COMPTIA Network Plus Courseware Notes Version 2.2
www.firebrandtraining.com
COMPTIA NETWORK+ N10-006
1 7/30/2015 7/30/2015
1
©2007 – Body Temple
The CompTIA Network+ certification is an internationally recognized validation of the technical knowledge required of foundation-level IT network practitioners. It is recommended for CompTIA Network+ candidates to have the following: CompTIA A+ certification or equivalent knowledge, though CompTIA A+ certification is not required. Have at least 9 to 12 months of work experience in IT networking
2 7/30/2015 7/30/2015
2
©2007 – Body Temple
1
CompTia Network+ Objectives The table below lists the domains measured by the exam and the extent to which they are represented. CompTIA Network+ exams are based on these objectives. DOMAIN
% OF EXAM
1.0 Network Architecture
22%
2.0 Network Operations
20%
3.0 Network Security
18%
4.0 Troubleshooting
24%
5.0 Industry Standards, Practices and Network Theory
16%
3 7/30/2015 7/30/2015
3
©2007 – Body Temple
CompTia Network+ Objectives
A full list of the CompTia Network+ Objectives and official Network+ Acronym List is provided at: http://certification.comptia.org/Training/testingc enters/examobjectives.aspx
4 7/30/2015 7/30/2015
4
©2007 – Body Temple
2
Network+ Modules DAY 1
Module 1: Introduction to Networks Module 2: The OSI Reference Model Module 3: Networking Topology, Connectors and Wiring Standards
Module 4: Ethernet Specifications Module 5: Network Devices Module 6: TCP/IP Module 7: IP Addressing 5 7/30/2015 7/30/2015
5
©2007 – Body Temple
Network+ Modules – DAY 2
Module 8: Routing Module 9: Switching and VLANs Module 10: Wireless Networking
Module 11: Authentication and Access Control Module 12: Network Threats Module 13: Wide Area Networking Module 14: Troubleshooting 6 7/30/2015 7/30/2015
6
©2007 – Body Temple
3
Network+ Modules – DAY 3
Module15: Management, Monitoring and Optimisation Exam N10-006
7 7/30/2015 7/30/2015
©2007 – Body Temple
7
MODULE 1 INTRODUCTION TO NETWORKS
8 7/30/2015 7/30/2015
8
©2007 – Body Temple
4
What is a Network
“Two or more connected computers that can share resources such as data and applications” Determined by: Type of Computer Topology Interconnection device
9 7/30/2015 7/30/2015
9
©2007 – Body Temple
Clients and Servers
Types of Computer Workstation / Client Server Types of Network Peer-Peer Client-Server 10 7/30/2015 7/30/2015
10
©2007 – Body Temple
5
Networking Topology
BUS
11 7/30/2015 7/30/2015
11
©2007 – Body Temple
Networking Topology
Star (Hub and Spoke)
12 7/30/2015 7/30/2015
12
©2007 – Body Temple
6
Networking Topology
RING
13 7/30/2015 7/30/2015
13
©2007 – Body Temple
Networking Topology
MESH
14 7/30/2015 7/30/2015
14
©2007 – Body Temple
7
Networking Topology
Backbone and Segments
VLAN 1 SALES
SEVERS COMMS ROOM
BACKBONE VLAN 2 MARKETING
15 7/30/2015 7/30/2015
©2007 – Body Temple
15
MODULE 2 THE OSI REFERENCE MODEL
16 7/30/2015 7/30/2015
16
©2007 – Body Temple
8
The Open Systems Interconnection Model
The OSI model is the primary architectural model for networks. It describes how data and network information are communicated from an application on one computer through the network media to an application on another computer. The OSI reference model breaks this approach into 7 layers.
