CompTIA Network Plus Courseware - Firebrand Training UK · COMPTIA. Network Plus . Courseware Notes...
Transcript of CompTIA Network Plus Courseware - Firebrand Training UK · COMPTIA. Network Plus . Courseware Notes...
COMPTIA
Network Plus Courseware Notes
Version 2.2
www.firebrandtraining.com
1
7/30/2015 1 ©2007 – Body Temple 7/30/2015
1
COMPTIA NETWORK+
N10-006
7/30/2015 2 ©2007 – Body Temple 7/30/2015
2
The CompTIA Network+ certification is an internationally
recognized validation of the technical knowledge required
of foundation-level IT network practitioners.
It is recommended for CompTIA Network+ candidates to
have the following:
CompTIA A+ certification or equivalent knowledge, though
CompTIA A+ certification is not required.
Have at least 9 to 12 months of work experience in IT
networking
2
7/30/2015 3 ©2007 – Body Temple 7/30/2015
3
CompTia Network+ Objectives
The table below lists the domains measured by the exam and the extent
to which they are represented.
CompTIA Network+ exams are based on these objectives.
DOMAIN % OF EXAM
1.0 Network Architecture 22%
2.0 Network Operations 20%
3.0 Network Security 18%
4.0 Troubleshooting 24%
5.0 Industry Standards,
Practices and Network
Theory
16%
7/30/2015 4 ©2007 – Body Temple 7/30/2015
4
A full list of the CompTia Network+ Objectives and
official Network+ Acronym List is provided at:
http://certification.comptia.org/Training/testingc
enters/examobjectives.aspx
CompTia Network+ Objectives
3
7/30/2015 5 ©2007 – Body Temple 7/30/2015
5
Network+ Modules DAY 1
Module 1: Introduction to Networks
Module 2: The OSI Reference Model
Module 3: Networking Topology, Connectors and
Wiring Standards
Module 4: Ethernet Specifications
Module 5: Network Devices
Module 6: TCP/IP
Module 7: IP Addressing
7/30/2015 6 ©2007 – Body Temple 7/30/2015
6
Network+ Modules – DAY 2
Module 8: Routing
Module 9: Switching and VLANs
Module 10: Wireless Networking
Module 11: Authentication and Access Control
Module 12: Network Threats
Module 13: Wide Area Networking
Module 14: Troubleshooting
4
7/30/2015 7 ©2007 – Body Temple 7/30/2015
7
Network+ Modules – DAY 3
Module15: Management, Monitoring and
Optimisation
Exam N10-006
7/30/2015 8 ©2007 – Body Temple 7/30/2015
8
MODULE 1
INTRODUCTION TO NETWORKS
5
7/30/2015 9 ©2007 – Body Temple 7/30/2015
9
What is a Network
“Two or more connected computers that can
share resources such as data and applications”
Determined by:
Type of Computer
Topology
Interconnection device
7/30/2015 10 ©2007 – Body Temple 7/30/2015
10
Clients and Servers
Types of Computer
Workstation / Client
Server
Types of Network
Peer-Peer
Client-Server
6
7/30/2015 11 ©2007 – Body Temple 7/30/2015
11
Networking Topology
BUS
7/30/2015 12 ©2007 – Body Temple 7/30/2015
12
Networking Topology
Star (Hub and Spoke)
7
7/30/2015 13 ©2007 – Body Temple 7/30/2015
13
Networking Topology
RING
7/30/2015 14 ©2007 – Body Temple 7/30/2015
14
Networking Topology
MESH
8
7/30/2015 15 ©2007 – Body Temple 7/30/2015
15
Networking Topology
Backbone and Segments
VLAN 1SALES
VLAN 2MARKETING
SEVERSCOMMS ROOM
BACKBONE
7/30/2015 16 ©2007 – Body Temple 7/30/2015
16
MODULE 2
THE OSI REFERENCE MODEL
9
7/30/2015 17 ©2007 – Body Temple 7/30/2015
17
The Open Systems Interconnection Model
The OSI model is the primary architectural model
for networks.
It describes how data and network information are
communicated from an application on one
computer through the network media to an
application on another computer.
The OSI reference model breaks this approach into
7 layers.
7/30/2015 18 ©2007 – Body Temple 7/30/2015
18
OSI Reference Model
7 APPLICATION
6 PRESENTATION
5 SESSION
4 TRANSPORT
3 NETWORK
2 DATALINK
1 PHYSICAL
10
7/30/2015 19 ©2007 – Body Temple 7/30/2015
19
OSI
The application layer provides connectivity between users
and application processes to access network services. This
layer contains a variety of commonly needed functions:
• Resource sharing NFS FTP HTTP
• Network management SNMP TELNET
• Directory services LDAP
• Electronic messaging (such as mail) SMTP, POP3
7 APPLICATION
7/30/2015 20 ©2007 – Body Temple 7/30/2015
20
OSI
The presentation layer formats the data to be presented to
the application layer. It acts as the ‘translator’ for the
network.
The presentation layer provides:
• Character code translation.
• Data conversion.
• Data compression: reduces the number of bits that need to be transmitted on the
network.
• Data encryption: encrypt data for security purposes. For example, password encryption.
6 PRESENTATION
11
7/30/2015 21 ©2007 – Body Temple 7/30/2015
21
OSI
The session layer allows session establishment between
processes running on different stations. It provides:
• Session Management – establishment and termination between two
application processes on different machines
• Session support allowing processes to communicate over the network,
performing security, name recognition, logging, and so on.
5 SESSION
7/30/2015 22 ©2007 – Body Temple 7/30/2015
22
OSI
The transport layer ensures that messages are delivered
error-free, in sequence, and with no losses or duplications.
The transport layer provides:
• Message segmentation
• Message acknowledgment
• Message traffic control
• Session multiplexing
• Transmission Control Protocol (TCP) / User Datagram Protocol (UDP)
both work at Layer 4
4 TRANSPORT
12
7/30/2015 23 ©2007 – Body Temple 7/30/2015
23
OSI
The network layer controls the operation of the subnet,
deciding which physical path the data should take based on
network conditions, priority of service, and other factors. It
provides:
• Routing
• Subnet traffic control through the use of a router (Layer 3 Intermediate
system)
• Frame fragmentation
• Logical-physical address mapping
• Internet Protocol (IPv4 / IPv6)
3 NETWORK
7/30/2015 24 ©2007 – Body Temple 7/30/2015
24
OSI
The data link layer provides error-free transfer of data
frames from one node to another over the physical layer.
The data link layer provides:
• Link establishment and termination
• Frame traffic control
• Frame sequencing
• Frame acknowledgment
• Frame error checking
• Media access management
2 DATALINK
13
7/30/2015 25 ©2007 – Body Temple 7/30/2015
25
OSI – DATALINK LAYER
The IEEE Ethernet Data Link layer has two sublayers
Media Access Control (MAC)
Logical Link Control (LLC)
Devices which work at Layer 2 include:
• Switch
• Network Adaptor
• Bridge
7/30/2015 26 ©2007 – Body Temple 7/30/2015
26
OSI – DATALINK LAYER – IEEE 802 Standards
IEEE 802. STANDARD Topic
802.1 LAN/MAN Management
802.2 Logical Link Control
802.3 CSMA/CD ETHERNET
802.8 Fiber-Optic LAN/MAN
802.10 LAN/MAN Security
802.11 Wireless LAN
14
7/30/2015 27 ©2007 – Body Temple 7/30/2015
27
OSI
The physical layer is concerned with the transmission and reception
of the unstructured raw bit stream over a physical medium. It
provides:
• Data encoding
• Physical medium attachment
• Physical medium transmission
Devices that work at Layer 1 include:
• Hub
• Repeater
• Media Convertor
1 PHYSICAL
7/30/2015 28 ©2007 – Body Temple 7/30/2015
28
PLEASE DO NOT THROW SAUSAGE PIZZA AWAY!
