Embed Size (px)
Citation preview
Chapter 1 Introduction to Networking
1. How Networks are UsedNetwork services: resources a network makes available to its users, include applications and data provided by the applications.
a. Client Server ApplicationFirst computer is client, request info from second computer: server. Communicate through protocols
Web service: serves up web pages to client. Primary protocol used is HTTP (Hypertext Transfer Protocol) layer on top of SSL (Secure Sockets Layer) or TLS (Transport Layer Security), it is HTTPS (HTTP Secure).give secure transmission.
Email services: client-server application that involves 2 servers the client uses SMTP (Simple Mail Transfer Protocol) to send a mail to the first server, SMTP server, first server sends message to receivers server, stored until recipient request delivery. Receiver mail delivers message to receiver using POP3(Post Office Protocol version 3) email is downloaded to client computer, or IMAP4(Internet Message Access Protocol version 4) client application manages email stored on server.
FTP service: client-server application that transfers files between 2 computers. FTP is not secure does not provide encryption.
Telnet services: Telnet protocol used by Telnet client-server command line application to allow an administrator to remote in or control a computer remotely.
Remote Desktop: in Windows Remote Desktop application uses RDP Remote applications is an application that is installed and executed on a
server and is presented to a user working at a client computer, client computer require less computing power and desk side support.
b. File and Print ServicesFile services are server’s ability to share data files and disk storage space, such a computer is a file server, serves data to users, users do not keep copies of data on their workstations. Data stored at a central location is more secure, easier for network administrator to take charge of it, make backups.Print services Share printers across a network
c. Communications ServicesSame network to deliver multiple types of communications (Video, voice, fax) is convergence. Unified communications (UC) is centralized management of multiple network-based communications. Use one software program to manage all the applications.
- Conversational voice: (VoIP) allows voice conversation over network, use point-to-point model, not client-server model, so each computer involved is independent from the other computers. Conference call use point-to-multipoint model with transmitter and multiple transceivers.
- Streaming live audio and video: video teleconference (VTC) like Skype or Google Talk, point-to-point model. Watching live sport is client-server model, client server called multicast distribution. Session layer protocol to
transmit audio and video in conjunction with VoIP is RTP (Real-time Transport Protocol)
- Streaming stored audio or video: like videos on YouTube, client server model.
Voice and video transmission are delay sensitive- don’t want to hear breaks in conversation. Loss of data can be tolerated (skipping a frame) = loss tolerant.
QoS (Quality of Service) provided by network
2. Controlling Network AccessTopology = how parts of whole work together.
- Physical topology: hardware layout- Logical topology: software and how network is controlled.
Operating system control how users and programs get access to resources on network using:
a. Peer-to-Peer Network ModelWithout centralized control, computers are nodes/ hosts on network and form logical group of computers that let users share resources.Administration, resources and security on a computer is controlled by that computer.Examples: Windows 7, Windows 8.1, Linux, Mac OS X, for mobile devices: iOS, Android and Blackberry
How it works:Each computer has its own local account that works on that computer, each computer has a list of the users and their rights on that PC, windows then allows a user to access local resources. Using a homegroup, each computer shares files, folders, libraries and printers with other computer in that homegroup. The homegroup limits how sharing can be controlled for individual users.
Less than 15 computers it is a good method, simple to configure, less expensive. BUT they are not scalable, not very secure
b. Client-Server Network ModelManaged by NOS (Network Operating System) via centralized directory database. Windows server controls network access to a group of computers called domain. Centralized directory database with user account info and security is Active Directory (AD). Each user has own domain-level account called global account/global username/network ID, assigned by network administrator and stored in AD, process managed by Active Directory Domain Services (AD DS).Example: Windows Server 2012 R2, Ubuntu Server, Red Hat Linux.
- Managing data and other resources for many clients- Ensuring that only authorized users access the network- Controlling which types of files a user can open and read- Restricting when and from where users can access the network. - Dictating which rules computers will use to communicate
Servers with NOS require more memory, processing power and storage
Advantages:
- User accounts and passwords are assigned in one place- Access to share resources centrally granted to users- Problems are monitored, diagnosed and fixed in one location- Easily scalable.
3. Networking Hardware and Physical Topologiesa. LANs and their Hardware
Small space, office or building. A switch receives incoming data from one of its ports and redirects it to another port that sends the data to its destination.Uses star topology, switch is central device. .Onboard network port is embedded in motherboard, plug network cable into itNIC (Network Interface Card) or network adapter, installed in an expansion slot on motherboard, type of port. Backbone is central conduit that connects the segments of a network. Use higher transmission speed and different cabling, bus topology, from where each switch is connected to its computers with star topology. Combination of topologies are hybrid topology. Ring topology: one node is connected to its neighbouring nodes. Router: used to connect LAN with other networks. Device that manages traffic between 2 or more networks, finds the best path for traffic. Stands between LAN and internet. Difference between switch and router: switch belongs only to its local network, ‘n router belongs to 2 or more networks.Host: a computer on a network that hosts a resource or application or data.Node: computer or device on net work that can be addressed on the local network.
b. MANs and WANsGroup of LANs = MAN (Metropolitan Area Network) CAN (Campus Area Network), same geographical area.Wide geographical area = WAN
4. The Seven-Layer ModelOSI model developed to categorise layers of communication
All People Seem To Need Data Processing
a. Layer 7: Application LayerInterface between 2 applications. HTTP, SMTP, POP3, IMAP4, FTP, Telnet and RDPApplication programs provide service to user (like a browser)Utility program that provide service to the system, SNMP
b. Layer 6: Presentation LayerReforming, compressing encrypting data so that the application on the receiving end can read it. An email are encrypted on this layer by email client or operating system.
c. Layer 5: Session LayerHow data between applications is synced and recovered if messages don’t arrive intact. Skype application works with OS, establish and maintain a session between 2 end points for as long as conversion lasts.
d. Layer 4: Transport LayerTransporting application layer payloads from one application to another.
- TCP guarantees delivery: makes connection with end user, check if data is received, resends if not. Connection-oriented protocol. Used by web browsers.
- UDP: No guarantees, used for broadcasting, connectionless protocol, best-effort protocol.
Protocols adds control info at beginning of payload called a header, called encapsulation. Transport layers header addressed receiving application by a number called port number. If message is too large, TCP divides it into smaller messages called segments, UDP called datagram.
e. Layer 3: Network LayerAlso called internet layer. Moving messages from one node to another, until they reached destination node.
IP protocol used – adds its own network layer header to the segment or datagram. Network layer message is now called a packet. The network layer header identifies the sending and receiving hosts by their IP addresses.IP address is an address assigned to each node on a network, uniquely identify them on the network. Routing protocols to find best route for packet: ICMP (Internet Control Message Protocol) and ARP (Address Resolution Protocol)Fragmentation: when the network layer divides packets into smaller packets
f. Layer 2: Data Link LayerLayers 1 and 2 interface with physical hardware on local network. Protocols on these layers are programmed into the firmware of a computer’s NIC and other networking hardware. Type of hardware used on a network determines the Data Link layer – or Link Layer – protocol that will be used. Examples are Ethernet and Wi-FiLink layer puts its own control information in a link layer headers and attaches control information at end called trailer. Entire link layer message is now called a frame. The frame header contains hardware addresses of the source and destination NIC’s . called MAC (Media Access Control) address, physical address, hardware address or Data Link layer address.
g. Layer 1: Physical LayerSimplest layer and only sends bits via a wired or wireless transmission. Only layers that deals with wireless or wired transmission is link layer and physical layer
h. Protocol Data Unit (PDU):Group of bits as it moves from one layer to the next and from one LAN to the next. A message or transmission
i. Summary of how layers work tighter
5. Staying Safe when working with Networks and Computersa. Emergency Procedures
Know emergency procedures, exitsFire suppression systems – emergency alarm system, portable fire extinguishers, emergency power-off switch, suppression agent. Fail open or Fail CloseMaterial Safety Data Sheet
b. HVAC SystemsPlenums or raised floors. Provide for network cabling, server rooms hotter
c. Protecting Against Static ElectricityStatic electricity (or ESD Electrostatic Discharge) is an electrical charge at rest, 10 volt can damage a component. Components grounded inside computer caseNIC can be damaged by static electricity. Catastrophic failure destroys beyond use, upset failure shorten the life of component and cause intermittent errors. Wear ESD strap around waist that clips onto the chassis of the computer case, it eliminates any ESD
d. Installation safety.Lifting heavy equipment. Rack installations .
e. Electrical and Tool Safety in Data CentresPPE , right tool for right job, trip hazards.
6. Troubleshooting Network Problemsa. Identify the problem and its symptomsb. Establish a theory of probable causec. Test your theory to determine the caused. Establish a plan for solving the probleme. Implement the solution or escalate the problemf. Verify functionality and implement preventive measuresg. Document findings, actions and outcomes.
Chapter 2 How Computers Find Each Other on Networks1. Overview of Addressing on Networks
- Application layer: Every host on a network is assigned a Fully Qualified Host Name/ fully qualified domain name (FQDN): www.damain.com. domain.com is domain name. .com: top-level domain (TLD)www is host name identify individual computer running on network. www is assigned to computer running a Web server
- Transport layer port number:Port number used by transport layer to find an application, web server application is usually configured to listen for incoming request on port 80.
- Network layer IP addressIP address assigned to every interface. IP addresses used to find nodes on other computers IPv4 : 32bits, four decimal numbers called octets: 12.123.12.123 IPv6 : 128 bits written as 8 hexadecimal numbers: 2001:0DB8: x8.
- Data Link layer:MAC address, physical address, embedded on NIC unique to that NIC. Nodes on a LAN use MAC address to find each other.
MAC AddressMAC address is stamped on the NIC card. Hexadecimal number, 48bits long, separated by colon. First 24 bits (00:60:8C) is OUI (Organizationally Unique Identifier) or block ID/ company ID, identifies NIC’s manufacturer, is assigned by Institute of Electrical and Electronics Engineers. Last 24 bits of MAC address is extension identifier or device ID, identifies the device.
2. How Host Names and Domain Names Work- Domain names must be registered with internet naming authority ICANN.
Ex: .gov, .edu, .org. This is the TLD (Top Level Domain part of the internet address)- Name resolution: process of discovering the IP address of a host when you know its
fully qualified domain name.a. DNS Domain Name System
Application layer client-server system Namespace: DNS namespace is entire collection of computer names and their
associated IP addresses stored in database on DNS name servers Name servers: DNS name servers hold these databases, organised
hierarchical. Resolvers: a DNS client that requests information from DNS name servers.
i. How name serves are organized.
ii. Recursive and iterative queries:Recursive query demands a resolution or the answer “it can’t be found”Iterative query does not demand a resolution.
iii. DNS Zone and Zone transfersDistributed database model, fail-safeDNS zoneZone transfer
iv. DNS server softwareBIND (Berkeley Internet Name Domain)
v. How a namespace Database is organized. An A record (address) stores the name-to-address mapping for host.
IPv4 addresses. AAAA (Quad-A record) holds name-to-address mapping for IPv6
addresses. CNAME(Canonical Name) holds alternative names for host. PTR(Pointer record) reverse lookup. Provide host name when you
know IP Address MX (Mail Exchanger) record identifies mail server, used for email
traffic.
Time to Live field: how long a record should be saved in cache, included in zone transfer. Depends on how volatile(how often IP address will change)
vi. DDNS (Dynamic DNS)To maintain a web server and web site without leasing static IP address. Can sign up with Dynamic DNS provider. dynDNS.org or TZO.com
3. How Ports and Sockets workPort numbers make sure data is transmitted to correct application on computer. 0 – 65535 Well-known ports: 0-1023 assigned by IANA to well-known protocols like Telnet, FTP,
HTTP. Registered ports: 1024 – 49151 network users and non-standard processes. Dynamic and private ports: 49152 – 65535 assigned when need arise.
Well-known ports: SNMP (Simple Network Management Protocol) monitor and manage network traffic TFTP (Trivial File Transfer Protocol) computers use it as they are booting up to request
configuration files from another computer on the local network. NTP(network Time Protocol) synchronize clocks on a network SMB(Server Message Block) earlier windows for file sharing. SIP(Session Initiation Protocol) make initial connection between hosts for multimedia
data transfer. H.323 connection between hosts prior to communicating MGCP (Media Gateway Control Protocol NetBIOS over TCP/IP old application to work on TCP/IP
Socket consist of a host’s IP address and the port number
4. How IP addresses are formatted and assigned
a. How IPv4 Addresses are formatted and Assigned4 groups of 8 bits each, 11111111.11111111.11111111.11111111 = 255.255.255.255
Class D: 1st octet = 224 – 239 used for multicasting, like video conferencing.Class E: 1st octet = 240 – 254 reserved for research.Address starting with 127 reserved for loopback and research addresses.Reserved IP addresses:255.255.255.255: Broadcast messages by TP/IP background processes, read by every node0.0.0.0: Not assigned127.0.0.1: Own computer, loopback address.
i. How a DHCP Server Assigns IP AddressesComputer connects to network, unable to lease IPv4 address from DHCP server, uses APIPA (Automatic Private IP Addressing), range from 169.254.0.1 to 169.254.255.254
ii. Public and private IP Addresses: Class A, B, C public IP Addresses. To save public IP addresses, company can use private IP addresses on its private networks, not allowed on internet. IEEE recommend these:
10.0.0.0 to 10.255.255.255172.16.0.0 to 172.31.255.255192.168.0.0 to 192.168.255.255
iii. Address Translation, NAT and PATGateway: stands between network and private network. Uses gateway IP address for incoming packets, only need one public IP address, hides private network behind one address.Gateway translate where packet must go to , called address translation.PAT assigns separate TCP port number to each ongoing conversation/session between local host and Internet host. When internet host sends message back, PAT decides which local host is recipient.