17 7/30/2015 7/30/2015
©2007 – Body Temple
17
OSI Reference Model 7 APPLICATION 6 PRESENTATION 5 SESSION 4 TRANSPORT 3 NETWORK 2 DATALINK 1 PHYSICAL
18 7/30/2015 7/30/2015
18
©2007 – Body Temple
9
OSI
7 APPLICATION The application layer provides connectivity between users and application processes to access network services. This layer contains a variety of commonly needed functions: • Resource sharing NFS FTP HTTP • Network management SNMP TELNET • Directory services LDAP • Electronic messaging (such as mail) SMTP, POP3
19 7/30/2015 7/30/2015
©2007 – Body Temple
19
OSI
6 PRESENTATION The presentation layer formats the data to be presented to the application layer. It acts as the ‘translator’ for the network. The presentation layer provides: • Character code translation. • Data conversion. • Data compression: reduces the number of bits that need to be transmitted on the network. • Data encryption: encrypt data for security purposes. For example, password encryption. 20 7/30/2015 7/30/2015
20
©2007 – Body Temple
10
OSI
5 SESSION
The session layer allows session establishment between processes running on different stations. It provides: • Session Management – establishment and termination between two application processes on different machines • Session support allowing processes to communicate over the network, performing security, name recognition, logging, and so on.
21 7/30/2015 7/30/2015
©2007 – Body Temple
21
OSI
4 TRANSPORT The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. The transport layer provides: • Message segmentation • Message acknowledgment • Message traffic control • Session multiplexing • Transmission Control Protocol (TCP) / User Datagram Protocol (UDP) both work at Layer 4 22 7/30/2015 7/30/2015
22
©2007 – Body Temple
11
OSI
3 NETWORK The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides: • Routing • Subnet traffic control through the use of a router (Layer 3 Intermediate system) • Frame fragmentation • Logical-physical address mapping • Internet Protocol (IPv4 / IPv6) 7/30/2015 7/30/2015
23 ©2007 – Body Temple
23
OSI
2 DATALINK The data link layer provides error-free transfer of data frames from one node to another over the physical layer. The data link layer provides: • Link establishment and termination • Frame traffic control • Frame sequencing • Frame acknowledgment
• Frame error checking • Media access management 24 7/30/2015 7/30/2015
24
©2007 – Body Temple
12
OSI – DATALINK LAYER The IEEE Ethernet Data Link layer has two sublayers Media Access Control (MAC) Logical Link Control (LLC) Devices which work at Layer 2 include: • Switch • Network Adaptor • Bridge
25 7/30/2015 7/30/2015
©2007 – Body Temple
25
OSI – DATALINK LAYER – IEEE 802 Standards
IEEE 802. STANDARD
Topic
802.1
LAN/MAN Management
802.2
Logical Link Control
802.3
CSMA/CD ETHERNET
802.8
Fiber-Optic LAN/MAN
802.10
LAN/MAN Security
802.11
Wireless LAN
26 7/30/2015 7/30/2015
26
©2007 – Body Temple
13
OSI
1 PHYSICAL The physical layer is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It provides: • Data encoding • Physical medium attachment • Physical medium transmission
Devices that work at Layer 1 include: • Hub • Repeater • Media Convertor 7/30/2015 7/30/2015
27 ©2007 – Body Temple
27
PLEASE DO NOT THROW SAUSAGE PIZZA AWAY! 7 AWAY 6 PIZZA 5 SAUSAGE 4 THROW 3 NOT 2 DO 1 PLEASE
28 7/30/2015 7/30/2015
28
©2007 – Body Temple
14
MODULE 3 NETWORKING TOPOLGY, CONNECTORS AND WIRING STANDARDS
29 7/30/2015 7/30/2015
29
©2007 – Body Temple
CABLE CHARACTERISTICS
Cost Installation issues PLENUM Rating
Bandwidth/Speed/Capacity Duplex/Half Duplex Serial/Parallel Distance/Attenuation Noise immunity 7/30/2015 7/30/2015
Security 30
30 ©2007 – Body Temple
