DAN SHEETS

NETWORK+ STUDY GUIDE

2013

NETWORK+ STUDY

Contents 1. Network Fundamentals a. The OSI Model b. TCP/IP Suite 2. Network Topologies 3. Cables and Connectors 4. WAN technologies 5. LAN Types and Properties 6. Network Technologies & Protocols 7. Network Addresses 8. Routing a. IPv4 and IPv6 b. Properties of Routing 9. Network Devices / Standards 10. Network Performance 11. Network Tools 12. Network Security 13. Wireless Networking 14. Authentication and Encryption

Network+ Study

Page 1

NETWORK+ STUDY

The OSI Model Developed by OSI (Open Systems Interconnection) Reference model to define basic stands for network communication Protocol A set of rules and procedures used for communication Standards of Communication o Packaging o Addressing o Payment o Getting the package on the network Application Layer End users interact with the network at this layer Data is Data HTTP, FTP, SMTP, Telnet, DNS, TFTP, POP3, Proxy Servers Presentation Layer Concerned with Presentation of data Data is Data Compression & Encoding Character set translations .tiff, .jpg, .mpeg Session Layer The Boss of the end to end connection Data is Data Handles creation, maintenance and teardown Transport Layer Handles delivery of data from one host to another Data placed into Segments TDP, UDP Uses Port numbers Novell Netware SPX runs at this layer Packet Filtering Network Layer Routing occurs Data placed into Packets IP, ICMP, IGMP, ARP, RARP Packet Filtering Data Link Layer MAC addresses Data placed into Frames Switches, bridges and Wireless Access points Performs error detection but NO recovery Uses FCS (Frame Check Sequence) Split into 2 Parts (LLC & MAC) LLC (Logical Link Control) Interacts with Network Layer MAC ( ) Interacts with Physical Layer MAC layer decides where one frame ends and another begins Physical Layer Ones & Zeroes Physical and electrical specifications Hubs, repeaters and NICS Signal encoding occurs here (converting data to electrical signals)

Network+ Study

Page 2

NETWORK+ STUDY

Architecture

TCP

TCP/IP Suite Based off the 4 layer DARPA model Each of the 4 layers have individual protocols which work together to form a protocol stack Application Transport Internet Network Access Transmission Control Protocol Connection oriented Ensure data arrives through o Acknowledgements o Timeout mechanism and retry mechanism o Sequence number tracking (amount of data and out of order) o Error recovery process Transport layer of TCP/IP suite / OSI Layer 4 Packet Segmentation o The numbering and Splitting of the data 3 Way Handshake (1. Syn 2. Syn/Ack 3. Ack) o SYN Synchronize Sequence Number o ACK Acknowledgement Number Connection Termination 4 Packets TCP Window The amount of unacknowledged data a sender can send on a connection before it gets an ack from the receiver TCP Sliding Window Page 3

Network+ Study

NETWORK+ STUDY

IP Best-Effort Unreliable Connectionless

The Internet Protocol (IP) is the principal communications protocol in the TCP/IP Suite Has the task of delivering packets from the source host to dest. Based solely in IP addresses Defines datagram structures that encapsulate the data to be delivered Uses a checksum to detect errors, packets are discarded

IPv4 Header

IPv6

Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. Advantages over IPv4 38 o Plenty of Addresses 3.4 x 10 o Simplified the Internet Routing Tables o Easy and Automated Configuration o Security is Required 128 Bits long, displayed in 16 hexadecimal blocks Simplify by suppressing leading 0s, replace contiguous 0 sets with :: FE80:0000:0000:0000:05EE:00FF:0238:47B1 FE80::5EE:FF:238:47B1 Types of IPv6 Address o Unicast (One to One) Global Addresses Public Addresses Valid on Internet Link-local Addresses (Similar to APIPA, FE80)

Network+ Study

Page 4

NETWORK+ STUDY
o o o Unique Local Addresses (Private- Begins with FC or FD) Multicast (One to Many) Anycast (One to One of Many) Broadcast (One to All)

IPv6 Header

Network Topologies ( A Layout of a Network, which can be either physical or logical) Bus Shared network segment with terminators at each end Semi-Outdated Easy to use, inexpensive, uses coaxial cable Older Easy to extend by adding cable with a repeater that boosts the signal Also called Linear bus Serious Drawbacks Only 1 Host can send data at a time All hosts see all data Not scalable Single point of failure Becomes slow by heavy network traffic Difficult to troubleshoot cable break or loose connector will cause reflections and bring down the whole network Uses less cable than other topologies Theoretically easiest to put together

Star

Multiple hosts serving as the points of the star Most popular way to connect computers in a workgroup or departmental network Some fault tolerance; only the host connected to bad cable is affected Still a central point of failure (Center device) No shared segments No collisions Highly scalable Hosts can send data at any time Page 5