7 AWAY
6 PIZZA
5 SAUSAGE
4 THROW
3 NOT
2 DO
1 PLEASE
15
7/30/2015 29 ©2007 – Body Temple 7/30/2015
29
MODULE 3
NETWORKING TOPOLGY, CONNECTORS
AND WIRING STANDARDS
7/30/2015 30 ©2007 – Body Temple 7/30/2015
30
CABLE CHARACTERISTICS
Cost
Installation issues
PLENUM Rating
Bandwidth/Speed/Capacity
Duplex/Half Duplex
Serial/Parallel
Distance/Attenuation
Noise immunity
Security
16
7/30/2015 31 ©2007 – Body Temple 7/30/2015
31
Types of Cable
COAXIAL
7/30/2015 32 ©2007 – Body Temple 7/30/2015
32
Types of Cable
Coax connectors
BNC
F
17
7/30/2015 33 ©2007 – Body Temple 7/30/2015
33
Types of Cable
Twisted Pair
UTP
STP
CAT standards
Connectors
7/30/2015 34 ©2007 – Body Temple 7/30/2015
34
RJ45
RJ45 plugs and sockets are most commonly used as
connectors for Ethernet cable (UTP)
Also known as 8P8C (8 position 8 Contact)
Eight equally spaced conductors
Terminated using a crimp tool
18
7/30/2015 35 ©2007 – Body Temple 7/30/2015
35
RJ45 Wiring Standards
T568A
T568B
STRAIGHT THROUGH
CROSSOVER
ROLLOVER
LOOPBACK
7/30/2015 36 ©2007 – Body Temple 7/30/2015
36
T568A / T568B
T568B is more common
19
7/30/2015 37 ©2007 – Body Temple 7/30/2015
37
CROSSOVER
7/30/2015 38 ©2007 – Body Temple 7/30/2015
38
Rollover and Loopback CABLE
Console Cable used to connect Administrator
to console port of a Router or Switch
Loopback Cable used for diagnostics and
testing.
20
7/30/2015 39 ©2007 – Body Temple 7/30/2015
39
FIBER OPTIC
ST Connector (Straight Tip)
SC Connector (Subscriber Connector)
LC Connector (Local Connector)
MTRJ (Mechanical Transfer Registered Jack)
Single Mode Fiber (SMF)
Multimode Fiber (MMF)
7/30/2015 40 ©2007 – Body Temple 7/30/2015
40
Media Converter
Allow the conversions between different
types of Fiber Optic or between Fiber and
Ethernet.
These include:
• Single Mode Fiber to Ethernet
• Multi Mode Fiber to Ethernet
• Fiber to Coaxial
21
7/30/2015 41 ©2007 – Body Temple 7/30/2015
41
Types of Cable
Other types of communications cables
include:
RS232
USB
FIREWIRE
THUNDERBOLT
7/30/2015 42 ©2007 – Body Temple 7/30/2015
42
Patching and Cabling
MDF – Main Distribution Frame is a terminating point where
cables are connected and can be jumpered to different
locations
IDF – Intermediate Distribution Frame, a smaller version of
the MDF maybe on each floor of a building
Patch Panel – where circuits can be rerouted through the
use of CAT 5 patch leads
22
7/30/2015 43 ©2007 – Body Temple 7/30/2015
43
66 / 110 Block
66 Block used for Telephone systems
110 Block used for Cat 5/6 UTP systems
7/30/2015 44 ©2007 – Body Temple 7/30/2015
44
Demarcation Point
The DEMARC or demarcation point is the point at which the
telephone company or circuit provider network ends and
connects to the wiring at the customer’s premises.
A box such as an NIU (Network Interface Unit) or a CSU
(Channel Service Unit) which carries out code or protocol
conversion is commonly referred to as a SMART JACK. This
is the terminating point between the TELCO and the
customer network
23
7/30/2015 45 ©2007 – Body Temple 7/30/2015
45
MODULE 4
ETHERNET SPECIFICATIONS
7/30/2015 46 ©2007 – Body Temple 7/30/2015
46
Ethernet Standards 802.3
Ethernet descriptive labels
Eg: 10Base5
Equates to:
10 Mbps
Baseband signalling (one channel of communication at any time)
500 Metres maximum length
10Base2 (runs for 185 Metres)
24
7/30/2015 47 ©2007 – Body Temple 7/30/2015
47
Carrier Sense Multiple Access / Collision Detection CSMA/CD
CSMA/CD is known as a contention method because
computers on the network contend, or compete, for an
opportunity to send data.
The more computers there are on the network, the more
network traffic there will be.
With more traffic, collision avoidance and collisions tend to
increase, which slows the network down, so CSMA/CD can be
a slow-access method.
7/30/2015 48 ©2007 – Body Temple 7/30/2015
48
CSMA/CD
CSMA/CD is used by all implementations of Ethernet regardless of the media or the data throughput.
