114
COMPTIA Network Plus Courseware Notes Version 2.2 www.firebrandtraining.com

CompTIA Network Plus Courseware - Firebrand Training UK · COMPTIA. Network Plus . Courseware Notes . Version 2.2 . 1 7/30/2015 1 ©2007 –Body Temple 7/30/2015 1 COMPTIA NETWORK+

Embed Size (px)

Citation preview

COMPTIA

Network Plus Courseware Notes

Version 2.2

www.firebrandtraining.com

1

7/30/2015 1 ©2007 – Body Temple 7/30/2015

1

COMPTIA NETWORK+

N10-006

7/30/2015 2 ©2007 – Body Temple 7/30/2015

2

The CompTIA Network+ certification is an internationally

recognized validation of the technical knowledge required

of foundation-level IT network practitioners.

It is recommended for CompTIA Network+ candidates to

have the following:

CompTIA A+ certification or equivalent knowledge, though

CompTIA A+ certification is not required.

Have at least 9 to 12 months of work experience in IT

networking

2

7/30/2015 3 ©2007 – Body Temple 7/30/2015

3

CompTia Network+ Objectives

The table below lists the domains measured by the exam and the extent

to which they are represented.

CompTIA Network+ exams are based on these objectives.

DOMAIN % OF EXAM

1.0 Network Architecture 22%

2.0 Network Operations 20%

3.0 Network Security 18%

4.0 Troubleshooting 24%

5.0 Industry Standards,

Practices and Network

Theory

16%

7/30/2015 4 ©2007 – Body Temple 7/30/2015

4

A full list of the CompTia Network+ Objectives and

official Network+ Acronym List is provided at:

http://certification.comptia.org/Training/testingc

enters/examobjectives.aspx

CompTia Network+ Objectives

3

7/30/2015 5 ©2007 – Body Temple 7/30/2015

5

Network+ Modules DAY 1

Module 1: Introduction to Networks

Module 2: The OSI Reference Model

Module 3: Networking Topology, Connectors and

Wiring Standards

Module 4: Ethernet Specifications

Module 5: Network Devices

Module 6: TCP/IP

Module 7: IP Addressing

7/30/2015 6 ©2007 – Body Temple 7/30/2015

6

Network+ Modules – DAY 2

Module 8: Routing

Module 9: Switching and VLANs

Module 10: Wireless Networking

Module 11: Authentication and Access Control

Module 12: Network Threats

Module 13: Wide Area Networking

Module 14: Troubleshooting

4

7/30/2015 7 ©2007 – Body Temple 7/30/2015

7

Network+ Modules – DAY 3

Module15: Management, Monitoring and

Optimisation

Exam N10-006

7/30/2015 8 ©2007 – Body Temple 7/30/2015

8

MODULE 1

INTRODUCTION TO NETWORKS

5

7/30/2015 9 ©2007 – Body Temple 7/30/2015

9

What is a Network

“Two or more connected computers that can

share resources such as data and applications”

Determined by:

Type of Computer

Topology

Interconnection device

7/30/2015 10 ©2007 – Body Temple 7/30/2015

10

Clients and Servers

Types of Computer

Workstation / Client

Server

Types of Network

Peer-Peer

Client-Server

6

7/30/2015 11 ©2007 – Body Temple 7/30/2015

11

Networking Topology

BUS

7/30/2015 12 ©2007 – Body Temple 7/30/2015

12

Networking Topology

Star (Hub and Spoke)

7

7/30/2015 13 ©2007 – Body Temple 7/30/2015

13

Networking Topology

RING

7/30/2015 14 ©2007 – Body Temple 7/30/2015

14

Networking Topology

MESH

8

7/30/2015 15 ©2007 – Body Temple 7/30/2015

15

Networking Topology

Backbone and Segments

VLAN 1SALES

VLAN 2MARKETING

SEVERSCOMMS ROOM

BACKBONE

7/30/2015 16 ©2007 – Body Temple 7/30/2015

16

MODULE 2

THE OSI REFERENCE MODEL

9

7/30/2015 17 ©2007 – Body Temple 7/30/2015

17

The Open Systems Interconnection Model

The OSI model is the primary architectural model

for networks.

It describes how data and network information are

communicated from an application on one

computer through the network media to an

application on another computer.

The OSI reference model breaks this approach into

7 layers.

7/30/2015 18 ©2007 – Body Temple 7/30/2015

18

OSI Reference Model

7 APPLICATION

6 PRESENTATION

5 SESSION

4 TRANSPORT

3 NETWORK

2 DATALINK

1 PHYSICAL

10

7/30/2015 19 ©2007 – Body Temple 7/30/2015

19

OSI

The application layer provides connectivity between users

and application processes to access network services. This

layer contains a variety of commonly needed functions:

• Resource sharing NFS FTP HTTP

• Network management SNMP TELNET

• Directory services LDAP

• Electronic messaging (such as mail) SMTP, POP3

7 APPLICATION

7/30/2015 20 ©2007 – Body Temple 7/30/2015

20

OSI

The presentation layer formats the data to be presented to

the application layer. It acts as the ‘translator’ for the

network.

The presentation layer provides:

• Character code translation.

• Data conversion.

• Data compression: reduces the number of bits that need to be transmitted on the

network.

• Data encryption: encrypt data for security purposes. For example, password encryption.

6 PRESENTATION

11

7/30/2015 21 ©2007 – Body Temple 7/30/2015

21

OSI

The session layer allows session establishment between

processes running on different stations. It provides:

• Session Management – establishment and termination between two

application processes on different machines

• Session support allowing processes to communicate over the network,

performing security, name recognition, logging, and so on.

5 SESSION

7/30/2015 22 ©2007 – Body Temple 7/30/2015

22

OSI

The transport layer ensures that messages are delivered

error-free, in sequence, and with no losses or duplications.

The transport layer provides:

• Message segmentation

• Message acknowledgment

• Message traffic control

• Session multiplexing

• Transmission Control Protocol (TCP) / User Datagram Protocol (UDP)

both work at Layer 4

4 TRANSPORT

12

7/30/2015 23 ©2007 – Body Temple 7/30/2015

23

OSI

The network layer controls the operation of the subnet,

deciding which physical path the data should take based on

network conditions, priority of service, and other factors. It

provides:

• Routing

• Subnet traffic control through the use of a router (Layer 3 Intermediate

system)

• Frame fragmentation

• Logical-physical address mapping

• Internet Protocol (IPv4 / IPv6)

3 NETWORK

7/30/2015 24 ©2007 – Body Temple 7/30/2015

24

OSI

The data link layer provides error-free transfer of data

frames from one node to another over the physical layer.

The data link layer provides:

• Link establishment and termination

• Frame traffic control

• Frame sequencing

• Frame acknowledgment

• Frame error checking

• Media access management

2 DATALINK

13

7/30/2015 25 ©2007 – Body Temple 7/30/2015

25

OSI – DATALINK LAYER

The IEEE Ethernet Data Link layer has two sublayers

Media Access Control (MAC)

Logical Link Control (LLC)

Devices which work at Layer 2 include:

• Switch

• Network Adaptor

• Bridge

7/30/2015 26 ©2007 – Body Temple 7/30/2015

26

OSI – DATALINK LAYER – IEEE 802 Standards

IEEE 802. STANDARD Topic

802.1 LAN/MAN Management

802.2 Logical Link Control

802.3 CSMA/CD ETHERNET

802.8 Fiber-Optic LAN/MAN

802.10 LAN/MAN Security

802.11 Wireless LAN

14

7/30/2015 27 ©2007 – Body Temple 7/30/2015

27

OSI

The physical layer is concerned with the transmission and reception

of the unstructured raw bit stream over a physical medium. It

provides:

• Data encoding

• Physical medium attachment

• Physical medium transmission

Devices that work at Layer 1 include:

• Hub

• Repeater

• Media Convertor

1 PHYSICAL

7/30/2015 28 ©2007 – Body Temple 7/30/2015

28

PLEASE DO NOT THROW SAUSAGE PIZZA AWAY!

