic to
a monitoring program (local or remote network)
IDS Implementations:
 HIDS (Host-based IDS) runs on single computer to alert about attacks to that
host.
 NIDS (Network based IDS) protects a network and is situated on edge of
network, in the DMZ (Demilitarized zone)
Drawback of HIDS: can log false positives
IDS opensource software: Tripwire and Snort.
IPS (intrusion Prevention system) stands between attacker and network/host, stand in
line so can stop the traffic.
 HIPS (Host-based IPS) runs on single computer to alert about attacks to that
host.
 NIPS (Network based IPS) monitor traffic in DMZ

e. Firewalls
Network based firewall: Protect whole network, placed externally to private network,
traffic routed.
Virtual wire mode: transparent to surrounding nodes, as if part of the wire
Host-based firewalls: protect computer they are installed on.
Packet-filtering firewall: router that examines every packet it receives / inbound traffic
(or outbound traffic) to determine if packet is authorised
Criteria for packet-filtering to accept/deny traffic:
 - Source or destination IP addresses
- Source and destination Ports
- Flags set in the TCP headers
- Transmissions that use the UDP or ICMP protocols
- Packet’s status as the first packet of data stream
- Packet’s status as inbound or outbound from private network.

Things to consider when buying a firewall:

- Does it support encryption

- Does it support user authentication
- Can you manage it centrally and through standard interface
- How easily can you establish rules for access to and from it
- Does it support filtering on the highest level of the OSI model, not just the
Data Link Layer or Transport Layer. Content-filtering firewalls block
designated types of traffic based on application data in packets
- Does it provide internal logging and auditing capabilities like IDS and IPS
- Does it protect your internal LAN address to outside world.
- Can it monitor packets according to existing traffic streams? A stateful
firewall can see if an incoming packet belongs to current active
connection, stateless firewall sees each packet on its own.

Unified Threat Management (UTM) combines multiple layers of security appliances and
technologies into a single safety net. Next Generation Firewalls (NGFW) have built-in
Application Control features that are application aware, they can monitor and limit the
traffic of specific applications, also includes IDS / IPS and user awareness (adapts to
class of specific user/user groups. Can also be context aware (adapt to various
applications, users, devices)
SOHO wireless router: acts as firewall and packet filtering options.
Firewall fails because of misconfigurations.
Packet-filtering firewalls operate at Network layer and examine only network
addresses, they do not know if the user is authorised or not.

f. Proxy Servers
Proxy servers combined with packet filtering firewall make Network and Transport layer
security better. Proxy service is software application on network host that acts as
intermediary between external and internal networks. Screen all incoming and
outgoing traffic, network host that runs proxy service is proxy server. Manage security
in Application layer. Another filtering device for internal LAN, protecting outside world
to learn addresses of internal network. Data frames goes through proxy, it re-package
it and adds its own IP address
Reverse proxy: provides services to Internet clients from servers on its own network,
identity protection to server not client, application layer firewall protection

g. SIEM (Security Information and Event Management)

Evaluate all data produced by IDS, IPS, firewalls and proxy servers, looking at the logs
from these data to see if something significant needs attention.
 h. Scanning Tools
Information regarding:
- Every available host
- Services: applications and version running on hosts
- OS running on hosts
- Existence and types of firewalls
- Software configurations
- Unencrypted, sensitive data

Tools:
- Nmap: scan large networks and give info regarding its hosts
- Nessus: (Tenable security) more sophisticated results than Nmap,
unencrypted, sensitive data like credit card numbers that is saved on
network’s hosts, known as a penetration testing tool
- Metasploit: combines known scanning techniques and exploits to explore
potentially ne hybrids of exploits.

i. Honeypots and Honeynets

- Honeypot: decoy system(lures) that is purposely vulnerable and has
seemingly sensitive (but false) content. Network administrator then lure
the hackers, once they are in he can trace their steps and see vulnerability
in the system
- Honeynet is combination of connected honeypots.