NAT is a feature of a router that translates IP addresses. A packet comes in, is rewritten to forward it to the host that is not the IP destination.
Router keeps track of this translation, when host sends replay, it translate back the other way. 2 variations of NAT
SNAT Static Network Address Translation: gateway assigns same IP address to host each time it makes a request to access the internet, used on home networks with single public IP address provided by ISP
DNATDynamic Network Address Translation: gateway has pool of IP addresses that is free to assign to a local host when needed.
b. How IPv6 Addresses are formatted and assigned128bits written as 8 blocks in hexadecimal, each block is 16 bits. Link: local link, any LAN bounded by routers, interface is nodes attachment to the link. Physical attachment with wire or wireless connection. Tunneling is method used by IPv6 to transport IPv6 packets through or over IPv4 network.Last 64 bits/4 blocks are interface IDNeighbors are 2 or more nodes on same link.
Types of IP addresses: Unicast address: single node on network
Global address: can be routed on the internet, similar to public IPv4 addresses.
Link local addresses: used to communicate with nodes in the same link.
Multicast address: packets are delivered to all nodes in the targeted, multicast group.
Anycast address: identify multiple destinations, packets delivered to closest destination
%12 is called Zone ID or scope ID, identify the link the computer belongs to
IPv6 Auto configuration
Tunneling
Network configured to use both IPv4 and IPv6protocols, it is dual stacked. Where dual stacking is not used, tunneling is used, like with Internet.
3 protocols for tunneling:
6to4: most common protocol. IPv6 addresses indented to use this protocol always start with same 16bit prefix: 2002::/16. Next 32bits are sending host’s IPv4 address.
ISATAP: Intra-Site Automatic Tunnel Addressing Protocol, works on single organizations intranet.
Teredo:IPv6 addresses intended to use this protocol starts with 2001, written as 2001::/32
5. Tool for troubleshooting IP Address Problemsa. Ping
Verify TCP/IP is installed, bound to NIC, configured correctly and communicating with the network. Sends echo request to computer, computer responds with echo reply.First tool used to test basic connectivity.
ping6 on Linux computers verify if IPv6 host is availableping-6 on windows computers verify if IPv6 host is available.
b. ipconfigIP Configuration information, which local area connections are available on your computer, which ones are connected, located your connection’s IPv4 or IPv6 address, subnet mask and default gateway.ipconfig/all gives more detailed information
c. ifconfigview and manage TCP/IP settings
d. nslookupName Space Lookup: query DNS database and find host name of a device. Used to verify if host is configured correctlyInteractive mode: type nslookup, dos screen prompts for entryNon-interactive mode: type nslookup plus IP address or domain name.
Chapter 3: How Data Is Transported Over Networks
1. TCP/IP Core Protocols
a. TCP (Transmission Control Protocol)Transport layer3 characteristics of TCP is managed by posting data to fields in the TCP header at the beginning of a TCP segment:
Connection-oriented protocol: use three-way handshake to establish TCP connection before starting to submit data.
Sequencing and checksums: TCP sends character string called checksum, the TCP on destination host generates similar string, if 2 checksums don’t match, destination host request re-transmittal. TCP also attach sequence number to each segment, if necessary segments can be re-ordered at destination.
Flow control: process of evaluating right rate of transmission based on how quickly the recipient can accept it
Fields in a TCP Segment:
Source port: 16 Bits: port number of source node. Port identifies application on a host, port number allows application to be available for incoming or outgoing data.
Destination port: 16 Bits: port number at destination node Sequence number : 32bits: segments position in stream of data Acknowledgment number (ACK): 32bits: confirms receipt of data via return message TCP header length: 4bits: indicate length of header in bytes, min 20bytes, max
60bytes . also called data offset field: indicate beginning of segment until start of data carried by next segment.
Reserved: 6bits: field reserved for later used Flags:6bits: collection of 6 1bit fields/flags to signal special conditions.
URG: Urgent. Set to 1 segment contains information for receiver later in segment.
ACK: Acknowledge: set to 1 segment contain information earlier in segment for receiver.
PSH: set to 1 indicate should be sent to an application without buffering RST: set to 1 sender is requesting connection be reset SYN: set to 1, sender requests sequence numbers between nodes should be
synchronized. FIN: set to 1 on last segments, close connection after
Sliding window size: 16 Bits: how many bytes can be issued to receiver while acknowledgment for that segment is outstanding. Perform flow control, prevent receiver’s buffer from being overloaded with bytes.
Checksum: 16Bits: allow receiving node to determine if segment became corrupt during transmission
Urgent Pointer: 16Bits: location where urgent data resides. Options: 0-32 bits: special options, like max segment size the network can handle. Padding: Variable: filler information to ensure size of segment is multiples of 32 bits Data: variable: data sent to source host. Encapsulated by header. Size depends on
how much data needs to be transmitted, constraints on TCP segment size (determined by network type) and limitations the segment must fit within an IP packet at next layer.
b. UDP (User Datagram Protocol)No error checking or sequencing, useful for big volume of data to transmit quickly, live audio or video. Efficient to carry message that fit in one data packet.
c. IP (Internet Protocol)Network layerHow and where data should be delivered, including data’s source and destination addresses. IP is the protocol that enables TCP/IP to internetwork: to traverse more than one LAN segment and more than one type of network through a router. In Network layer data packaged into packets, IP packets acts as an envelope for data and contain information needed by routers to transfer data between LANS.IP is unreliable, connectionless, can be used reliably, only it does not guarantee delivery of data, connection is not first established before data is transmitted.
IPv4 Packets
Version: 4Bits: version of protocol, 4 or 6, looks at this field first, if it can’t read incoming data, rejects the packet.
Internet Header length (IHL): 4Bits: length of TCP header, min of 20bytes, max of 60 bytes, groups of 20bytes increments.
Differentiated services (DiffServ): 8Bits: inform the router the level of precedence to apply when processing incoming packet.
Total Length: 16Bits: total length of IP packet, including header and data, max 65 535 bytes.
Identification: 16Bits: Identifies messages to which a packet belongs and enables the receiving host to reassemble fragmented messages.
Flags: 3Bits: indicate if message is fragmented. If it is, is it the last fragment. Fragment offset: 13Bits: Identifies where the packet fragment belongs in the incoming
set of fragments. Time To Live (TTL): 8Bits: maximum duration packet can remain on network before it
is discarded. Set to 32 or 64, each time packet passes a router, TTL is reduced by 1. L When router receives a packet with TTL = 0, rejects the packet and sends ICMP TTL expired message back to source.
Protocol: 8 Bits: Identify type of protocol that will receive packet Header Checksum: 16Bits: receiving host calculate if IP header has been corrupted
during transmission, if message’s checksum does not match calculated checksum when packet is received, packet is assumed to be corrupt and is discarded.
Source IP address: 32Bits: IP address of source host Destination IP address: 32Bits: IP address of destination host. Options: Variable: optional routing and timing information Padding: Variable: filler bits to ensure header is multiples of 32 bits. Data: variable: data sent by source host + TCP or UDP header in transport layer, data is
encapsulated by header.
IPv6 Packets
Version: 4Bits: version the packet uses Traffic class: 8 bits: Identifies the packet’s priority, similar to DiffServ. Flow Label: 20bits: Indicate if packets belong to the same flow, routers use it to
ensure packets from the same flow arrive together. Help with traffic prioritization. Payload Length: 16bits: Size of payload carried by the packet. Next header: 8 Bits: identifies the type of header that follow the IP packet header Hop Limit: 8 bits: number of times a packet can be forwarded by routers Source address: 128 bits: IP address of transmitting host. Destination address: 128bits: IP address of receiving host. Data: Variable: data sent by source, plus TCP or UPD header in transport layer.
d. ICMP (Internet Control Message Protocol)Network layerReports success or failure of data delivery. Indicate when part of network is congested, when data fails to reach destination, when data was discarded due to TTL. ICMP announce these transmission failures to sender. To correct the errors, higher protocol is used, like TCP.
e. IGMP (Internet Group Management Protocol) On Ipv4 NetworksNetwork LayerManage multicasting, used for teleconferencing. IGMP determine which nodes belong to a multicast and sends data to all the nodes in that group.
f. ARP (Address Resolution Protocol) On Ipv4 NetworksData Link Layer – layer 2Work with IPv4 to find MAC (physical) address of host or node on local network. Uses IP in layer 3, work only within its local network bound by routers. Relies on broadcasting which transmits to all nodes on network segment.Ex.: a node wants to know a MAC address of another node on the same network, broadcast message to network using ARP that asks the computer with IP address to send its MAC address. Database of IP-to-MAC address mappings galled ARP table or ARP cache, kept on computer harddrive.
Dynamic ARP table entries: created when client makes an ARP request and the result is not in existing ARP table.
Static ARP table entries: are entered by someone using ARP utility arp command: display, modify, diagnose and repair problems on ARP tablesarp –a display a cache entry for a specific IP address
2. Routers And How They WorkRouter joins 2 or more network, passing packets to another, determine next network packet should be forwarded to. Router has: 1. Internal processor. 2. Operating system. 3. Memory . 4. Input and output jacks. 5. Management console interface. Router can:
Connect dissimilar networks. LAN to WAN uses different protocols. Interpret layer 3 and sometimes layer 4 addressing Determine best path for data to follow, most efficient route Reroute traffic if first path is down or congested Filter broadcasting transmissions to alleviate network congestion Prevent certain types of traffic from entering network, enable customized
segregation and security Support local and remote connection Provide fault tolerance through redundant components like power supplies
and network interfaces Monitor network traffic and report statistics Diagnose internal and other connectivity problems and trigger alarms.
Routers are categorized according to scope of network they serve: Interior routers: networks of same autonomous system (AS: group of networks,
mostly in same domain, operated by same organization) Border Routers: (gateway routers): connect AS with outside network Exterior routers: direct data between AS’s. routers operating on internet
backbone.
a. Multilayer SwitchesLayer 3 switch: interpret layer 3 data, work on large LAN’s, much like routerLayer 4 switch: (content switch or application switch) layer 4 data. Operate between layer 4 and 7
b. Routing TablesDatabase that maintain information about where hosts are located and best way to reach them. Router relies on routing table to figure out best paths. It contains IP address and network masks
c. Static Or Dynamic RoutingStatic: Network administrator configure routing table. Best to setup static route between small business and its ISPDynamic routing: automatically calculates best path, accumulate the info. When there is an error, it can re-direct.
Gateway of last resort: the router that accepts all unroutable message from other routers. Statically added to routing table as default route (a backup route when no other route can be determined) if router cannot determine the destination. Continue using default route until hop limit has been reached and message can be re-sent, or until path to destination has been determined. Default gateway is a router or layer 3 switch where messages are sent when the destination is not on the hosts local network.
d. The Route Utilityroute command: LINUX: route; windows: route print. Cisco: show ip route. View the routing table (database)
e. Routing MetricsRouters use properties of the route, routing metrics, to determine the best path
Hop count Theoretical bandwidth and actual throughput of path Latency (delay) Load (traffic) of processing MTU (maximum transmission unit) or largest IP packet size in bytes allowed
by routers, without fragmentation and excluding frame size on local network.
Routing cost: value assigned to route by network administrator. More desirable paths = less cost
Reliability of path, based on historical performance. Topology of network.
f. Routing ProtocolsUsed by routers to communicate. Methods to judge routing protocols:
AD (Administrative distance): each routing protocol is assigned a default AD, number indicate protocols reliability. Lower value = higher priority.
Convergence time : time it takes to see best path Overhead: burden placed on network to support protocol.
g. Interior And Exterior Gateway Routing Protocols IGP (Interior gateway protocols): routing protocols used by interior and
border routers in AS. Grouped according to the algorithms they use to calculate the best path:
o Distance-vector routing protocols: best path based on distance, can used number of hops, latency and network traffic. Routers relying on distance-vector protocols must accept data from neighbors, cannot independently asses network conditions 2 or more hops away.
o Link-state routing protocols: enable routers to communicate beyond neighboring routers. Each router can independently map the network. Adapt quickly to changes in network, complex to configure and troubleshoot.