7 AWAY

6 PIZZA

5 SAUSAGE

4 THROW

3 NOT

2 DO

1 PLEASE

15

7/30/2015 29 ©2007 – Body Temple 7/30/2015

29

MODULE 3

NETWORKING TOPOLGY, CONNECTORS

AND WIRING STANDARDS

7/30/2015 30 ©2007 – Body Temple 7/30/2015

30

CABLE CHARACTERISTICS

Cost

Installation issues

PLENUM Rating

Bandwidth/Speed/Capacity

Duplex/Half Duplex

Serial/Parallel

Distance/Attenuation

Noise immunity

Security

16

7/30/2015 31 ©2007 – Body Temple 7/30/2015

31

Types of Cable

COAXIAL

7/30/2015 32 ©2007 – Body Temple 7/30/2015

32

Types of Cable

Coax connectors

BNC

F

17

7/30/2015 33 ©2007 – Body Temple 7/30/2015

33

Types of Cable

Twisted Pair

UTP

STP

CAT standards

Connectors

7/30/2015 34 ©2007 – Body Temple 7/30/2015

34

RJ45

RJ45 plugs and sockets are most commonly used as

connectors for Ethernet cable (UTP)

Also known as 8P8C (8 position 8 Contact)

Eight equally spaced conductors

Terminated using a crimp tool

18

7/30/2015 35 ©2007 – Body Temple 7/30/2015

35

RJ45 Wiring Standards

T568A

T568B

STRAIGHT THROUGH

CROSSOVER

ROLLOVER

LOOPBACK

7/30/2015 36 ©2007 – Body Temple 7/30/2015

36

T568A / T568B

T568B is more common

19

7/30/2015 37 ©2007 – Body Temple 7/30/2015

37

CROSSOVER

7/30/2015 38 ©2007 – Body Temple 7/30/2015

38

Rollover and Loopback CABLE

Console Cable used to connect Administrator

to console port of a Router or Switch

Loopback Cable used for diagnostics and

testing.

20

7/30/2015 39 ©2007 – Body Temple 7/30/2015

39

FIBER OPTIC

ST Connector (Straight Tip)

SC Connector (Subscriber Connector)

LC Connector (Local Connector)

MTRJ (Mechanical Transfer Registered Jack)

Single Mode Fiber (SMF)

Multimode Fiber (MMF)

7/30/2015 40 ©2007 – Body Temple 7/30/2015

40

Media Converter

Allow the conversions between different

types of Fiber Optic or between Fiber and

Ethernet.

These include:

• Single Mode Fiber to Ethernet

• Multi Mode Fiber to Ethernet

• Fiber to Coaxial

21

7/30/2015 41 ©2007 – Body Temple 7/30/2015

41

Types of Cable

Other types of communications cables

include:

RS232

USB

FIREWIRE

THUNDERBOLT

7/30/2015 42 ©2007 – Body Temple 7/30/2015

42

Patching and Cabling

MDF – Main Distribution Frame is a terminating point where

cables are connected and can be jumpered to different

locations

IDF – Intermediate Distribution Frame, a smaller version of

the MDF maybe on each floor of a building

Patch Panel – where circuits can be rerouted through the

use of CAT 5 patch leads

22

7/30/2015 43 ©2007 – Body Temple 7/30/2015

43

66 / 110 Block

66 Block used for Telephone systems

110 Block used for Cat 5/6 UTP systems

7/30/2015 44 ©2007 – Body Temple 7/30/2015

44

Demarcation Point

The DEMARC or demarcation point is the point at which the

telephone company or circuit provider network ends and

connects to the wiring at the customer’s premises.

A box such as an NIU (Network Interface Unit) or a CSU

(Channel Service Unit) which carries out code or protocol

conversion is commonly referred to as a SMART JACK. This

is the terminating point between the TELCO and the

customer network

23

7/30/2015 45 ©2007 – Body Temple 7/30/2015

45

MODULE 4

ETHERNET SPECIFICATIONS

7/30/2015 46 ©2007 – Body Temple 7/30/2015

46

Ethernet Standards 802.3

Ethernet descriptive labels

Eg: 10Base5

Equates to:

10 Mbps

Baseband signalling (one channel of communication at any time)

500 Metres maximum length

10Base2 (runs for 185 Metres)

24

7/30/2015 47 ©2007 – Body Temple 7/30/2015

47

Carrier Sense Multiple Access / Collision Detection CSMA/CD

CSMA/CD is known as a contention method because

computers on the network contend, or compete, for an

opportunity to send data.

The more computers there are on the network, the more

network traffic there will be.

With more traffic, collision avoidance and collisions tend to

increase, which slows the network down, so CSMA/CD can be

a slow-access method.

7/30/2015 48 ©2007 – Body Temple 7/30/2015

48

CSMA/CD

CSMA/CD is used by all implementations of Ethernet regardless of the media or the data throughput.

CSMA/CD working without a collision:

1.Listens to check media to see if it is clear

2.If clear then a host will place data on the media

3.Then listens to see if data sent has a collision

25

7/30/2015 49 ©2007 – Body Temple 7/30/2015

49

CSMA/CD

CSMA/CD working with a collision:

1.Listens to check media to see if it is clear

2.If clear then a host will place data on the media

3.Then listens to see if data sent has a collision

4.Collision occurs

5.Both devices send a jam signal

6.Both devices start a timer (back off algorithm)

7.First host whose timer expires repeats steps 1-3

8.Then the second node will perform steps 1 - 3

9.Then operation returns to normal and all devices have equal access to the media

7/30/2015 50 ©2007 – Body Temple 7/30/2015

50

CSMA/CA (Collision Avoidance)

Used on Wireless Networks

Nodes must ‘listen’ out to detect if network

is busy before sending

Optionally may be implemented with

Request To Send/Clear To Send (RTS/CTS)

26

7/30/2015 51 ©2007 – Body Temple 7/30/2015

51

MAC Address

Media Access Control (MAC)

Works at Datalink Layer (2)

48 bit Hexidecimal address unique to every

Network Interface (Organizationally Unique

ID/Vendor ID)

7/30/2015 52 ©2007 – Body Temple 7/30/2015

52

Common Ethernet Cable Types

Ethernet Name Cable Type Max Distance Notes

10Base5 COAX 500m Thicknet

10Base2 COAX 185m Thinnet

10BaseT UTP 100m

100BaseTX UTP/STP 100m Cat5 upwards

10BaseFL FIBER 500-2000m Ethernet over

Fiber

100BaseFX MMF 2000m

1000BaseT UTP 100m Cat5e upwards

1000BaseSX MMF 550m SC Connector

1000BaseCX Balanced Shielded

Copper

25m Special Connector

1000BaseLX MMF/SMF 550m (Multi)