CSMA/CD working without a collision:
1.Listens to check media to see if it is clear
2.If clear then a host will place data on the media
3.Then listens to see if data sent has a collision
25
7/30/2015 49 ©2007 – Body Temple 7/30/2015
49
CSMA/CD
CSMA/CD working with a collision:
1.Listens to check media to see if it is clear
2.If clear then a host will place data on the media
3.Then listens to see if data sent has a collision
4.Collision occurs
5.Both devices send a jam signal
6.Both devices start a timer (back off algorithm)
7.First host whose timer expires repeats steps 1-3
8.Then the second node will perform steps 1 - 3
9.Then operation returns to normal and all devices have equal access to the media
7/30/2015 50 ©2007 – Body Temple 7/30/2015
50
CSMA/CA (Collision Avoidance)
Used on Wireless Networks
Nodes must ‘listen’ out to detect if network
is busy before sending
Optionally may be implemented with
Request To Send/Clear To Send (RTS/CTS)
26
7/30/2015 51 ©2007 – Body Temple 7/30/2015
51
MAC Address
Media Access Control (MAC)
Works at Datalink Layer (2)
48 bit Hexidecimal address unique to every
Network Interface (Organizationally Unique
ID/Vendor ID)
7/30/2015 52 ©2007 – Body Temple 7/30/2015
52
Common Ethernet Cable Types
Ethernet Name Cable Type Max Distance Notes
10Base5 COAX 500m Thicknet
10Base2 COAX 185m Thinnet
10BaseT UTP 100m
100BaseTX UTP/STP 100m Cat5 upwards
10BaseFL FIBER 500-2000m Ethernet over
Fiber
100BaseFX MMF 2000m
1000BaseT UTP 100m Cat5e upwards
1000BaseSX MMF 550m SC Connector
1000BaseCX Balanced Shielded
Copper
25m Special Connector
1000BaseLX MMF/SMF 550m (Multi)
/2000m(Single)
SC and LC
Connector
27
7/30/2015 53 ©2007 – Body Temple 7/30/2015
53
Common Ethernet Cable Types
Ethernet Name Cable Type Max Distance Notes
10GBaseT UTP 100m
10GBaseSR MMF 300m
10GBaseLR SMF 10km
10GBaseER SMF 40km
10GBaseSW MMF 300m
10GBaseLW SMF 10km Used with SONET
10GBaseEW SMF 40km
7/30/2015 54 ©2007 – Body Temple 7/30/2015
54
Ethernet over other standards
Ethernet over Power Line (Broadband over
Power Line (BPL))
Ethernet over HDMI
28
7/30/2015 55 ©2007 – Body Temple 7/30/2015
55
MODULE 5
NETWORK DEVICES
7/30/2015 56 ©2007 – Body Temple 7/30/2015
56
Common Network Devices
Network Interface Card (NIC)
Hub
Bridge
Switch
Router
Firewall
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
Access Point
29
7/30/2015 57 ©2007 – Body Temple 7/30/2015
57
NETWORK INTERFACE CARD (NIC)
Unique identifier – Media Access Control address
(MAC)
7/30/2015 58 ©2007 – Body Temple 7/30/2015
58
HUBS AND REPEATER – LAYER 1 DEVICES
HUB enables a number of nodes to
connect to a network (one per port)
REPEATER retransmit signals (may
clean and strengthen the signal) to
increase distances between nodes
30
7/30/2015 59 ©2007 – Body Temple 7/30/2015
59
BRIDGE – LAYER 2 DEVICE
A BRIDGE (or ‘Transparent Bridge’) connects two
similar network segments together. Its primary
function is to keep traffic separated on either side
of the bridge, breaking up Collision Domains within
a single Broadcast Domain
Collision Domain Collision Domain
BROADCAST DOMAIN
BRIDGE
7/30/2015 60 ©2007 – Body Temple 7/30/2015
60
SWITCH – LAYER 2 DEVICE
Multiport bridges
Operate at DATALINK layer
Control collision domains
Now used extensively instead of Hubs and Bridges
May also incorporate LAYER 3 technology
31
7/30/2015 61 ©2007 – Body Temple 7/30/2015
61
ROUTER – LAYER 3 DEVICE
Traditional LAYER 3 device (NETWORK Layer)
Forwarding based upon network layer IP address
Control Broadcast and Collision Domains
Can use multiple routing protocols
7/30/2015 62 ©2007 – Body Temple 7/30/2015
62
FIREWALL
Provide the first layer of defence in network
security
May be hardware or software (or both)
Based on configuration rules
Used to established Demilitarised Zones
(DMZ)
32
7/30/2015 63 ©2007 – Body Temple 7/30/2015
63
FIREWALLS - DMZ
Used to protect the LAN from External
attacks/intrusion
INTERNET
DMZ
LAN
7/30/2015 64 ©2007 – Body Temple 7/30/2015
64
FIREWALL - Rules
33
7/30/2015 65 ©2007 – Body Temple 7/30/2015
65
IDS/IPS
Intrusion Detection System (IDS)
• Host Based (HIDS) or Network Based (NIDS)
• Passive Monitoring
• Anomaly Detection
• Signature Detection
• Heuristics
Intrusion Protection System
Host Based (HIPS) or Network Based (NIPS)
Active Monitoring
7/30/2015 66 ©2007 – Body Temple 7/30/2015
66
IDS/IPS
Honeypot / Honeynet
Used to monitor intrusion / attacks and conduct
intelligence gathering
Used to deflect potential attacks
INTERNET
DMZ
HONEYPOT
IDS
34
7/30/2015 67 ©2007 – Body Temple 7/30/2015
67
Wireless Access Points (WAP)
Connects computers with wireless adapters to a
network
Access Point is a translational bridge
802.11b/g Access Points use CSMA/CD to connect to
network (LAN) and CSMA/CA to communicate with
other wireless devices
7/30/2015 68 ©2007 – Body Temple 7/30/2015
68
Dynamic Host Configuration Protocol (DHCP)
Dedicated Server Role or
Integrated with Network Device
35
7/30/2015 69 ©2007 – Body Temple 7/30/2015
69
DHCP
DHCP Client sends Broadcast packets to DHCP Server in
order to acquire an IP address from the DHCP Scope
• DHCP Discover
• DHCP Offer
• DHCP Request
• DHCP Ack
7/30/2015 70 ©2007 – Body Temple 7/30/2015
70
DHCP Settings
Reservations (set on MAC address of client)
Exclusions (used for statically assigned clients)
Authorised on the network
Scope must be activated
Clients will default to APIPA address if no DHCP available
Internet Connection Sharing (ICS) includes DHCP service
36
7/30/2015 71 ©2007 – Body Temple 7/30/2015
71
Specialised Network Devices
Multilayer Switch (MLS)
Works at Layer 2 and Layer 3 (Routing)
Very popular devices
7/30/2015 72 ©2007 – Body Temple 7/30/2015
72
Specialised Network Devices
Load Balancer
Fault Tolerance / Redundancy
Used to support servers such as:
• Web Servers
• FTP Servers
• Remote Desktop Servers
• VPN Servers
37
7/30/2015 73 ©2007 – Body Temple 7/30/2015
73
Domain Naming System (DNS)
Resolves FQDN to IP addresses (Forward Lookup)
Resolves IP addresses to FQDN (Reverse Lookup)
DNS entries held in a database on a server called a
Zone
Zone is an area of contiguous namespace for which
a DNS server is authoritative
DNS Server is able to Forward requests and Cache
responses in support of clients
7/30/2015 74 ©2007 – Body Temple 7/30/2015
74
DNS Resolution
Host File
Local Resolver Cache
DNS
NetBios Cache
WINS
Broadcast
LMHosts
Local Host File
Local Resolver Cache
DNS Server
38
7/30/2015 75 ©2007 – Body Temple 7/30/2015
75
DNS on the INTERNET
ROOT (.)