5. Troubleshooting Malware Risks and Infections

Malicious software = malware.
Virus: program that replicates itself with intent to infect more computers
Trojan Horse: disguised as something useful but harms system instead.

a. Malware Types and Characteristics

- Boot sector viruses: position their code in the boot sector of computers
hard disk, when the computer boots up, the virus runs in place of the
computers boot program. Can be very bad or just annoying.
- Macro viruses: takes the form of a macro which can be executed as the
user works with a program. First type of virus to infect data files rather
than executable files
- File-infector viruses: attaches itself to executable files, when exe file runs,
the virus copies itself to memory, later to the exe files, are bad, can attach
itself to all programs while you work.
- Worms: program runs independently and travel between computers and
across networks. Do not alter a program but can carry the virus that does.
- Trojan Horse: disguised as something useful but instead harms the
computer
- Network viruses: Spread themselves via network protocols, commands,
messaging programs and data links, designed to take advantage of
network vulnerability.
 - Bot: a program that runs automatically, does not require someone to start
it or stop it. Many spread through IRC (Internet Relay Chat) protocol that
enables users that runs it to talk in chat room.

What makes malware harder to see:

- Encryption: malware are encrypted to prevent detection
- Stealth: malware hides itself to prevent detection.
- Polymorphism: change their characteristics every time they are
transferred to new system, harder to identify. Considered most
sophisticated and biggest potential danger
- Time dependence: malware programmed to activate on specific time,
remain dormant and unnoticed until then. Logic bombs are programmed
to start when certain conditions are met.

Signs there is a virus on your system:

- Unexplained increase in file size
- Unexplained decline in network performance
- Unusual error message
- Unexpected loss of system memory
- Unexpected rebooting
- Fluctuations in display quality

b. Anti-Malware Software
Should perform these functions:
- Signature scanning: a comparison with files content with known malware
signatures
- Integrity checking: compare current characteristics of files and disks
against archived version of these files to discover changes.
- Monitor unexpected file changes
- Receive regular updates and modifications from centralized network
consol.
- Report valid instance of malware, not false alarms. Heuristic scanning
report false alarms, it scans for malware-like behaviour.

Consider where to install anti-malware software:

- Host-based: install on desktops, neglect server files.
- Server-based: installed on server, might slow down network performance
- Network-based: securing network’s gateways, where internet connects
with interior network.
- Cloud-based: cloud vendors are still working out bugs, difficult to ensure
coverage of entire network with no blind spots.

c. Anti-Malware Policies
- All computes should have them
- Users cannot change it
- Users should not be able to install unauthorised software
Chapter 9: Unified Communications and Network Performance Management
1. Fundamentals of Network Management
Network management is the assessment, monitoring and maintenance of all aspects of a
network.
a. Baseline Measurements
Baseline: report of network’s current state of operation. Baseline measurements
include utilization rate of network backbone, users logged on, protocols that run,
statistics of errors. Allows to compare future performance increases or decreases
b. Policies, Procedures and Regulations
Assist with decisions about network, guidelines for decision making.

2. Monitoring and Managing Network Traffic

Performance management: monitoring how well links and devices are keeping up with the
demands placed on them.
Fault management: detection and signalling of device, link or component faults.
a. SNMP Logs
Polling: network management system (NMS) is central collection point that collects
data from multiple networked devices at regular intervals.
Network management agent is software routing that collects information about the
device’s operation and provides it to the NMS.
Managed device is a network node monitored by NMS.
MIB (Management Information Base): list of objects and their descriptions that is
managed by the NMS.
Agents communicate information about managed devices through several application
layer protocols. Most modern networks use SNMP
- SNMPv1 (Simple Network Management Protocol version 1): original
version, released in 1988, limited features, rarely used.
- SNMPv2: improved on version 1: increased performance and slightly
better security, widely used.
- SNMPv3: similar to version 2 with added authentication, validation,
encryption.
NMS retrieve data from managed device by sending snmpget command to device
agent, agent then sends a SNMP response message with requested information. NMS
can issue snmpwalk command to get sequence of snmpgetnext requests to walk
through sequential rows in MIB table.
Snmptrap command is programmed to agents to detect abnormal conditions