15
Types of Cable
COAXIAL
31 7/30/2015 7/30/2015
31
©2007 – Body Temple
Types of Cable
Coax connectors BNC
F
32 7/30/2015 7/30/2015
32
©2007 – Body Temple
16
Types of Cable
Twisted Pair UTP STP CAT standards Connectors
33 7/30/2015 7/30/2015
33
©2007 – Body Temple
RJ45
RJ45 plugs and sockets are most commonly used as connectors for Ethernet cable (UTP) Also known as 8P8C (8 position 8 Contact) Eight equally spaced conductors Terminated using a crimp tool
34 7/30/2015 7/30/2015
34
©2007 – Body Temple
17
RJ45 Wiring Standards
T568A T568B STRAIGHT THROUGH CROSSOVER ROLLOVER LOOPBACK
35 7/30/2015 7/30/2015
©2007 – Body Temple
35
T568A / T568B
T568B is more common 36 7/30/2015 7/30/2015
36
©2007 – Body Temple
18
CROSSOVER
37 7/30/2015 7/30/2015
37
©2007 – Body Temple
Rollover and Loopback CABLE
Console Cable used to connect Administrator to console port of a Router or Switch
Loopback Cable used for diagnostics and testing. 38 7/30/2015 7/30/2015
38
©2007 – Body Temple
19
FIBER OPTIC
ST Connector (Straight Tip) SC Connector (Subscriber Connector) LC Connector (Local Connector) MTRJ (Mechanical Transfer Registered Jack) Single Mode Fiber (SMF) Multimode Fiber (MMF)
39 7/30/2015 7/30/2015
39
©2007 – Body Temple
Media Converter
Allow the conversions between different types of Fiber Optic or between Fiber and Ethernet. These include: • Single Mode Fiber to Ethernet • Multi Mode Fiber to Ethernet • Fiber to Coaxial
40 7/30/2015 7/30/2015
40
©2007 – Body Temple
20
Types of Cable
Other types of communications cables include: RS232 USB
FIREWIRE THUNDERBOLT
41 7/30/2015 7/30/2015
41
©2007 – Body Temple
Patching and Cabling MDF – Main Distribution Frame is a terminating point where cables are connected and can be jumpered to different locations IDF – Intermediate Distribution Frame, a smaller version of the MDF maybe on each floor of a building Patch Panel – where circuits can be rerouted through the use of CAT 5 patch leads
42 7/30/2015 7/30/2015
42
©2007 – Body Temple
21
66 / 110 Block
66 Block used for Telephone systems 110 Block used for Cat 5/6 UTP systems
43 7/30/2015 7/30/2015
43
©2007 – Body Temple
Demarcation Point The DEMARC or demarcation point is the point at which the telephone company or circuit provider network ends and connects to the wiring at the customer’s premises. A box such as an NIU (Network Interface Unit) or a CSU (Channel Service Unit) which carries out code or protocol conversion is commonly referred to as a SMART JACK. This is the terminating point between the TELCO and the customer network
44 7/30/2015 7/30/2015
44
©2007 – Body Temple
22
MODULE 4 ETHERNET SPECIFICATIONS
45 7/30/2015 7/30/2015
45
©2007 – Body Temple
Ethernet Standards 802.3
Ethernet descriptive labels Eg: 10Base5 Equates to: 10 Mbps
Baseband signalling (one channel of communication at any time) 500 Metres maximum length 10Base2 (runs for 185 Metres)
46 7/30/2015 7/30/2015
46
©2007 – Body Temple
23
Carrier Sense Multiple Access / Collision Detection CSMA/CD
CSMA/CD is known as a contention method because computers on the network contend, or compete, for an opportunity to send data.
The more computers there are on the network, the more network traffic there will be. With more traffic, collision avoidance and collisions tend to increase, which slows the network down, so CSMA/CD can be a slow-access method.
47 7/30/2015 7/30/2015
47
©2007 – Body Temple
CSMA/CD
CSMA/CD is used by all implementations of Ethernet regardless of the media or the data throughput. CSMA/CD working without a collision: 1.Listens to check media to see if it is clear 2.If clear then a host will place data on the media 3.Then listens to see if data sent has a collision