.COM
Google.com FirebrandTraining.com
UK.FirebrandTraining.com WWW.UK.FirebrandTraining.com
7/30/2015 76 ©2007 – Body Temple 7/30/2015
76
DNS Records
RECORD INFO
A Host Record (IPv4)
AAAA Host Record (IPv6)
PTR Reverse Lookup Record
NS Named Server Record (DNS Server)
MX Mail Exchange (Email Server)
Alias (Cname) Used to point friendly name records to
other hosts
SOA Start of Authority (controls DNS Zone
transfers and records)
SRV Service Locator records (eg. location of
Domain Controllers and associated
services)
39
7/30/2015 77 ©2007 – Body Temple 7/30/2015
77
Specialised Network Devices
Proxy Server
Two main types:
• Caching Proxy
• Web Proxy
Reverse proxy (incoming from the Internet)
LAN
INTERNET
ROUTER
PROXY SERVER
7/30/2015 78 ©2007 – Body Temple 7/30/2015
78
Specialised Network Devices
PACKET SHAPER (TRAFFIC SHAPER)
Allow for traffic management (bandwidth)
Set against network profile
May work with Quality of Service (QOS)
configurations
40
7/30/2015 79 ©2007 – Body Temple 7/30/2015
79
Specialised Network Devices
VPN CONCENTRATOR
Dedicated device to handle multiple VPN
(Virtual Private Network) connections and
associated configurations
7/30/2015 80 ©2007 – Body Temple 7/30/2015
80
Basic Network Device layout
VLANS
SWITCH
ROUTER
FIREWALLDMZ
SERVERS
41
7/30/2015 81 ©2007 – Body Temple 7/30/2015
81
MODULE 6
TCP/IP
7/30/2015 82 ©2007 – Body Temple 7/30/2015
82
Department of Defence (DoD) TCP/IP Model
Application
Presentation
Session
Transport
Network
Datalink
Physical
APPLICATION
TRANSPORT
INTERNET
NETWORK INTERFACE
42
7/30/2015 83 ©2007 – Body Temple 7/30/2015
83
PORTS
Allow applications or protocols to use specific
values for connections
Range from 0-65535
0-1023 are reserved for specified TCP/IP
applications and are known as “Well Known Ports”
Destination and Source port numbers
Sockets include IP address and Port Number
7/30/2015 84 ©2007 – Body Temple 7/30/2015
84
PORT NUMBERS
Application Layer
Protocol
Port (s) Transport Protocol
FTP File Transport
Protocol
20/21 TCP
TELNET 23 TCP
SSH 22 TCP
DNS 53 TCP/UDP
DHCP 67/68 UDP
TFTP 69 UDP
HTTP 80 TCP
HTTPS 443 TCP
SMTP 25 TCP
43
7/30/2015 85 ©2007 – Body Temple 7/30/2015
85
PORT NUMBERS
Application Layer
Protocol
Port Number (s) Transport Protocol
NETBIOS 137,138,139 TCP
LDAP 389 TCP
IGMP 463 UDP
LPR 515 UDP
RDP 3389 TCP
NTP 123 UDP
NNTP 119 UDP
POP3 110 TCP
IMAP4 143 TCP
SNMP 161 UDP
7/30/2015 86 ©2007 – Body Temple 7/30/2015
86
Transport Protocols
Transmission Control Protocol (TCP)
Connection Orientated
TCP Three Way Handshake
Receives an Acknowledgement for packets sent
User Datagram Protocol (UDP)
Connection-less
Used for streaming media and VOIP
44
7/30/2015 87 ©2007 – Body Temple 7/30/2015
87
Internet Layer Protocols
Internet Protocol (IP)
Internet Control Message Protocol (ICMP)
Address Resolution Protocol (ARP)
7/30/2015 88 ©2007 – Body Temple 7/30/2015
88
IP
IPv4
IPv6
Windows Clients use dual stack
Command Line Utilities:
• IPCONFIG
• IFCONFIG (Linux/Unix)
45
7/30/2015 89 ©2007 – Body Temple 7/30/2015
89
ICMP
Management and messaging for IP
Command line utilities:
• PING
• PATHPING
• TRACERT
7/30/2015 90 ©2007 – Body Temple 7/30/2015
90
ARP
Address Resolution Protocol
IP to MAC Address
Reverse ARP (RARP) resolves IP from MAC
address
46
7/30/2015 91 ©2007 – Body Temple 7/30/2015
91
MODULE 7
IP ADDRESSING
7/30/2015 92 ©2007 – Body Temple 7/30/2015
92
Internet Protocol (IP)
IPv4
32 Bit Address Scheme
Divided into Network Address and Host
Subnet Mask
Broken in 4 Octets (8 bits)
Represented by dotted-decimal notation
Eg. 192.168.2.200 / 24
Or 192.168.2.200
255.255.255.0
47
7/30/2015 93 ©2007 – Body Temple 7/30/2015
93
Subnetting
PUBLIC and PRIVATE address ranges allocated by IANA (Class-
full Addressing)
PUBLIC Ranges: (Routable on the Internet)
Class Range Hosts
A 1-126 / 8 16,777, 214
B 128-191 /16 65,534
C 192-223 254
D 224-239 Multicast
E 240-254 Development
7/30/2015 94 ©2007 – Body Temple 7/30/2015
94
IP
Private Ranges: (Not routable on the Internet)
APIPA – Automatic Private IP Address
Class Range
A 10.0.0.0-10.255.255.255
B 172.16.0.0-172.31.255.255
C 192.168.0.0-192.168.255.255
169.254.X.X 255.255.0.0
48
7/30/2015 95 ©2007 – Body Temple 7/30/2015
95
SUBNETTING
Subnetting allows you to break up large networks into
smaller broadcast segments
Allows for conservation of host addresses
Security
7/30/2015 96 ©2007 – Body Temple 7/30/2015
96
IPv6
128 bit Address Range
Displayed in hexadecimal format of eight 16bit
groups, separated by a colon (:)
Eg: 2001:0db8:85a3:0042:0000:8a2e:0370:7334
May also be written as:
2001:db8:85a3:42::8a28:370:7334
(lead zeros removed)
49
7/30/2015 97 ©2007 – Body Temple 7/30/2015
97
IPv6 Addresses
Unicast – one to one (Same as IPv4)
Multicast – one to many (Similar to IPv4)
Anycast – one to one of many (Unique to IPv6)
7/30/2015 98 ©2007 – Body Temple 7/30/2015
98
IPv6
Unicast Addresses:
Global Unicast (similar to Public IPv4 addresses)
Link Local Unicast (similar to APIPA IPv4
addresses)
Unique Local Unicast (similar to Private IPv4
addresses)
50
7/30/2015 99 ©2007 – Body Temple 7/30/2015
99
Special IPv6 Addresses
Loopback Address
::1 (127.0.0.1)
Link Local Addresses
FE80:: (Similar to APIPA addresses)
7/30/2015 100 ©2007 – Body Temple 7/30/2015
100
ICMPv6
Replaces IGMP with Multicast Listener Discovery
(MLD)
Replaces ARP with Neighbour Discovery (ND)
51
7/30/2015 101 ©2007 – Body Temple 7/30/2015
101
Troubleshooting IP
Physical Network Components (NIC, Cables,
Switches, Routers)
Network Interface Card Configuration
IPCONFIG
PING
TRACERT
ARP
7/30/2015 102 ©2007 – Body Temple 7/30/2015
102
Network Address Translation (NAT)
NAT allows for the continuation of private IPv4
addressing
Translates between Private and Public IP networks
(different to Routing)
Simply replaces the source IP address (private) with
that of the external (public) IP address to enable
routing on the Internet
Addition security features (Firewall)
52
7/30/2015 103 ©2007 – Body Temple 7/30/2015
103
NAT
Basic NAT
NAT-T (IPSEC)
NAT-PT (IPv6)
Internal – Private LAN
192.168.2.0/24
External – Public
Interface
101.102.103.104
7/30/2015 104 ©2007 – Body Temple 7/30/2015
104
MODULE 8
ROUTING
53