Network+ Study

NETWORK+ STUDY Uses more cable than bus topology

Network+ Study

Page 6

NETWORK+ STUDY Ring

Token Ring

Each host is connected to the two closest hosts Commonly used in token ring networks Advantages One computer cannot monopolize the network Continue to function after capacity is exceeded but the speed will be slow Disadvantages Failure of one computer can affect the whole network Difficult to troubleshoot Adding/Removing computers disrupts the network Only the computer with the token can transmit Stations can be given transmission priority over others Defined by IEEE 802.5 Token BUS is defined by IEEE 802.4 Runs at 4, 16, 100 and 1000 Mbps Scalable, the more hosts you have, the longer hosts have to wait to transmit Uses a central MAU (Multi-Station Access Unit) or SMAU (Smart)

Network Types

Converged Network ATM

LAN local Area Network CAN Campus Area Network MAN Metropolitan Area Network WAN Wide Area Network (Internet) A network transporting multiple types of traffic Asynchronous transfer Mode High Speed cell switching technology Cells are only 53 bytes in size (48 Data, 5 header) Cells are fixed in size Connection-oriented

Network+ Study

Page 7

NETWORK+ STUDY FDDI

Fiber-Distributed Data Interface Range is 60 miles via fiber-optic cable Built in fault tolerance through use of dual rings Speeds up to 100 MBPS Token passing technology WAN technology

Full and Partial Mesh

Full Mesh each host has at least two connections When all nodes are connected to each other fully connected network Because of scalability, Mesh networks are uncommon Advantages Point-to-point line configuration makes isolation of faults easy Messages travel through dedicated line, privacy and security are enhanced Best fault tolerance Dedicated links ensure each connection carries its own data load Disadvantages The more extensive the networks, greater investment to build N(N-1) / 2 = Number of connections Partial Mesh Only some nodes are organized in a full mesh Hybrid Mesh The Internet runs on Hybrid Mesh Mixture of different topologies

Network+ Study

Page 8

NETWORK+ STUDY Twisted Pair Standard Cable and Connectors STP Shielded Twisted Pair UTP Unshielded Twisted Pair RJ45 Connector CAT cabling is Twisted Pair CAT 3: 10 Mbps CAT 5: 100 Mbps CAT 5e: 1000 Mbps CAT 6: 1000 Mbps CAT 6a: 1000 Mbps All categories can travel up to 100 Meters before reduction of signal Uses light pulses instead of electricity to transmit data Singlemode: Smaller core, Laser based, Long distances Multimode: Larger core, LED based, Shorter distances Benefits o More Secure o Not Susceptible to EMI o Very Fast, Long Distances Drawbacks o More expensive o Not as flexible ST LC MT-RJ

CAT

Fiber Optic Cable

SC

Coaxial

4 Layers o Copper Core o Inner Insulator o Shielding Wire Mesh o Outer Insulator Thinnet (RG-58) o 10 Mbps o 185 Meters Attenuation o BNC Connector Thicknet o 10 Mbps o 500 Meters Attenuation o AUI DB-15 Connector RG-59 & RG-6 o Used for cable TV o F-Connector

Serial (RS-232)

9 Pin Male or Female

Network+ Study

Page 9

NETWORK+ STUDY Plenum Grade Cable RJ-11 BNC

F-Connector

Non plenum cable insulation can be toxic when burned Connector used for Analog phones A miniature quick connect/disconnect RF connector used for coaxial cable. It features two bayonet lugs on the female connector; mating is achieved with only a quarter turn of the coupling nut. They are used with radio, television, and other radio-frequency electronic equipment, test instruments, video signals, and was once a popular connector for 10BASE2 computer networks Coaxial RF connector commonly used for "over the air" terrestrial television, cable television and universally for satellite television and cable modems

Cable Faults

Split Pair Two wires incorrectly mapped in exactly the same way on both ends of the cable Far-end crosstalk signal bleedover between pairs in the same wire at the far end of the cable. Not detectable with a tone generator and locator Delay skew the difference between the lowest and the highest propagation delay measurements for the wires in a cable. Not detectable by tone generator Short Circuit -

Network+ Study

Page 10

NETWORK+ STUDY Frame Relay Nodes connected through a packet switching cloud Connection-Oriented WAN Technology (Type of Switch, Speed, Media, Distance) Packet-switching WAN technology Most VCs are Permanent Virtual Circuits (PVCs) A Frame Relay Cloud is the frame providers network of Frame Relay Switches A physical connection path is established between the source and the destination typically through a series of circuits Data is broken into packets which then each take a separate independent route to the destination where they are reassembled T-carrier - Sometimes abbreviated as T-CXR, refers to one of several digital transmission systems developed by Bell Labs. T-carriers are used in North America, South Korea, and Kyoto. E-carrier system, which revised and improved the earlier American Tcarrier technology, and this has now been adopted by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T). This is now widely used in almost all countries outside the US, Canada, and Japan. Smart Jack: The actual termination of a T1 Line North American Japanese European (CEPT) 64 kbit/s (DS0) 1.544 Mbit/s (DS1) (24 user channels) (T1) 3.152 Mbit/s (DS1C) (48 Ch.) 6.312 Mbit/s (DS2) (96 Ch.) (T2) 64 kbit/s 1.544 Mbit/s (24 user channels) 64 kbit/s 2.048 Mbit/s (32 user channels) (E1)

