1.

0 Network Technologies

09/04/2011 13:32:00

1.1 Explain the function of common networking protocols TCP/IP Protocol Suite o Application Management BOOTP Bootstrap Protocol Automates the IP address configuration process Replaced by DHCP o Dynamic Host Configuration Protocol DNS Domain Name Services Converts domain names to IP addresses SNMP Simple Network Management Protocol Gather statistics from network devices Version 1 o Structured Tables o Not encrypted Version 2 o Data type enhancements o Bulk transfer o Not encrypted Version 3

o Message integrity Message not modified o Authentication o Encryption Network Time Protocol Automatically synchronize clocks Remote Communication Telnet Telecommunication Network Login to devices remotely Unencrypted communication SSH Secure Shell Looks and acts the same as Telnet Encrypted File Transfer FTP File Transfer Protocol Transfer files between systems Authenticates with a username and password Full-featured functionality o List o Add NTP

o Delete o TFTP Trivial File Transfer Protocol Very simple file transfer o Read files and write files Mail No authentication

SMTP Simple Mail Transfer Protocol Used for sending mail POP3 Post Office Protocol version 3 Receive mail Designed for intermittent connectivity o Download and store locally IMAP4 Internet Message Access Protocol version 4 Flexibility in connectivity Keeps state o Read o Unread o Replied o Deleted

Browser HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure Extra layer of encryption through SSL/TLS SSL/TLS Secure Sockets Layer o Netscape Transfer Layer Security o Updated SSL

VoIP SIP RTP

Session Initiation Protocol Signaling Protocol o Builds and tears-down media call Real-time Transport Protocol Carries the media stream

o Transport TCP

Transmission Control Protocol Connection-oriented Reliable delivery

Can manage out-of-order messages or retransmissions SYN ACK User Datagram Protocol Connectionless Unreliable No reordering of data or transmission

UDP

o Internet IPv4 IPv6

IP version 4 Primary Internet protocol 32-bit (4-byte) address 4,294,967,296 (2^32) addresses Dot-decimal notation 192.168.3.1 IP version 6 Next generation Internet protocol 128-bit address Eight groups of four hexadecimal digits Improves routing, security, efficiency, and more

ICMP Internet Control Message Protocol

Sends management messages between systems PING o Echo Requests, Echo Replies o Destination Unreachable

IGMP Internet Group Management Protocol Manages membership of multicast groups Subscription Improves efficiency and bandwidth usage Data that need to be view by many people simultaneously Live streams, stock quotes, etc.

Address Resolution Protocol IP address to MAC address and vice versa Command line ARP A 1.2 Identify commonly used TCP and UDP default ports IPv4 with TCP/UDP o Server IP address o Server Application Port Number o Client IP Address o Client Port Number Non-ephemeral Ports

o Link ARP

o Permanent port numbers o Usually on a server or services Ephemeral Ports o Temporary port numbers o Determined by the client workstation Port numbers o Between 0 and 65,535 o For communication, not security TCP o FTP 20 (Data), 21 (Control) o SSH 22 o Telnet 23 o SMTP 25 o DNS 53 o HTTP 80 o POP3 110 o NTP 123 o IMAP4 143 o HTTPS 443 UDP o o o o DNS 53 BOOTP/DHCP 67 TFTP 69 SNMP 161

1.3 Identify the following address formats IPv4 o Internet Protocol version 4 o OSI Layer 3 address o 32-bits 8-bits/1-byte/1-octet chunks Range is from 0 to 255 o Dotted decimal system 192.168.1.131 IPv6 o Internet Protocol version 6 o OSI Layer 3 address o 128-bits o o o MAC o o o o 16-bits/2-bytes/2-octets chunks Leading zeroes are optional Groups of zeroes can be abbreviated with a double colon (::) Only one of these abbreviations allowed per address fe80:0000:0000:0000:5d18:0652:cffd:8f52 and fe80::5d18:652:cffd:8f52 addressing Media Access Control OSI Layer 2 address Physical address of the network interface card 48-bits/6-bytes, usually represented in hexadecimal First 3-bytes, are assigned by the IEEE to the manufacturer