7/30/2015 105 ©2007 – Body Temple 7/30/2015
105
Routing Tables
Routing table provides the router with a ‘map’ of
the network configuration and where it can receive
and send packets to/from
Typically routing table includes:
Destination addresses
Gateway locations
Interfaces
Cost (Metric)
7/30/2015 106 ©2007 – Body Temple 7/30/2015
106
Windows Routing Table
Route Print
Netstat -r
54
7/30/2015 107 ©2007 – Body Temple 7/30/2015
107
Routing information
Routing Tables are updated by:
STATIC Routing (Routing information is
manually configured)
DYNAMIC Routing (Routing protocols
automatically update routing information)
7/30/2015 108 ©2007 – Body Temple 7/30/2015
108
Static Routing
ROUTE ADD
Router Config
55
7/30/2015 109 ©2007 – Body Temple 7/30/2015
109
DYNAMIC ROUTING
Routing Protocols
Distance Vector
Use algorithms to calculate best routes based on distance
(cost) and direction (vector)
Transfer the whole routing table to other routers (up to a
maximum number of hops)
Routing tables are broadcast at regular intervals
Used for small/medium size networks
7/30/2015 110 ©2007 – Body Temple 7/30/2015
110
Distant Vector Routing Protocols
Routing Internet Protocol (RIP)v1
RIPv2 – increased security (authentication)
Border Gateway Protocol (BGP) – used to connect
Autonomous Systems (AS) across the Internet
(Autonomous Systems use classes of routing protocols
Interior and Exterior Gateway Protocol (IGP and EGP))
56
7/30/2015 111 ©2007 – Body Temple 7/30/2015
111
Dynamic Routing Protocols
Link State
Open Shortest Path First (OSPF)
More common IGP (OSPFv2 for IPv4, OSPFv3 for IPv6)
IS-IS (Intermediate System – Intermediate System)
7/30/2015 112 ©2007 – Body Temple 7/30/2015
112
Routing Protocols
AUTONOMOUS SYSTEM (AS) AUTONOMOUS SYSTEM (AS)
Interior Gateway Protocols: RIP, IGRP, EIGRP, OSPF
Exterior Gateway Protocol:
BGP
57
7/30/2015 113 ©2007 – Body Temple 7/30/2015
113
High Availability Routing
Use of ‘Virtual Routers’
Hot Standby Router Protocol (HSRP) – Cisco
proprietary
Virtual Router Redundancy Protocol (VRRP)
7/30/2015 114 ©2007 – Body Temple 7/30/2015
114
IPv6 Dynamic Routing
RIPng
EIGRPv6
OSPFv3
58
7/30/2015 115 ©2007 – Body Temple 7/30/2015
115
MODULE 9
SWITCHING AND VLANs
7/30/2015 116 ©2007 – Body Temple 7/30/2015
116
Switches
LAYER 2 Device
Used to create separate collision domains
Managed or Unmanaged devices
Learn the MAC address of host locations using MAC
address forward/filter table
59
7/30/2015 117 ©2007 – Body Temple 7/30/2015
117
Spanning Tree Protocol (STP)
Eliminates bridging loops (aka switching loops)
Enables switches to detect loops, communicate
with other switches and block potential loops
taking place ROOT BRIDGE
ROOT PORT
7/30/2015 118 ©2007 – Body Temple 7/30/2015
118
Virtual LAN (VLAN)
Switches provide a method of broadcast domain
segmentation called Virtual LANs (VLANs)
Layer 2 method of creating more broadcast
domains
VLANs logically divide a switch into multiple,
independent switches at Layer 2, each in their own
broadcast domain
60
7/30/2015 119 ©2007 – Body Temple 7/30/2015
119
VIRTUAL LAN (VLAN) VLAN 2
VLAN 3
VLAN 4
ROUTER
7/30/2015 120 ©2007 – Body Temple 7/30/2015
120
VLANs
Each VLAN behaves as if it were a separate switch
Packets are forwarded only to ports on that VLAN
VLANS require a TRUNK to span multiple switches
VLAN Trunking Protocol (VTP)
• manages VLANs across a switched internetwork and maintains
consistency throughout that network
A port can be assigned to a given VLAN
61
7/30/2015 121 ©2007 – Body Temple 7/30/2015
121
VLAN
Trunk Link
VLAN 2
VLAN 3
VLAN 4
ROUTER
VLAN 2
7/30/2015 122 ©2007 – Body Temple 7/30/2015
122
VLAN
62
7/30/2015 123 ©2007 – Body Temple 7/30/2015
123
Additional Switch settings/properties
Dependant upon the type/manufacture of the device
Quality of Service (QOS)
Port Security
Port Mirroring
Port Bonding
Flood Guards
Multicasting
Power over Ethernet (PoE) 802.3af/802.3at
7/30/2015 124 ©2007 – Body Temple 7/30/2015
124
MODULE 10
WIRELESS NETWORKING
63
7/30/2015 125 ©2007 – Body Temple 7/30/2015
125
802.11 Standards
Standard Max Throughput Frequency Notes
802.11a 54Mbps 5GHz
802.11b 11Mbps 2.4GHz
802.11g 54Mbps 2.4GHz
802.11n Up to 600Mbps 2.4/5GHz MIMO
802.11ac Up to 1Gbps 5GHz MIMO
7/30/2015 126 ©2007 – Body Temple 7/30/2015
126
WLAN Setup
Ad hoc mode
Wireless clients connect to each other without an AP
Infrastructure mode
Clients connect through an AP through one of two modes
BSSid (Basic Service Set ID) uses one AP
ESSid (Extended Service Set ID) More than one access point exists
64
7/30/2015 127 ©2007 – Body Temple 7/30/2015
127
Wireless Components
Wireless Access Point (WAP)
Wireless NIC
Wireless LAN (WLAN) Controller
7/30/2015 128 ©2007 – Body Temple 7/30/2015
128
Wireless Antennas
Transmit and Receive
Two Classes:
•Omni-directional (point to multipoint)
•Directional/Yagi (point to point)
65
7/30/2015 129 ©2007 – Body Temple 7/30/2015
129
WLAN Setup
Site Survey
Signal Degradation:
• Distance
• Building construction
• Interference
Wireless Security
7/30/2015 130 ©2007 – Body Temple 7/30/2015
130
Wireless Security
Threats
• Rogue AP
• Evil Twin
• WAR Driving/WAR Chalking
• Man in the Middle (MitM) Attacks
• Denial of Service (DOS)
66
7/30/2015 131 ©2007 – Body Temple 7/30/2015
131
Wireless Security
SSID Broadcast
Default security settings
MAC Filters
Shielding
Authentication
Encryption
7/30/2015 132 ©2007 – Body Temple 7/30/2015
132
Wireless Encryption
There are three main types of encryption available for
wireless networks:
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access version 2 (WPA2)
67
7/30/2015 133 ©2007 – Body Temple 7/30/2015
133
Wireless Encryption
WEP – Wired Equivalent Privacy was the first attempt at wireless
encryption
Uses RC4 for encryption and each frame also contains a 24 bit
initialisation vector (IV) that is clear text
The encryption level is either 40 bit (+24bitIV) or 104 bit (+24bit IV)
The IV makes WEP very weak
WEP is easily cracked after a number of packets have been captured by
sniffing
7/30/2015 134 ©2007 – Body Temple 7/30/2015
134
Wireless Encryption
WPA – Wi-Fi Protected Access replaced WEP and initially
was more secure. Still in common use but now relatively
easy to crack.