Circuit Switching Packet Switching E1/T1 (E)uropean Version

T-carrier and E-carrier systems Level zero (channel data rate) First level (Intermediate level, Tcarrier hierarchy only) Second level

Third level Fourth level Fifth level ADSL SDSL VDSL Cable Modem Satellite Network+ Study

6.312 Mbit/s (96 Ch.), 8.448 Mbit/s (128 Ch.) (E2) or 7.786 Mbit/s (120 Ch.) 44.736 Mbit/s (DS3) 32.064 Mbit/s (480 34.368 Mbit/s (512 Ch.) (E3) (672 Ch.) (T3) Ch.) 274.176 Mbit/s (DS4) 97.728 Mbit/s (1440 139.264 Mbit/s (2048 Ch.) (4032 Ch.) Ch.) (E4) 400.352 Mbit/s (DS5) 565.148 Mbit/s (8192 565.148 Mbit/s (8192 Ch.) (5760 Ch.) Ch.) (E5) Asymmetric Digital Subscriber Line allows POTS and data transmitted simultaneously Symmetric Digital Subscriber Line cannot share data transmission with POTS Very High Speed Digital Subscriber Line Allows Max Bandwidth available on standard phone line ( 13 55 Mbps) Provides high speed Internet connections using a broadband cable connection High Speed Internet Page 11

NETWORK+ STUDY PON E3/T3 Wireless ATM Typically used where DSL and Cable Internet are not available Passive optical Network Fiber to the premises T3: 44.736 MBPS(DS3 basically 28 T1 Lines) Provided through WIFI Hotspots 4G (WiMAX, LTE, HSPA+) Asynchronous Transfer Mode Advanced packet switching network using fixed length packets (53 bytes) Provides data rates up to 622 Mbps Synchronous Optical Network Divided into OC Levels (Optical Carrier Levels) o OC-1 = 51.84 Mbps o OC-24 = 1.244 Gbps Multiprotocol Label Switching Technique Not a service Integrated Services Digital Network o BRI: Basic Rate 2 64K B-Channels / 1 16K D-Channell o PRI: Primary Rate 23 64K B-Channels / 1 64K D-Channel Plain Old Telephone Service Public Switched Telephone Network Virtual Private Network o Allows travelling users to connect o Uses Tunneling Protocols (PPTP, L2TP)

SONET

MPLS Uses Labeling ISDN

POTS PSTN VPN

Network+ Study

Page 12

NETWORK+ STUDY Ethernet LAN Types & Properties Bonding: Taking 2 or more cables, allowing them to act together Format: How Fast / Base / Type of Cable T=Twisted Pair 5-4-3 Rule: 5 Cable Segments, 4 Repeaters, 3 mixing Segments Standard Ethernet Fast Ethernet / 100 Mbps / Twisted Pair Fast Ethernet / 100 Mbps / Fiber Optic Gigabit Ethernet / 1000 Mbps / Twisted Pair Gigabit Ethernet / 1000 Mbps / Fiber Optic Variations of Fiber Optic 10000 Mbps

10BaseT 100BaseTX 100BaseFX 1000BaseT 1000BaseX 10GBaseSR 10GBaseLR 10GBaseER 10GBaseSW 10GBaseLW 10GBaseEW 10GBaseT CSMA/CD Broadcast Collision

Cross Connect Patch Panel

MDF / IDF Demarc

Twisted Pair Carrier Sense Multiple Access with Collision Detection The transmitting of a packet that will be received by every device on the network When 2 clients transmit at the same time Detected by an increase in voltage All data becomes unusable, is discarded Cable which connects you to a backbone or provider A patch panel, patch bay, patch field or jack field is a number of circuits, usually of the same or similar type, which appear on jacks for monitoring, interconnecting, and testing circuits in a convenient, flexible manner Main Distribution Frame Intermediate Distribution Frame The point at which the telephone company network ends and connects to your wiring