b. System and Event Logs

All activity is kept in log files, known in Windows as event log, viewed with Event Viewer
application.
Linux and Unix via system utility syslog protocol data recorded in system log. Generator:
computer that is monitored by a syslog-compatible application and that issues even
information, collector is the computer that gathers event messages from generators.
c. Traffic Analysis
Network monitor tool that monitors network traffic, interface monitor traffic at specific
interface between a server or client and the network.
To track more of network traffic:
- Promiscuous mode / monitoring mode: device driver directs the NIC to
pass all frames to the operating system and on to the monitoring software,
a feature that must be enabled.
- Program a switch to use port mirroring so all traffic sent to any port on the
switch is also sent to the mirrored port that is connected to a computer
running monitoring software
- Network tap / packet sniffer: a device that must be installed , has 3 ports:
2 for sending and receiving and one for mirroring.
Network monitoring tools perform at lease these functions:
- Set the NIC to run in promiscuous mode, NIC then pass traffic to
monitoring software
- Continuously monitor network traffic on a segment
- Capture network data transmitted on a segment
- Capture frames sent to or from a node
- Reproduce network conditions by transmitting a selected amount of type
of data
- Generate statistics about network activity
Additional functions:
- Discover all network nodes on a segment
- Establish a baseline
- Track utilization of network resources, present info as graphs, tables,
charts
- Store traffic and generate reports
- Trigger alarm when traffic conditions meet preconfigured conditions
- Identify usage anomalies like top talkers (hosts that send a lot of data) or
top listeners (hosts that receive a lot of data)
Effective utilization of interface monitoring tools can help identify and prevent
complications:
- Runts: packets that are smaller than the mediums minimum packet size
- Giants: packets that are bigger that the maximum packet size
- Jabber: a device that handles electrical signals improperly and affecting
the rest of the network.
- Ghosts: frames that are not actually frames but deviations caused by a
device misinterpreting stray voltage on the wire. They do not have a valid
pattern in the beginning of the frame.
- Packet loss: packets lost due to unknown protocol, unrecognized port,
network noise, they never arrive at their destination.
- Discarded packets: packets arrive but are discarded, or dropped, due to
issues like buffer overflow, latency, bottlenecks which delayed them
beyond their usable time frame. Such packets are called discards.
- Interface resets: repeated resets of connection, resulting in lower quality
utilization
 d. Traffic Management
Traffic shaping/packet shaping: manipulating certain characteristics of packets, data
streams or connections to manage the type and amount of traffic traversing a network
or interface at any moment. Delay less important traffic, increase priority of more
important traffic, limiting the volume of traffic flowing in or out of an interface or
limiting momentary throughput rate of interface, called traffic policing.
Software running on a router, multilayer switch, gateway, server can act as traffic
shaper / packet shaper, it prioritise traffic by these characteristics:
- Protocol
- IP Address
- User groups
- DiffServ flag in an IP packet
- VLAN tag in a data link layer frame
- Service or application

e. Caching
It is the local storage of frequently needed files. ISP’s use technique Web caching:
frequently used webpages are stored on a server at the ISP rather than on the Web.

3. Unified Communications Technologies

a. VoIP Applications and Interfaces
Aka IP telephony, use of network to carry voice signals using TCP/IP protocols. VoIP in
cloud-based PBX (Private Brach Exchange) system is unified voice services. When used
on Internet called Internet telephony, quality not so good.
Advantages:
- Loser cost
- Incorporate new/enhanced features and applications
- Centralized voice and data network management
VoIP runover any packet-switched network, on any VoIP network a mix of three types of
clients is possible:
- Analog telephones: for traditional telephones, analog signals must be
converted to digital before being transmitted on TCP/IP based network.
For that to happen, the telephone must be connected to
a. A VoIP adapter, called ATA (analog telephone adapter
b. A switch, router or gateway capable of accepting analog voice
signals converting it into packets then issue packet to data
network
c. An analog-to-digital voice conversion device called a digital
PBX, or IP-PBX, a private switch that accepts and interprets
analog and digital voice signals.
d. An analog PBX that connects to a voice-data gateway. The
gateway connects traditional phone circuit to TCP/IP network
- IP telephone can transmit and receive digital signals, connects to RJ45 wall
jack
 - Softphones is a computer programmed to act like an IP phone, it must
have:
a. An IP telephony client, like Skype or CounterPath
b. Can communicate with digital telephone switch
c. Microphone and speakers, or headset
d. Web cam for video calls.