EGP (exterior gateway protocols): border and exterior routers. BGP is a EGP, only routing protocol that communicates across internet.
All routing protocols has own way of calculating best route, their information can be shared among routers, done through manual process called route distribution.
RIP (routing information protocol)Distance-vector protocol. Oldest protocol , only count hops, does not consider network congestion, link speed.Routers using RIP broadcast their routing tables every 30 seconds, regardless of changes. Create unnecessary traffic, convergence time for RIP is poor.Is stable, prevent routing loops by limiting number of hops to 15.
RIPv2Can handle more than 15hops, more secure.
OSPF (Open Shortest Path First): interior and border router. No hop limits. , use complex algorithm to determine best path. Optimal conditions best path is most direct path, in case of traffic, best path is most efficient path.
IS-IS (Intermediate System to intermediate system): interior systems only. BGP: cross-country. Path-vector routing protocol. Speed up routing by grouping
networks together based on IP routing prefix and common network administrator (ISP), can be identified by ASN (Autonomous System Number) = work similar to IP addresses, identify individual nodes on computer.
3. Troubleshooting Router Issuesa. Troubleshooting Tools
- netstat: displays TCP/IP statistics and details about TCP/IP components and connections to host, show port TCP/IP is running from
- nbtstat: NetBIOS - nbstat –A to get NetBIOS name of MAC address.
- tracert: Windows: uses ICMP echo to trace path from one network node to another, show hops in between
- traceroute: Linux, Unix, OS X same concept but sends UDP message to random port on destination node
- pathping: windows: ping and tracert combined. Provide deeper info about network issues along a path.
b. Solving Common Routing Problems- Interface error: when logical connection between node and network is not
working. Use ping to narrow down where. netstat gives list of interfaces on device.
- Hardware failure: when router, switch, NIC is down. tracert or traceroute to track down malfunctioning device.
- Discovering neighboring devices: router learn about devices on their network through process neighbor discovery. Use arp command to diagnose and repair ARP tables
- Path MTU black hole: if router receive a message that exceeds the next segment’s MTU, the router must respond with an ICMP error message to the sender. If something goes wrong with this response, it results in MTU black hole, so message are lost for no apparent reason., use ping to determine the size of messages
- Missing IP routes: when statically routed IP routes gets lost, use netstat –r command to display routing tables contents.
Chapter 4: Structured Cabling And Networking Elements
1. Network Equipment In Commercial BuildingsTIA (Telecommunications Industry Association) = cabling standard, former parent company EIA (Electronic Industries Alliance). TIA/EIA-568 Commercial Building Wiring Standard, structured cabling
a. Components of Structured Cabling
- Entrance facility: location where incoming network interface enters building and connects with buildings backbone cabling, include demarc, entry through wall to access demarc, space surrounding this point, service providers equipment like cabling and protective boxes.
- MDF (Main Distribution Frame): Main cross connection, first point of interconnection between organizations LAN or WAN and ISP facility. Organisations main servers. This room is called data closet.
- IDF (Intermediate Distribution Frame) junction point between MDF and end user equipment. TIA/EIA standard specifies at least one IDF per floor
- Horizontal wiring: connects workstation to closest data closet, max 100m: 90m from data jack on wall to data closet plus 10 from workstation to data jack. .
- Backbone wiring: cables or wireless links that provide interconnection between entrance facility and MDF’s, and MDF’s and IDF’s. component of backbone is vertical cross connect runs between building floors
- Work area: all cables and horizontal wiring that connects NIC’s in workstations, printers and other network devices to data closet. A patch cable is a short cable (3 to 25 feet) with connectors on both ends. Each wall jack must have at least one voice and one data outlet
b. Cable Management- Termination: when terminating twisted-pair cabling, don’t’ leave more than
1inch of stripped cable, it increases cross-talk.- Bend radius: each cable has prescribed bend radius, radius of maximum arc.
Twisted pair cable’s bend radius => 4times the diameter of the cable.- Verify continuity: use cable tester to verify each segment of cable transmits
data reliably.- Cinch cable loosely: don’t cinch cables too tightly- Protect cables: don’t lay cables on floor- Avoid EMI (electromagnetic interference) by installing cables at least 3 feet
away from fluorescent lights.- Plenum cabling: cables in plenum must have sheath that is plenum rated, it is
coated with flame resistant jacket- Grounding: follow cable grounding requirements- Slack in cable runs: leave some slack in cable runs.- Cable trays: use cable trays but don’t overfill. - Patch panels: to organise and connect lines- Company standards and stock: - Documentation:
Keep cable plant documentation centrally available Update documentation after changes Label data jacks and ports Use color coded cables for different purposes.
c. Device ManagementLabelling and naming conventions. Suppression
d. Rack SystemsTwo-post rack and four-post rackRacks are measured in rack units (RU or U) industry standard is 42U tall – 6 feetHalf-racks: 18U – 22U tall. Airflow – hot air rising
e. NAS (Network Attached Storage)Fault tolerance: technique that allow data storage or other operations to continue in the event of failure or fault of components. NAS is form of fault tolerance. Provide specialised storage/ group of storage devices that provides centralized fault-tolerant data storage for a network. Like server dedicated to data sharing. Contains its own file system optimised for file saving and serving. Reads and writes faster from its disk. Can be expanded without interrupting service, physically install new hard drive without shutting down. Cannot communicate directly to clients on network, go through file server, it communicates with NAS device.ISP use NAS to host customer web pages. Organizations that use mix of Operating systems.
f. SANs (Storage Area Networks)Large enterprises might prefer SAN. Multiple storage devices are connected to multiple identical servers, mesh topology. SAN communicate directly with devices and with each other. Extremely fault tolerance and extremely fast. Can be installed separate from LAN it serves. Use 2 types of Transport layer protocols:
- Fiber Channel (FC) Transport layer protocol used on fiber-optic media instead of TCP or UDP. Fiber Channel connects devices within SAN and also connects SAN to other networks. Over 5Gbps throughput. Using fibre channel and not Ethernet, it is not limited to the client-server network speed for which it provides storage. Expensive and requires expensive training for IT personnel to support it.
- iSCSI (internet SCSI) (i-scuzzy). Transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs and internet. Can work on twisted pair Ethernet network with ordinary Ethernet NICs. are not expensive, can run on existing Ethernet LAN by installing the iSCSI software (iSCSI initiator)
2. Managing Power Sources And The EnvironmentManaging power sources to account for outages and fluctuations.
a. Power ManagementBlackout(complete out) or brownout (dimming)
Power Flaws:- Surge: momentary increase in voltage du to lighting strikes, solar flares,
electrical problems. Plug computer into a surge protector, it redirects excess voltage away
from device to a ground- Noise: fluctuation in voltage levels cause by other devices on network or EMI.
Pass circuit through electrical filter to make clean from noise.- Brownout: momentary decrease in voltage, sag. Overloaded system causes it.- Blackout: complete power loss:
Install backup power source, UPS, to provide power long enough to shut off. (Uninterrupted power supply)
UPS (Uninterrupted power supply)Battery operated power source, attached to computer and power supply (wall outlet): prevents fluctuations from wall outlet’s AC power Standby UPS: gives power to device, switch on when power cuts off (Offline UPS)Online UPS: use power from wall outlet to charge battery and device is relies on power from UPS.
UPS vary in amount of power needed/supplied, period of time to keep device running, line conditioning it provides (surge suppression), cost.
Generators
b. Monitoring the Environment and SecurityProtect data rooms from moist, overheating. Lock doors.
3. NIC And Etherneta. Characteristics of NICs (Network Interface Card)
Network adapter or network card. Has transceiver that transmits and receives data signals over the network. Interpret physical addressing info to deliver data to correct destination. Determine which nodes has rights to transmit data over network.Perform prioritization, network management, buffering, traffic filtering.Do not analyse information added by protocols in layer 3 and 7.Types depend on:
- Connection type (Ethernet or Wi-Fi)- Max network transmission speed- Connector interface (RJ45 or SC)- Number of ports- Manufacturer- Support for enhance features PoE+, buffering, traffic management- Method of interfacing with motherboard.
Can be integrated into motherboard or older types expansion slot on motherboard
Or it can be installed as peripheral device.
Installing NIC:
- Installed hardware, then software (device driver/ driver)- Install a peripheral NIC: insert device in correct port, make sure firmly
inserted, should not wiggle. OS autodetect the device and install drivers. - Install an expansion card NIC: - Install multpiple NIC’s
b. Simplex, Half-Duplex and DuplexChange settings on NIC to comply with network transmission settings
- Full duplex, duplex: signals free to travel in both directions at same time. Telephone.
- Half-duplex: can travel in both directions but not same time
- Simplex: one direction.
On windows use device manager to set this, Linux or unix, the ethtool utility.
c. Ethernet FramesEther net is layer 2 standard (data link layer) that is flexible, running on variety of network media, excellent throughput, reasonable cost. Most popular network technology used on LANsEthernet II is current Ethernet standard, developed by DEC, Intel and Xerox
Legacy networking:IEEE release first Ethernet standard in 1980, called IEEE802.3 CSMA/CD, unofficially called Ethernet. CSMA/CD frame used different layout than Ethernet ll frame used today, was called 802.3 frame. Frame today called DIX frame. CSMA/CD networks used hub at physical layer. Hubs repeat signals to all nodes like a broadcast, collision happened. All nodes connected to the hub competed for access to the network. The MAC (Media Access Control) method used by the nodes for arbitration on the network is CSMA/CD (Carrier Sense Multiple Access with Collision Detection) carrier sense = refer to ethernet NIC listening and waiting until there is a gap from nodes transmitting data. Multiple access = several nodes accessing the same media. Collision detection = what happens when 2 nodes attempt a transmission at the same time. After a collision, each node waits a random amount of time and resent their transmission. Collision domain is portion of the network in which collisions could occur.
4. Troubleshooting Network Devicesa. Look at the NIC itself, normally there is a LED light that will act to a situation, the
documentation of the manufacturer or your NIC card will tell you how to interpret the light. Normally green is working, flickering yellow/orange is data being received.
b. Test the NIC or cable with a loopback plug, or loopback adapter, it plush into a port like a RJ-45 and crosses the transmit line with the receive line to test the port or cable for connectivity
c. Update the driversd. Use the configuration utility provided by the NIC’s manufacturer: It will test the NIC’s
physical components and connectivity.e. Check the CIP/IP configuration for the NIC’s interface and access to the network: Ping
the loopback address 127.0.0.1 for IPv4 and ::1 for IPv6.
Building and Maintaining Network Documentation
Chapter 5 Network Cabling
1. Transmission Basics:a.Analog Signalling.
Digital signals is electrical current, pressure measure in volts, travel over copper cabling as electrical current, fibre optic cable as light pulses, through atmosphere as electromagnetic waves. Analog also generated as voltage, but varies in strength: Amplitude, frequency, wavelength and phase.
Amplitude: measure the waves strength Frequency is number of times wave’s amplitude cycles, measured in cycles per second, Hertz (Hz)
b. Digital signal – 0’s and 1’s, electrical pulses, on and off.
c. Data ModulationIt is a technology used to modify analog signals to make them suitable for carrying data over a communication path. A simple wave, called carrier wave, is combined with another analog signal (the data wave) to get a unique signal that gets transmitted from one node to the next. The carrier wave as pre-set properties (frequency, amplitude, and phase) and is only to help carry information. The data or information wave is added to the carrier wave. When the signal reaches its destination, the receiver separates the data from the carrier wave. A modem does the translation of the analog to digital (modulator/demodulator) and back to analog at the receiving end.
i. Simplex, half duplex and duplexSimplex: microphone, travel one directionHalf duplex: can travel both ways, one way at a time, walky talky or intercomDuplex: telephone.
d. Baseband and broadband
Baseband: transmissions that are carried on single channel, no other transmission shares the media. Eg.: ethernet.
Broadband: technology where multiple transmissions share single media. Cable TV, cable Internet where they share the same coaxial cable, uses multiplexing to manage multiple signals.
- Multiplexing: Multiple signals travelling simultaneously over one medium, the mediums channel is
separated into multiple smaller channels, sub channels. Get different types of multiplexing, dependant on what the media, transmission and reception can handle. For multiplexing you need a multiplexer (mux) at the transmission end of the channel, it is a device that combines many signals. On the receiving end you need a demultiplexer (demux) that separates the combined signals.
TDM (Time Division Multiplexing): divide a channel into multiple intervals of time, assigns time slots to every node. If the channel does not have data to send, it wastes time.
Statistical multiplexing: assigning slots to nodes according to priority or need. If a node does not use its time slot, statistical multiplexing devise recognize that and assign its slot to another node
FDM(Frequency division multiplexing): assigns a unique frequency band to each communications sub channel. Signals are modulated with different carrier frequencies, then multiplexed to simultaneously travel over a single channel and demultiplexed when brought into a home.