Network+ Study

Page 13

NETWORK+ STUDY HUB Network Devices HUB is a center device used to connect multiple computer and networking device to each other, used in LANs HUBs work on Physical layer in OSI model HUBs are a half duplex device Hubs broadcast all packets on all outgoing ports Passive hub Does not amplify signals Active Hub Amplifies weak signals In telecommunications, a repeater is an electronic device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances Works on the Physical (1) layer of the OSI model Device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. A network interface controller (NIC) (also known as a network interface card, network adapter, LAN adapter and by similar terms) is a computer hardware component that connects a computer to a computer network Used to convert from one form of media to another Most typical would be to convert between twisted pair copper and fiber optic cable PoE o Power over Ethernet is used to transfer electrical power, along with data, over standard twisted pair cable STA - Spanning Tree Algorithm o Used by switches to determine the best route when there is more than one connection to a node VLAN o Can be created in order to emulate multiple broadcast domains using switches Trunking o When a switch presents more than one VLAN configuration over a single connection to another switch or router Port Mirroring o Used to send a copy of network data to a second (mirrored) connection usually for the purposes of monitoring Port Authentication o Used to restrict access based up authentication. Used in 802.11 (Wireless) Basically a multiport bridge Multi Layer Switch o Layer 3 switch (Can function based of IP addresses) o Content Switch (Ability to examine and filter higher level data) Bridges operate at the Data link layer Simplistic routing tables based on MAC addresses Used to create separate collision domains Basically the same thing as a hub for wireless networks Routers are used to connect networks together Page 14

Repeater

Modem

NIC

Media Converters

Switch

Bridge

Wireless Access point Router Network+ Study

NETWORK+ STUDY Routers have sophisticated network tables which can determine the best route to get information from one network to another Functions at the network layer of the OSI model Used to create separate broadcast domains Used to protect private networks from external intrusion Can control what data is allowed in or out of a network Can be hard or software Intrusion Detection System / Intrusion Prevention System Used when more than one line of communication available Distributes the bandwidth load Round Robin DNS: Similar to load balancer, provides much higher level of control NAT Server (Disguise an end users identity) Can cache requests to save on bandwidth Channel Service Unit/Data Service unit Hardware device which converts data frames used on a LAN into data frames used on a WAN Typically used to connect a T1 line to a local network 100 Pair UTP 66 block oldest standard for punchdown block 25 Pair UTP cables

Firewall

IDS/IPS Load Balancer

Bandwidth Shaper Proxy Server CSU/DSU

Telephone Devices

110 Blocks

Network+ Study

Page 15

NETWORK+ STUDY ARP Address Resolution Protocol Networking Technologies / Protocols A Known IP address is resolved to a MAC address ARP allows a device to acquire the MAC address of a remote host when only the IP address of the remote host is known Keeps an ARP cache of known IP to MAC addresses In Windows, ARP utility displays IP to Physical translation tables Service that runs on routers Allows a router to respond to ARP requests from hosts Router will answer the ARP Request with the MAC address of the interface received the request Resolves a MAC address to an IP address A workstation boots up and realizes it has no IP address RARP request contains its own MAC address User Datagram Protocol No guarantee of Delivery (Unreliable, Best effort Delivery) No error checking, no confirmation Allows a server to dynamically distribute IP addressing and configuration information to clients Provides IP address, Subnet Mask, Default Gateway, DNS & WINS, lease Length APIPA A Feature of Microsoft Windows, APIPA is a DHCP failover mechanism for local networks 4 Step Process DORA (Discover, Offer, Request, ACK) o Discover L3 Broadcast o Offer Contains IP and Mask o Request Host decides which offer to accept o Ack Proper DHCP server gives the host additional information (DNS Server, etc) DHCP lease Renewal o DHCPREQUEST o DHCPACK DHCP Relay Server DHCP Server o TCP/IP service used to dynamically assign IP addresses on a network o Responsible for managing the pool of IP addresses available to be used on the network Provides a mechanism for routers or dest. Hosts to communicate with source hosts Takes the form of specially formatted IP datagrams A required element in some implementations of TCP/IP Reports errors only about processing of non ICMP IP datagrams Distributed Database for Internet Namespace Uses TCP and UDP port 53 Use UDP for queries, Use TCP for copying distributed database DNS Components o DNS Servers TCP/IP service used to resolve host names to IP Page 16

Proxy ARP

Reverse ARP OBSOLETE UDP Conectionless DHCP Dynamic Host Configuration Protocol

ICMP Internet Control Message Protocol

DNS Domain Naming Service

Network+ Study

NETWORK+ STUDY addresses Responsible for maintaining a directory of names in a database and respond to client requests o DNS Database o DNS Clients Domain Namespace Root Domain (.) o Top-Level Domain (net,com,org) o Second-Level Domain (Microsoft) o Sub-Domain (hq,Canada) o FQDN (sales.hq.microsoft.com) Sales server DNS Zone o A zone is an area of DNS namespace to which a DNS Server can be authoritative (has the right to give definitive answers) DNS Records o A (Host IPv4) o AAAA (Host IPv6) o PTR (Pointer) o CNAME (Alias) o MX (Mail Exchanger) Dynamic DNS o Dynamic Updates o DHCP Integration Uses port 20,21 Listens on port 21, port 20 for data transfer FTP requires username & password, sends in plain text FTP allows anonymous FTP TFTP (Simplistic, Connectionless) o Port 69 o No security, does not require username/Password Hyper Text Transfer Protocol HTTP uses TCP Port 80 HTTPS uses TCP port 443 (Uses SSL (Secure Socket Layer) Session Initiation Protocol can establish, modify and terminate multimedia sessions or calls Examples: Multimedia conferences, distance learning, Internet calls Real-Time Transport Protocol provides end-to-end network transport functions suitable for applications transmitting real-time data such as audio, video, over multicast or network services Secure Shell Similar to Telnet but secure Employs encryption through certificates and authenticates the server to the client TCP port 22 Post Office Protocol Used to retrieve Email TCP port 110 Network Time Protocol Synchronizes distributed clocks to the millisecond Page 17