/2000m(Single)

SC and LC

Connector

27

7/30/2015 53 ©2007 – Body Temple 7/30/2015

53

Common Ethernet Cable Types

Ethernet Name Cable Type Max Distance Notes

10GBaseT UTP 100m

10GBaseSR MMF 300m

10GBaseLR SMF 10km

10GBaseER SMF 40km

10GBaseSW MMF 300m

10GBaseLW SMF 10km Used with SONET

10GBaseEW SMF 40km

7/30/2015 54 ©2007 – Body Temple 7/30/2015

54

Ethernet over other standards

Ethernet over Power Line (Broadband over

Power Line (BPL))

Ethernet over HDMI

28

7/30/2015 55 ©2007 – Body Temple 7/30/2015

55

MODULE 5

NETWORK DEVICES

7/30/2015 56 ©2007 – Body Temple 7/30/2015

56

Common Network Devices

Network Interface Card (NIC)

Hub

Bridge

Switch

Router

Firewall

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

Access Point

29

7/30/2015 57 ©2007 – Body Temple 7/30/2015

57

NETWORK INTERFACE CARD (NIC)

Unique identifier – Media Access Control address

(MAC)

7/30/2015 58 ©2007 – Body Temple 7/30/2015

58

HUBS AND REPEATER – LAYER 1 DEVICES

HUB enables a number of nodes to

connect to a network (one per port)

REPEATER retransmit signals (may

clean and strengthen the signal) to

increase distances between nodes

30

7/30/2015 59 ©2007 – Body Temple 7/30/2015

59

BRIDGE – LAYER 2 DEVICE

A BRIDGE (or ‘Transparent Bridge’) connects two

similar network segments together. Its primary

function is to keep traffic separated on either side

of the bridge, breaking up Collision Domains within

a single Broadcast Domain

Collision Domain Collision Domain

BROADCAST DOMAIN

BRIDGE

7/30/2015 60 ©2007 – Body Temple 7/30/2015

60

SWITCH – LAYER 2 DEVICE

Multiport bridges

Operate at DATALINK layer

Control collision domains

Now used extensively instead of Hubs and Bridges

May also incorporate LAYER 3 technology

31

7/30/2015 61 ©2007 – Body Temple 7/30/2015

61

ROUTER – LAYER 3 DEVICE

Traditional LAYER 3 device (NETWORK Layer)

Forwarding based upon network layer IP address

Control Broadcast and Collision Domains

Can use multiple routing protocols

7/30/2015 62 ©2007 – Body Temple 7/30/2015

62

FIREWALL

Provide the first layer of defence in network

security

May be hardware or software (or both)

Based on configuration rules

Used to established Demilitarised Zones

(DMZ)

32

7/30/2015 63 ©2007 – Body Temple 7/30/2015

63

FIREWALLS - DMZ

Used to protect the LAN from External

attacks/intrusion

INTERNET

DMZ

LAN

7/30/2015 64 ©2007 – Body Temple 7/30/2015

64

FIREWALL - Rules

33

7/30/2015 65 ©2007 – Body Temple 7/30/2015

65

IDS/IPS

Intrusion Detection System (IDS)

• Host Based (HIDS) or Network Based (NIDS)

• Passive Monitoring

• Anomaly Detection

• Signature Detection

• Heuristics

Intrusion Protection System

Host Based (HIPS) or Network Based (NIPS)

Active Monitoring

7/30/2015 66 ©2007 – Body Temple 7/30/2015

66

IDS/IPS

Honeypot / Honeynet

Used to monitor intrusion / attacks and conduct

intelligence gathering

Used to deflect potential attacks

INTERNET

DMZ

HONEYPOT

IDS

34

7/30/2015 67 ©2007 – Body Temple 7/30/2015

67

Wireless Access Points (WAP)

Connects computers with wireless adapters to a

network

Access Point is a translational bridge

802.11b/g Access Points use CSMA/CD to connect to

network (LAN) and CSMA/CA to communicate with

other wireless devices

7/30/2015 68 ©2007 – Body Temple 7/30/2015

68

Dynamic Host Configuration Protocol (DHCP)

Dedicated Server Role or

Integrated with Network Device

35

7/30/2015 69 ©2007 – Body Temple 7/30/2015

69

DHCP

DHCP Client sends Broadcast packets to DHCP Server in

order to acquire an IP address from the DHCP Scope

• DHCP Discover

• DHCP Offer

• DHCP Request

• DHCP Ack

7/30/2015 70 ©2007 – Body Temple 7/30/2015

70

DHCP Settings

Reservations (set on MAC address of client)

Exclusions (used for statically assigned clients)

Authorised on the network

Scope must be activated

Clients will default to APIPA address if no DHCP available

Internet Connection Sharing (ICS) includes DHCP service

36

7/30/2015 71 ©2007 – Body Temple 7/30/2015

71

Specialised Network Devices

Multilayer Switch (MLS)

Works at Layer 2 and Layer 3 (Routing)

Very popular devices

7/30/2015 72 ©2007 – Body Temple 7/30/2015

72

Specialised Network Devices

Load Balancer

Fault Tolerance / Redundancy

Used to support servers such as:

• Web Servers

• FTP Servers

• Remote Desktop Servers

• VPN Servers

37

7/30/2015 73 ©2007 – Body Temple 7/30/2015

73

Domain Naming System (DNS)

Resolves FQDN to IP addresses (Forward Lookup)

Resolves IP addresses to FQDN (Reverse Lookup)

DNS entries held in a database on a server called a

Zone

Zone is an area of contiguous namespace for which

a DNS server is authoritative

DNS Server is able to Forward requests and Cache

responses in support of clients

7/30/2015 74 ©2007 – Body Temple 7/30/2015

74

DNS Resolution

Host File

Local Resolver Cache

DNS

NetBios Cache

WINS

Broadcast

LMHosts

Local Host File

Local Resolver Cache

DNS Server

38

7/30/2015 75 ©2007 – Body Temple 7/30/2015

75

DNS on the INTERNET

ROOT (.)

.COM

Google.com FirebrandTraining.com

UK.FirebrandTraining.com WWW.UK.FirebrandTraining.com

7/30/2015 76 ©2007 – Body Temple 7/30/2015

76

DNS Records

RECORD INFO

A Host Record (IPv4)

AAAA Host Record (IPv6)

PTR Reverse Lookup Record

NS Named Server Record (DNS Server)

MX Mail Exchange (Email Server)

Alias (Cname) Used to point friendly name records to

other hosts

SOA Start of Authority (controls DNS Zone

transfers and records)

SRV Service Locator records (eg. location of

Domain Controllers and associated

services)

39

7/30/2015 77 ©2007 – Body Temple 7/30/2015

77

Specialised Network Devices

Proxy Server

Two main types:

• Caching Proxy

• Web Proxy

Reverse proxy (incoming from the Internet)

LAN

INTERNET

ROUTER

PROXY SERVER

7/30/2015 78 ©2007 – Body Temple 7/30/2015

78

Specialised Network Devices

PACKET SHAPER (TRAFFIC SHAPER)

Allow for traffic management (bandwidth)