WDM (Wavelength division multiplexing) is used in fiber optic cable, it enables one fiber optic connection to carry multiple light signals simultaneously . First WDM divide a beam of light up into (up to) 40 different carrier waves, each with a different wavelength(and colour).
o DWDM (Dense wavelength division multiplexing) carry between 80 and 160 channels.
o CWDM(Coarse Wavelength division multiplexing) defined by wavelength and not frequency. Was developed by DWDM to try lower cost of transceiver equipment, channels are spaced more widely apart. Uses 8 or less channels of fiber, limits the distance because signal is not amplified.
Throughput and bandwidthThroughput (capacity) is the measure of how much data is transmitted during a certain period, measure in bits.Bandwidth is the difference between the highest and lowest frequencies that a medium can transmit.
Relationships between nodesOnly one receiver and one transmitter: point-to-pointMultiple receivers and one transmitter: point-to-multipoint. 2 types:
1. Broadcast: one transmitter and multiple undefined receivers. Like radio. 2. Non-Broadcast: one transmitter and multiple defined receivers. Like sending
something to a specific group at work.
2. Coaxial cable
RG specifications (Radio Guide) measure materials used for shielding and conducting cores, which influence on transmission characters, impedance (resistance that contributes to controlling the signal, in ohms) attenuation and throughput.Every type of coax is suited for different purpose. Size of conducting core in coaxial cable is American Wire Gauge(AWG) size. Larger AWG size, smaller core
RG-6 and RG59 is 2 coaxial cable types most commonly used in networks today. Can terminate with 2 types of connectors:
- F-type: The pin in the centre of the connector is the conducting core of the cable so requires the cable to have solid metal core. Attached to cable by crimping or compression, then threaded and screwed together like nut and bolt assembly. Male type F-type connector(in picture), attaches to the female F-type.
- BNC connector connects to another BNC connector with turning and locking mechanism. Does not use the central conducting core of the cable as part of this connection, provide own conducting pin. Found mostly with RG-59
3. Twisted-Pair Cable
Color-coded pairs of insulated copper wires with diameter of 0.4 to 0.8. Every 2 wires are twisted around each other to form pairs. All pairs are encased in plastic sheath. More twists per foot = more resistance to cross talk. Higher quality , more expensive has more twists. Too high twist ratio increases attenuation, so has to get a good balance. Can contain 1 to 4200 wire pairs. Modern networks use cables that contain 4 wire pairs, 1 dedicated to sending and one to receiving data.TIA/EIA 568 standard divides twisted pair wiring into categories: Cat 3, 5, 5e, 6, 6a and 7. Modern LAN uses cat 5e or higher.
a. STP (Shielded Twisted Pair)Twisted pairs are individually insulated and surrounded by shielding of foil which protects against outside electromagnetic forces.
b. UTP (Unshielded Twisted Pair)Insulated wire pairs encased in plastic sheath
i. Cat 3: Form of UTP that contains 4 wire pairs and can carry up to 10 Mbps with bandwidth of 16MHz. Used for 10 Mbps Ethernet or 4 Mbps token ring networks.
ii. Cat 5: form of UTP that contains 4 wire pairs and supports up to 1000Mbps throughput and 100 MHz signal rate.
iii. Cat5e: (Enhanced Cat5): higher grade version of Cat 5. Contains high quality copper, high twist ratio and advance methods to reduce cross talk. Signal rate as high as 350MHz
iv. Cat6: twisted pair cable that contains 4 wire pairs, each wrapped in foil insulation and foil insulation covers the bundle of wire pairs.
v. Cat 6a: (Augmented Cat 6): higher grade version of Cat 6 wiring that reduces attenuation and cross talk and allows for potentially exceeding traditional network segment length limits. Signalling rate of 500MHz, backward compatible with Cat 5, 5e and 6 (replace lower level cabling without requiring connector or equipment changes).
vi. Cat 7: twisted pair cable that contains multiple wire pairs, each surrounded by its own shielding, then packaged in additional shielding beneath the sheath. Can support signal rates up to 1GHz but requires different connectors than other versions of UTP because must be more isolated from each other to ward off cross talk.
vii. Cat 6 and Cat 7 are more similar to shielded twisted pair.
c. Comparing STP and UTP
Characteristic STP UTP
Throughput Both transmit data at 10 Mbps, 100 Mbps, 1 Gbps, 1- Gbps, depends on grade of cabling and transmission method.
cost More expensive generally, more High-grade UTP is expensive
material, requires grounding = expensive installation
Connector RJ-45 RJ-45
Noise immunity More resistant because of shielding
Can undergo filtering and balancing techniques to counteract effects of noise.
Size and scalability
100m max segment length, maximum of 1024 nodes
100m max segment length, maximum of 1024 nodes
Ethernet standards used with twisted pair cabling
Cable pinouts.
2 methods to of inserting twisted pair wires into RJ45 plugs: TIA/EIS568A and TIA/EIA568B.Use same standard on every plug on network
TIA/EIS 568A standard terminations
TIA/EIAB standard terminations
Using the same standard on every plug on the network ensure you create a straight-through cable, or patch cable.
Crossover Cable:Mostly obsolete because modern devices have autosense function to detect the way wires are terminated. Transmit and receive cables are reversed, works with 10 or 100Mbps Ethernet.
Rollover cable:Also called Yost cables or Cisco console cables, mirror image. Ethernet ports allow for network communication, tube of port used to create LANs through router, creates interface with the device itself.
Copper connectors and couplersConnector connects cable to network device, they are specific to a media type, integrate 2 media types through converters – the hardware that enables different media devices to connect. Examples: Coupler: passes data through homogenous connection without modificationUTP coupler connects 2 UDP cables
PoE (Power over Ethernet)802.3af standard, supply electrical power over twisted pair ethernet connections. Require Cat5 or better copper cable2types of devices:
- PSE (Power sourcing equipment): device that supplies the power- PDs (Powered devices): receive power from the PSE.
4. Fibre optic cable Fibre, contains one or several glass or plastic fibers at its centre/core. Data is transmitted is pulsing light sent from a laser or an LED (light emitting diode) through the central fibers. Each strand transmit one direction only, needs 2 strands to be full-duplex. Use zipcord cable: 2 strands combined side by side in conjoined jackets.
Benefits of fiber:- High throughput- High resistance to noise- Excellent security- Carry signals for longer distances before needing a repeater- Industry standard of high-speed networking.
Disadvantage:- More expensive than twisted pair cables- More difficult to fix broken cables in field.
Common Media CharacteristicsTo decide what type of transmission media to use must look at networking needs with characteristics of the media.a. Throughput
Most significant factor in choosing transmission method. Throughput is limited by signalling and multiplexing techniques.
b. Costi. Cost of installation: do it yourself or hire someone. Is there building cost also
involved.ii. New infrastructure vs reusing existing infrastructure will new integrate with
the old.iii. Maintenance and support: do it yourself or hire someone, re-using existing
infrastructure, will it cost more in support to maintain.iv. Lower transmission rate affecting productivity: save money with lower
transmission rate but loose productivity due to it.v. Obsolescence: is the media going to become out of date soon.
c. Noise Immunity: take measure to lower noise interference. Fibre optic cabling less susceptible to noise. Look at where you install cabling, not be close to electromagnetic forces. Choose the type of transmission noise that is protected against noise (cabling over wireless)
d. Size and Scalability: 3 specifications determine the size and scalability: i. maximum nodes per segment: depends on attenuation and latency. Each
node added cause it to increase. ii. maximum segment length: depends on attenuation and latency AND the
segment type. A populated segment is a part of the network that contains end
nodes. Ex a switch connecting users in a classroom. An unpopulated segment or link segment does not contain end nodes, just connects 2 networking devices like routers. After a certain distance, signal loses so much strength it cannot be accurate interpreted.
iii. maximum network length: same principle of data loss applies to maximum network length which is the sum of the segment lengths.
e. SMF (Single-Mode Fibre)Narrow core(less than 10 microns in diameter). Little reflection, low loss of signal, travels far without repeaters. Accommodate high bandwidths and longest distances. High cost. Not for LANs or WANs
f. MMF (multimode Fibre)Large diameter (50 – 115microns in diameter), most common size 62.6microns. many pulses of light
Fiber connections and couplersMMF classified by number of fibersSMF by size and shape of ferrule (the extended tip of a connector that makes contact with the receptacle in the jack or other connector). SMF connectors designed to reduce back reflection (the return of the light signal, measure as optical loss in dB(decibels)). Shapes and polishes used are:
- Physical contact (PC) ferrule is curved - Ultra Polished Connector (UPS) extensive polishing of the tips creates UPC
and increase connection efficiency.- Angle polished connector (APC): latest ferrule technology, uses reflection,
uses polished curved surface and end faces are placed at 8º angle.
Fiber-Optic Converters and modular interfaces:
Regeneration is process where bidirectional converter accepts signal from one part of network then transmits or regenerate to next part of network. Used where fiber and copper based parts exist on a network, or SMF to MMF.Hot-swappable is hardware than can be expanded in futureGBIC (Gigabit interface converter): RJ-45 or fiber optic cable portsSFP(small form-factor pluggable) transceivers is same as GBIC but with more ports
Ethernet standards for Fiber Optic cables
100Base-FX: fiber version of Fast ethernet, baseband transmission, mostly outdated, needs at least 2 strands of multimode fiber.1000Base-LX: more common fiber version of Gigabit Ethernet, long wavelength, used as backbones because of long segments1000Base-SX gigabit Ethernet with short wavelengths, multimode fiber-optic, less expensive than LX. Modal bandwidth is measure of highest frequency of signal a multipmode fiber can support over a specific disctance
IEEE published 802.3ae standard for fiber-optic ethernet, transmitting data at 10Gbps. Used by NSP’s who sell direct access to internet backbone and ISPs
7. Troubleshooting Cable Problemsa. Transmission Flaws
- Noise: influence that degrade or distort a signal. Measured in decibels (dB), can be prevented by having strength of signal exceeding strength of noise or good cable design. EMI: (Electromagnetic interference): waves that originate from electrical devices, one
type is RFI (radio frequency interference) caused by radio waves. Result in incorrect transmission of data.
cross talk when signal travelling on one cable interfere with the signal travelling on adjacent wire. When it occurs between 2 cables it’s called alien cross talk, when it occurs wire pairs near the source of the signal, its known as NEXT (near end cross talk) and could be improper termination. Crosstalk measured at far end of cable: far end cross talk (FEXT).
- Attenuation: loss of signal strength, use amplifier to increase strength of signal, repeater to regenerate digital signal. For analog signals an amplifier is used for this. The signal passes through the amplifier and it increases the voltage of the signalFor digital signals a repeater is used which regenerates the signal.
- Latency: the time it takes for the data to travel over a medium. The delay is latency. Length of cable affects latency. Can measure latency by calculating a packets RTT (Round-trip time), measured in milliseconds.
Common fiber cable problems:- Fiber type mismatch: fiber core mismatch, when connecting SMF to MMF
the cable will prevent transmission from traversing the connection successfully.
- Wavelength mismatch: SMF, MMF and POF (Plastic Optical Fiber) use different wavelengths, mismatch is when transmission is optimized for one type of cable but sent through a different type.
- Dirty connectors: dirty fiber, or dusty, will lose signal.
b. Troubleshooting ToolsTone generator (toner): issue a signal on wire pair, tone locater (probe) emits a tone when it detect electrical activity on a wire pair. Multimeter measure characteristics of electric circuit like resistance, voltage, impedanceCable continuity testers troubleshoots a physical layer problem.