48 7/30/2015 7/30/2015
48
©2007 – Body Temple
24
CSMA/CD CSMA/CD working with a collision: 1.Listens to check media to see if it is clear 2.If clear then a host will place data on the media 3.Then listens to see if data sent has a collision 4.Collision occurs 5.Both devices send a jam signal 6.Both devices start a timer (back off algorithm) 7.First host whose timer expires repeats steps 1-3 8.Then the second node will perform steps 1 - 3 9.Then operation returns to normal and all devices have equal access to the media
49 7/30/2015 7/30/2015
49
©2007 – Body Temple
CSMA/CA (Collision Avoidance)
Used on Wireless Networks Nodes must ‘listen’ out to detect if network is busy before sending
Optionally may be implemented with Request To Send/Clear To Send (RTS/CTS)
50 7/30/2015 7/30/2015
50
©2007 – Body Temple
25
MAC Address
Media Access Control (MAC) Works at Datalink Layer (2) 48 bit Hexidecimal address unique to every Network Interface (Organizationally Unique ID/Vendor ID)
51 7/30/2015 7/30/2015
©2007 – Body Temple
51
Common Ethernet Cable Types Ethernet Name
Cable Type
Max Distance
Notes
10Base5
COAX
500m
Thicknet
10Base2
COAX
185m
Thinnet
10BaseT
UTP
100m
100BaseTX
UTP/STP
100m
Cat5 upwards
10BaseFL
FIBER
500-2000m
Ethernet over Fiber
100BaseFX
MMF
2000m
1000BaseT
UTP
100m
Cat5e upwards
1000BaseSX
MMF
550m
SC Connector
1000BaseCX
Balanced Shielded Copper
25m
Special Connector
1000BaseLX
MMF/SMF
550m (Multi) /2000m(Single)
SC and LC Connector 52
7/30/2015 7/30/2015
52
©2007 – Body Temple
26
Common Ethernet Cable Types Ethernet Name
Cable Type
Max Distance
10GBaseT
UTP
100m
10GBaseSR
MMF
300m
10GBaseLR
SMF
10km
10GBaseER
SMF
40km
10GBaseSW
MMF
300m
10GBaseLW
SMF
10km
10GBaseEW
SMF
40km
Notes
Used with SONET
53 7/30/2015 7/30/2015
53
©2007 – Body Temple
Ethernet over other standards
Ethernet over Power Line (Broadband over Power Line (BPL)) Ethernet over HDMI
54 7/30/2015 7/30/2015
54
©2007 – Body Temple
27
MODULE 5 NETWORK DEVICES
55 7/30/2015 7/30/2015
55
©2007 – Body Temple
Common Network Devices Network Interface Card (NIC) Hub Bridge Switch Router Firewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Access Point 56 7/30/2015 7/30/2015
56
©2007 – Body Temple
28
NETWORK INTERFACE CARD (NIC)
Unique identifier – Media Access Control address (MAC)
57 7/30/2015 7/30/2015
57
©2007 – Body Temple
HUBS AND REPEATER – LAYER 1 DEVICES
HUB enables a number of nodes to connect to a network (one per port)
REPEATER retransmit signals (may clean and strengthen the signal) to increase distances between nodes
58 7/30/2015 7/30/2015
58
©2007 – Body Temple
29
BRIDGE – LAYER 2 DEVICE
A BRIDGE (or ‘Transparent Bridge’) connects two similar network segments together. Its primary function is to keep traffic separated on either side of the bridge, breaking up Collision Domains within a single Broadcast Domain BROADCAST DOMAIN Collision Domain
Collision Domain
BRIDGE
59 7/30/2015 7/30/2015
59
©2007 – Body Temple
SWITCH – LAYER 2 DEVICE
Multiport bridges Operate at DATALINK layer Control collision domains
Now used extensively instead of Hubs and Bridges May also incorporate LAYER 3 technology
60 7/30/2015 7/30/2015
60
©2007 – Body Temple
30
ROUTER – LAYER 3 DEVICE
Traditional LAYER 3 device (NETWORK Layer) Forwarding based upon network layer IP address Control Broadcast and Collision Domains Can use multiple routing protocols
61 7/30/2015 7/30/2015
61
©2007 – Body Temple
FIREWALL
Provide the first layer of defence in network security May be hardware or software (or both)
Based on configuration rules Used to established Demilitarised Zones (DMZ)
62 7/30/2015 7/30/2015
62
©2007 – Body Temple
31
FIREWALLS - DMZ
Used to protect the LAN from External attacks/intrusion