Set against network profile

May work with Quality of Service (QOS)

configurations

40

7/30/2015 79 ©2007 – Body Temple 7/30/2015

79

Specialised Network Devices

VPN CONCENTRATOR

Dedicated device to handle multiple VPN

(Virtual Private Network) connections and

associated configurations

7/30/2015 80 ©2007 – Body Temple 7/30/2015

80

Basic Network Device layout

VLANS

SWITCH

ROUTER

FIREWALLDMZ

SERVERS

41

7/30/2015 81 ©2007 – Body Temple 7/30/2015

81

MODULE 6

TCP/IP

7/30/2015 82 ©2007 – Body Temple 7/30/2015

82

Department of Defence (DoD) TCP/IP Model

Application

Presentation

Session

Transport

Network

Datalink

Physical

APPLICATION

TRANSPORT

INTERNET

NETWORK INTERFACE

42

7/30/2015 83 ©2007 – Body Temple 7/30/2015

83

PORTS

Allow applications or protocols to use specific

values for connections

Range from 0-65535

0-1023 are reserved for specified TCP/IP

applications and are known as “Well Known Ports”

Destination and Source port numbers

Sockets include IP address and Port Number

7/30/2015 84 ©2007 – Body Temple 7/30/2015

84

PORT NUMBERS

Application Layer

Protocol

Port (s) Transport Protocol

FTP File Transport

Protocol

20/21 TCP

TELNET 23 TCP

SSH 22 TCP

DNS 53 TCP/UDP

DHCP 67/68 UDP

TFTP 69 UDP

HTTP 80 TCP

HTTPS 443 TCP

SMTP 25 TCP

43

7/30/2015 85 ©2007 – Body Temple 7/30/2015

85

PORT NUMBERS

Application Layer

Protocol

Port Number (s) Transport Protocol

NETBIOS 137,138,139 TCP

LDAP 389 TCP

IGMP 463 UDP

LPR 515 UDP

RDP 3389 TCP

NTP 123 UDP

NNTP 119 UDP

POP3 110 TCP

IMAP4 143 TCP

SNMP 161 UDP

7/30/2015 86 ©2007 – Body Temple 7/30/2015

86

Transport Protocols

Transmission Control Protocol (TCP)

Connection Orientated

TCP Three Way Handshake

Receives an Acknowledgement for packets sent

User Datagram Protocol (UDP)

Connection-less

Used for streaming media and VOIP

44

7/30/2015 87 ©2007 – Body Temple 7/30/2015

87

Internet Layer Protocols

Internet Protocol (IP)

Internet Control Message Protocol (ICMP)

Address Resolution Protocol (ARP)

7/30/2015 88 ©2007 – Body Temple 7/30/2015

88

IP

IPv4

IPv6

Windows Clients use dual stack

Command Line Utilities:

• IPCONFIG

• IFCONFIG (Linux/Unix)

45

7/30/2015 89 ©2007 – Body Temple 7/30/2015

89

ICMP

Management and messaging for IP

Command line utilities:

• PING

• PATHPING

• TRACERT

7/30/2015 90 ©2007 – Body Temple 7/30/2015

90

ARP

Address Resolution Protocol

IP to MAC Address

Reverse ARP (RARP) resolves IP from MAC

address

46

7/30/2015 91 ©2007 – Body Temple 7/30/2015

91

MODULE 7

IP ADDRESSING

7/30/2015 92 ©2007 – Body Temple 7/30/2015

92

Internet Protocol (IP)

IPv4

32 Bit Address Scheme

Divided into Network Address and Host

Subnet Mask

Broken in 4 Octets (8 bits)

Represented by dotted-decimal notation

Eg. 192.168.2.200 / 24

Or 192.168.2.200

255.255.255.0

47

7/30/2015 93 ©2007 – Body Temple 7/30/2015

93

Subnetting

PUBLIC and PRIVATE address ranges allocated by IANA (Class-

full Addressing)

PUBLIC Ranges: (Routable on the Internet)

Class Range Hosts

A 1-126 / 8 16,777, 214

B 128-191 /16 65,534

C 192-223 254

D 224-239 Multicast

E 240-254 Development

7/30/2015 94 ©2007 – Body Temple 7/30/2015

94

IP

Private Ranges: (Not routable on the Internet)

APIPA – Automatic Private IP Address

Class Range

A 10.0.0.0-10.255.255.255

B 172.16.0.0-172.31.255.255

C 192.168.0.0-192.168.255.255

169.254.X.X 255.255.0.0

48

7/30/2015 95 ©2007 – Body Temple 7/30/2015

95

SUBNETTING

Subnetting allows you to break up large networks into

smaller broadcast segments

Allows for conservation of host addresses

Security

7/30/2015 96 ©2007 – Body Temple 7/30/2015

96

IPv6

128 bit Address Range

Displayed in hexadecimal format of eight 16bit

groups, separated by a colon (:)

Eg: 2001:0db8:85a3:0042:0000:8a2e:0370:7334

May also be written as:

2001:db8:85a3:42::8a28:370:7334

(lead zeros removed)

49

7/30/2015 97 ©2007 – Body Temple 7/30/2015

97

IPv6 Addresses

Unicast – one to one (Same as IPv4)

Multicast – one to many (Similar to IPv4)

Anycast – one to one of many (Unique to IPv6)

7/30/2015 98 ©2007 – Body Temple 7/30/2015

98

IPv6

Unicast Addresses:

Global Unicast (similar to Public IPv4 addresses)

Link Local Unicast (similar to APIPA IPv4

addresses)

Unique Local Unicast (similar to Private IPv4

addresses)

50

7/30/2015 99 ©2007 – Body Temple 7/30/2015

99

Special IPv6 Addresses

Loopback Address

::1 (127.0.0.1)

Link Local Addresses

FE80:: (Similar to APIPA addresses)

7/30/2015 100 ©2007 – Body Temple 7/30/2015

100

ICMPv6

Replaces IGMP with Multicast Listener Discovery

(MLD)

Replaces ARP with Neighbour Discovery (ND)

51

7/30/2015 101 ©2007 – Body Temple 7/30/2015

101

Troubleshooting IP

Physical Network Components (NIC, Cables,

Switches, Routers)

Network Interface Card Configuration

IPCONFIG

PING

TRACERT

ARP

7/30/2015 102 ©2007 – Body Temple 7/30/2015

102

Network Address Translation (NAT)

NAT allows for the continuation of private IPv4

addressing

Translates between Private and Public IP networks

(different to Routing)

Simply replaces the source IP address (private) with

that of the external (public) IP address to enable

routing on the Internet

Addition security features (Firewall)

52

7/30/2015 103 ©2007 – Body Temple 7/30/2015

103

NAT

Basic NAT

NAT-T (IPSEC)

NAT-PT (IPv6)

Internal – Private LAN

192.168.2.0/24

External – Public

Interface

101.102.103.104

7/30/2015 104 ©2007 – Body Temple 7/30/2015

104

MODULE 8

ROUTING

53

7/30/2015 105 ©2007 – Body Temple 7/30/2015

105

Routing Tables

Routing table provides the router with a ‘map’ of

the network configuration and where it can receive

and send packets to/from

Typically routing table includes:

Destination addresses

Gateway locations

Interfaces

Cost (Metric)

7/30/2015 106 ©2007 – Body Temple 7/30/2015

106

Windows Routing Table

Route Print

Netstat -r

54

7/30/2015 107 ©2007 – Body Temple 7/30/2015

107

Routing information

Routing Tables are updated by:

STATIC Routing (Routing information is

manually configured)

DYNAMIC Routing (Routing protocols

automatically update routing information)