FTP

HTTP(S)

SIP (Voip)

RTP (VoIP)

SSH

POP3

NTP

Network+ Study

NETWORK+ STUDY IMAP4 UDP port 123 Internet Message Access Protocol Used to access all server-based messaging folders TCP port 143 Terminal emulation protocol that allows remote access to a system TCP port 23 Simple Mail Transfer Protocol Used for sending email TCP port 25 Simple Network Management Protocol Works by having network devices acting as agents, collecting information and providing that information to SNMP managers UDP port 161 Consists of 3 components: A management console software product installed on a network computer, agents installed on the devices you want to manage, and MIBs for each of the agents. Internet Group Management Protocol o Communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships o Integral part of IP multicast Transport Layer Security establishing a secure connection between a client and server Capable of authenticating both client and the server creating an encrypted connection between the two Considered to be a replacement for SSL Remote Desktop Protocol Proprietary protocol developed by Microsoft

Telnet SMTP SNMP2/3

IGMP

TLS

RDP

FTP SSH/SFTP/SCP TELNET SMTP DNS HTTP POP3 IMAP4 HTTPS

TCP Ports 20,21 22 23 25 53 80 110 143 443

TFTP NTP DNS BOOTP/DHCP SNMP

UDP Ports 69 123 53 67 161

Network+ Study

Page 18

NETWORK+ STUDY Network Address MAC ADDRESSES MAC Address L2 Address Physical Address Hardware Address BIA (Burned In Address) Theoretically each device has a unique MAC 6 Bytes, can be expressed with Dash -, Colon : or Decimal . First 3 bytes Organizationally Unique Identifier (OUI) Last 3 bytes Network Interface Controller (NIC)

MAC Address Names

Format 12-23-F5-45-56-78

MAC Broadcasts

Format Classes

Has a destination of everyone Broadcast address is FF-FF-FF-FF-FF-FF (Case insensitive) IPv4 32 Bit Address Dotted Decimal Notation
Class A0 B 10 C 110 D 1110 E 11110 Network octets 1 2 3 Multicasting Experimental Number Range 1 126 128 191 192 223 224 239 240 255 Max Networks 126 16,384 2,097,152 Max Hosts 16,777,214 65,534 254 Special IP Addresses 10.0.0.0 142.222.0.0 195.143.1.0

Format

IPv6 128 Bit Address Eight groups of 4 hex digits separated by colons Page 19

Network+ Study

NETWORK+ STUDY Subnetting Addressing Technologies Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you do not subnet, you are only able to use one network from your Class A, B, or C network, which is unrealistic Subnet Mask: A 32 Bit combination used to describe which portion of an address refers to the subnet and which part refers to the host Subnets o Classless addressing used a variable number of bits for the network and host portions of the address o Classless treats the IP address as a 32 bit stream of ones and zeroes, where the boundary between network and host portions can fall anywhere between 0 and bit 31 Routing Protocols o Classful routing DO NOT send the subnet mask along with updates o Classless routing DO send the subnet mask along with updates The process of modifying IP address information in IPv4 headers while in transit across a traffic routing device An extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address The goal of PAT is to conserve IP addresses Provides a secure mechanism for translating internal, nonroutable addresses into routable addresses. As traffic flows out of a data center, the gateway and source address of IP packets are translated and switched to the appropriate upstream gateway router. This ensures that traffic is sent and returned through the desired path. Public IP Addresses are used to navigate around in what today is known as the Internet Private IP Addresses are different from Public IP Addresses in the sense that they are not assigned to computers that can be located or reached over the largest network in the world, or the Internet. These IP Addresses are usually assigned by a router on a personal or smaller network such as a home or office network. The individual routers that are routing the packets from one computer to another are responsible for assigning these Private IP Addresses. o 10.0.0.0 to 10.255.255.255 o 172.16.0.0 to 172.31.255.255 o 192.168.0.0 to 192.168.255.255 Addressing Schemes A method of sending IP datagrams to a single network destination A method of sending IP datagrams to a group of receivers in a single transmission Data is transmitted to ALL possible destinations

Classful vs Classless

NAT (Network Address Translation) PAT (Port Address Translation)

SNAT (Secure Network Address translation)