DMZ LAN
7/30/2015 7/30/2015
63
INTERNET
63 ©2007 – Body Temple
FIREWALL - Rules
64 7/30/2015 7/30/2015
64
©2007 – Body Temple
32
IDS/IPS
Intrusion Detection System (IDS) • Host Based (HIDS) or Network Based (NIDS) • Passive Monitoring • Anomaly Detection • Signature Detection • Heuristics
Intrusion Protection System Host Based (HIPS) or Network Based (NIPS) Active Monitoring 65 7/30/2015 7/30/2015
©2007 – Body Temple
65
IDS/IPS
Honeypot / Honeynet Used to monitor intrusion / attacks and conduct intelligence gathering Used to deflect potential attacks HONEYPOT
DMZ IDS INTERNET 66 7/30/2015 7/30/2015
66
©2007 – Body Temple
33
Wireless Access Points (WAP)
Connects computers with wireless adapters to a network Access Point is a translational bridge 802.11b/g Access Points use CSMA/CD to connect to network (LAN) and CSMA/CA to communicate with other wireless devices
67 7/30/2015 7/30/2015
67
©2007 – Body Temple
Dynamic Host Configuration Protocol (DHCP)
Dedicated Server Role or Integrated with Network Device
68 7/30/2015 7/30/2015
68
©2007 – Body Temple
34
DHCP DHCP Client sends Broadcast packets to DHCP Server in order to acquire an IP address from the DHCP Scope • DHCP Discover • DHCP Offer • DHCP Request • DHCP Ack
69 7/30/2015 7/30/2015
69
©2007 – Body Temple
DHCP Settings
Reservations (set on MAC address of client) Exclusions (used for statically assigned clients) Authorised on the network Scope must be activated Clients will default to APIPA address if no DHCP available Internet Connection Sharing (ICS) includes DHCP service
70 7/30/2015 7/30/2015
70
©2007 – Body Temple
35
Specialised Network Devices
Multilayer Switch (MLS) Works at Layer 2 and Layer 3 (Routing) Very popular devices
71 7/30/2015 7/30/2015
71
©2007 – Body Temple
Specialised Network Devices
Load Balancer Fault Tolerance / Redundancy Used to support servers such as: • Web Servers • FTP Servers • Remote Desktop Servers • VPN Servers
72 7/30/2015 7/30/2015
72
©2007 – Body Temple
36
Domain Naming System (DNS)
Resolves FQDN to IP addresses (Forward Lookup) Resolves IP addresses to FQDN (Reverse Lookup) DNS entries held in a database on a server called a Zone
Zone is an area of contiguous namespace for which a DNS server is authoritative DNS Server is able to Forward requests and Cache responses in support of clients 73 7/30/2015 7/30/2015
©2007 – Body Temple
73
DNS Resolution
Host File Local Resolver Cache DNS NetBios Cache
WINS
Local Host File Local Resolver Cache
DNS Server
Broadcast LMHosts 74 7/30/2015 7/30/2015
74
©2007 – Body Temple
37
DNS on the INTERNET ROOT (.)
.
Google.com
COM
FirebrandTraining.com
WWW.UK.FirebrandTraining.com
UK.FirebrandTraining.com
75 7/30/2015 7/30/2015
©2007 – Body Temple
75
DNS Records RECORD
INFO
A
Host Record (IPv4)
AAAA
Host Record (IPv6)
PTR
Reverse Lookup Record
NS
Named Server Record (DNS Server)
MX
Mail Exchange (Email Server)
Alias (Cname)
Used to point friendly name records to other hosts
SOA
Start of Authority (controls DNS Zone transfers and records)
SRV
Service Locator records (eg. location of Domain Controllers and associated services)
76 7/30/2015 7/30/2015
76
©2007 – Body Temple
38
Specialised Network Devices
Proxy Server Two main types: • Caching Proxy
LAN
ROUTER
• Web Proxy
INTERNET
PROXY SERVER
Reverse proxy (incoming from the Internet)
77 7/30/2015 7/30/2015
77
©2007 – Body Temple
Specialised Network Devices
PACKET SHAPER (TRAFFIC SHAPER) Allow for traffic management (bandwidth) Set against network profile
May work with Quality of Service (QOS) configurations
78 7/30/2015 7/30/2015
78
©2007 – Body Temple
39
Specialised Network Devices
VPN CONCENTRATOR Dedicated device to handle multiple VPN (Virtual Private Network) connections and associated configurations