7/30/2015 108 ©2007 – Body Temple 7/30/2015

108

Static Routing

ROUTE ADD

Router Config

55

7/30/2015 109 ©2007 – Body Temple 7/30/2015

109

DYNAMIC ROUTING

Routing Protocols

Distance Vector

Use algorithms to calculate best routes based on distance

(cost) and direction (vector)

Transfer the whole routing table to other routers (up to a

maximum number of hops)

Routing tables are broadcast at regular intervals

Used for small/medium size networks

7/30/2015 110 ©2007 – Body Temple 7/30/2015

110

Distant Vector Routing Protocols

Routing Internet Protocol (RIP)v1

RIPv2 – increased security (authentication)

Border Gateway Protocol (BGP) – used to connect

Autonomous Systems (AS) across the Internet

(Autonomous Systems use classes of routing protocols

Interior and Exterior Gateway Protocol (IGP and EGP))

56

7/30/2015 111 ©2007 – Body Temple 7/30/2015

111

Dynamic Routing Protocols

Link State

Open Shortest Path First (OSPF)

More common IGP (OSPFv2 for IPv4, OSPFv3 for IPv6)

IS-IS (Intermediate System – Intermediate System)

7/30/2015 112 ©2007 – Body Temple 7/30/2015

112

Routing Protocols

AUTONOMOUS SYSTEM (AS) AUTONOMOUS SYSTEM (AS)

Interior Gateway Protocols: RIP, IGRP, EIGRP, OSPF

Exterior Gateway Protocol:

BGP

57

7/30/2015 113 ©2007 – Body Temple 7/30/2015

113

High Availability Routing

Use of ‘Virtual Routers’

Hot Standby Router Protocol (HSRP) – Cisco

proprietary

Virtual Router Redundancy Protocol (VRRP)

7/30/2015 114 ©2007 – Body Temple 7/30/2015

114

IPv6 Dynamic Routing

RIPng

EIGRPv6

OSPFv3

58

7/30/2015 115 ©2007 – Body Temple 7/30/2015

115

MODULE 9

SWITCHING AND VLANs

7/30/2015 116 ©2007 – Body Temple 7/30/2015

116

Switches

LAYER 2 Device

Used to create separate collision domains

Managed or Unmanaged devices

Learn the MAC address of host locations using MAC

address forward/filter table

59

7/30/2015 117 ©2007 – Body Temple 7/30/2015

117

Spanning Tree Protocol (STP)

Eliminates bridging loops (aka switching loops)

Enables switches to detect loops, communicate

with other switches and block potential loops

taking place ROOT BRIDGE

ROOT PORT

7/30/2015 118 ©2007 – Body Temple 7/30/2015

118

Virtual LAN (VLAN)

Switches provide a method of broadcast domain

segmentation called Virtual LANs (VLANs)

Layer 2 method of creating more broadcast

domains

VLANs logically divide a switch into multiple,

independent switches at Layer 2, each in their own

broadcast domain

60

7/30/2015 119 ©2007 – Body Temple 7/30/2015

119

VIRTUAL LAN (VLAN) VLAN 2

VLAN 3

VLAN 4

ROUTER

7/30/2015 120 ©2007 – Body Temple 7/30/2015

120

VLANs

Each VLAN behaves as if it were a separate switch

Packets are forwarded only to ports on that VLAN

VLANS require a TRUNK to span multiple switches

VLAN Trunking Protocol (VTP)

• manages VLANs across a switched internetwork and maintains

consistency throughout that network

A port can be assigned to a given VLAN

61

7/30/2015 121 ©2007 – Body Temple 7/30/2015

121

VLAN

Trunk Link

VLAN 2

VLAN 3

VLAN 4

ROUTER

VLAN 2

7/30/2015 122 ©2007 – Body Temple 7/30/2015

122

VLAN

62

7/30/2015 123 ©2007 – Body Temple 7/30/2015

123

Additional Switch settings/properties

Dependant upon the type/manufacture of the device

Quality of Service (QOS)

Port Security

Port Mirroring

Port Bonding

Flood Guards

Multicasting

Power over Ethernet (PoE) 802.3af/802.3at

7/30/2015 124 ©2007 – Body Temple 7/30/2015

124

MODULE 10

WIRELESS NETWORKING

63

7/30/2015 125 ©2007 – Body Temple 7/30/2015

125

802.11 Standards

Standard Max Throughput Frequency Notes

802.11a 54Mbps 5GHz

802.11b 11Mbps 2.4GHz

802.11g 54Mbps 2.4GHz

802.11n Up to 600Mbps 2.4/5GHz MIMO

802.11ac Up to 1Gbps 5GHz MIMO

7/30/2015 126 ©2007 – Body Temple 7/30/2015

126

WLAN Setup

Ad hoc mode

Wireless clients connect to each other without an AP

Infrastructure mode

Clients connect through an AP through one of two modes

BSSid (Basic Service Set ID) uses one AP

ESSid (Extended Service Set ID) More than one access point exists

64

7/30/2015 127 ©2007 – Body Temple 7/30/2015

127

Wireless Components

Wireless Access Point (WAP)

Wireless NIC

Wireless LAN (WLAN) Controller

7/30/2015 128 ©2007 – Body Temple 7/30/2015

128

Wireless Antennas

Transmit and Receive

Two Classes:

•Omni-directional (point to multipoint)

•Directional/Yagi (point to point)

65

7/30/2015 129 ©2007 – Body Temple 7/30/2015

129

WLAN Setup

Site Survey

Signal Degradation:

• Distance

• Building construction

• Interference

Wireless Security

7/30/2015 130 ©2007 – Body Temple 7/30/2015

130

Wireless Security

Threats

• Rogue AP

• Evil Twin

• WAR Driving/WAR Chalking

• Man in the Middle (MitM) Attacks

• Denial of Service (DOS)

66

7/30/2015 131 ©2007 – Body Temple 7/30/2015

131

Wireless Security

SSID Broadcast

Default security settings

MAC Filters

Shielding

Authentication

Encryption

7/30/2015 132 ©2007 – Body Temple 7/30/2015

132

Wireless Encryption

There are three main types of encryption available for

wireless networks:

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access version 2 (WPA2)

67

7/30/2015 133 ©2007 – Body Temple 7/30/2015

133

Wireless Encryption

WEP – Wired Equivalent Privacy was the first attempt at wireless

encryption

Uses RC4 for encryption and each frame also contains a 24 bit

initialisation vector (IV) that is clear text

The encryption level is either 40 bit (+24bitIV) or 104 bit (+24bit IV)

The IV makes WEP very weak

WEP is easily cracked after a number of packets have been captured by

sniffing

7/30/2015 134 ©2007 – Body Temple 7/30/2015

134

Wireless Encryption

WPA – Wi-Fi Protected Access replaced WEP and initially

was more secure. Still in common use but now relatively

easy to crack.