Public vs Private

Unicast Multicast Broadcast

Network+ Study

Page 20

NETWORK+ STUDY ROUTING IPv4 & IPv6 Routing Protocols OSPF (Open Shortest Path First) o Used in medium to large networks o Bases its paths off link states o Can also use cost metrics to give performance to certain paths IS-IS (Intermediate System to Intermediate System) o Intermediate system is another name for a router o Originally designed with the OSI model RIP (Routing Information protocol) o Maximum 15 hops o Originally had updates send every 30 seconds o Does not support Authentication o Uses broadcast communication RIPv2 o Maximum 15 hops o Supports Authentication o Uses multicast communication BGP o Core routing protocol of the internet o Typically used by ISPs EIGRP (Enhanced Interior Gateway Routing Protocol) o Evolved from IGRP o Uses the Diffusing-Update Algorithm (DUAL) o Each router keeps a copy of its neighbors routing tables o Each router periodically send out a hello packet to keep track of the state of its neighbors Properties of Routing IGP (Interior Gateway Protocol) o A routing protocol used to exchange information within a LAN EGP (Exterior Gateway Protocol) o A routing protocol used to route information outside a local network, typically out to the Internet Static Routing o All routers have to have their routing table configured and updated regularly Dynamic Routing o Routers communicate with each other to share their routing information with each other One portion of the path between source and destination Each time packets are passed to the next device a hop occurs Hop Count the number of intermediate devices (like routers) through which data must pass between source and destination Used by network devices in order to determine where a packet should be sent in an attempt to get it routed to its final destination The process of all routers becoming aware of the changes to the network

Link State
Each router communicates all the networks it knows about to other routers to which it is directly attached

Distance Vector
Each router builds a map of the entire network. LSAs (Link State Advertisements) are used to communicate information about networks they are connected to

Hybrid

IGP vs. EGP

Static vs. Dynamic

Hop

Routing Tables Convergence

Network Standards Network+ Study Page 21

NETWORK+ STUDY CSMA/CD Carrier Sense Multiple Access / Collision Detection

Virtual LAN

IEEE Ethernet Standards (Institute of Electrical and Electronics Engineers)

Broadcast Storm

Carrier Sense hosts listen to the wire before sending Multiple Access More than one host is doing this Collision Detection A hosts ability to detect that their data has been involved in a collision When signals collide change in voltage all data becomes unusable Each node will continue transmitting to ensure all nodes detect the collision When all nodes have detected the collision, the backoff algorithm is invoked and transmission stops A single L2 device may be partitioned to create multiple distinct isolated broadcast domains Can be configured through software Acts like an ordinary LAN, but connected devices dont have to be physically connected to the same segment 802.1Q Half Duplex: Does not allow simultaneous sending & receiving Full Duplex: Does allow simultaneous sending & receiving 802.3: Defines Ethernet 10Base-2: Thin Ethernet 10 MBPS 185 Meters 10Base-5: Thick Ethernet 10 MBPS 500 Meters 802.3i: 10BaseT, 10MBPS Range 100 Meters 802.3u: 100Base-t, 100 MBPS 802.3z: Gig Ethernet (1000 MBPS) 802.3ae: 10 Gig Ethernet (10000 MBPS) 802.11: Wireless Ethernet 802.1: Overall Internetworking Standards 802.2: Defines the LLC sub-layer of the Data Link Layer A broadcast storm occurs when a network system is overwhelmed by continuous multicast or broadcast traffic. When different nodes are sending/broadcasting data over a network link, and the other network devices are rebroadcasting the data back to the network link in response, this will eventually cause the whole network to melt down and lead to the failure of network communication

Network+ Study

Page 22

NETWORK+ STUDY QoS High Availability Network Performance Quality of Service is a strategy used to control the flow of network traffic Administrators can provide preferential delivery for the applications which need it Used to enforce the control of network traffic One of the methods administrators use to ensure QoS is Traffic Shaping Generally traffic should be shaped based upon different priority factors o Users, Applications, Time of Day A General term which defines the use of more than one (insert variable) to provide a service Client needs are satisfied by the first available (insert variable) Sometimes clients needs can be satisfied by all available (insert variable) Variables o Servers, Hard Drives, Transmission Lines a system design approach and associated service implementation that ensures a prearranged level of operational performance will be met during a contractual measurement period Used to store information so it does not have to be retrieved off the network multiple times A proxy server is an example of a caching engine CARP (Cache Array Routing Protocol) If something is fault tolerant then it means that in the event of a failure (fault) it will continue to function (tolerance) RAID (Redundant Array of Independent Discs) Latency-sensitive data is data whose retrieval or transmission must meet certain time constraints in order to be acceptable to the user. VoIP Video Applications The uptime and reliability of computer and communications facilities is sometimes measured in nines. Having a computer system's availability of 99.999% means the system is highly available, delivering its service to the user 99.999% of the time it is needed. In other words you get a total downtime of approximately five minutes and fifteen seconds per year with 99.999% uptime.