OUI Organizationally Unique Identifier Last 3-bytes, are assigned sequentially o Dell_6f:06:f2, 00:21:70:6f:06:f2, or 00-21-70-6f-06-f2 o IPCONFIG /ALL 1.4 Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes Addressing technologies o Subnetting Unique IP Address Subnet Masks Helps determines Network ID and Host ID Network Address Bitwise AND of IP Address and Subnet Mask (1s) Broadcast Address Host ID is all 1s Range is between the network address and the broadcast address Default Gateway The router that allow you to communicate outside of the local network Must be an IP address on the local network o Classful Addressing Class A Subnet Mask 255.0.0.0 Leading Bits 0xxx (1-126) Number of networks 128 Hosts per Network 16,777,214 Class B Subnet Mask 255.255.0.0

Leading Bits 10xx (128-191) Number of networks 16,384 Hosts per Network 65,535 Class C Subnet Mask 255.255.255.0 Leading Bits 110x (192-223) Number of networks 2,097,152 Hosts per Network 254 Class D Multicast Leading Bits 1110 (224-239)

Class E Reserved Leading Bits 1111 (240-254) o Classless Addressing Classless Inter-Domain Routing (CIDR) 192.168.1.4/24 = 255.255.255.0 10.1.0.0/16 = 255.255.0.0 10.1.1.0/24 = 255.255.255.0 10.1.1.0/26 = 255.255.255.192 CIDR Notation Number of 1s in the subnet mask Number of Network = 2^(Network Extension) 2 Host per Network = 2^(Number of 0s) 2 Supernetting

Opposite of subnetting Used often in routers to aggregate network routes Makes many different networks look like a single network 192.168.1.0/24 192.168.2.0/24 192.168.254.0/24 192.168.255.0/24 or 192.168.0.0/16

o NAT Network Address Translation Converts one IP address to another Layer 3 conversion o PAT Port Address Translation Converts port number (and usually the IP address) o SNAT Source NAT Converts source IP address to another IP address Convert a large number of internal IP addresses to one external address o DNAT Destination NAT Converts the destination IP address to another IP address

Used to convert externally accessible IP addresses to an internal address o Public IP o Private IP RFC1 918 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 o DHCP Dynamic Host Configuration Protocol Automatic configuration of IP address, subnet mask, and other options Dynamic IP addresses are assigned in real-time from a pool Each system is given a lease and must renew at set intervals Static Addresses are assigned by MAC address in the DHCP server Quickly readdress servers from one location

o APIPA Automatic Private IP Addressing Alternative to DHCP 169.254.0.1 169.254.255.254 Subnet Mask 255.255.255.0 Useful for small offices Addressing schemes o Unicast

o Multicast o Broadcast 1.5 Identify common IPv4 and IPv6 routing protocols Link State Information passed between routers is related to the current connectivity. Used in large networks due to scalability. o OSPF Open Shortest Path First The most available and fastest path is the first choice Links are grouped logically into areas Default area is 0 Each area has its own database of link states Each link has a cost Throughput, reliability, round-trip time Lowest cost wins, identical costs are load balanced Detects changes in network link state and modifies the routing structure very quickly, usually within seconds Complex protocol

o IS-IS Intermediate System to Intermediate System No as popular as OSPF Large-scale implementation Often in large provider networks Group networks into areas Levels of routing Level 1 Routing within an area Level 2 Routing between areas

Can theoretically scale larger than OSPF Less chatty Distance Vector Information passed within routers contain routing tables. Takes into consideration how many hops it takes to get to another network. Automatic configuration. Good for smaller networks o RIP Routing Information Protocol Network Address, Number of hops, and Destination Maximum hop of 15 o RIPv2 Updated for Classless Inter-Domain Routing (CIDR) Includes authentication to verify the source o BGP Border Gateway Protocol Core routing protocol of the Internet Used by Internet Service Providers Flexible Internal Border Gateway Protocol (iBGP) or External Border Gateway Protocol (eBGP) Allows Multihoming Multiple links to the same network

Hybrid o EIGRP Enhanced Interior Gateway Routing Protocol Cisco proprietary Metrics Total Delay

Minimum bandwidth Reliability Load Minimum path Maximum Transmission Unit (MTU) 1.6 Explain the purpose of properties of routing IGP and EGP o Autonomous System (AS) Independent entity Group of IP routes under common control o Interior Gateway Protocol Used within a single AS OSPF IS-IS RIP RIPv2 EIGRP o Exterior Gateway Protocol Used to route between Autonomous Systems Leverages IGP at the IS to handle local routing Border Gateway Protocol (BGP) Static Routing o Manual process o Default route to the Internet Dynamic Routing o Automatic o All routing decisions handled by the protocol Next hop Understanding routing tables and how they pertain to path selection Explain convergence (steady state)