Also uses RC4 encryption but this time with a 48 bit IV but
uses TKIP as part of the encryption process
TKIP – Temporal Key Integrity Protocol combines the IV with
the key before encrypting and also changes the session key
dynamically after a number of packets
The weakness of WPA is the passphrase, a length of under
12 characters makes it breakable in a reasonable time
68
7/30/2015 135 ©2007 – Body Temple 7/30/2015
135
Wireless Encryption
WPA2 is the replacement for WPA and conforms to the
802.11i standard for security
Uses the AES encryption algorithm along with CCMP
Has been broken but is still seen as secure
CCMP – Cipher block Chaining Message authentication
Protocol is the process used with AES to provide encryption
and provide confidentiality along with authentication of
frames
7/30/2015 136 ©2007 – Body Temple 7/30/2015
136
Wireless Encryption
Wireless authentication can be handled by the access point or by an
external server such as RADIUS or TACACS+
The standard that covers external authentication is IEEE 802.1x
There are other authentication mechanisms that are part of the EAP –
Extensible Authentication Protocol framework. This allows for new
technologies to be compatible with wireless. EAP is not usually
encrypted
LEAP – Lightweight EAP was developed by Cisco and was designed to
replace TKIP in WPA
PEAP – Protected EAP encapsulates EAP in a TLS tunnel which provides
encryption
69
7/30/2015 137 ©2007 – Body Temple 7/30/2015
137
MODULE 11
AUTHENTICATION AND ACCESS
CONTROL
7/30/2015 138 ©2007 – Body Temple 7/30/2015
138
Access Control List (ACL)
Often ACLs are utilised on routers to determine which
packets are allowed to route through, based on the
requesting device’s source or destination Internet Protocol
(IP) address or Port Number (Port Filtering)
70
7/30/2015 139 ©2007 – Body Temple 7/30/2015
139
Tunneling
Virtual Private Network (VPN)
Provides a secure connection between 2 endpoints
using a variety of authentication and encryption
techniques for the following:
•Remote Access (RAS) – Host-to-Site
• Site-to-Site / Host-to-Host
•Business-to-Business (B2) / Extranet VPN
7/30/2015 140 ©2007 – Body Temple 7/30/2015
140
VPN Types
The main types of tunnels to be familiar
with:
• Secure Socket Layer (SSL)
• Layer 2 Tunneling Protocol (L2TP)
• Point to Point Tunneling Protocol (PPTP)
• IP Security (IPSEC)
• Generic Routing Encapsulation (GRE)
71
7/30/2015 141 ©2007 – Body Temple 7/30/2015
141
VPN Types
VPN Port Notes
PPTP 1723
L2TP 1701
IPSEC 500 ESP (id 50) / AH (id51)
GRE 47
SSL 443
7/30/2015 142 ©2007 – Body Temple 7/30/2015
142
IPSEC
Encapsulating Security Payload (ESP)
Authenticating Header (AH)
Security Association (ISAKMP)
Tunnel Mode
Transport Mode
72
7/30/2015 143 ©2007 – Body Temple 7/30/2015
143
ENCRYPTION
SYMMETRIC
• DES
• 3DES
• AES
ASYMMETRIC
• PUBLIC & PRIVATE Key
• Diffie-Hellman
• RSA (Rivest, Shamir, Adleman)
• PGP (Pretty Good Privacy)
7/30/2015 144 ©2007 – Body Temple 7/30/2015
144
Citrix
Terminal Emulation
Microsoft based Terminal Services on this
technology
73
7/30/2015 145 ©2007 – Body Temple 7/30/2015
145
Remote Desktop
Microsoft Remote Desktop Services / Terminal Services
Uses Remote Desktop Protocol (RDP – Port 3389)
May be secured with HTTPS
Allows for Remote Desktops for Administration, Remote
Assistance and Remote Applications
May also be utilised in Virtual Desktop Infrastructure
7/30/2015 146 ©2007 – Body Temple 7/30/2015
146
USER AUTHENTICATION
AUTHENTICATION – Proving you are who you say
you are!
Authentication protocols:
• Something that you know – Password/Pin
• Something that you have – Smartcard/token
• Something that you are - Biometric
74
7/30/2015 147 ©2007 – Body Temple 7/30/2015
147
User Authentication
Certificate Services (Public Key Infrastructure –PKI)
Kerberos
Active Directory (Domain)
Local Authentication – Security Accounts
Management (SAM)
7/30/2015 148 ©2007 – Body Temple 7/30/2015
148
Authentication Protocols
Password Authentication Protocol PAP
Challenge Handshake Protocol CHAP
Microsoft CHAP MS-CHAP (MS-CHAPv2)
Extensible Authentication Protocol EAP
802.1x – Network Access Control NAC
75
7/30/2015 149 ©2007 – Body Temple 7/30/2015
149
Network Access Control
Cisco NAC / Microsoft NPAS (NAP)
Posture Assessment
• Antimalware
• Updates
• Firewall
Guest Networks
Quarantine Networks
7/30/2015 150 ©2007 – Body Temple 7/30/2015
150
A A A
Centralized Authentication, Authorization and
Accounting:
Remote Authentication Dial-in User Service RADIUS
Terminal Access Controller Access-Controller
System TACACS+ (Cisco)
76
7/30/2015 151 ©2007 – Body Temple 7/30/2015
151
KERBEROS
Authentication protocol for TCP/IP networks
allowing centralization of authentication on a single
server (Domain Controller)
Uses UDP / TCP port 88
Key Distribution Center
TGT (Ticket Granting Ticket)
TGS (Ticket Granting Session)
7/30/2015 152 ©2007 – Body Temple 7/30/2015
152
Authorization
Permissions
Rights
Access Controls
Share / Security
Permissions
Security Groups
77
7/30/2015 153 ©2007 – Body Temple 7/30/2015
153
MODULE 12
NETWORK THREATS
7/30/2015 154 ©2007 – Body Temple 7/30/2015
154
SECURITY
CIA
• Confidentiality
• Integrity
• Availability
AAA
• Authentication
• Authorization
• Accounting
78
7/30/2015 155 ©2007 – Body Temple 7/30/2015
155
SECURITY THREATS
Denial of Service (DOS)
Distributed DOS (DDOS)
• Smurf
• Fraggle
•Botnet
• SYN Flood
7/30/2015 156 ©2007 – Body Temple 7/30/2015
156
SECURITY THREATS
DNS Poisoning
ARP Cache Poisoning
IP Spoofing
Session Hijacking
VLAN Hopping
79
7/30/2015 157 ©2007 – Body Temple 7/30/2015
157
Malicious Software (Malware)
Virus
Worm
Trojan Horse
Rootkit
Adware/Spyware
Antimalware / Antivirus
System well patched and maintained
7/30/2015 158 ©2007 – Body Temple 7/30/2015
158
VULNERABILITIES
Unnecessary Services/Applications
Unpatched Systems/Applications
Open Ports
Unencrypted systems
RF Emanation/TEMPEST
Insider Threats
80
7/30/2015 159 ©2007 – Body Temple 7/30/2015
159
WIRELESS SECURITY
WAR Driving / WAR Chalking
WEP/WPA/WPA2 Cracking
Rogue Access Point
Evil Twin
Bluejacking
Bluesnarfing
7/30/2015 160 ©2007 – Body Temple 7/30/2015
160
SOCIAL ENGINEERING
Using or manipulating users for nefarious
gain – Flattery and Authority
• Phishing
•Vishing
•Tailgating
• Shoulder Surfing
•Hoax
81
7/30/2015 161 ©2007 – Body Temple 7/30/2015
161
SECURITY POLICIES
Security Audit
Clean Desk Policy
Password Policy
Acceptable Usage Policy
7/30/2015 162 ©2007 – Body Temple 7/30/2015
162
MITIGATION
User Training and Awareness
Patches and Upgrades
• OS
• Application
• Drivers
• Firmware
Anti-Malware Software
82
7/30/2015 163 ©2007 – Body Temple 7/30/2015
163
Network Security - MITIGATION
Firewalls
IDS
IPS
PROXY SERVERS
7/30/2015 164 ©2007 – Body Temple 7/30/2015
164
VULNERABILITY SCANNERS
NESSUS
NMAP
MBSA
83
7/30/2015 165 ©2007 – Body Temple 7/30/2015
165
PHYSICAL SECURITY
Security Zones
• Proximity readers
• Mantraps
• Badges/Tags
Comms Room Security
CCTV
Access Controls
7/30/2015 166 ©2007 – Body Temple 7/30/2015
166
RISK AVOIDANCE
Disaster Recovery
• Disaster Recovery Plan (DRP)
Business Continuity
• Business Continuity Plan (BCP)
Power
• Redundant systems
• Uninterruptable Power Supply (UPS)
84
7/30/2015 167 ©2007 – Body Temple 7/30/2015
167
REDUNDANCY
DISKS
• RAID
POWER
• UPS
SERVERS
• Clustering
• Virtualization
NETWORK
• Redundant Switches / NICs
7/30/2015 168 ©2007 – Body Temple 7/30/2015
168
RAID
RAID 0
RAID 1
RAID 5
RAID 10
85
7/30/2015 169 ©2007 – Body Temple 7/30/2015
169
MODULE 13
Wide Area Networking
7/30/2015 170 ©2007 – Body Temple 7/30/2015
170
WAN Terminology
CPE - Customer Premises Equipment
Demarc – (demarcation point) marks the interface between
customer-premises equipment and network service provider
equipment.