Also uses RC4 encryption but this time with a 48 bit IV but

uses TKIP as part of the encryption process

TKIP – Temporal Key Integrity Protocol combines the IV with

the key before encrypting and also changes the session key

dynamically after a number of packets

The weakness of WPA is the passphrase, a length of under

12 characters makes it breakable in a reasonable time

68

7/30/2015 135 ©2007 – Body Temple 7/30/2015

135

Wireless Encryption

WPA2 is the replacement for WPA and conforms to the

802.11i standard for security

Uses the AES encryption algorithm along with CCMP

Has been broken but is still seen as secure

CCMP – Cipher block Chaining Message authentication

Protocol is the process used with AES to provide encryption

and provide confidentiality along with authentication of

frames

7/30/2015 136 ©2007 – Body Temple 7/30/2015

136

Wireless Encryption

Wireless authentication can be handled by the access point or by an

external server such as RADIUS or TACACS+

The standard that covers external authentication is IEEE 802.1x

There are other authentication mechanisms that are part of the EAP –

Extensible Authentication Protocol framework. This allows for new

technologies to be compatible with wireless. EAP is not usually

encrypted

LEAP – Lightweight EAP was developed by Cisco and was designed to

replace TKIP in WPA

PEAP – Protected EAP encapsulates EAP in a TLS tunnel which provides

encryption

69

7/30/2015 137 ©2007 – Body Temple 7/30/2015

137

MODULE 11

AUTHENTICATION AND ACCESS

CONTROL

7/30/2015 138 ©2007 – Body Temple 7/30/2015

138

Access Control List (ACL)

Often ACLs are utilised on routers to determine which

packets are allowed to route through, based on the

requesting device’s source or destination Internet Protocol

(IP) address or Port Number (Port Filtering)

70

7/30/2015 139 ©2007 – Body Temple 7/30/2015

139

Tunneling

Virtual Private Network (VPN)

Provides a secure connection between 2 endpoints

using a variety of authentication and encryption

techniques for the following:

•Remote Access (RAS) – Host-to-Site

• Site-to-Site / Host-to-Host

•Business-to-Business (B2) / Extranet VPN

7/30/2015 140 ©2007 – Body Temple 7/30/2015

140

VPN Types

The main types of tunnels to be familiar

with:

• Secure Socket Layer (SSL)

• Layer 2 Tunneling Protocol (L2TP)

• Point to Point Tunneling Protocol (PPTP)

• IP Security (IPSEC)

• Generic Routing Encapsulation (GRE)

71

7/30/2015 141 ©2007 – Body Temple 7/30/2015

141

VPN Types

VPN Port Notes

PPTP 1723

L2TP 1701

IPSEC 500 ESP (id 50) / AH (id51)

GRE 47

SSL 443

7/30/2015 142 ©2007 – Body Temple 7/30/2015

142

IPSEC

Encapsulating Security Payload (ESP)

Authenticating Header (AH)

Security Association (ISAKMP)

Tunnel Mode

Transport Mode

72

7/30/2015 143 ©2007 – Body Temple 7/30/2015

143

ENCRYPTION

SYMMETRIC

• DES

• 3DES

• AES

ASYMMETRIC

• PUBLIC & PRIVATE Key

• Diffie-Hellman

• RSA (Rivest, Shamir, Adleman)

• PGP (Pretty Good Privacy)

7/30/2015 144 ©2007 – Body Temple 7/30/2015

144

Citrix

Terminal Emulation

Microsoft based Terminal Services on this

technology

73

7/30/2015 145 ©2007 – Body Temple 7/30/2015

145

Remote Desktop

Microsoft Remote Desktop Services / Terminal Services

Uses Remote Desktop Protocol (RDP – Port 3389)

May be secured with HTTPS

Allows for Remote Desktops for Administration, Remote

Assistance and Remote Applications

May also be utilised in Virtual Desktop Infrastructure

7/30/2015 146 ©2007 – Body Temple 7/30/2015

146

USER AUTHENTICATION

AUTHENTICATION – Proving you are who you say

you are!

Authentication protocols:

• Something that you know – Password/Pin

• Something that you have – Smartcard/token

• Something that you are - Biometric

74

7/30/2015 147 ©2007 – Body Temple 7/30/2015

147

User Authentication

Certificate Services (Public Key Infrastructure –PKI)

Kerberos

Active Directory (Domain)

Local Authentication – Security Accounts

Management (SAM)

7/30/2015 148 ©2007 – Body Temple 7/30/2015

148

Authentication Protocols

Password Authentication Protocol PAP

Challenge Handshake Protocol CHAP

Microsoft CHAP MS-CHAP (MS-CHAPv2)

Extensible Authentication Protocol EAP

802.1x – Network Access Control NAC

75

7/30/2015 149 ©2007 – Body Temple 7/30/2015

149

Network Access Control

Cisco NAC / Microsoft NPAS (NAP)

Posture Assessment

• Antimalware

• Updates

• Firewall

Guest Networks

Quarantine Networks

7/30/2015 150 ©2007 – Body Temple 7/30/2015

150

A A A

Centralized Authentication, Authorization and

Accounting:

Remote Authentication Dial-in User Service RADIUS

Terminal Access Controller Access-Controller

System TACACS+ (Cisco)

76

7/30/2015 151 ©2007 – Body Temple 7/30/2015

151

KERBEROS

Authentication protocol for TCP/IP networks

allowing centralization of authentication on a single

server (Domain Controller)

Uses UDP / TCP port 88

Key Distribution Center

TGT (Ticket Granting Ticket)

TGS (Ticket Granting Session)

7/30/2015 152 ©2007 – Body Temple 7/30/2015

152

Authorization

Permissions

Rights

Access Controls

Share / Security

Permissions

Security Groups

77

7/30/2015 153 ©2007 – Body Temple 7/30/2015

153

MODULE 12

NETWORK THREATS

7/30/2015 154 ©2007 – Body Temple 7/30/2015

154

SECURITY

CIA

• Confidentiality

• Integrity

• Availability

AAA

• Authentication

• Authorization

• Accounting

78

7/30/2015 155 ©2007 – Body Temple 7/30/2015

155

SECURITY THREATS

Denial of Service (DOS)

Distributed DOS (DDOS)

• Smurf

• Fraggle

•Botnet

• SYN Flood

7/30/2015 156 ©2007 – Body Temple 7/30/2015

156

SECURITY THREATS

DNS Poisoning

ARP Cache Poisoning

IP Spoofing

Session Hijacking

VLAN Hopping

79

7/30/2015 157 ©2007 – Body Temple 7/30/2015

157

Malicious Software (Malware)

Virus

Worm

Trojan Horse

Rootkit

Adware/Spyware

Antimalware / Antivirus

System well patched and maintained

7/30/2015 158 ©2007 – Body Temple 7/30/2015

158

VULNERABILITIES

Unnecessary Services/Applications

Unpatched Systems/Applications

Open Ports

Unencrypted systems

RF Emanation/TEMPEST

Insider Threats

80

7/30/2015 159 ©2007 – Body Temple 7/30/2015

159

WIRELESS SECURITY

WAR Driving / WAR Chalking

WEP/WPA/WPA2 Cracking

Rogue Access Point

Evil Twin

Bluejacking

Bluesnarfing

7/30/2015 160 ©2007 – Body Temple 7/30/2015

160

SOCIAL ENGINEERING

Using or manipulating users for nefarious

gain – Flattery and Authority

• Phishing

•Vishing

•Tailgating

• Shoulder Surfing

•Hoax

81

7/30/2015 161 ©2007 – Body Temple 7/30/2015

161

SECURITY POLICIES

Security Audit

Clean Desk Policy

Password Policy

Acceptable Usage Policy

7/30/2015 162 ©2007 – Body Temple 7/30/2015

162

MITIGATION

User Training and Awareness

Patches and Upgrades

• OS

• Application

• Drivers

• Firmware

Anti-Malware Software

82

7/30/2015 163 ©2007 – Body Temple 7/30/2015

163

Network Security - MITIGATION

Firewalls

IDS

IPS

PROXY SERVERS

7/30/2015 164 ©2007 – Body Temple 7/30/2015

164

VULNERABILITY SCANNERS

NESSUS

NMAP

MBSA

83

7/30/2015 165 ©2007 – Body Temple 7/30/2015

165

PHYSICAL SECURITY

Security Zones

• Proximity readers

• Mantraps

• Badges/Tags

Comms Room Security

CCTV

Access Controls

7/30/2015 166 ©2007 – Body Temple 7/30/2015

166

RISK AVOIDANCE

Disaster Recovery

• Disaster Recovery Plan (DRP)