1.7 Compare the characteristics of wireless communication standards

802 .11 Spe eds Dist anc e

A 54 Mb ps 35 me ter s

B 11 Mb ps 38 me ter s

G 54 Mb ps 10 0 me ter s

N 60 0 Mb ps 30 0 me ter s

Fre que ncy

5 GH z

2. 4 GH z

2. 4 GH z

2. 4 GH z an d/ or 5 GH z

802.11 a/b/g/n o Speeds o Distance o Channels Corresponds to a certain frequency 22 MHz wide, there is certain overlaps United States use 1 through 11 1, 6, and 11 usually used o Frequency Authentication and encryption Determines who can access the network and make data unreadable without proper credentials o WPA Wi-Fi Protected Access WPA, WPA2, WPA2-Enterprise Pre-shared Key 8 to 63 ASCII characters 256-bit key

o WEP Wired Equivalent Privacy 40-bit or 104-bit keys Vulnerable o RADIUS Remote Authentication Dial In User Service AAA Authentication, Authorization, and Accounting Centralized management

o TKIP Temporal Key Integrity Protocol Every packets get a unique encryption key

2.0 Network Media and Topologies 13:32:00

09/04/2011

2.1 Categorize standard cable types and their properties EIA Electronic Industries Alliance o Develop standards for the industry TIA Telecommunications Industry Association Type o CAT3 Supports 10 Mbit Ethernet and 4 Mbit Token Ring o CAT5 Supports 100 Mbit Ethernet o CAT5e Supports 1 Gbit Ethernet o CAT6 Supports 10 Gbit Ethernet through 55 meters CAT 6A is designed for 100 meters o STP Shielded Twisted Pair Additional shielding protects against interference Requires the use of an electrical ground o UTP Unshielded Twisted Pair Most common twisted pair cabling o Optical Fiber Glass or plastic fiber that carries light High bandwidth, long distances, low interference

Multimode fiber Single-mode fiber o Coaxial Wire Conductor, Insulator, Metal Shielding, and Plastic Jacket 10BASE5 Thicknet RG-8/U 10BASE2 Thinnet RG-58 RG-59 RG-6 o Serial Send one bit at a time o Plenum vs. Non-plenum Heating and air conditioning space Riser Between-floor connections Polyvinyl Chloride (PVC) Fluorinated Ethylene Polymer (FEP) Properties o Transmission speeds Coaxial 1 Mbps through 100 Mbps Twisted Pair Cabling CAT3 10 Mbps CAT5 100 Mbps CAT5e 1 Gbps CAT6 10 Gbps Fiber Optics

10+ Gbps

o Distance Loss of signals over distances o Duplex Half-Duplex Send or receive Full-Duplex Send and receive simultaneously More efficient o Noise immunity (security, EMI) Electromagnetic Interference Microwaves, motors, etc. Security Electrical signals are noisy and can be tapped o Frequency Number cycles per second MHz GHz Higher frequency generally means higher throughput 2.2 Identify common connector types RJ-11 o Telephone wiring o 6P4C RJ-45

o Ethernet cabling o 8P8C BNC o Bayonet Neill-Concelman o Coaxial cable connector o RG-58 used in 10BASE2 SC o Siemon/Subscriber/Standard Connector o Stick and Click ST o Straight Tip o Stab and Twist LC

o Lucent/Local Connector o Little Connector MT-RJ o Mechanical Transfer Registered Jack RS-232 o Recommended Standard 232 o Serial o Modems, printers, mice, and networking 2.3 Identify common physical network topologies Star o All devices are connected to a central device

Mesh o Multiple links to the same place o Redundancy, fault-tolerance, load balancing o Used in WANs Bus o Single line where everyone connects to o A single break in the link would disable the entire network Ring o Token Ring Point-to-Point o One-to-one connection

Point-to-Multipoint o One-to-many connection o 802.11 Wireless Hybrid o Combination of one or more physical topologies 2.4 Given a scenario, differentiate, and implement appropriate wiring standards 568A o 1 White and Green o 2 Green o 3 White and Orange o 4 Blue o 5 White and Blue o 6 Orange

o 7 o 8 568B o 1 o 2 o 3 o 4 o 5 o 6 o 7 o 8

White and Brown Brown White and Orange White and Blue White and Green White and Brown Orange Green Blue Brown