79 7/30/2015 7/30/2015
©2007 – Body Temple
79
Basic Network Device layout
VLANS
SWITCH SERVERS ROUTER
DMZ
FIREWALL
80 7/30/2015 7/30/2015
80
©2007 – Body Temple
40
MODULE 6 TCP/IP
81 7/30/2015 7/30/2015
©2007 – Body Temple
81
Department of Defence (DoD) TCP/IP Model Application Presentation
APPLICATION
Session Transport Network Datalink
Physical
TRANSPORT INTERNET NETWORK INTERFACE
82 7/30/2015 7/30/2015
82
©2007 – Body Temple
41
PORTS
Allow applications or protocols to use specific values for connections Range from 0-65535 0-1023 are reserved for specified TCP/IP applications and are known as “Well Known Ports” Destination and Source port numbers Sockets include IP address and Port Number
83 7/30/2015 7/30/2015
©2007 – Body Temple
83
PORT NUMBERS Application Layer Protocol
Port (s)
Transport Protocol
FTP File Transport Protocol
20/21
TCP
TELNET
23
TCP
SSH
22
TCP
DNS
53
TCP/UDP
DHCP
67/68
UDP
TFTP
69
UDP
HTTP
80
TCP
HTTPS
443
TCP
SMTP
25
TCP
84 7/30/2015 7/30/2015
84
©2007 – Body Temple
42
PORT NUMBERS Application Layer Protocol
Port Number (s)
Transport Protocol
NETBIOS
137,138,139
TCP
LDAP
389
TCP
IGMP
463
UDP
LPR
515
UDP
RDP
3389
TCP
NTP
123
UDP
NNTP
119
UDP
POP3
110
TCP
IMAP4
143
TCP
SNMP
161
UDP
85 7/30/2015 7/30/2015
85
©2007 – Body Temple
Transport Protocols
Transmission Control Protocol (TCP) Connection Orientated TCP Three Way Handshake
Receives an Acknowledgement for packets sent User Datagram Protocol (UDP) Connection-less Used for streaming media and VOIP 86 7/30/2015 7/30/2015
86
©2007 – Body Temple
43
Internet Layer Protocols
Internet Protocol (IP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP)
87 7/30/2015 7/30/2015
87
©2007 – Body Temple
IP
IPv4 IPv6 Windows Clients use dual stack
Command Line Utilities: • IPCONFIG • IFCONFIG (Linux/Unix)
88 7/30/2015 7/30/2015
88
©2007 – Body Temple
44
ICMP
Management and messaging for IP Command line utilities: • PING • PATHPING • TRACERT
89 7/30/2015 7/30/2015
89
©2007 – Body Temple
ARP
Address Resolution Protocol IP to MAC Address Reverse ARP (RARP) resolves IP from MAC address
90 7/30/2015 7/30/2015
90
©2007 – Body Temple
45
MODULE 7 IP ADDRESSING
91 7/30/2015 7/30/2015
91
©2007 – Body Temple
Internet Protocol (IP)
IPv4 32 Bit Address Scheme Divided into Network Address and Host Subnet Mask
Broken in 4 Octets (8 bits) Represented by dotted-decimal notation Eg. 192.168.2.200 / 24 Or 192.168.2.200 255.255.255.0
92 7/30/2015 7/30/2015
92
©2007 – Body Temple
46
Subnetting PUBLIC and PRIVATE address ranges allocated by IANA (Classfull Addressing) PUBLIC Ranges: (Routable on the Internet) Class
Range
Hosts
A
1-126 / 8
16,777, 214
B
128-191 /16
65,534
C
192-223
254
D
224-239
Multicast
E
240-254
Development
93 7/30/2015 7/30/2015
©2007 – Body Temple
93
IP
Private Ranges: (Not routable on the Internet) Class
Range
A
10.0.0.0-10.255.255.255
B
172.16.0.0-172.31.255.255
C
192.168.0.0-192.168.255.255
APIPA – Automatic Private IP Address 169.254.X.X
255.255.0.0
94 7/30/2015 7/30/2015
94
©2007 – Body Temple
47
SUBNETTING
Subnetting allows you to break up large networks into smaller broadcast segments Allows for conservation of host addresses Security
95 7/30/2015 7/30/2015
95
©2007 – Body Temple
IPv6
128 bit Address Range Displayed in hexadecimal format of eight 16bit groups, separated by a colon (:)
Eg: 2001:0db8:85a3:0042:0000:8a2e:0370:7334 May also be written as: 2001:db8:85a3:42::8a28:370:7334 (lead zeros removed)
96 7/30/2015 7/30/2015
96
©2007 – Body Temple
48
IPv6 Addresses
Unicast – one to one (Same as IPv4) Multicast – one to many (Similar to IPv4) Anycast – one to one of many (Unique to IPv6)
97 7/30/2015 7/30/2015
97
©2007 – Body Temple