NI – Network Interface (coincides with Demarc)
CSU/DSU (Channel service unit/data service unit) - Connects WAN to
customer network
Local loop
• Connects Demarc to Switching Office (Carrier’s POP)
• From Phone Room Closet to Demarc
CO – Central Office which connects customer to switched network
SOHO – Small Office Home Office
86
7/30/2015 171 ©2007 – Body Temple 7/30/2015
171
WAN Media
Copper Carriers (Telephone Industry)
• T1 / T3 Lines
Fiber Carriers
• Synchronous Optical Network (SONET)(US)
• Synchronous Digital Hierarchy (SDH)(EUR)
7/30/2015 172 ©2007 – Body Temple 7/30/2015
172
Copper Carriers
CARRIER CHANNELS SPEED
T1 24 1.544 Mbps
T3 672 44.736 Mbps
E1 32 2.048 Mbps
E3 512 34.368 Mbps
87
7/30/2015 173 ©2007 – Body Temple 7/30/2015
173
Optical Carriers (Synchronous Optical Network)
SONET Optical Level Line Speed
OC-1 51.85 Mbps
OC-3 155.52 Mbps
OC-12 622.08 Mbps
OC-24 1.244 Gbps
OC-48 2.488 Gbps
OC-192 9.952 Gbps
OC-255 13.21 Gbps
OC-768 39.82 Gbps
7/30/2015 174 ©2007 – Body Temple 7/30/2015
174
Fiber – Wavelength Division Multiplexing
WDM – Allows for several different optical
carriers on a single optical fiber by using
different wavelengths.
Two technologies used are:
•DWDM – Dense WDM
•CWDM – Coarse WDM
88
7/30/2015 175 ©2007 – Body Temple 7/30/2015
175
Packet Switching
Allows for protocols to use T and OC linked mesh
connections to ‘route’ from one location to another
Originally used X.25 (CCITT Packet Switching
Protocol)
Now mostly uses:
Frame Relay
Asynchronous Transfer Mode (ATM)
7/30/2015 176 ©2007 – Body Temple 7/30/2015
176
FRAME RELAY
Primarily used for T-Carrier lines
Uses Frame Relay Bridges and/or Routers
No guarantee of data integrity but low error rate
Creates a Permanent Virtual Circuit (PVC)
A permanent virtual circuit (PVC) is a virtual circuit established for repeated
use between the same types of equipment.
89
7/30/2015 177 ©2007 – Body Temple 7/30/2015
177
ATM
High speed reliable links used for:
Voice
Data
Fax
Media (Video/Audio/Imaging)
7/30/2015 178 ©2007 – Body Temple 7/30/2015
178
Multi Protocol Label Switching (MPLS)
Replacement for Frame Relay and ATM
The process of transporting IP packets by encapsulating them and using a label to specify a path through the network
The idea is based upon removing the need for routing table lookups
Labels can be based upon source address, QoS value or other parameters
Labels can override the routing table
MPLS can run over a variety of layer 2 technologies
90
7/30/2015 179 ©2007 – Body Temple 7/30/2015
179
‘The Last Mile’
Connection between user and central office
Dial-up
Digital Subscriber Line (DSL)
Cable
Satellite
Fiber
Broadband over Powerline (BPL)
7/30/2015 180 ©2007 – Body Temple 7/30/2015
180
DIAL UP
POTS or PSTN
Expensive
Unreliable
Requires a dial-up
Uses Point to Point Protocol (PPP) to connect, authenticate
and negotiate network protocol (TCP/IP)
V-Standards
V.22 (1,200Bps) – V.92 (57,600 bps)
91
7/30/2015 181 ©2007 – Body Temple 7/30/2015
181
Integrated Services Digital Network (ISDN)
ISDN consists of two Channels:
Bearer (B Channels)
Carry Data, Voice information
Delta (D Channels)
Carry setup and configuration information
Basic Rate Interface (BRI) uses 2B+D
Primary Rate Interface (PRI) uses 23B+D (US)
8-30B+D (EUR)
7/30/2015 182 ©2007 – Body Temple 7/30/2015
182
DSL
Asymmetric Digital Subscriber Line (ADSL)
Symmetric DSL (SDSL)
Very High Bitrate DSL (VDSL)
Uses existing telephone lines via DSL modem
Standard RJ11 connectors
Low pass filters to remove DSL for telephone calls
Always on
92
7/30/2015 183 ©2007 – Body Temple 7/30/2015
183
Wireless WAN
Cellular WAN
High Speed Packet Access (HSPA+)
WiMAX (World Wide Interoperability for
Microwave Access)
LTE (Long Term Evolution)
7/30/2015 184 ©2007 – Body Temple 7/30/2015
184
VOIP
Uses existing IP network for voice calls
Uses three standards
RTP – Real Time Transport Protocol
SIP – Session Initiation Protocol
H.323
93
7/30/2015 185 ©2007 – Body Temple 7/30/2015
185
Troubleshooting WAN Issues
Key problems areas:
• Lack of Internet connectivity
• Interface errors
• Split Horizon
• DNS
• Router configurations
• Security Policy (Firewalls)
7/30/2015 186 ©2007 – Body Temple 7/30/2015
186
MODULE 14
TROUBLESHOOTING
94
7/30/2015 187 ©2007 – Body Temple 7/30/2015
187
Basics of Troubleshooting
Identify the Problem
Establish probable
cause
Test Theory
Plan of Action
Implement and test solution
Verify functionality
Document
7/30/2015 188 ©2007 – Body Temple 7/30/2015
188
Tools of the trade
Protocol Analyzer
Throughput Tester
Remote Desktop Software
Command Line Tools
Wireless Analyzer
95
7/30/2015 189 ©2007 – Body Temple 7/30/2015
189
TCP/IP Utilities
IPCONFIG
/all
/displaydns
/registerdns
/flushdns
/release
/renew
7/30/2015 190 ©2007 – Body Temple 7/30/2015
190
IFCONFIG (UNIX/LINUX)
Eth0 up (enables 1st Ethernet Card)
Eth0 down (disables)
96
7/30/2015 191 ©2007 – Body Temple 7/30/2015
191
ICMP
PING
PATHPING
TRACERT
MTR (UNIX/LINUX) (Similar to TRACERT and PING)
7/30/2015 192 ©2007 – Body Temple 7/30/2015
192
ARP
Address Resolution Protocol
IP to MAC Address
97
7/30/2015 193 ©2007 – Body Temple 7/30/2015
193
NETSTAT
-a (connections
and listening
ports)
-o (process ID)
-r (routing table)
7/30/2015 194 ©2007 – Body Temple 7/30/2015