Straight vs. cross-over o One side terminates with 568A and other side terminates with 568B Rollover o Cisco console cable o Yost Serial Device Wiring Standard Loopback o Test physical ports o Redirect outgoing signal back into the input 2.5 Categorize WAN technology types and properties Type o Circuit Switched POTS and PSTN Plain Old Telephone Service

Public Switched Telephone Network Two wires Distances can be 15,000 18,000 feet Low Bandwidth

T1/E1 T-carrier 1 Bell Labs Two pair of wires Digital Signal 1 (DS1) North America, Japan, and South Korea Twenty four 64 Kbps channels 1.536 Mbps E1 Europe expanded on T1 technology Thirty two 64 Kbps channels 2.048 Mbps Digital Signal Level 3 (DS3) T-carrier 28 DS1 signals 44.736 Mbps Coaxial cables with BNC connectors 15 E1 Signals (34.368 Mbps) Coaxial cables with BNC connectors

T3

E3

ISDN

Integrated Services Digital Network BRI Basic Rate Interface (2B+D) Two 64 kbit/s Bearer (B) Channels One 16 kbit/s Signaling (D) Channel PRI Primary Rate Interface Delivered over a T1 or E1 T1 23B+D E1 30B+D+Alarm Channel Commonly used as connectivity from the PSTN to large phone systems (PBX)

o Packet Switched ATM Asynchronous Transfer Mode 53-byte cells spaced evenly apart 48-byte for data, 5-byte routing header SONET Synchronous Optical Networking Multiplexing many different data streams over the same fiber OC-X Optical Carrier Levels OC-1 51,840 kilobits per second OC-48 2,488,320 kilobits per second

ADSL Asymmetric Digital Subscriber Line Download speed is faster than the upload speed Up to 24 Mbps download and 3.5 Mbps upload SDSL Symmetric Digital Subscriber Line Download speed is the same as upload speed VDSL Very High Bitrate Digital Subscriber Line 4 Mbps to 100 Mbps Frame Relay First cost effective WAN type LAN traffic encapsulated into Frame Relay frames Passed into the cloud Usually 64 Kbps through DS3 speeds Being replaced by MPLS MPLS Multiprotocol Label Switching Labels are pushed onto the network packets they enter the MPLS cloud Cable Modem Data Over Cable Service Interface Specification (DOCSIS) 4 Mbps to 100 Mbps Satellite Non-terrestrial networks

Requires external equipment Relatively long latency Speeds up to 5 Mbps Wireless Mobile networks 802.11

Properties o Circuit Switch Establish circuit between endpoints before data passes Nobody else can use the circuit when it is idle Inefficient use of resources Connection is always there Capacity is guaranteed o Packet Switch

Data is grouped into packets Media is shared with others One connection may have more bandwidth allocated than another o Speed o Transmission Media o Distance 2.6 Categorize LAN technology types and properties Types o Ethernet o 10BaseT

10 Mbps Baseband Single frequency across the entire medium Broadband uses many frequencies, sharing the medium T Twisted Pair Cabling CAT3 or better o 100BaseTX 100 Mbps Fast Ethernet CAT5 or better o 100BaseFX Optical Fiber Multimode 400 meters (half-duplex), 2 kilometers (full-duplex) Single-mode More than 2 kilometers 1000BaseT 1000 Mbps Gigabit Ethernet CAT5e or better Uses all four pairs 1000BaseX Optical Fiber 10GBaseSR Short Wavelength 550 meters 10GBaseLR

o o o

Long Wavelength 5 kilometers o 10GBaseER 10 Gbps Extended Range Single-mode 40 kilometers o 10GBaseSR Short Range Multimode 300 meters o 10GBaseLR Long Range Single-mode 10 kilometers to 25 kilometers o 10GBaseSW 10 Gbps WAN SONET and SDH (Synchronous Digital Hierarchy) o 10GBaseLW o 10GBaseEW o 10GBaseT Twisted Pair Cabling CAT6 55 meters CAT6a 100 meters Properties o CSMA/CD Carrier Sense Multiple Access/Collision Detection Half-duplex

o o Distance 2.7 Explain common logical network topologies and their characteristics Peer-to-peer Client/Server VPN o Virtual Private Network o Connect to a remote network through an existing network o Almost always includes encryption VLAN o Virtual LAN o Devices can be on the same subnet but in different locations o Used to manage access, security, and changes 2.8 Install components of wiring distribution Vertical and horizontal cross connects o Horizontal