Business Continuity

• Business Continuity Plan (BCP)

Power

• Redundant systems

• Uninterruptable Power Supply (UPS)

84

7/30/2015 167 ©2007 – Body Temple 7/30/2015

167

REDUNDANCY

DISKS

• RAID

POWER

• UPS

SERVERS

• Clustering

• Virtualization

NETWORK

• Redundant Switches / NICs

7/30/2015 168 ©2007 – Body Temple 7/30/2015

168

RAID

RAID 0

RAID 1

RAID 5

RAID 10

85

7/30/2015 169 ©2007 – Body Temple 7/30/2015

169

MODULE 13

Wide Area Networking

7/30/2015 170 ©2007 – Body Temple 7/30/2015

170

WAN Terminology

CPE - Customer Premises Equipment

Demarc – (demarcation point) marks the interface between

customer-premises equipment and network service provider

equipment.

NI – Network Interface (coincides with Demarc)

CSU/DSU (Channel service unit/data service unit) - Connects WAN to

customer network

Local loop

• Connects Demarc to Switching Office (Carrier’s POP)

• From Phone Room Closet to Demarc

CO – Central Office which connects customer to switched network

SOHO – Small Office Home Office

86

7/30/2015 171 ©2007 – Body Temple 7/30/2015

171

WAN Media

Copper Carriers (Telephone Industry)

• T1 / T3 Lines

Fiber Carriers

• Synchronous Optical Network (SONET)(US)

• Synchronous Digital Hierarchy (SDH)(EUR)

7/30/2015 172 ©2007 – Body Temple 7/30/2015

172

Copper Carriers

CARRIER CHANNELS SPEED

T1 24 1.544 Mbps

T3 672 44.736 Mbps

E1 32 2.048 Mbps

E3 512 34.368 Mbps

87

7/30/2015 173 ©2007 – Body Temple 7/30/2015

173

Optical Carriers (Synchronous Optical Network)

SONET Optical Level Line Speed

OC-1 51.85 Mbps

OC-3 155.52 Mbps

OC-12 622.08 Mbps

OC-24 1.244 Gbps

OC-48 2.488 Gbps

OC-192 9.952 Gbps

OC-255 13.21 Gbps

OC-768 39.82 Gbps

7/30/2015 174 ©2007 – Body Temple 7/30/2015

174

Fiber – Wavelength Division Multiplexing

WDM – Allows for several different optical

carriers on a single optical fiber by using

different wavelengths.

Two technologies used are:

•DWDM – Dense WDM

•CWDM – Coarse WDM

88

7/30/2015 175 ©2007 – Body Temple 7/30/2015

175

Packet Switching

Allows for protocols to use T and OC linked mesh

connections to ‘route’ from one location to another

Originally used X.25 (CCITT Packet Switching

Protocol)

Now mostly uses:

Frame Relay

Asynchronous Transfer Mode (ATM)

7/30/2015 176 ©2007 – Body Temple 7/30/2015

176

FRAME RELAY

Primarily used for T-Carrier lines

Uses Frame Relay Bridges and/or Routers

No guarantee of data integrity but low error rate

Creates a Permanent Virtual Circuit (PVC)

A permanent virtual circuit (PVC) is a virtual circuit established for repeated

use between the same types of equipment.

89

7/30/2015 177 ©2007 – Body Temple 7/30/2015

177

ATM

High speed reliable links used for:

Voice

Data

Fax

Media (Video/Audio/Imaging)

7/30/2015 178 ©2007 – Body Temple 7/30/2015

178

Multi Protocol Label Switching (MPLS)

Replacement for Frame Relay and ATM

The process of transporting IP packets by encapsulating them and using a label to specify a path through the network

The idea is based upon removing the need for routing table lookups

Labels can be based upon source address, QoS value or other parameters

Labels can override the routing table

MPLS can run over a variety of layer 2 technologies

90

7/30/2015 179 ©2007 – Body Temple 7/30/2015

179

‘The Last Mile’

Connection between user and central office

Dial-up

Digital Subscriber Line (DSL)

Cable

Satellite

Fiber

Broadband over Powerline (BPL)

7/30/2015 180 ©2007 – Body Temple 7/30/2015

180

DIAL UP

POTS or PSTN

Expensive

Unreliable

Requires a dial-up

Uses Point to Point Protocol (PPP) to connect, authenticate

and negotiate network protocol (TCP/IP)

V-Standards

V.22 (1,200Bps) – V.92 (57,600 bps)

91

7/30/2015 181 ©2007 – Body Temple 7/30/2015

181

Integrated Services Digital Network (ISDN)

ISDN consists of two Channels:

Bearer (B Channels)

Carry Data, Voice information

Delta (D Channels)

Carry setup and configuration information

Basic Rate Interface (BRI) uses 2B+D

Primary Rate Interface (PRI) uses 23B+D (US)

8-30B+D (EUR)

7/30/2015 182 ©2007 – Body Temple 7/30/2015

182

DSL

Asymmetric Digital Subscriber Line (ADSL)

Symmetric DSL (SDSL)

Very High Bitrate DSL (VDSL)

Uses existing telephone lines via DSL modem

Standard RJ11 connectors

Low pass filters to remove DSL for telephone calls

Always on

92

7/30/2015 183 ©2007 – Body Temple 7/30/2015

183

Wireless WAN

Cellular WAN

High Speed Packet Access (HSPA+)

WiMAX (World Wide Interoperability for

Microwave Access)

LTE (Long Term Evolution)

7/30/2015 184 ©2007 – Body Temple 7/30/2015

184

VOIP

Uses existing IP network for voice calls

Uses three standards

RTP – Real Time Transport Protocol

SIP – Session Initiation Protocol

H.323

93

7/30/2015 185 ©2007 – Body Temple 7/30/2015

185

Troubleshooting WAN Issues

Key problems areas:

• Lack of Internet connectivity

• Interface errors

• Split Horizon

• DNS

• Router configurations

• Security Policy (Firewalls)

7/30/2015 186 ©2007 – Body Temple 7/30/2015

186

MODULE 14

TROUBLESHOOTING

94

7/30/2015 187 ©2007 – Body Temple 7/30/2015

187

Basics of Troubleshooting

Identify the Problem

Establish probable

cause

Test Theory

Plan of Action

Implement and test solution

Verify functionality

Document

7/30/2015 188 ©2007 – Body Temple 7/30/2015

188

Tools of the trade

Protocol Analyzer

Throughput Tester

Remote Desktop Software

Command Line Tools

Wireless Analyzer

95

7/30/2015 189 ©2007 – Body Temple 7/30/2015

189

TCP/IP Utilities

IPCONFIG

/all

/displaydns

/registerdns

/flushdns

/release

/renew

7/30/2015 190 ©2007 – Body Temple 7/30/2015

190

IFCONFIG (UNIX/LINUX)