IPv6
Unicast Addresses: Global Unicast (similar to Public IPv4 addresses) Link Local Unicast (similar to APIPA IPv4 addresses) Unique Local Unicast (similar to Private IPv4 addresses)
98 7/30/2015 7/30/2015
98
©2007 – Body Temple
49
Special IPv6 Addresses
Loopback Address ::1 (127.0.0.1) Link Local Addresses FE80:: (Similar to APIPA addresses)
99 7/30/2015 7/30/2015
99
©2007 – Body Temple
ICMPv6
Replaces IGMP with Multicast Listener Discovery (MLD) Replaces ARP with Neighbour Discovery (ND)
100 7/30/2015 7/30/2015
100
©2007 – Body Temple
50
Troubleshooting IP
Physical Network Components (NIC, Cables, Switches, Routers)
Network Interface Card Configuration IPCONFIG PING TRACERT ARP 101 7/30/2015 7/30/2015
101
©2007 – Body Temple
Network Address Translation (NAT)
NAT allows for the continuation of private IPv4 addressing Translates between Private and Public IP networks (different to Routing)
Simply replaces the source IP address (private) with that of the external (public) IP address to enable routing on the Internet Addition security features (Firewall)
102 7/30/2015 7/30/2015
102
©2007 – Body Temple
51
NAT
Basic NAT NAT-T (IPSEC) NAT-PT (IPv6)
External – Public Interface 101.102.103.104
Internal – Private LAN 192.168.2.0/24 103 7/30/2015 7/30/2015
©2007 – Body Temple
103
MODULE 8 ROUTING
104 7/30/2015 7/30/2015
104
©2007 – Body Temple
52
Routing Tables
Routing table provides the router with a ‘map’ of the network configuration and where it can receive and send packets to/from Typically routing table includes: Destination addresses Gateway locations Interfaces Cost (Metric) 105 7/30/2015 7/30/2015
105
©2007 – Body Temple
Windows Routing Table
Route Print Netstat -r
106 7/30/2015 7/30/2015
106
©2007 – Body Temple
53
Routing information
Routing Tables are updated by: STATIC Routing (Routing information is manually configured) DYNAMIC Routing (Routing protocols automatically update routing information)
107 7/30/2015 7/30/2015
107
©2007 – Body Temple
Static Routing
ROUTE ADD
Router Config
108 7/30/2015 7/30/2015
108
©2007 – Body Temple
54
DYNAMIC ROUTING
Routing Protocols Distance Vector Use algorithms to calculate best routes based on distance (cost) and direction (vector) Transfer the whole routing table to other routers (up to a maximum number of hops) Routing tables are broadcast at regular intervals Used for small/medium size networks
109 7/30/2015 7/30/2015
109
©2007 – Body Temple
Distant Vector Routing Protocols
Routing Internet Protocol (RIP)v1 RIPv2 – increased security (authentication) Border Gateway Protocol (BGP) – used to connect Autonomous Systems (AS) across the Internet (Autonomous Systems use classes of routing protocols Interior and Exterior Gateway Protocol (IGP and EGP))
110 7/30/2015 7/30/2015
110
©2007 – Body Temple
55
Dynamic Routing Protocols
Link State Open Shortest Path First (OSPF) More common IGP (OSPFv2 for IPv4, OSPFv3 for IPv6)
IS-IS (Intermediate System – Intermediate System)
111 7/30/2015 7/30/2015
©2007 – Body Temple
111
Routing Protocols AUTONOMOUS SYSTEM (AS)
AUTONOMOUS SYSTEM (AS)
Exterior Gateway Protocol: BGP
Interior Gateway Protocols: RIP, IGRP, EIGRP, OSPF
112 7/30/2015 7/30/2015
112
©2007 – Body Temple
56
High Availability Routing
Use of ‘Virtual Routers’ Hot Standby Router Protocol (HSRP) – Cisco proprietary Virtual Router Redundancy Protocol (VRRP)
113 7/30/2015 7/30/2015
113
©2007 – Body Temple
IPv6 Dynamic Routing
RIPng EIGRPv6 OSPFv3
114 7/30/2015 7/30/2015
114
©2007 – Body Temple
57
MODULE 9 SWITCHING AND VLANs
115 7/30/2015 7/30/2015
115
©2007 – Body Temple
Switches
LAYER 2 Device Used to create separate collision domains Managed or Unmanaged devices Learn the MAC address of host locations using MAC address forward/filter table