Detects activity on the wire before sending Broadcast A single frame that is sent to every device on the subnet Collision When two or more devices try to communicate at the same time Bonding Combining physical links to create a faster logical link IEEE 802.3ad Link aggregation Speed

Server to IDF Workstation to IDF o Vertical IDF to MDF Patch panels o Combination of punch-down blocks and RJ-45 connectors o Easy to make changes 66 block o Punch-down block o Terminates the wire o Requires special impact tool MDFs o Main Distribution Frame o Core of the network o Centralized services IDFs o Intermediate Distribution Frame o End user connectivity 25 pair 100 pair 110 block o Preferred over 66 blocks o Less crosstalk Demarc

o Handoff between the phone company and you o Minimum Point of Entry (MPOE) Demarc extension Smart jack o Network Interface Unit (NIU) Verifying wiring installing Verifying wiring termination o Physical connectivity Distance to a break Wire Map/Continuity o Link Quality Insertion loss, return loss Near-end crosstalk Propagation delay o Light loss o Built-in reporting

3.0 Network Devices

09/04/2011 13:32:00

3.1 Install, configure, and differentiate between common network devices Hub o Multi-port repeater o Traffic goes in one port and is transmit to every other port o OSI Layer 1 Repeater o Repeats a signal Use to extend the range of connections o OSI Layer 1 o Wire-base/Wireless-base Modem o Modulator/Demodulator o Converts analog sounds to digital signals o Uses standard phone lines Limited frequencies Limited bandwidths

NIC o Network Interface Card o Different topologies WAN Ethernet Token Ring Media converters Basic switch

o OSI Layer 2 Bridge o Connects different physical networks Different topologies o OSI Layer 2 Distributes traffic based on MAC address Wireless access point o Extends the wired network onto the wireless network o OSI Layer 2 Basic router o Routes traffic between IP subnets o Connects diverse networks LAN WAN Copper Fiber OSI Layer 3 firewall Filters traffic by port number OSI Layer 4 Can encrypt traffic into/out of the network Can proxy traffic Usually sits on the ingress/egress of the network DHCP server

o Basic o o o o o Basic

o Automatically assigns IP addresses o Often integrated into other devices 3.2 Identify the functions of specialized network devices Multilayer switch o Layer 2 / Switch o Layer 3 / Router o Layer 4 / Firewall o Layer 4 / IDS/IPS o Layer 4 / Load Balancer Content switch o Distribute the load based on the content FTP HTTP / HTTP /images HTTP /cgi IDS/IPS o Intrusion Detection System Alarm or alert o Intrusion Prevention System Stop it before it gets into the network o Intrusions Exploits against operating systems, applications, etc. Buffer overflows, cross-site scripting, other vulnerabilities Load balancer

o Distributes the load over many physical servers Clusters o Different options Load distribution Distribution based on content Multifunction network devices o Everything in a single device o CSU/DSU o Router o Firewall o IDS/IPS o Switch o Bandwidth shaper o VPN endpoint DNS server o Doman Name System o Convert domain name to IP address and vice versa Bandwidth shaper o Traffic shaping or packet shaping o Control by bandwidth usage or data rates o Set important applications to have higher priorities than other applications o Quality of Service (QoS) Proxy server o Sit between the users and the external network

o Receives the user requests and sends the request on their behalf o Caching information o Application must be configured to use the proxy CSU/DSU o Channel Service Unit/Data Service Unit o Used to connect routers to a WAN link o CSU terminates the WAN link o DSU converts the carriers digital data to serial information o Most are single integrated devices 3.3 Explain the advanced features of a switch PoE o Power over Ethernet o Provides 36-57 volts over CAT3/CAT5a with 10-400mA o Phones, modems, access points, routers o Two modes Mode A Uses pairs 1/2 and 3/6 Mode B Uses pairs 4/5 and 7/8 Spanning Tree Protocol (STP) o IEEE 802.1D o Prevent loops in bridged networks o Root Bridge Bridge with smallest number o Root Port (RP) Port that connects back to the root o Designated Port (DP) Network sends to bridge with the lowest number o Blocked Port (BP) Do not accept packets

o 802.1w Rapid Spanning Tree Protocol (RSTP) Fast convergence VLAN o Virtual LAN o Devices on the same subnet but in different locations Trunking o Multiple VLANs in a single wire o VLANs are tunneled inside of the trunk o 802.1q Each packet is preceded by a 802.1 header