b. Video over IP Applications and Interfaces

Videoconferencing multiple people communicate in real-time meeting. Video over IP
services includes IPTV, videoconferencing, streaming videos.
Streaming videos you don’t download before start watching, it is video signals
compressed and delivered in continuous stream. Can be called Webcasts if it is over the
web.
2 ways to get video streams:
- Video-on-demand (VoD): make video available as stored files on a server,
user can watch when convenient.
- Live streaming video: as camera captures video it is delivered to user.
Time-shifted video delays the video for short while to edit and licensing
issues.
Uses of Videoconferencing:
- Telemedicine, provision of medical service from a distance.
- Tele-education:
- Judicial proceedings
- Surveillance, remote monitoring
Video phone: phone with a screen
Video bridge manage multiple audio-visual sessions

c. Signalling Protocols
Signalling is exchange of information between components of network in order to
establish, monitor, release connections for VoIP and video-over-IP. Signalling protocol
can:
- Detect presence of user (available, busy etc
- Request a call or video conference
- Locate clients on the network and determine best routes to them
- Acknowledge a request and establish a connection
- Managing ring, dial tone, call waiting
- Detect and re-establish dropped call or video transmission
- Properly terminate a call or videoconference.
H.323 is an ITU standard: describes an architecture and group of protocols for
establishing and managing multimedia sessions
- H.323 terminal: any node that provides audio, visual and data information to
another node.
- H.323 gateway: a device that provides translation between network devices
running H.323 signalling protocols and devices running other types of signalling
protocols
 - H.323 gatekeeper: a nerve centre for networks that adhere to H.323. they
authorise and authenticate terminals and gateways, manage bandwidth and
oversee call routing, accounting and billing
- MCU (Multipoint control unit): a computer that provides support for multiple
H.323 terminals
- H.323 zone: a collection of H.323 terminals, gateways and MCUs that are
managed by a single H.323 gatekeeper.
SIP (session Initiation Protocol): like H323, application layer signalling and control
protocol for multiservice, packet based networks, travels over TCP or UDP
MGCP (Media Gateway Control Protocol
d. Transport Protocols
RTP (Real-time Transport Protocol)

RTCP (Real-time Transport Control Protocol)

4. QoS (Quality of Service) Assurance

a. DiffServ (Differentiated Service)

b. MPLS (Multiprotocol Label Switching)

c. CoS (Class of Service)

5. Troubleshooting Network Integrity and Availability

a. General Guidelines

b. Fault Tolerance

c. Data Backup
Chapter 10: Network Segmentation and Virtualization

1. Segmentation and Subnetting

a. How a Computer Uses a Subnet Mask
IPv4 address has 32bits, first part is network ID, if network ID of source and destination
are the same, computer sends the message to own network, if it doesn’t match it sends
it to gateway. Subnet masks are used to tell computer how many bits are the network
ID. Number of 1’s in the subnet mask determine the number of bits in the IP address
that belongs to the network ID.

b. CIDR (Classless Interdomain Routing) cider

Provide additional ways of arranging network and host information in an IP address
when in printed format one can see which part is the Network ID, called CIDR
notation/slash notation. Use a / after the network ID , the /host portion is CIDR block.

c. Why Subnets
When network grows, to better manage network traffic it can be divided that a floor is
a single LAN, the pool of IP addresses must then be divided per LAN, using subnetting.
You borrow a bit from the host portion of IP address, more subnetting less hosts per
subnet.

d. Subnet Mask Tables

Class B

Class C
 e. Supernetting
Supernetting or classless routing or IP address aggregation: combine adjoining
networks that uses the same CIDS block into one supernet. (route aggregation or route
summarisation)
- Reduce number of routing table entries by combining several entries
- Single network made up of more than one Class C license.
-
f. Subnetting in IPv6
IPv6 is classless, prefix mask

2. Virtualization
Imitation of all or part of a computer network
Physical computer is host
VM is guest
Software that define VM and manages resource allocation is virtual machine manager /
hypervisor.