Chapter 6 : Wireless Networking
1. Characteristics of Wireless Transmissiona. The Wireless Spectrum
Wireless signals are carried through air by electromagnetic waves. Wireless spectrum is range of electromagnetic waves used for data and voice communications. On the spectrum waves are arranged by frequency, lowest to highest, between 9 KHz and 300GHz. Each type of wireless service is associated with one area of wireless spectrumAM broadcasting on low frequency: 535 – 1605 KHz Infrared high frequency: 300 - 300 000 GHz Wi-Fi: 2.4 – 5 GHzITU (International Telecommunication Union) United Nation agency that sets standards for international telecommunications like wireless services (frequency allocations, signalling and protocols)No fixed path when signal travels through air.Originate from electrical current traveling along conductor, from transmitter to antenna, it emits the signal as series of electromagnetic waves into air, travels through are until reaches destination. At destination another antenna receives the signal, a receiver converts it back to current
b. AntennasAntennas designed for specific wireless service. Radiation patter is relative strength over a 3-dimentional area of all electromagnetic energy antenna sends or receive. Unidirectional/directional antenna issues wireless signals along single directionPoint-to-point link, satellite downlink (receive digital TV signals)Omnidirectional antenna sends and receive equal strength and clarity signals both directions. Range: geographical area an antenna can reach
c. Signal PropagationLOS (line of sight) ideal: signal travel in straight line
- Reflection: (bounce) wave reflect on obstacle.- Diffraction: signal splits, objects with sharp edges.- Scattering: diffusion or reflection in multiple directions, object with small
dimensions. hail, snow, rain, books computers causes it
Multipath signals: signal follow multiple paths due to reflection, diffraction and scattering. Can help to get signal to destination but can also cause multiple signals to reach destination at different times causing data error. Error-correction algorithms detect errors and sender will have to retransmit signals. , more errors = slower throughput
d. Signal DegradationFading: signal run into obstacle and looses strength.Goodput: the throughput experienced at the application level
Speed test sites measure upload and download speedsRange extender is like amplifier, strengthens signal again if it moves to far from origin SNR (Signal-to-noise) The proportion of noise to the strength of a signal.
e. Frequency Ranges2.4GHz band: network relied on frequencies in the rand of 2.4 - 2.4835 GHz, had 11communication channels. Carried cordless telephone signals, highly susceptible to interference. Unlicensed frequency is one for which the FCC does not require users to register their service and reserve it for their sole use. Wireless LANs can use 5 GHz band: comprises 5.1, 5.3, 5.4, 5.8 GHz frequency bands, consist of 24 unlicensed bands, each 20MHz wide
2. Wireless PAN (WPAN)Wireless Personal Area Network, few meters in width, contain your personal home devices: - Bluetooth
Unite separate entities (PC, mobile, etc) under single communication standard, operate on 24GHz to 2.485 GHz. Frequency hopping helps with interference. Devices must be paired before sharing data, bluejacking is undesired connections used to send unsolicited data, bluesnarfing is connection used to download data without permission
- infrared (IR)outdated, replaced with bluetooth. Used in remote controls of TV’s
- near-filed communications (NFC)very close mobile devices can connect using NFC, a small antenna inside device sends signal on 13.56MHz. can use NFC or smart tag as access cards
3. Wi-Fi WLAN (Wireless LAN) Architecture- Ad hoc: smaller wireless networks, few nodes (stations), closely positioned- Infrastructure: infrastructure WLAN topology, has intervening connectivity device =
wireless access point (WAP) or access point (AP)/base station: accepts wireless signals from multiple nodes and transmits them to rest of network, in small offices include routing functions, called wireless routers or wireless gateways.
- Mesh: WLAN with several access points (Wireless Mesh Network WMN)
a. 802.11 WLAN StandardsDeveloped by IEEE in 1997, WLAN standard committee, aka 802.11 committee generated wireless standards 802.11b, 802.11a, 802.11g, 802.11n, 802.11ac, these standards is known as Wi-Fi stands for wireless fidelity. All versions use half-duplex signalling, although their physical layer services vary.
- 802.11b: separate 2.4GHz band into 22MHz channels, first standard to take hold. Least expensive, not fastest
- 802.11a: released after b, work on it started before b, 5GHz band not as congested as 2.4GHz band. Higher throughput than b, less likely to suffer interference from microwave ovens, cordless phones. Require more power to transmit, travel shorter distances, need more power to transmit, more access points, become more expensive. Rarely used.
- 802.11g: just as affordable as 802.11b but increasing throughput, compatible with b.
- 802.11n: maximum throughput of 600Mbps, good for telephone and video signals, backward compatible with a,b and g because it uses 2.4GHz and 5.0GHz bands
- 802.11ac: 5GHz band, first standard to approach Gigabit Ethernet capabilities, 802.11ac access points acts more like a switch than a hub, they can handle multiple transmission at one time over same frequency spectrum
b. How Wi-Fi Works
How Wi-Fi works:Access Method: 802.11 MAC service append 48bit physical address to a data frame. Not designed to send and receive at same time, use these methods to prevent collision:- CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance): Station on CSMA/CA checks for existing wireless transmissions before it begins to send data. If Source node detects no transmission activity, it waits brief time and sends its transmission. If it does detect activity, it waits brief time again before checking the channel again. - Destination node receives transmission, verify accuracy, issues acknowledgement (ACK) packet to source. - When source receive packet it assumes transmission was proper. If it does not receive ACK packet, it assumes transmission failed and starts again.
Hidden node problem: when nodes are physically too far apart to collaborate in preventing collisions. RTS/CTS (Request To Send/Clear to Send):Enables a source node to issue an RTS signal to an access point, requesting to transmit, access point agrees with CTS signal, access point temporarily suspends communication with all stations in its range and waits for source node to complete transmission
Association:Connecting through a hotspot through association. When station is on and wireless protocols running: from time to time scan surroundings for evidence of access point, called scanning.
Active scanning: computer transmits special frame - probe - on all available channels within its frequency range, when an access point finds the probe frame, it issues a probe response. The response contains all info a computer needs to associate with access point (status code and station ID number)Passive scanning: computer listens on all channels in its frequency range for special signal – beacon frame – issue from access point. Beacon frame has info that the wireless node needs to associate with the access point, indicate network’s transmission rate and SSID (Service set identifier) – unique character string to identify access point. After detecting beacon frame, computer can choose to associate with access point. 2 nodes agree on frequency channel to communicate on.Group of stations (nodes) sharing an access point are part of BSS (Basic Service Set)Identifier of this group = BSSID (Basic Service Set Identifier)ESS (Extended Service Set) = Group of access points connected to the same LANESSID (Extended Service Set Identifier) = BSS’s that belong to same ESS share special identifier. Rogue access point: wireless access point that has been installed on a secure network without authorization from local network administrator, could be hacker trying to steal data or unintentional, but will put your data at risk. Reassociation: when mobile user moves out of one access point range into another and its device reassociate to the network.
IEE 802.11 Frames:Frames are divided in 3 groups:
- Management frames: involved in association and re-association: probe and beacon frames
- Control frames: medium access and data delivery: ACK, RTS/CTS frames- Data frames: responsible for carrying data between stations
Unique to 802.11 frame is Sequence Control field that shows how a large packet is fragmented, happens in the data link layer for 802.11 and handled by the MAC sublayer. On wire TCP/IP error checking was on Transport layer and packet fragmentation on Network layer.
Wireless Innovations: innovations that makes 802.11 faster and more reliable:- MIMO (Multiple Input-Multiple Output): first with 802.11n, multiple antennas on access
point may issue signal to one or more receivers
- MUMIMO (multiuser MIMO) newer than MIMO: multiple antennas to service multiple clients simultaneously, will be available in 802.11ac wave 2.
- Channel boding: 802.11n: 2 adjacent 20MHz channels can be combined/bonded to make a 40MHz channel. Channel bonding better suited on 5GHz band because it is less crowded and has more channels.
- Frame Aggregation: 802.11n combine multiple data frames into one larger frame.o Aggregated Mac Service Data Unit (A-MSDU)
- Aggregated Mac Protocol Data Unit (A-MPDU): default for 802.11ac
4. Implementing a WLAN BLADSY 302a. Determining the Designb. Configuring Wireless Connectivity Devicesc. Configuring Wireless Clients
5. 802.11 Wireless Network Securitya. WPA/WPA2 (Wi-Fi Protected Access)b. Security Threats to Wireless Networks
6. Troubleshooting Wireless LANsa. Wireless Network Toolsb. Avoiding Pitfalls
Chapter 7: Cloud Computing and Remote Access1. Cloud Computing (web service)
- On-demand services available to user at any time.- Elastic services and storage: scaled up or down- Support of multiple platforms- Resource pooling and consolidation: example of multi-tenant model: resources and
consolidated, one cloud computing provider hosts hundreds of websites for hundreds of customers so customers share storage locations without knowing it
- Metered services: all services are measured and charged according to bandwidth used, or processing power used, or storage space or client connections etc.
Cloud Computing CategoriesCloud computing categorized by types of service they provide. NIST developed standard definition of each category
- Iaas (Infrastructure as a Service) Hardware provided virtually, including network infrastructure devices like virtual servers, can provide hosted virtual desktops (HVD): desktop operating environments hosted virtually on a different physical computer from the one the user interacts with. In Cloud: network infrastructureLocal: application installations, data management and backup, possibly operating system.
- Paas (Platform as a Service): Platform includes the operating system, runtime libraries, hardware. So customers do not need to purchase and maintain a separate device for each platform and developers can build and test applications in virtual environmentsIn Cloud: any platform managed by vendor’s hardware and that relies one their uptime and accessibility to meet performance parameters.Local: applications and data
- SaaS (Software as a Service): Applications provided through online user interface, Gmail an example. In Cloud: All support from network infrastructure to data storageLocal: hardware(device used to connect) browser.
- XaaS (Anything as a Service or Everything as a Service): Cloud provide any combination of functions, depending on clients needs
Deployment Models- Public Cloud: Service provided over public transmission lines: Internet.- Private Cloud: Services on organizations own data center.- Community Cloud: service shared between multiple organizations- Hybrid cloud: combination of other services.
Remote AccessRemote access methods:
1. Point-to-Point Remote Access : dedicate line, like DSL or T-1 access to an ISP2. VPN(Virtual Private Networks) Virtual connection between client and remote network
3. Remote virtual computing (remote terminal emulation): remote client to take over and command a host computer. Telnet, SSH, Remote Desktop, Virtual Network Computing (VNC)
All require type of remote access server (RAS) to accept a remote connection and grant privileges to the network resources. 2 types of RAS:1. dedicated devices: Run software that performs authentication for clients to access resources and internet. Software running on a server: Direct Access is a service in Windows server 2008 that automatically authenticate remote users
Point-to-Point Remote Access Protocols:- SLIP (Serial Line Internet Protocol): Data link Layer protocol originally designed to connect
WAN endpoints in direct connection. Earlier protocol, does not support encryption, can carry only IP packets, works on serial connections like dial-up DSL , replaced by PPP.
- PPP (Point-to-Point Protocol): Data link Layer protocol originally designed to connect WAN endpoints in direct connection. PPP headers and trailers used to create a PPP frame to encapsulate Network layer packages total only 8 or 10 bytes.
o As connection protocol it negotiates and establish connection between 2 computers
o Used as authentication protocol o Support Network layers protocol that might use the connectiono Can encrypt the transmission, although not so good.
- PPPoE (PPP over Ethernet): when PPP is used over Ethernet/
Virtual Private Networks (VPN)VPNs are virtual networks, logically defined for secure communication over public transmission systems. Classified on 2 models:
- Site-to-site VPN: at each site a VPN gateway establish the secure connection, found at edge of LAN, each gateway is a router or remote access server with VPN software installed and encrypts and encapsulates data to exchange over the tunnel.
- Client-to-site VPN (host-to-site VPN or remote-access VPN): remote clients, servers and other hosts establish tunnels with private network using VPN gateway on edge of LAN. Each remote client must run VPN software, must be connected to VPN gateway so that a tunnel can be created between them and data can be encrypted and encapsulated.
Software needed to establish VPN:- Software embedded in the OS: (RRAS – Routing and Remote Access Service) is Microsoft’s
remote access server software, can implement a VPN, enables computer to accept multiple remote client connections, manages data encryption, route incoming packets to destinations on the local network.
- Third-party solutions: Third party software companies also provide VPN programs that work with OS, ex OpenVPN.
- Implemented by routers or firewalls: Many routers or firewalls have embedded VPN solutions, most common implantation of VPN.
VPN Concentrator: (Aka encryption device because it also does encryption) where more than a few simultaneous VPN connections are maintained in large organisations. 2 encryption techniques used in VPNs are IPsec and SSL.
VPN Tunneling ProtocolsVPN Tunneling protocols encrypt, encapsulate and transport complete frames inside normal IP packets and data link layer frames. So, a frame travels across a network as the payload inside another frame. - PPTP: Layer 2 protocol by Microsoft, encapsulates PPP data frames so the frame traverse
the Internet masked as an IP transmission, uses TCP segments at the transport layerPPTP supports the encryption, authentication and access services provide by RRAS. Users can directly contact an RRAS access server that is part of the VPN or access their ISPs remote access server first then contact the VPN.
GRE (Generic Routing Encapsulation) developed by Cisco. Used to transmit PPP data frames through the tunnel. PPTP establish the VPN tunnel, GRE then encapsulates the PPP frame to take temporary IP packet identity. Layer 3. The WAN sees messages that look like IP traffic, at the end of the tunnel the original protocols that was wrapped in the GRE is seen. IPsec is an encryption protocol that increase the security of the transmissions
Windows, Unix, Linux and Mac OS capable of connecting to VPN, but no longer secure, L2TP recommended.
- L2TP: (Layer 2 Tunneling Protocol): VPN tunneling protocol, based on technology from Cisco, standardized by IETF( Internet Engineering Task Force) – organization of volunteers who help develop Internet Standards. L2TP encapsulates data like PPTP, differences are:
o L2TP is a standard accepted and used by multiple vendorso L2TP can connect 2 routers, router and remote access server or client and remote
access server.