Port mirroring o Takes the physical port on a switch and duplicates the data going through it o Port redirection, switched port analyzer (SPAN) Port authentication o Physical switch port o MAC address restrictions o 802.1x authentication RADIUS (Remote Authentication Dial In User Service) TACACS+ (Terminal Access Controller Access-Control System Plus) 3.4 Implement a basic wireless network Install client o Hardware Internal wireless adapter

CardBus or PCMCIA adapter USB wireless adapter o Software Built-in configuration Windows Wireless Zero Configuration Manufacturer-specific configuration utility Intel Linksys D-Link Access point placement o Where are the users? Conference rooms Desktop o Mind the walls Avoid metal and concrete between the access point and your users Antennas Omni-directional Yagi directional High gain o Use multiple access points 20% to 25% overlap use channels/frequencies that do not overlap (1,6, 11) Install access point o Configure appropriate encryption

WPA, WPA2, WPA2-Enterprise Pre-shared key (PSK) 8-63 ASCII characters 256-bit key/passphrase o Configure channels and frequencies o Set ESSID and beacon Extended Service Set Identification Broadcast the access point Can be disabled Verify installation o Signal coverage o Potential interference o Spectrum analyzer

4.0 Network Management

09/04/2011 13:32:00

4.1 Explain the function of each layer of the OSI model Open Systems Interconnection Layer 1 Physical o Physics of the network o Signaling, cabling, connectors o Problem Run loopback tests, test/replace cables, swap adapter cards Layer 2 Data Link o Communication based on MAC addresses Layer 3 Network o Communication based on IP addresses o Traverses different networks Layer 4 Transport o TCP and UDP

Layer 5 Session o Communication management between devices Start, stop, restart o Half-duplex, full-duplex Layer 6 Presentation o Character encoding o Application encryption Layer 7 Application o Communicates to the end user 4.2 Identify types of configuration management documentation

Regulations o Specific documentation parameters 4.3 Given a scenario, evaluate the network based on configuration management documentation Compare wiring schematics, physical and logical network diagrams, baselines, policies and procedures and configurations to network devices and infrastructure Update wiring schematics, physical and logical network diagrams, configurations and job logs as needed 4.4 Conduct network monitoring to identify performance and connectivity issues using the following: Network monitoring utilities (e.g. packet sniffers, connectivity software, load testing, throughput testers) System logs, history logs, event logs o Syslog Standard protocol for forwarding log messages 4.5 Explain different methods of rationales for network performance optimization Methods o QoS Quality of Service

Wiring schematics o Details the wiring path between devices Physical and logical network diagrams o Physical device layout and location o High-level view of network flow Baselines o Benchmarking network Application response time Network throughput o Point of reference Policies, procedures, and configurations

o o o

Process of controlling traffic flows Traffic shaping Load balancing Traffic shaping Prioritize traffic performance based on application type Load balancing Distributes the load over many physical servers High availability Design a system for smallest chance of downtime Usually higher costs associated Caching engines Used to avoid redundant network traffic Cannot cache dynamic web pages or streaming media tolerance Maintain uptime in case of a failure Can degrade performance RAID, redundant power supplies, redundant NICs

o Fault

Reasons o Latency sensitivity o High bandwidth applications VoIP Video applications o Uptime Resource availability

4.6 Given a scenario, implement the following network troubleshooting methodology Information gathering identify symptoms and problems o Ask questions o Examine logs and forensic data Identify the affected areas of the network o Uptime tests PING, TRACERT o Ask around/Walkabout Determine if anything has changed o Logs o Automated monitoring o Real-time auditing Establish the most probable cause Determine if escalation is necessary Create an action plan and solution identifying potential effects Implement and test the solution Identify the results and effects and the solution Document the solution and the entire process 4.7 Given a scenario, troubleshoot common connectivity issues and select an appropriate solution Physical issues o Cross talk Energy from one signal crosses from one pair to another More twists minimize crosstalk o Near End crosstalk (NEXT)

o Attenuation Loss of an electrical signal o Collisions o Shorts Two wires connected to each other o Open Break in the circuit of a wire o Impedance mismatch (echo) Opposition to the flow of a signal o Interference External influences to a signal Logical issues o Port speed Auto-sensing o Port duplex mismatch Causes slow performance Perform a speed test (upload/download) o Incorrect VLAN o Incorrect IP address o Wrong gateway o Wrong DNS o Wrong subnet mask Issues that should be identified but escalated o Switching loop