Advantages:
- Efficient use of resources
- Cost and energy savings
- Fault and threat isolation
- Simple backups, recovery and replication
Disadvantages:
- Compromised performances
- Increased complexity
- Increased licensing cost
- Single point of failure

3. Virtual Network Components

a. Virtual Machines and Network Adapters
When connected to a network a virtual machine needs a virtual adapter or vNIC,
operate on data link layer

b. Virtual Switches and Bridges

 Virtual switch is a logically defined device that operates at data link layer, pass frames
between nodes. Virtual bridges / port on virtual switch, connect vNICs with network

c. Network Connection Types

Bridge mode the vNIC access a physical network using the host machine’s NIC
NAT mode: vNIC relies on host machine to acts as a NAT device, get IP addressing info
from host
Host only mode: VM’s on one host can exchange data with each other and with their
host but cannot communicate with nodes beyond the host. The vNICs never receive or
transmit data via the host machine’s physical NIC.

d. Virtual Appliances and Virtual Network Services

Install virtual appliance to test software, an image of an OS, software, hardware specs
and application configurations.
Virtual devices that provide backup services if physical device fails:
VRRP (virtual Router Redundancy Protocol) and HSRP (Hot Standby Routing Protocol) -
Cisco version used to assign IP addresses to a group of routers. Virtual IP address shared
by entire group, messages routed to the virtual IP address handled by master router
(active router), if it fails the backup (standby) routers step in

SDN (Software defined Networking

The virtualisation of network services in which a network controller managers these
services that normally is managed directly by the hardware devices. Protocols handle
process o f making decisions in control pane, data transmissions traverse network in
data plane

4. VLANs and Trunking

VLAN(Virtual Local area network) groups ports on a switch so that some of the local traffic on
the switch is forced to go through a router.
Allow routers to better manage network traffic, divide and conquer method. Need
programmable physical switch whose ports are partitioned into groups.
VLAN is layer 2 solution to segment a network.
802.1Q is IEEE standard that specifies how VLAN information appears in frames and how
switches interpret the information.
Trunking allow single switch to manage traffic from several VLANs.
Access port is used to connect single node to switch, can only exchange info with that switch
Trunk switch is interface on a switch that can manage traffic from multiple VLANs
Trunk is link between 2 switches
Tag identifies data belonging to each VLAN, VLAN identifier.
VTP (VLAN trunking protocol):
Stack master: the switch that keeps VLAN database

a. STP (Spanning Tree Protocol) and SPB (Shortest Path Bridging)

Prevent traffic loops, 802.1D IEEE standard. Data Link Layer
 STP info is transmitted between switches via BPDU (Bridge Protocol Data Units). BPDU
guards help enforce STP rules. BPDU filter disable STP on specific ports, like on the
demarc
How STP works:
Root bridge/master bridge where it starts, branch off from there
Root bridge is based on bridge ID: lowest 2byte priority filed in MAC address.
Then STP looks at every bridge on network, one with shortest path to root and chooses
it for data transfer

b. Switch Configurations

c. Wireless VLANs

5. Troubleshooting VMs and VLANs

Chapter 11: Wide Area Networks

1. WAN Essentials
WAN sites: individual geographic locations or endpoints connected by WAN
WAN link is the connection between them

2. WAN Topologies
a. Bus Topology
b. Ring Topology
c. Star Topology
d. Mesh Topology: Full mesh and partial mesh
e. Tiered Topology WAN: layered star or ring connections

3. PSTN (Public Switches Telephone Network)

Plain old telephone system (POTS)
Local loop/last mile: part of PSTN that connects residence with nearest CO (Central Office)
FTTH: Fiber to the home
FTTP: Fiber to the premises
PON (passive Optical network): network where carrier uses fiber optic cabling to connect with
multiple endpoints. Passive because no repeaters present
OLT (Optical line terminal): device with multiple optical ports, or PON interfaces, like interfaces
on a router.
ONU (Optical Network Unit): distributes signals to multiple endpoints via fiber-optic cable for
FTTP and via copper or coax cable otherwise

4. T-Carriers
T-carrier standards / v T-CXR standards, specify method of signalling, Physical layer. Uses TDM
(Time division multiplexing) over 2 wire pairs (1 transmits. 1 sends). Single channel divided into
multiple channels. 1 T-1 circuit can carry 24 channels of 64Kbps (1.544 Mbps)

a. Types of T-Carriers
 Signal level is T-carrier’s Physical layer electrical signalling characteristics, defined by ANSI
standards. Ex DS0 = Digital Signal level 0

b. T-Carrier Connectivity
Wiring: STP is preferred, less noise and attenuation. Fiber Optic for multiple T-1’s
Cable termination: copper cable carrying T1 terminate with RJ-48. Demarc point the RJ-
48 terminates in a smart jack, type of NIU.
CSU/DSU (Channel Service Unit / Data Service Unit) CSU is termination for digital signal
and ensures connection integrity through error correction and line monitoring. DSU
converts the T-Carrier frames into frames the LAN can interpret. Can be separate device
or expansion card on router