Traffic Shaping

Load Balancing

Caching Engines

Fault Tolerance

Latency Sensitivity High Bandwidth Applications Uptime

Network+ Study

Page 23

NETWORK+ STUDY Traceroute (UNIX) Tracert (Windows) Ipconfig (Windows) Ifconfig (UNIX) Ping Arp Nslookup Hostname (Windows) Dig (UNIX) Network Command Line Tools View entire path a packet takes to get from one device to another View entire path a packet takes to get from one device to another Used to view TCP/IP configuration Used to view TCP/IP configuration Used to check connectivity between networking devices Used to view and manage the ARP cache Used by Windows to troubleshoot DNS name resolution issues Has both interactive and non-interactive mode Displays the host name portion of the full computer name of the computer Used by Unix to troubleshoot DNS name resolution issues NSLOOKUP can also be used, but DIG is considered to be more powerful Does not have an interactive mode Network Diagnostic Tool Combines the functionality of Traceroute and Ping Used to view and manipulate the TCP/IP routing table Used to display NetBIOS statistics to assist in troubleshooting name resolution issues Used to display TCP/IP statistics and connections Used to display and manage the routing table Networking Hardware Tools Used to strip off the outer insulation of a cable when getting ready for a connector Used to cut cables Used to attach a connector on the end of a cable Electronic device used to verify the electrical connections in a cable or other wired assembly Used to connect wire to a punch down block A Time Domain Reflectometer is used to check the continuity of a copper cable Optical Domain Reflectometer is used to check the continuity of a fiber optic cable Can be used to help locate a break in a cable Used to locate the end of a cable Made up of 2 components, a tone generator and a probe Used to monitor the quality of the power coming from a wall outlet Used to test a variety of information about cables, connectors and outlets Used to allow an administrator to butt in to a communication line Used to analyze network protocol (May be hardware or software) Also referred to as a loopback adapter is a connection device that is plugged into a computers port in order to perform a loopback test

Mtr (UNIX) Route (BOTH) Nbtstat Netstat Route Cable Stripper Snips / Wire Cutter Crimper Cable Tester Punch Down Tool TDR/OTDR

Toner Probe Voltage Event Recorder Multimeter Butt Set Protocol Analyzer Loopback plug

Network+ Study

Page 24

NETWORK+ STUDY Network Security Attacks Rogue Access Point Access point placed on the network without the administrators knowledge Evil Twin WAP that is camouflaged as a legitimate hot spot to gather personal or corporate information without the end users knowledge Software which is designed to perform harm to a system which is loaded without the users permission o Worms Can self propagate from system to system o Trogan Horse Disguises itself as a harmless program to fool the user into installing and/or executing it Denial of Service (DoS) An attack which is not designed to steal or destroy, but rather to overwhelm a system to the point that it cannot perform normal functions Distributed Denial of Service (DDoS) An attack in which a multitude of compromised systems attack a single target, causing denial of service for users of the targeted system Smurf Involves flooding a network with the same ICMP Echo Request messages used by Ping but sent to the networks broadcast address. These messages are also spoofed; the source address field contains the IP address of the computer that is the intended victim. This way, all the computers receiving the broadcast will send their responses to the victim computer, flooding its in-buffers. Social Engineering (phising) Someone pretending to be somebody that they are not in order to gain your trust so you will share secret information Man in the Middle An attacker gets between the sender and the recipient, intercepts information in transmission, and modifies the transmission before passing it on Buffer Overflow Occurs when more data is sent to an application than it can process or store in the buffer Packet Sniffing The process of capturing any data passed over the local network and looking for any information that may be useful FTP Bounce an exploit of the ftp protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request Security Devices Used to control the flow of data Work by establishing a set of rules o Allow all except (Explicit deny) o Block all except (Implicit deny) Advanced firewall capabilities include: o Stateful Inspection o Packet Filtering DMZ (Demilitarized Zone) o Also called perimeter network Can be host or network based Used to help an administrator recognize a possible attack on a network system Similar functionality to an IDS, but will actively make changes to lock down Page 25

Wireless Security Threats

Viruses

Attacks

Firewalls

IDS (Intrusion Detection System) IPS (Intrusion Network+ Study

NETWORK+ STUDY Prevention System) VPN Concentrator NESSUS NMAP Security Methods

Access Control Lists (ACLs)