Terminal Emulation or Remote Virtual ComputingUser on one computer(client) control another computer (host/server) across network connection. Telnet and SSH, Remote Desktop for Windows, join.me, VNC and TeamViewer.
Encryption Techniques, Protocols and UtilitiesEncryption is the use of mathematical code, cipher, to scramble data into format that can be read by reversing the cipher, called deciphering, decrypting. Keep information private, some encryption more secure than others. 3 views that form standard security called CIA (Confidentiality, Integrity and Availability) triad. - Confidentiality: data can only be viewed by intended recipient- Integrity: data was not modified after sender transmitted it and before receiver received
it. - Availability: sender accountable for delivery of data, data then available and accessible to
intended recipient.More security principles:
- Utility: (like availability) data arrives in format that is useful to receiver.- Authenticity: (like Integrity): data received is the data that was issued, not forged. - Non-repudiation (like confidentiality and authenticity): Provides proof of delivery to
protect the sender and proof of sender’s identity to protect the receiver.
Endpoint vulnerability: when data is vulnerable when it is exposed, like writing down a password or when entering it on a smartphone when someone can see.
Key EncryptionPrivate Key encryption data encrypted with one key the sender and receiver know. Aka symmetric encryption.Public key encryption: data encrypted using 2 keys, one key only known to user(private key) other is a public key associated to the user. Can get public key by asking for it, or from 3 rd
party source, public key server, key pair, asymmetric encryption.Digital certificate: small file with info about user and user’s public key, maintained by certificate authority (CA), use of certificate authorities to associate public keys with users is called PKI (Public Key Infrastructure)
IPsec (Internet Protocol Security)Works at Network layer, adds security information to the header of IP packets and transforms data packets. Encryption protocol that defines the rules of encryption authentication and key management for TCP/IP transmission. Enhancement to IPv34 and native to IPv6.Creates security connection in 5 steps:- IPsec initiation: noteworthy traffic triggers the initiation of IPsec encryption process.- Key management: the way 2 nodes agree on parameters for the key they will use. 2
services are IKE (Internet Key Exchange): Negotiates the exchange of keys, authentication and keys and ISAKMP (Internet Security Association and Key Management Protocol) that works within the IKE process to establish policies for managing the keys.
- Security negotiations: IKE continues to establish security parameters and associations that will server to protect data while in transit.
- Data transfer: after parameters and encryption techniques are agreed on a secure channel is created that is used for secure transmissions until it is broken. Data is encrypted and the transmitted with AH (Authentication Header) or ESP (Encapsulating security payload) encryption that provide authentication of IP packet’s data payload through public key techniques. ESP encrypts whole IP packet.
- Termination: require regular reestablishment of a connection to minimize the opportunity for interference.
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)Methods to encrypt TCP/IP transmissions. SSL developed by Netscape, work on Application Layer, IETF standardized SSL since, more like TLS now. TLS work on Transport layer, different encryptions algorithms than SSL.Each time client and server establish SSL/TLS connection, establish unique SSL session, created by SSL handshake protocol where client and server introduce themselves and establish terms for how they will securely exchange data. Client sends client_hello to server, it contains information about what level of security the client is capable of accepting and what type of encryption it can decipher. Establish a randomly generated number that uniquely identifies the client and a number that identifies the SSL session. Server responds with server_hello message that confirms the information it received from the browser and agrees to certain encryption based on the options supplied by the client. Depending on the server’s preferred encryption method it chooses a public key or digital certificate, if the server requested a
certificate, the client sends it, data send by client to server is encrypted using server’s public key.TTLS (Tunneled Transport Layer Security) provides authentication like SSL/TLS but does not require a certificate for each user, it authenticates the server end of the connection by certificate and users are authenticated by password only.
SSL VPNVPN that is configured to support SSL transmissions to and from services running ont is protected network. Accessed by user through web browser
SSH (Secure Shell)A collection of protocols that helps to securely log on to a host, execute commands on that host, copy files to or from the host. It encrypts data exchanged throughout the session
SFTP (Secure File Transfer Protocol)FTP is utility that transfer files to and from a host computer running the FTP server software. SFTP is the secure version of it, uses SSH for encryption
Hashes: MD5 and SHAEncrypted data can be decrypted, but hashed data cannot. Hashed data is data that has been transformed through a particular algorithm that generally reduces the amount of space needed for the data and mathematically nearly impossible to reverse. MD5 is a form of hashing, uses 128bit hash values to replace actual data with values computed according to the hash algorithm. Its biggest weakness is collisions – 2 different input values have the same output value. SHA is an advanced over MD that collisions do not occur.
2. Authentication ProtocolsThe rules that computers follow to accomplish authentication
a. RADIUS and TACACS+AAA: Authenticate a client’s identity by asking username and password, authorise a user for certain privileges on a system and keep account of the client’s system and network usage. Radius(Remote Authentication Dial-In User Service) is service that runs AAA. Radius can operate as a software application on a remote access server, called RADIUS server, used by ISP’s. Runs on Application layer, transported over UDP in Transport layer. Only encrypts the password.
TACACS+(Terminal Access Controller Access Control System Plus) offer toption to separate access, authentication and auditing. Relies on TCP in Transport layer, only works on Cisco products, installed on router or switch, not server, encrypts all information transmitted for AAA.
Protocols in AAA:PPP (Point-to-Point Protocol) is on data link layer provide the foundation for direct connections but does not secure authentications, it establishes a link with a server.
PAP(Password Authentication Protocol): After link has been established using PPP, PAP authenticates request with user credentials. If credentials match the server responds with acknowledgement of authentication and grants the client access to secured resources. Simple authentication but not very secure, it does not encrypt the credentials, rarely used.
b. CHAP and MS-CHAPChallenge Handshake Authentication Protocol: operate over PPP, encrypts user name and passwords for transmission, 3 step process to get authentication: Challenge, response, accept/reject. MS-CHAP is Microsoft’s version of CHAP for windows PCs.
c. EAP (Extensible Authentication Protocol)Does not encrypt or authenticate its own, only provides authentication for clients and servers. Works with other encryption and authentication schemes to verify the credentials of clients and servers.
d. 802.1X (EAPoL: EAP over LAN)Codified by IEEE, specifies the use of one of many authentication methods, plus EAP to grant access, dynamically generate and update authentication keys for transmissions to a port. Primarily used with wireless networks. 802.1X defines process of authentication, does not specify the type of authentication or encryption protocols a client or server must use.
e. TKIP (Temporal Key Integrity Protocol) and EAS (Advanced Encryption Standard)802.11i include subset standard WPA and uses 802.11X(EAPoL) to authenticate devices and dynamically assigns every transmission its own key. WPA relies on an encryption key generation and management scheme known as TKIP. WPA2 improved the security of WPA with AES which provides faster and more secure encryption than TKIP.
f. KerberosCross-platform authentication protocol that uses key encryption to verify client ID, private key encryption service, NOS client-server logon process assumes a client is who they say they are and only verify usernames and passwords, Kerberos also wants clients to prove IDs through third party, all communication is encrypted.KDC(Key Distribution Center): the server that issues keys to clients during initial client authenticationAS (Authentication Service) the process that runs on KDS to initially validate a clientTicket: a temporary set of credentials that a client uses to prove that its identity has been validatedPrincipal: a Kerberos client or userTGS(Ticket Granting Service): Application running on KDC, separate from AS, TGS issues a TGT (Ticket granting ticket)
g. SSO (Single Sign-On)Multifactor Authentication (MFA): 2 pieces of information to get access, 3 categories:
Knowledge: something you know, like password Possession: something you have, like ATM card Inherence: something you are, like fingerprint.
3. Troubleshooting Cloud Computing and Remote Accessa. Passwords
b. Misconfigurations
Chapter 8: Network Risk Management
1. Security AssessmentData Breach: unauthorized person gains access to network.Posture assessment: thorough examination of each aspect of the network to determine how it might be compromised. At least annually, preferable quarterly and after making big changes to network.Security Audit if posture assessment was done by qualified consulting company
2. Security RisksHacker: someone who masters inner workings of software and hardware Vulnerability : a weakness in the system, process or architectureExploit: act of taking advantage of the vulnerability.Zero-day exploit/ zero day attack on exploit or attack that is not yet public, only the hacker knows about it.
a. Risks Associated with PeopleSocial engineering: manipulation social relationshipsPhishing: posing as someone who needs the information
b. Risks Associated with Transmission and HardwareRisk in Physical, Data Link and Network Layers (transmission media, NICs, network access methods, switches, routers, access points and gatewaysJamming: when transmission is intercepted or interfered with.RF (radio frequency) emanation: leaking of radio or electrical signals from computer equipment, signal intercepted by 3d party. TEMPEST specification by NSA define protection, when implemented called emission security (EmSec)Leased lines vulnerable to eavesdropping and demarc point of buildingSniffing: repeating device broadcast traffic over entire segment increate chances of sniffingARP cache poisoning: Hackers use fake ARP replies to alter ARP tables in the network
c. Risks Associated with Protocols and SoftwareTransport, session, Presentation and Application LayersFTP bounce: hackers take advantage of insecure FTP protocol. (HTTP, Telnet, SLIP, TFTP and SNMPv1 and SNMPv2 also insecure) use rather HTTPS with SSL/TLS, Telnet along with IPsec, PPP, SFTP and SNMPv3 instead)Banner-grabbing attack: hackers transmit bogus requests for connection to serversSession hijacking attack when hacker gets encryption key, man-in-the-middle (MitM) attackDHCP Snooping security feature that monitors DHCP servers, similar security feature dynamic ARP inspection (DAI) detect faked ARP messages.Backdoors: security flaws that allow unauthorized users to gain access to systemBuffer overflow: vulnerability of older systems, buffers temporarily stores information in memory. Can program buffer size larger that allotted space, let data save to other memory space.
Ping of death: create buffer overflow condition by sending and ICMP packet that exceeds max 65535 bytes, resulting in system crash.
d. Risks Associated with Internet AccessIP spoofing Firewall allow outside users access to IP address, they then use the IP address to pretend they have authority to access your internal networkFlashing: your screen fill with garbage characters and you have to end the chat session Denial of service attach (DoS): to many requests for service sending to your system and can’t respond, make system stop working,
Distirbuted DoS: several sources called zombies, owner unaware. Zombie army, botnet, master zombies, slave zombies. Distributed reflector DoS attack: attack goes through an uninfected computer (reflector) to targets.Permanent DoS attack. Physical attack on device alter management interfaces within hardware to point where it is irreparable. Unintentional DoS attack: friendly attack, not with malicious intent.
3. Effective Security Policiesa. Security Policy Goals- Ensure that authorized users have appropriate access to the resources they need.- Prevent unauthorized users from gaining access to the network, systems, programs, or
data.- Protect sensitive data from unauthorized access, both from within and from outside
the organization.- Prevent accidental damage to hardware or software.- Prevent intentional damage to hardware or software.- Create an environment in which the network and systems can withstand and, if
necessary, quickly respond to and recover from any type of threat.- Communicate each employee’s responsibilities with respect to maintaining data
integrity and system security.- For each employee, obtain a signed consent to monitoring form, which is a document
that ensures that employees are made aware that their use of company equipment and accounts can be monitored and reviewed as needed for security purposes.
b. Security Policy Content- Password policy- Software installation policy- Confidential and sensitive data policy- Network access policy- Email use policy- Internet use policy- Remote access policy- Policies for connecting to customer’s and vendor’s networks- Policies for use of personal smartphones and laptops- Computer room access policy
4. Security in Network Designa. NOS Security
i. Active Directory Groupsii. Logon restrictions
- Time of day: restrict the time of day users can logon- Total time logged on: restrict the duration of log on session- Sources address: restrict the area and address from where users can log
on.- Unsuccessful logon attempts: restrict the amount of time a user can
incorrectly type the password before the logon attempt is locked.
b. Network Access Controli. Network Access Control (NAC) solution, set of rules, called network policies.
Determine level and type of access granted to devices connecting to network. ii. Agent is software that must first be installed on device before it can be used
- Nonpersistent agent or dissolvable agent: just to verify compliance of device then uninstalls again
- Persistent agent is permanently installed on device. iii. Quarantine network: devices that do not meet compliance requirements are
placed in a quarantine networkiv. Network segmentation: separating portions of network protect some
resources and grants access to others.
c. Access control Lists Used by RoutersA routers main function is to examine a packet and determine where to direct them based on their Network Layer addressing information. The ACL (Access Control List/Access List) of the router can decline to forward certain packets depending on their content, acts as a filter to instruct the router to permit or deny traffic according to the variables:
Network Layer protocol Transport layer protocol Source IP address Destination IP address TCP or UDP port number
Router receive packet > examines packet and refer to ACL to see if packet meets criteria for permitting/denying travel on network. Each statement in ACL is a permit or deny flag, router starts at top of list and make test based on first statement. Packet characteristics match a permit statement, move to network, match deny statement, packet discarded, don’t match statement, move down the list to next statement on ACL. Last statement still no match, implicit deny rule, denied by default.