194
NBTSTAT
NETBIOS Names (is case sensitive)
-n (local system)
-c (cache)
-R (purge and reload cache)
98
7/30/2015 195 ©2007 – Body Temple 7/30/2015
195
NSLOOKUP
DNS Diagnosis
-ls (list)
-d (domain)
-t (type)
7/30/2015 196 ©2007 – Body Temple 7/30/2015
196
DIG
UNIX/LINUX addition to NSLOOKUP
99
7/30/2015 197 ©2007 – Body Temple 7/30/2015
197
Network Monitoring
Baselines
• CPU
• RAM
• HDD
• NETWORK
Performance Monitor
System Logs (syslog)
Traffic Analyzer (Wireshark)
SNMP – Simple Network Management Protocol
7/30/2015 198 ©2007 – Body Temple 7/30/2015
198
SIEM
Security information and event management (SIEM)
is a term for software products and services
combining security information management
Used for the collation of the following types of
information:
• Data aggregation
• Correlation
• Alerting
• Compliance
• Retention
• Forensic analysis
100
7/30/2015 199 ©2007 – Body Temple 7/30/2015
199
Windows Performance Monitoring
7/30/2015 200 ©2007 – Body Temple 7/30/2015
200
SNMP Monitoring
101
7/30/2015 201 ©2007 – Body Temple 7/30/2015
201
Simple Network Management Protocol
Allows the administrator to set a ‘trap’ on a
device to collect information
Uses UDP to send communication from the
management system to the agent to get
information or change configuration
SNMPv3 adds message integrity,
authentication and encryption.
Uses port 161
7/30/2015 202 ©2007 – Body Temple 7/30/2015
202
Testing Equipment
Multimeter
Testing resistance for
shorts
102
7/30/2015 203 ©2007 – Body Temple 7/30/2015
203
Tone Locators and Toner Probes
Locate cable runs
7/30/2015 204 ©2007 – Body Temple 7/30/2015
204
Cable Tester
Broken wires
Improperly wired
Cable shorts
May record speed and
settings (Certifier)
103
7/30/2015 205 ©2007 – Body Temple 7/30/2015
205
Cable Tester (advanced)
Time-Domain Reflector (TDR)
Optical TDR (for Fiber)
7/30/2015 206 ©2007 – Body Temple 7/30/2015
206
Cable Issues
Bad wiring/connectors
Crosstalk
Near End/Far End Crosstalk
Attenuation
Collisions
Shorts
Echo (Open Impedance Mismatch)
Interference/EMI
Split pairs
TX/RX Reverse
104
7/30/2015 207 ©2007 – Body Temple 7/30/2015
207
Fiber Cable Issues
Cable Mismatch
Bad connectors/dirty connectors
Distance limitations
Bend Radius
7/30/2015 208 ©2007 – Body Temple 7/30/2015
208
Cable Stripper / Crimper
105
7/30/2015 209 ©2007 – Body Temple 7/30/2015
209
Butt Set
Used to test Telephone Lines
7/30/2015 210 ©2007 – Body Temple 7/30/2015
210
Other Network Issues
Temperature
Environment (Humidity)
HVAC used to mitigate
106
7/30/2015 211 ©2007 – Body Temple 7/30/2015
211
MODULE 15
Management, Monitoring &
Optimisation
7/30/2015 212 ©2007 – Body Temple 7/30/2015
212
Network Management
Wiring Schematics
Physical Network Diagram
• Physical Connections
• Network Devices
• Computers
• Peripherals
107
7/30/2015 213 ©2007 – Body Temple 7/30/2015
213
Network Management
Logical Network Diagram
• IP Address schemes
• Protocols
• User accounts
Domain
Organizational Unit Organizational Unit
Organizational Unit Organizational Unit
Computer UserGroup
7/30/2015 214 ©2007 – Body Temple 7/30/2015
214
Network Management
Asset Management
• ISO 19770
IP Address Management
• Documentation
• IPAM
108
7/30/2015 215 ©2007 – Body Temple 7/30/2015
215
Network Management
Policies
• Security Policies
• Change Management
Standard Business Documents
• Statement of Work (SOW)
• Memorandum of Understanding (MOU)
• Master License Agreement (MLA)
• Service Level Agreement (SLA)
7/30/2015 216 ©2007 – Body Temple 7/30/2015
216
Change Management Procedures
Document reason for change
Change request
Configuration procedures
Rollback Process
Potential Impact
Notification
109
7/30/2015 217 ©2007 – Body Temple 7/30/2015
217
Change Management Procedures
Approval Process
Maintenance Window
Authorized Downtime
Notification of Change
Documentation
7/30/2015 218 ©2007 – Body Temple 7/30/2015
218
Network Management
Safety Practices
• Electrical Safety
• Installation Safety
• Material Safety Data Sheet (MSDS)
110
7/30/2015 219 ©2007 – Body Temple 7/30/2015
219
Network Management
Emergency Procedures
• Fire Escape Plan
• Safety/Emergency Exits
• Fail Open/Fail Close
• Emergency Alert System
• Fire Suppression System
7/30/2015 220 ©2007 – Body Temple 7/30/2015
220
Network Optimization
Performance
• QOS
Unified Communications
Bandwidth
• Traffic Shaping
Load Balancing
High Availability
Caching Engines
111
7/30/2015 221 ©2007 – Body Temple 7/30/2015
221
Network Optimization
Backups
• Full
• Incremental
• Differential Backup Type Data Backup Time Restore Time Storage
Space
FULL All data Slowest Fastest High
INCREMENTAL New/Modified
data
Fast Slower Low
DIFFERENTIAL All data since
last full
Moderate Faster Moderate
7/30/2015 222 ©2007 – Body Temple 7/30/2015
222
Virtualization
Examples of virtualization technology:
•VMWare vSphere
•Microsoft Hyper-V
•Citrix XenServer
112
7/30/2015 223 ©2007 – Body Temple 7/30/2015
223
Virtualization
Power Saving
Consolidation of Hardware
Recovery / Duplication
Test and Development
Costs
7/30/2015 224 ©2007 – Body Temple 7/30/2015
224
Virtualization
Virtual Networking (Switches)
Virtual Hard Drives
Virtual Desktops
Virtual Applications
Network/Infrastructure As A Service (NaaS)(IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)