Tunneling and Encryption

Remote Access

User Authentication

the network or system if a potential intrusion is present Hardware based VPN server. Used to setup a secure VPN connection with the remote client before passing them on through to the internal network Comprehensive vulnerability scanning program. Detects potential vulnerabilities on the tested systems by launching a series of attacks A security scanner used to discover hosts and services on a computer network thus creating a map of the network Honeypots o A trap set to counteract attempts at unauthorized use of information systems Honeynets o A decoy network set up with intentional vulnerabilities; its purpose is to invite attack so that attacker methods can be studied Network Access Security A form of filtering used to control whether someone should be given access to a network or system o MAC Filtering o IP Filtering o PORT filtering Virtual Private Networks (VPNs) are used to securely extend the internal network out to remote clients o Client-to-site o Site-to-site VPN Protocols o Point to Point Tunneling Protocol (PPTP) o Layer 2 Tunneling Protocol (L2TP) o IPSec ISAKMP Uses The IP Authentication Header (AH) protocol Encapsulates the payload of a datagram for transmission across a network SSL (Secure Sockets Layer) TLS 2.0 (Transport Layer Security) SSL VPN Remote Access Service (RAS) Point to Point Protocol (PPP) Point to Point Protocol over Ethernet (PPPoE) Remote Desktop Protocol (RDP) Independent Computing Architecture (ICA) Secure Shell (SSH) Authentication o The process of identifying a user or computer Authorization o The process of determining the level of access for a user or computer Accounting o The process of keeping a log of activity by a user or computer RADIUS (Remote Authentication Dial In User Service) Page 26

Network+ Study

NETWORK+ STUDY o Uses UDP connections TACACS+ (Terminal Access Controller Access Control System) o Relies on TCP connections Kerberos o Uses a secret key to keep authentication information (usernames & passwords) secure o Uses a symmetric key encryption methodology so it is typically used within private networks where key management can be handled easily o Allows for users to have a single sign-on o Can also be used for mutual authentication Multifactor Authentication o Using more than one form of authentication to identify a user Something they know (Username, Password) Something they have (Physical, Smartcard) Something they are (Biometric, Fingerprint, Voice) Public Key Infrastructure (PKI) o A term used to describe a network which has been fully configured to use certificates and public key encryption Cryptography o A process of applying an algorithm to clear text in order to convert it to cipher text o Symmetric Key Encryption The same key is used to encrypt and decrypt data There needs to be a key for every unique communication Good for use in a small secure environment When used over an unsecure network an asymmetric key is usually used to secure the exchange o Asymmetric Key Encryption Key pairs are used to encrypt and decrypt data Key exchange and storage is simplified Good for use in a large unsecure environment The most common form of asymmetric encryption is known as public key encryption 802.1x (A Secure network access control standard) o It is really a set of protocols and requirements which include certificate services and RADIUS o Typically used for secure wireless network access although it is capable of securing wired networks as well Remote Access Authentication Protocols o Password Authentication Protocol (PAP) o Challenge Handshake Allocation Protocol (CHAP) o Microsoft Challenge Handshake Allocation Protocol(v2) (MSCHAP & MSCHAPv2) o Extensible Authentication Protocol (EAP)

Network+ Study

Page 27

NETWORK+ STUDY Wireless Networking Benefits of Wireless Networking o No more cables o Easier to install o Connect networks through walls and other obstacles o Quickly allow temporary access 802.11 a/b/g/n Speeds Distance
802.11a 802.11b 802.11g 802.11n 54Mbps 11Mbps 54Mbps 100Mbps Less than 100 feet 300Ft outdoors 100Ft indoors 300Ft outdoors 100Ft indoors 1000Ft

Channels
36,40,44,48 52,56,60,64 1 through 11 1 through 11

Frequency
5Ghz 2.4Ghz 2.4Ghz 2.4Ghz & 5Ghz

Wireless Access Point

802.11n Antenna

Components of a Wireless Access Point BSS (Basic Service Set) ESS (Extended Service Set) SSID (Service Set Identifer) ESSID (Extended Service Set Identifer) BSSID (Basic Service Set Identifier) BSA (Basic Service Area) Placement must be considered o Where are the clients located o Different hardware has different signal strength o Antenna Type Directional RF Interference MIMO (Multiple in multiple out) Gain Beam Widths (Horizontal and Vertical) Rear Lobe coverage Polarization Impedance, VSWR

Network+ Study

Page 28

NETWORK+ STUDY WPA Authentication and Encryption / Wireless Security Wireless Protected Access Wi-Fi Alliance Authentication Cipher Suite Encryption Name Mechanism Mechanism WPA-Personal Preshared Key TKIP RC4 WPA-Enterprise 802.1X/EAP TKIP RC4 WPA2-Personal Preshared Key CCMP (default) AERS (Default) TKIP (Optional) RC4 (Optional) WPA2-Enterprise 802.1X/EAP CCMP (Default) AES (Default) TKIP (Optional) RC4 (Optional) Requires the use of Certificates and RADIUS Certificates can be used to provide a higher level of authentication of the user and/or computer attempting to connect A RADIUS server is used to centralize the connection requests to the wireless network Wired Equivalency Privacy Originally used 40 bit key, later advanced to 128 bit encryption Not secure, easily cracked Remote Access Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers that connect and use a network service Client/Server protocol that runs in the application layer Uses UDP as transport method Temporal Key Integrity Protocol Designed as a solution to replace WEP without requiring replacement of legacy hardware Specify what computers can connect to you WAP based upon the MAC address of their wireless card

802.1x

WEP

Radius

TKIP

MAC Filtering

Network+ Study

Page 29