On most routers, each interface must be assigned an ACL, associated with inbound and outbound traffic. When ACLs are installed on routers, each one is assigned a number and name.
Access-list command used to assign statement to already-installed ACL. The command must identify the ACL and include a permit or deny argumentExamples of the ACL named acl_2 statements:
- To permit ICMP traffic from any IP address or network to any IP address or network: access-list acl_2 permit icmp any any
- To deny ICMP traffic from any IP address or network to any IP address or network:access-list acl_2 deny icmp any any
- To permit TCP traffic from 2.2.2.2 host machine to 5.5.5.5 host machine:access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5
- To permit TCP traffic to destination Web port 80 (eq www) from 2.2.2.2 host machine to 3.3.3.3 host machine:access-list acl_2 permit tcp host 2.2.2.2 host 3.3.3.3 eq www
Statements can specify network segments by using wildcard mask (network address for the segment). 0 in wildcard mask = match the IP address bits to network address, 1 = IP address bits does not matter. Example: wildcard mask of 0.0.0.255 = 00000000. 00000000. 00000000.11111111 this means that the first 3 octets of the IP address must match the given network address. The last octet can be any value. No ACL installed = router allows all traffic through. More statements can slow down router. If ping works but traceroute does not, start looking at ACLs for problem.
d. Intrusion Detection and PreventionIDS (Intrusion Detection system) stand-alone device or software to monitor network traffic, log suspicious activity. Port mirroring: one port is configured to send a copy of all its traffic to a second port on the switch, the second port issues the copied traffic to a monitoring program (local or remote network)IDS Implementations:
HIDS (Host-based IDS) runs on single computer to alert about attacks to that host.
NIDS (Network based IDS) protects a network and is situated on edge of network, in the DMZ (Demilitarized zone)Drawback of HIDS: can log false positivesIDS opensource software: Tripwire and Snort.
IPS (intrusion Prevention system) stands between attacker and network/host, stand in line so can stop the traffic.
HIPS (Host-based IPS) runs on single computer to alert about attacks to that host.
NIPS (Network based IPS) monitor traffic in DMZ
e. FirewallsNetwork based firewall: Protect whole network, placed externally to private network, traffic routed.Virtual wire mode: transparent to surrounding nodes, as if part of the wireHost-based firewalls: protect computer they are installed on.
Packet-filtering firewall: router that examines every packet it receives / inbound traffic (or outbound traffic) to determine if packet is authorisedCriteria for packet-filtering to accept/deny traffic:
- Source or destination IP addresses- Source and destination Ports- Flags set in the TCP headers- Transmissions that use the UDP or ICMP protocols- Packet’s status as the first packet of data stream- Packet’s status as inbound or outbound from private network.
Things to consider when buying a firewall:
- Does it support encryption- Does it support user authentication- Can you manage it centrally and through standard interface- How easily can you establish rules for access to and from it- Does it support filtering on the highest level of the OSI model, not just
the Data Link Layer or Transport Layer. Content-filtering firewalls block designated types of traffic based on application data in packets
- Does it provide internal logging and auditing capabilities like IDS and IPS- Does it protect your internal LAN address to outside world.- Can it monitor packets according to existing traffic streams? A stateful
firewall can see if an incoming packet belongs to current active connection, stateless firewall sees each packet on its own.
Unified Threat Management (UTM) combines multiple layers of security appliances and technologies into a single safety net. Next Generation Firewalls (NGFW) have built-in Application Control features that are application aware, they can monitor and limit the traffic of specific applications, also includes IDS / IPS and user awareness (adapts to class of specific user/user groups. Can also be context aware (adapt to various applications, users, devices) SOHO wireless router: acts as firewall and packet filtering options.Firewall fails because of misconfigurations.Packet-filtering firewalls operate at Network layer and examine only network addresses, they do not know if the user is authorised or not.
f. Proxy ServersProxy servers combined with packet filtering firewall make Network and Transport layer security better. Proxy service is software application on network host that acts as intermediary between external and internal networks. Screen all incoming and outgoing traffic, network host that runs proxy service is proxy server. Manage security in Application layer. Another filtering device for internal LAN, protecting outside world to learn addresses of internal network. Data frames goes through proxy, it re-package it and adds its own IP address Reverse proxy: provides services to Internet clients from servers on its own network, identity protection to server not client, application layer firewall protection
g. SIEM (Security Information and Event Management)Evaluate all data produced by IDS, IPS, firewalls and proxy servers, looking at the logs from these data to see if something significant needs attention.
h. Scanning ToolsInformation regarding:
- Every available host- Services: applications and version running on hosts- OS running on hosts- Existence and types of firewalls- Software configurations- Unencrypted, sensitive data
Tools:- Nmap: scan large networks and give info regarding its hosts- Nessus: (Tenable security) more sophisticated results than Nmap,
unencrypted, sensitive data like credit card numbers that is saved on network’s hosts, known as a penetration testing tool
- Metasploit: combines known scanning techniques and exploits to explore potentially ne hybrids of exploits.
i. Honeypots and Honeynets- Honeypot: decoy system(lures) that is purposely vulnerable and has
seemingly sensitive (but false) content. Network administrator then lure the hackers, once they are in he can trace their steps and see vulnerability in the system
- Honeynet is combination of connected honeypots.
5. Troubleshooting Malware Risks and InfectionsMalicious software = malware.Virus: program that replicates itself with intent to infect more computersTrojan Horse: disguised as something useful but harms system instead.
a. Malware Types and Characteristics- Boot sector viruses: position their code in the boot sector of computers
hard disk, when the computer boots up, the virus runs in place of the computers boot program. Can be very bad or just annoying.
- Macro viruses: takes the form of a macro which can be executed as the user works with a program. First type of virus to infect data files rather than executable files
- File-infector viruses: attaches itself to executable files, when exe file runs, the virus copies itself to memory, later to the exe files, are bad, can attach itself to all programs while you work.
- Worms: program runs independently and travel between computers and across networks. Do not alter a program but can carry the virus that does.
- Trojan Horse: disguised as something useful but instead harms the computer
- Network viruses: Spread themselves via network protocols, commands, messaging programs and data links, designed to take advantage of network vulnerability.
- Bot: a program that runs automatically, does not require someone to start it or stop it. Many spread through IRC (Internet Relay Chat) protocol that enables users that runs it to talk in chat room.
What makes malware harder to see:- Encryption: malware are encrypted to prevent detection- Stealth: malware hides itself to prevent detection.- Polymorphism: change their characteristics every time they are
transferred to new system, harder to identify. Considered most sophisticated and biggest potential danger
- Time dependence: malware programmed to activate on specific time, remain dormant and unnoticed until then. Logic bombs are programmed to start when certain conditions are met.
Signs there is a virus on your system:- Unexplained increase in file size- Unexplained decline in network performance- Unusual error message- Unexpected loss of system memory- Unexpected rebooting- Fluctuations in display quality
b. Anti-Malware SoftwareShould perform these functions:
- Signature scanning: a comparison with files content with known malware signatures
- Integrity checking: compare current characteristics of files and disks against archived version of these files to discover changes.
- Monitor unexpected file changes- Receive regular updates and modifications from centralized network
consol. - Report valid instance of malware, not false alarms. Heuristic scanning
report false alarms, it scans for malware-like behaviour.
Consider where to install anti-malware software:- Host-based: install on desktops, neglect server files.- Server-based: installed on server, might slow down network
performance- Network-based: securing network’s gateways, where internet connects
with interior network.
- Cloud-based: cloud vendors are still working out bugs, difficult to ensure coverage of entire network with no blind spots.
c. Anti-Malware Policies- All computes should have them- Users cannot change it - Users should not be able to install unauthorised software
Chapter 9: Unified Communications and Network Performance Management1. Fundamentals of Network Management
Network management is the assessment, monitoring and maintenance of all aspects of a network.
a. Baseline MeasurementsBaseline: report of network’s current state of operation. Baseline measurements include utilization rate of network backbone, users logged on, protocols that run, statistics of errors. Allows to compare future performance increases or decreases
b. Policies, Procedures and RegulationsAssist with decisions about network, guidelines for decision making.
2. Monitoring and Managing Network TrafficPerformance management: monitoring how well links and devices are keeping up with the demands placed on them.Fault management: detection and signalling of device, link or component faults.
a. SNMP LogsPolling: network management system (NMS) is central collection point that collects data from multiple networked devices at regular intervals. Network management agent is software routing that collects information about the device’s operation and provides it to the NMS. Managed device is a network node monitored by NMS.MIB (Management Information Base): list of objects and their descriptions that is managed by the NMS.Agents communicate information about managed devices through several application layer protocols. Most modern networks use SNMP
- SNMPv1 (Simple Network Management Protocol version 1): original version, released in 1988, limited features, rarely used.
- SNMPv2: improved on version 1: increased performance and slightly better security, widely used.
- SNMPv3: similar to version 2 with added authentication, validation, encryption.
NMS retrieve data from managed device by sending snmpget command to device agent, agent then sends a SNMP response message with requested information. NMS can issue snmpwalk command to get sequence of snmpgetnext requests to walk through sequential rows in MIB table. Snmptrap command is programmed to agents to detect abnormal conditions
b. System and Event LogsAll activity is kept in log files, known in Windows as event log, viewed with Event Viewer application.Linux and Unix via system utility syslog protocol data recorded in system log. Generator: computer that is monitored by a syslog-compatible application and that issues even information, collector is the computer that gathers event messages from generators.
c. Traffic AnalysisNetwork monitor tool that monitors network traffic, interface monitor traffic at specific interface between a server or client and the network. To track more of network traffic:
- Promiscuous mode / monitoring mode: device driver directs the NIC to pass all frames to the operating system and on to the monitoring software, a feature that must be enabled.
- Program a switch to use port mirroring so all traffic sent to any port on the switch is also sent to the mirrored port that is connected to a computer running monitoring software
- Network tap / packet sniffer: a device that must be installed , has 3 ports: 2 for sending and receiving and one for mirroring.
Network monitoring tools perform at lease these functions: - Set the NIC to run in promiscuous mode, NIC then pass traffic to
monitoring software- Continuously monitor network traffic on a segment- Capture network data transmitted on a segment- Capture frames sent to or from a node- Reproduce network conditions by transmitting a selected amount of type
of data- Generate statistics about network activity
Additional functions:- Discover all network nodes on a segment- Establish a baseline - Track utilization of network resources, present info as graphs, tables,
charts- Store traffic and generate reports- Trigger alarm when traffic conditions meet preconfigured conditions- Identify usage anomalies like top talkers (hosts that send a lot of data) or
top listeners (hosts that receive a lot of data)Effective utilization of interface monitoring tools can help identify and prevent complications:
- Runts: packets that are smaller than the mediums minimum packet size- Giants: packets that are bigger that the maximum packet size- Jabber: a device that handles electrical signals improperly and affecting
the rest of the network. - Ghosts: frames that are not actually frames but deviations caused by a
device misinterpreting stray voltage on the wire. They do not have a valid pattern in the beginning of the frame.
- Packet loss: packets lost due to unknown protocol, unrecognized port, network noise, they never arrive at their destination.
- Discarded packets: packets arrive but are discarded, or dropped, due to issues like buffer overflow, latency, bottlenecks which delayed them beyond their usable time frame. Such packets are called discards.
- Interface resets: repeated resets of connection, resulting in lower quality utilization
d. Traffic ManagementTraffic shaping/packet shaping: manipulating certain characteristics of packets, data streams or connections to manage the type and amount of traffic traversing a network or interface at any moment. Delay less important traffic, increase priority of more important traffic, limiting the volume of traffic flowing in or out of an interface or limiting momentary throughput rate of interface, called traffic policing. Software running on a router, multilayer switch, gateway, server can act as traffic shaper / packet shaper, it prioritise traffic by these characteristics:
- Protocol- IP Address- User groups- DiffServ flag in an IP packet- VLAN tag in a data link layer frame- Service or application
e. CachingIt is the local storage of frequently needed files. ISP’s use technique Web caching: frequently used webpages are stored on a server at the ISP rather than on the Web.