No time-to-live (TTL) Learns incorrect ports for MAC addresses Spanning Tree Protocol (STP) o Routing loop Time-to-live (TTL) TRACERT o Route problems No route, packets are dropped Default route Route Tables o Proxy ARP Device answers an ARP requests for an address that is not its own Specific configurations ARP Table o Broadcast storms Broadcast are duplicated to every port on a broadcast domain Wireless issues o Interference (bleed, environmental factors) Netstat e Performance Monitor o Incorrect encryption o Incorrect channel o Incorrect frequency o ESSID mismatch o Standard mismatch (802.11 a/b/g/n) o Distance o Bounce o Incorrect antenna placement

5.0 Network Tools

09/04/2011 13:32:00

5.1 Given a scenario, select the appropriate command line interface tool and interpret the output to verify functionality

Trace route o Determine the route a packet takes to a destination o Windows tracert o POSIX-based tracert or traceroute Ipconfig o Determine TCP/IP and network adapter information o Windows Ifconfig o Determine TCP/IP and network adapter information o Linux Ping o ICMP echo requests o ICMP is not always enabled everywhere o Works across subnets Arp ping o Arping o Only operates on a local IP subnet o Works with devices that are firewalling ICMP Arp o Fundamental TCP/IP protocol o Address Resolution Protocol Nslookiup o Lookup information from DNS servers

o Both Windows and POXIS-based o Lookup names and IP addresses from the workstations perspective Hostname o Both Windows and Linux o Name of the machine currently on Dig o Lookup information from DNS servers o Domain Information Groper o More advanced lookup information from the perspective of other DNS servers or resolvers Mtr o A combination of ping, traceroute, and a little bit extra Statistics o POSIX-based only o My Traceroute Route o Examine TCP/IP routing table information o Windows and POSIX-based Different parameters Nbtstat o NetBIOS over TCP/IP statistics and connections o Identify host names, lookup connections Netstat o TCP/IP statistics and network connection information -A All connections and listening ports

o Windows and POSIX-based 5.2 Explain the purpose of network scanners Packet sniffers o Packet analyzers o Gather packets and report on the results o Many open source options Wireshark o One of the most powerful network tools Intrusion detection software o Intrusions Exploits against operating systems, applications, etc. Buffer overflows, cross-site scripting, other vulnerabilities o Alarm or alert Intrusion prevention software o Stop it before it gets into the network o Network-based IPS (NIPS) o Host-based IPS (HIPS) Port scanners o Scan for hosts and open TCP and/or UDP ports o Many open source and commercial options Nmap is the most popular 5.3 Given a scenario, utilize the appropriate hardware tools Cable testers Protocol analyzers

o Gather packets and report on the results Certifiers o Quantitative analysis of wiring infrastructures TDR o Time Domain Reflectometer o Estimate cable lengths o Splice locations o Cable impedance information o Signal losses OTDR o Optical TDR Multimeter o Power outlet voltage (AC) o PC power supply output voltages (DC) o CMOS battery power (DC) o Cable connectivity (continuity) o Fuse status (continuity) Toner probe o Traces a cable Butt set o Linemans handset o Butt in on a call o Installing and testing telephone lines Punch down tool

o Specific to the block 66 block 110 block Cable stripper o Get the right stripper for different cable types Snips o Scissors designed for cables Cuts and strips Voltage event recorder o Voltage statistics over time o Transients o Flicker o Harmonics Temperature monitor o Environmental monitoring o Temperature, humidity flooding o Notification by email, SNMP o Wireless connectivity