5. Frame Delay
Layer 2 protocols defined by ITU and ANSI. Today it is a data link protocol.
Data is separated into frames, relayed from one node to th next. Frames carry identifier called
datalink connection identifier (DLCI).
Supports 2 types of virtual circuits:
- SVC (Switched virtual circuit): SVCs are connections that are established when
2 parties need to transmit, terminate after completion of transmission.
- PVC(Permanent Virtual circuit): connections is established before data needs to
be transmitted and maintained after it is complete. Connection is between 2
points and does not specify the exact route the data will travel.
CIR (Committed information rate): guaranteed minimum amount of bandwidth a ISP provide.
6. DSL (Digital Subscriber Line)
a. Types of DSL
Downstream: data traveling from carrier switching facility to customer
Upstream data travel from customer to carrier switching facility.
xDSL: All DSL verities
ADSL: Asymmetric DSL: download speed faster than upload speed
G.Lite: Version of ADSL
VDSL: Very high bit-rate or data rate DSL
SDSL: Symmetric or single line DSL: upstream and downstream have same speed.
HDSL: High bit-rate DSL
SHDSL: Single line high bit-rate DSL

Modulation: DSL offer type of modulation. ADSL and VDSL create multiple narrow
channels in higher frequency range to carry more data, splitter needed at carrier and
customer end to separate data from voice signal.

b. DSL Connectivity
DSL modem
7. Broadband Cable

8. ATM (Asynchronous Transfer Mode)

Asynchronous: communication method where nodes does not conform to predetermined
schemes that specify the timing of data transmissions. Node can transmit any instant and the
destination node must accept it
ATM Packet = cell, always 48bytes data and 5 byte header, fixed size ensures predictable
network performance.

9. SONET (Synchronous Optical Network) – SDH(Synchronous Digital Hierarchy)

High-bandwidth WAN signalling technique developed for fiber-optic cabling , specifies framing
and multiplexing techniques at the physical layer of OSI model.
4 key strengths:
- Integrate many other WAN technologies
- Fast data transfer rates
- Simple link additions and removals
- High degree of fault tolerance
Self-healing feature: can automatically re-route traffic to backup ring without loss of service –
makes SONET very reliable
10. MPLS (Multiprotocol Label Switching)
Extremely fast, handle various payloads

11. Metro Ethernet / Carrier Ethernet

Ways to send Ethernet traffic across MAN and WAN connections
Advantages:
- Streamlined connections
- Cost efficient
- Scalability
- Familiarity
- Hardware: already available

12. Wireless WANs

a. 802.16 (WiMAX)
Features:
- Line-of-sight transmission between 2 antennas, used for fixed clients. Non-
line-of-sight transmissions between many antennas for mobile clients.
- Frequency on 2 – 11 GHz and 11-66 GHs range
- MIMO
- Transmit/receive signals up to 50km, antennas are fixed up to 15km
- QoS provision
Can act as backhaul link: intermediate connection between subscriber networks and
telecommunications carrier network
WiMAX 2 based on 802.16m standard

b. Cellular
First generation, 1G, 1970-1980: analog
Second generation. 2G: 1990, digital transmission
Third generation, 3G: early 2000, used packet switching, rates up to 384 Kbps on data
(not voice)
Fourth generation, 4G: 2008, all IP, packet switched network for data and voice.
c. Satellite

13. Troubleshooting WAN Issues

a. Company Policies
b. Common ISP Problems
Chapter 12: Industrial and Enterprise Networking
1. Industrial Networks
a. Components of an Industrial Control System and SCADA Network
b. Securing an ICS/SCADA Network

2. Asset Management and Business Documents

a. Asset Management
b. Business Documents

3. Change Management
a. Software and Hardware Changes
b. Change Management Documentation

4. Physical Security Controls

5. Troubleshooting and response Policies

a. Disaster Recovery
b. Forensics