Eth0 up (enables 1st Ethernet Card)

Eth0 down (disables)

96

7/30/2015 191 ©2007 – Body Temple 7/30/2015

191

ICMP

PING

PATHPING

TRACERT

MTR (UNIX/LINUX) (Similar to TRACERT and PING)

7/30/2015 192 ©2007 – Body Temple 7/30/2015

192

ARP

Address Resolution Protocol

IP to MAC Address

97

7/30/2015 193 ©2007 – Body Temple 7/30/2015

193

NETSTAT

-a (connections

and listening

ports)

-o (process ID)

-r (routing table)

7/30/2015 194 ©2007 – Body Temple 7/30/2015

194

NBTSTAT

NETBIOS Names (is case sensitive)

-n (local system)

-c (cache)

-R (purge and reload cache)

98

7/30/2015 195 ©2007 – Body Temple 7/30/2015

195

NSLOOKUP

DNS Diagnosis

-ls (list)

-d (domain)

-t (type)

7/30/2015 196 ©2007 – Body Temple 7/30/2015

196

DIG

UNIX/LINUX addition to NSLOOKUP

99

7/30/2015 197 ©2007 – Body Temple 7/30/2015

197

Network Monitoring

Baselines

• CPU

• RAM

• HDD

• NETWORK

Performance Monitor

System Logs (syslog)

Traffic Analyzer (Wireshark)

SNMP – Simple Network Management Protocol

7/30/2015 198 ©2007 – Body Temple 7/30/2015

198

SIEM

Security information and event management (SIEM)

is a term for software products and services

combining security information management

Used for the collation of the following types of

information:

• Data aggregation

• Correlation

• Alerting

• Compliance

• Retention

• Forensic analysis

100

7/30/2015 199 ©2007 – Body Temple 7/30/2015

199

Windows Performance Monitoring

7/30/2015 200 ©2007 – Body Temple 7/30/2015

200

SNMP Monitoring

101

7/30/2015 201 ©2007 – Body Temple 7/30/2015

201

Simple Network Management Protocol

Allows the administrator to set a ‘trap’ on a

device to collect information

Uses UDP to send communication from the

management system to the agent to get

information or change configuration

SNMPv3 adds message integrity,

authentication and encryption.

Uses port 161

7/30/2015 202 ©2007 – Body Temple 7/30/2015

202

Testing Equipment

Multimeter

Testing resistance for

shorts

102

7/30/2015 203 ©2007 – Body Temple 7/30/2015

203

Tone Locators and Toner Probes

Locate cable runs

7/30/2015 204 ©2007 – Body Temple 7/30/2015

204

Cable Tester

Broken wires

Improperly wired

Cable shorts

May record speed and

settings (Certifier)

103

7/30/2015 205 ©2007 – Body Temple 7/30/2015

205

Cable Tester (advanced)

Time-Domain Reflector (TDR)

Optical TDR (for Fiber)

7/30/2015 206 ©2007 – Body Temple 7/30/2015

206

Cable Issues

Bad wiring/connectors

Crosstalk

Near End/Far End Crosstalk

Attenuation

Collisions

Shorts

Echo (Open Impedance Mismatch)

Interference/EMI

Split pairs

TX/RX Reverse

104

7/30/2015 207 ©2007 – Body Temple 7/30/2015

207

Fiber Cable Issues

Cable Mismatch

Bad connectors/dirty connectors

Distance limitations

Bend Radius

7/30/2015 208 ©2007 – Body Temple 7/30/2015

208

Cable Stripper / Crimper

105

7/30/2015 209 ©2007 – Body Temple 7/30/2015

209

Butt Set

Used to test Telephone Lines

7/30/2015 210 ©2007 – Body Temple 7/30/2015

210

Other Network Issues

Temperature

Environment (Humidity)

HVAC used to mitigate

106

7/30/2015 211 ©2007 – Body Temple 7/30/2015

211

MODULE 15

Management, Monitoring &

Optimisation

7/30/2015 212 ©2007 – Body Temple 7/30/2015

212

Network Management

Wiring Schematics

Physical Network Diagram

• Physical Connections

• Network Devices

• Computers

• Peripherals

107

7/30/2015 213 ©2007 – Body Temple 7/30/2015

213

Network Management

Logical Network Diagram

• IP Address schemes

• Protocols

• User accounts

Domain

Organizational Unit Organizational Unit

Organizational Unit Organizational Unit

Computer UserGroup

7/30/2015 214 ©2007 – Body Temple 7/30/2015

214

Network Management

Asset Management

• ISO 19770

IP Address Management

• Documentation

• IPAM

108

7/30/2015 215 ©2007 – Body Temple 7/30/2015

215

Network Management

Policies

• Security Policies

• Change Management

Standard Business Documents

• Statement of Work (SOW)

• Memorandum of Understanding (MOU)

• Master License Agreement (MLA)

• Service Level Agreement (SLA)

7/30/2015 216 ©2007 – Body Temple 7/30/2015

216

Change Management Procedures

Document reason for change

Change request

Configuration procedures

Rollback Process

Potential Impact

Notification

109

7/30/2015 217 ©2007 – Body Temple 7/30/2015

217

Change Management Procedures

Approval Process

Maintenance Window

Authorized Downtime

Notification of Change

Documentation

7/30/2015 218 ©2007 – Body Temple 7/30/2015

218

Network Management

Safety Practices

• Electrical Safety

• Installation Safety

• Material Safety Data Sheet (MSDS)

110

7/30/2015 219 ©2007 – Body Temple 7/30/2015

219

Network Management

Emergency Procedures

• Fire Escape Plan

• Safety/Emergency Exits

• Fail Open/Fail Close

• Emergency Alert System

• Fire Suppression System

7/30/2015 220 ©2007 – Body Temple 7/30/2015

220

Network Optimization

Performance

• QOS

Unified Communications

Bandwidth

• Traffic Shaping

Load Balancing

High Availability

Caching Engines

111

7/30/2015 221 ©2007 – Body Temple 7/30/2015

221

Network Optimization

Backups

• Full

• Incremental

• Differential Backup Type Data Backup Time Restore Time Storage

Space

FULL All data Slowest Fastest High

INCREMENTAL New/Modified

data

Fast Slower Low

DIFFERENTIAL All data since

last full

Moderate Faster Moderate

7/30/2015 222 ©2007 – Body Temple 7/30/2015

222

Virtualization

Examples of virtualization technology:

•VMWare vSphere

•Microsoft Hyper-V

•Citrix XenServer

112

7/30/2015 223 ©2007 – Body Temple 7/30/2015

223

Virtualization

Power Saving

Consolidation of Hardware

Recovery / Duplication

Test and Development

Costs

7/30/2015 224 ©2007 – Body Temple 7/30/2015

224

Virtualization

Virtual Networking (Switches)

Virtual Hard Drives

Virtual Desktops

Virtual Applications

Network/Infrastructure As A Service (NaaS)(IaaS)

Platform As A Service (PaaS)

Software As A Service (SaaS)

113

7/30/2015 225 ©2007 – Body Temple 7/30/2015

225

Virtualization

Cloud Concepts

• Private

• Public

• Hybrid

• Community

• Elastic