6.0 Network Security

09/04/2011 13:32:00

6.1 Explain the function of hardware and software security devices Network based firewall o Filters traffic by port number OSI Layer 4 (TCP/IP) Some up to OSI Layer 7 (Application-based) o Can encrypt traffic into/out of network o Can proxy traffic o Most firewalls can be Layer 3 devices (routers) o Sits ingress/egress of the network o Advantage Protect many devices at once High speed o Disadvantages Host o o Limited visibility into encrypted information based firewall Software-based protection on a device Sees all traffic Unencrypted Granular Difficult to manage large groups

IDS o Intrusion Detection System IPS o Intrusion Prevention System

o Advantages Watches all traffic through a network link Can completely stop bad traffic o Disadvantages Limited visibility into encrypted data VPN concentrator o Encrypted tunnel to VPN o Decrypts information for network 6.2 Explain common features of a firewall Application layer vs. network layer o Relies on TCP or UDP port ranges to restrict traffic Stateful vs. stateless o Restricts traffic based on conversation flows Scanning services o Viruses o Spyware o Vulnerabilities o Mail Content filtering o URL filtering Create policies to report to stop content based on URL o Can filter applications Skype Bittorrent

Signature identification o Data flows through the firewall o For applications, viruses, spyware, vulnerabilities, etc. o Keep updated Cannot catch unless the pattern matches Zones o Logical grouping of network o Sets up different policies o Internal zone, external zone, DMZ zone, wireless zone, etc. 6.3 Explain the methods of network access security Filtering Selectively prevent traffic from moving from one part of the network to another o ACL Access Control List MAC filtering Allow or restrict access to the network based on data link control addresses Ethernet six-byte MAC addresses IP filtering Allow or restrict access to the network based on network layer addresses IPv4 or IPv6 addresses o Tunneling and encryption SSL VPN Secure Sockets Layer VPN TCP /443 Authenticate users

VPN Virtual Private Network VPN Concentrator L2TP Layer 2 Tunneling Protocol An update of PPTP UDP /1701 IPSec for encryption PPTP Point-to-Point Tunneling Protocol Defines a tunnel Authenticated across the network MS-CHAPv2 EAP-TLS Encrypts the data Microsoft Point-to-Point Encryption (MPEE) IPSEC Internet Protocol Security Authenticates and encrypts Internet Key Exchange (IKE) Security Association (SA) Authentication Header Integrity and authentication Encapsulating Security Payload (ESP)

Encrypts and authenticates

o Remote access RAS Remote Access Service RDP Remote Desktop Protocol Share a desktop from a remote location TCP /3389 PPPoE PPP over Ethernet PPP Point-to-Point Protocol Layer 2 Authentication compression, error detection, multilink Used over many physical networking environments

VNC Virtual Network Computing Open-source option for remote desktop services Remote Frame Buffer (RFB) Sends exactly what you see onscreen TCP /5900 through TCP /5903 ICA Independent Computing Architecture Citrix proprietary

Run Windows or Unix applications remotely Many clients connecting to a single server 6.4 Explain methods of user authentication PKI o Public Key Infrastructure Kerberos AAA o RADIUS o TACACS+ Network Access Control o 802.1x CHAP o Challenge Handshake Authentication Protocol o Challenge o Hash response o Check for a match MS-CHAP o Microsoft CHAP o New functions for changing passwords and other security options EAP o Extensible Authentication Protocol o Frame work for authentication o Many built-in methods TTLS, PEAP, TLS, MD5, MSCHAP, LEAP, GTC

o Works in many networking environments Point-to-Point, wireless, LAN, etc. 6.5 Explain the issues that affect device security Physical security o Locks o Policies and procedures o Traffic flows o Guest access o Electronic monitoring Restricting local and remote access Secure methods vs. unsecure methods o SSH, HTTPS, SNMPv3, SFTP (Remote File Management over SSH), SCP (Secure Copy over SSH) o TELNET, HTTP, FTP, RSH (Remote Shell), RCP (Remote Copy, SNMPv1/2 6.6 Identify common security threats and mitigation techniques Security threats o DoS Denial of Service Prevents a service from providing normal services Distributed DoS (DDoS) o Viruses Infect files and duplicate by copying themselves with other documents o Worms Infect other devices through the network o Attackers

o Man in the middle Form of electronic eavesdropping o Smurf Pings sent to a broadcast address were duplicated to all IP addresses on the subnet by routers o Rogue access points Access point where it should not be o Social engineering (phishing) Suspicious phone call Mitigation techniques o Policies and procedures o User training o Patches and updates