3. Unified Communications Technologiesa. VoIP Applications and Interfaces
Aka IP telephony, use of network to carry voice signals using TCP/IP protocols. VoIP in cloud-based PBX (Private Brach Exchange) system is unified voice services. When used on Internet called Internet telephony, quality not so good.Advantages:
- Loser cost - Incorporate new/enhanced features and applications- Centralized voice and data network management
VoIP runover any packet-switched network, on any VoIP network a mix of three types of clients is possible:
- Analog telephones: for traditional telephones, analog signals must be converted to digital before being transmitted on TCP/IP based network. For that to happen, the telephone must be connected to
a. A VoIP adapter, called ATA (analog telephone adapterb. A switch, router or gateway capable of accepting analog voice
signals converting it into packets then issue packet to data network
c. An analog-to-digital voice conversion device called a digital PBX, or IP-PBX, a private switch that accepts and interprets analog and digital voice signals.
d. An analog PBX that connects to a voice-data gateway. The gateway connects traditional phone circuit to TCP/IP network
- IP telephone can transmit and receive digital signals, connects to RJ45 wall jack
- Softphones is a computer programmed to act like an IP phone, it must have:
a. An IP telephony client, like Skype or CounterPathb. Can communicate with digital telephone switchc. Microphone and speakers, or headsetd. Web cam for video calls.
b. Video over IP Applications and InterfacesVideoconferencing multiple people communicate in real-time meeting. Video over IP services includes IPTV, videoconferencing, streaming videos.Streaming videos you don’t download before start watching, it is video signals compressed and delivered in continuous stream. Can be called Webcasts if it is over the web.2 ways to get video streams:
- Video-on-demand (VoD): make video available as stored files on a server, user can watch when convenient.
- Live streaming video: as camera captures video it is delivered to user. Time-shifted video delays the video for short while to edit and licensing issues.
Uses of Videoconferencing:- Telemedicine, provision of medical service from a distance. - Tele-education: - Judicial proceedings- Surveillance, remote monitoring
Video phone: phone with a screenVideo bridge manage multiple audio-visual sessions
c. Signalling ProtocolsSignalling is exchange of information between components of network in order to establish, monitor, release connections for VoIP and video-over-IP. Signalling protocol can:
- Detect presence of user (available, busy etc- Request a call or video conference- Locate clients on the network and determine best routes to them- Acknowledge a request and establish a connection- Managing ring, dial tone, call waiting- Detect and re-establish dropped call or video transmission- Properly terminate a call or videoconference.
H.323 is an ITU standard: describes an architecture and group of protocols for establishing and managing multimedia sessions
- H.323 terminal: any node that provides audio, visual and data information to another node.
- H.323 gateway: a device that provides translation between network devices running H.323 signalling protocols and devices running other types of signalling protocols
- H.323 gatekeeper: a nerve centre for networks that adhere to H.323. they authorise and authenticate terminals and gateways, manage bandwidth and oversee call routing, accounting and billing
- MCU (Multipoint control unit): a computer that provides support for multiple H.323 terminals
- H.323 zone: a collection of H.323 terminals, gateways and MCUs that are managed by a single H.323 gatekeeper.
SIP (session Initiation Protocol): like H323, application layer signalling and control protocol for multiservice, packet based networks, travels over TCP or UDPMGCP (Media Gateway Control Protocol
d. Transport ProtocolsRTP (Real-time Transport Protocol)
RTCP (Real-time Transport Control Protocol)
4. QoS (Quality of Service) Assurancea. DiffServ (Differentiated Service)
b. MPLS (Multiprotocol Label Switching)
c. CoS (Class of Service)
5. Troubleshooting Network Integrity and Availabilitya. General Guidelines
b. Fault Tolerance
c. Data Backup
Chapter 10: Network Segmentation and Virtualization
1. Segmentation and Subnettinga. How a Computer Uses a Subnet Mask
IPv4 address has 32bits, first part is network ID, if network ID of source and destination are the same, computer sends the message to own network, if it doesn’t match it sends it to gateway. Subnet masks are used to tell computer how many bits are the network ID. Number of 1’s in the subnet mask determine the number of bits in the IP address that belongs to the network ID.
b. CIDR (Classless Interdomain Routing) ciderProvide additional ways of arranging network and host information in an IP address when in printed format one can see which part is the Network ID, called CIDR notation/slash notation. Use a / after the network ID , the /host portion is CIDR block.
c. Why SubnetsWhen network grows, to better manage network traffic it can be divided that a floor is a single LAN, the pool of IP addresses must then be divided per LAN, using subnetting. You borrow a bit from the host portion of IP address, more subnetting less hosts per subnet.
d. Subnet Mask TablesClass B
Class C
e. SupernettingSupernetting or classless routing or IP address aggregation: combine adjoining networks that uses the same CIDS block into one supernet. (route aggregation or route summarisation)
- Reduce number of routing table entries by combining several entries- Single network made up of more than one Class C license. -
f. Subnetting in IPv6IPv6 is classless, prefix mask
2. VirtualizationImitation of all or part of a computer network Physical computer is hostVM is guestSoftware that define VM and manages resource allocation is virtual machine manager / hypervisor.
Advantages:- Efficient use of resources- Cost and energy savings- Fault and threat isolation- Simple backups, recovery and replication
Disadvantages:- Compromised performances- Increased complexity- Increased licensing cost- Single point of failure
3. Virtual Network Componentsa. Virtual Machines and Network Adapters
When connected to a network a virtual machine needs a virtual adapter or vNIC, operate on data link layer
b. Virtual Switches and Bridges
Virtual switch is a logically defined device that operates at data link layer, pass frames between nodes. Virtual bridges / port on virtual switch, connect vNICs with network
c. Network Connection TypesBridge mode the vNIC access a physical network using the host machine’s NICNAT mode: vNIC relies on host machine to acts as a NAT device, get IP addressing info from hostHost only mode: VM’s on one host can exchange data with each other and with their host but cannot communicate with nodes beyond the host. The vNICs never receive or transmit data via the host machine’s physical NIC.
d. Virtual Appliances and Virtual Network ServicesInstall virtual appliance to test software, an image of an OS, software, hardware specs and application configurations. Virtual devices that provide backup services if physical device fails: VRRP (virtual Router Redundancy Protocol) and HSRP (Hot Standby Routing Protocol) -Cisco version used to assign IP addresses to a group of routers. Virtual IP address shared by entire group, messages routed to the virtual IP address handled by master router (active router), if it fails the backup (standby) routers step in
SDN (Software defined NetworkingThe virtualisation of network services in which a network controller managers these services that normally is managed directly by the hardware devices. Protocols handle process o f making decisions in control pane, data transmissions traverse network in data plane
4. VLANs and TrunkingVLAN(Virtual Local area network) groups ports on a switch so that some of the local traffic on the switch is forced to go through a router. Allow routers to better manage network traffic, divide and conquer method. Need programmable physical switch whose ports are partitioned into groups.VLAN is layer 2 solution to segment a network. 802.1Q is IEEE standard that specifies how VLAN information appears in frames and how switches interpret the information.Trunking allow single switch to manage traffic from several VLANs.Access port is used to connect single node to switch, can only exchange info with that switchTrunk switch is interface on a switch that can manage traffic from multiple VLANsTrunk is link between 2 switchesTag identifies data belonging to each VLAN, VLAN identifier. VTP (VLAN trunking protocol): Stack master: the switch that keeps VLAN database
a. STP (Spanning Tree Protocol) and SPB (Shortest Path Bridging)Prevent traffic loops, 802.1D IEEE standard. Data Link Layer
STP info is transmitted between switches via BPDU (Bridge Protocol Data Units). BPDU guards help enforce STP rules. BPDU filter disable STP on specific ports, like on the demarcHow STP works:Root bridge/master bridge where it starts, branch off from thereRoot bridge is based on bridge ID: lowest 2byte priority filed in MAC address.Then STP looks at every bridge on network, one with shortest path to root and chooses it for data transfer
b. Switch Configurations
c. Wireless VLANs
5. Troubleshooting VMs and VLANs
Chapter 11: Wide Area Networks
1. WAN EssentialsWAN sites: individual geographic locations or endpoints connected by WANWAN link is the connection between them
2. WAN Topologiesa. Bus Topologyb. Ring Topologyc. Star Topologyd. Mesh Topology: Full mesh and partial meshe. Tiered Topology WAN: layered star or ring connections
3. PSTN (Public Switches Telephone Network)Plain old telephone system (POTS)Local loop/last mile: part of PSTN that connects residence with nearest CO (Central Office)FTTH: Fiber to the homeFTTP: Fiber to the premisesPON (passive Optical network): network where carrier uses fiber optic cabling to connect with multiple endpoints. Passive because no repeaters presentOLT (Optical line terminal): device with multiple optical ports, or PON interfaces, like interfaces on a router. ONU (Optical Network Unit): distributes signals to multiple endpoints via fiber-optic cable for FTTP and via copper or coax cable otherwise
4. T-CarriersT-carrier standards / v T-CXR standards, specify method of signalling, Physical layer. Uses TDM (Time division multiplexing) over 2 wire pairs (1 transmits. 1 sends). Single channel divided into multiple channels. 1 T-1 circuit can carry 24 channels of 64Kbps (1.544 Mbps)
a. Types of T-Carriers
Signal level is T-carrier’s Physical layer electrical signalling characteristics, defined by ANSI standards. Ex DS0 = Digital Signal level 0
b. T-Carrier ConnectivityWiring: STP is preferred, less noise and attenuation. Fiber Optic for multiple T-1’s Cable termination: copper cable carrying T1 terminate with RJ-48. Demarc point the RJ-48 terminates in a smart jack, type of NIU.CSU/DSU (Channel Service Unit / Data Service Unit) CSU is termination for digital signal and ensures connection integrity through error correction and line monitoring. DSU converts the T-Carrier frames into frames the LAN can interpret. Can be separate device or expansion card on router
5. Frame DelayLayer 2 protocols defined by ITU and ANSI. Today it is a data link protocol. Data is separated into frames, relayed from one node to th next. Frames carry identifier called datalink connection identifier (DLCI).Supports 2 types of virtual circuits:
- SVC (Switched virtual circuit): SVCs are connections that are established when 2 parties need to transmit, terminate after completion of transmission.
- PVC(Permanent Virtual circuit): connections is established before data needs to be transmitted and maintained after it is complete. Connection is between 2 points and does not specify the exact route the data will travel.
CIR (Committed information rate): guaranteed minimum amount of bandwidth a ISP provide. 6. DSL (Digital Subscriber Line)
a. Types of DSLDownstream: data traveling from carrier switching facility to customerUpstream data travel from customer to carrier switching facility. xDSL: All DSL veritiesADSL: Asymmetric DSL: download speed faster than upload speedG.Lite: Version of ADSLVDSL: Very high bit-rate or data rate DSLSDSL: Symmetric or single line DSL: upstream and downstream have same speed.HDSL: High bit-rate DSLSHDSL: Single line high bit-rate DSL
Modulation: DSL offer type of modulation. ADSL and VDSL create multiple narrow channels in higher frequency range to carry more data, splitter needed at carrier and customer end to separate data from voice signal.
b. DSL ConnectivityDSL modem
7. Broadband Cable
8. ATM (Asynchronous Transfer Mode)Asynchronous: communication method where nodes does not conform to predetermined schemes that specify the timing of data transmissions. Node can transmit any instant and the destination node must accept itATM Packet = cell, always 48bytes data and 5 byte header, fixed size ensures predictable network performance.
9. SONET (Synchronous Optical Network) – SDH(Synchronous Digital Hierarchy)High-bandwidth WAN signalling technique developed for fiber-optic cabling , specifies framing and multiplexing techniques at the physical layer of OSI model.4 key strengths:
- Integrate many other WAN technologies- Fast data transfer rates- Simple link additions and removals- High degree of fault tolerance
Self-healing feature: can automatically re-route traffic to backup ring without loss of service – makes SONET very reliable
10. MPLS (Multiprotocol Label Switching)Extremely fast, handle various payloads
11. Metro Ethernet / Carrier EthernetWays to send Ethernet traffic across MAN and WAN connections Advantages:
- Streamlined connections- Cost efficient- Scalability - Familiarity- Hardware: already available
12. Wireless WANsa. 802.16 (WiMAX)
Features:- Line-of-sight transmission between 2 antennas, used for fixed clients. Non-
line-of-sight transmissions between many antennas for mobile clients. - Frequency on 2 – 11 GHz and 11-66 GHs range- MIMO- Transmit/receive signals up to 50km, antennas are fixed up to 15km- QoS provision
Can act as backhaul link: intermediate connection between subscriber networks and telecommunications carrier networkWiMAX 2 based on 802.16m standard
b. CellularFirst generation, 1G, 1970-1980: analogSecond generation. 2G: 1990, digital transmissionThird generation, 3G: early 2000, used packet switching, rates up to 384 Kbps on data (not voice)Fourth generation, 4G: 2008, all IP, packet switched network for data and voice.
c. Satellite
13. Troubleshooting WAN Issuesa. Company Policiesb. Common ISP Problems
Chapter 12: Industrial and Enterprise Networking1. Industrial Networks
a. Components of an Industrial Control System and SCADA Networkb. Securing an ICS/SCADA Network
2. Asset Management and Business Documentsa. Asset Managementb. Business Documents
3. Change Managementa. Software and Hardware Changesb. Change Management Documentation
4. Physical Security Controls
5. Troubleshooting and response Policiesa. Disaster Recoveryb. Forensics
-