116 7/30/2015 7/30/2015
116
©2007 – Body Temple
58
Spanning Tree Protocol (STP)
Eliminates bridging loops (aka switching loops) Enables switches to detect loops, communicate with other switches and block potential loops taking place ROOT BRIDGE
ROOT PORT
117 7/30/2015 7/30/2015
117
©2007 – Body Temple
Virtual LAN (VLAN)
Switches provide a method of broadcast domain segmentation called Virtual LANs (VLANs) Layer 2 method of creating more broadcast domains VLANs logically divide a switch into multiple, independent switches at Layer 2, each in their own broadcast domain
118 7/30/2015 7/30/2015
118
©2007 – Body Temple
59
VIRTUAL LAN (VLAN) VLAN 2
VLAN 3
VLAN 4
ROUTER
119 7/30/2015 7/30/2015
119
©2007 – Body Temple
VLANs
Each VLAN behaves as if it were a separate switch Packets are forwarded only to ports on that VLAN VLANS require a TRUNK to span multiple switches VLAN Trunking Protocol (VTP) • manages VLANs across a switched internetwork and maintains consistency throughout that network
A port can be assigned to a given VLAN
120 7/30/2015 7/30/2015
120
©2007 – Body Temple
60
VLAN VLAN 2
VLAN 3
Trunk Link
VLAN 2 VLAN 4
ROUTER
121 7/30/2015 7/30/2015
121
©2007 – Body Temple
VLAN
122 7/30/2015 7/30/2015
122
©2007 – Body Temple
61
Additional Switch settings/properties Dependant upon the type/manufacture of the device Quality of Service (QOS) Port Security Port Mirroring Port Bonding Flood Guards Multicasting Power over Ethernet (PoE) 802.3af/802.3at
123 7/30/2015 7/30/2015
©2007 – Body Temple
123
MODULE 10 WIRELESS NETWORKING
124 7/30/2015 7/30/2015
124
©2007 – Body Temple
62
802.11 Standards Standard
Max Throughput
Frequency
Notes
802.11a
54Mbps
5GHz
802.11b
11Mbps
2.4GHz
802.11g
54Mbps
2.4GHz
802.11n
Up to 600Mbps
2.4/5GHz
MIMO
802.11ac
Up to 1Gbps
5GHz
MIMO
125 7/30/2015 7/30/2015
125
©2007 – Body Temple
WLAN Setup
Ad hoc mode Wireless clients connect to each other without an AP Infrastructure mode Clients connect through an AP through one of two modes BSSid (Basic Service Set ID) uses one AP ESSid (Extended Service Set ID) More than one access point exists
126 7/30/2015 7/30/2015
126
©2007 – Body Temple
63
Wireless Components
Wireless Access Point (WAP) Wireless NIC Wireless LAN (WLAN) Controller
127 7/30/2015 7/30/2015
127
©2007 – Body Temple
Wireless Antennas
Transmit and Receive Two Classes: • Omni-directional (point to multipoint) • Directional/Yagi (point to point)
128 7/30/2015 7/30/2015
128
©2007 – Body Temple
64
WLAN Setup
Site Survey Signal Degradation: • Distance • Building construction • Interference
Wireless Security
129 7/30/2015 7/30/2015
129
©2007 – Body Temple
Wireless Security
Threats • Rogue AP • Evil Twin
• WAR Driving/WAR Chalking • Man in the Middle (MitM) Attacks • Denial of Service (DOS)
130 7/30/2015 7/30/2015
130
©2007 – Body Temple
65
Wireless Security
SSID Broadcast Default security settings MAC Filters Shielding Authentication Encryption 131 7/30/2015 7/30/2015
131
©2007 – Body Temple
Wireless Encryption There are three main types of encryption available for wireless networks: Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access version 2 (WPA2)
132 7/30/2015 7/30/2015
132
©2007 – Body Temple
66
Wireless Encryption WEP – Wired Equivalent Privacy was the first attempt at wireless encryption Uses RC4 for encryption and each frame also contains a 24 bit initialisation vector (IV) that is clear text The encryption level is either 40 bit (+24bitIV) or 104 bit (+24bit IV) The IV makes WEP very weak
WEP is easily cracked after a number of packets have been captured by sniffing
133 7/30/2015 7/30/2015
133
©2007 – Body Temple
Wireless Encryption WPA – Wi-Fi Protected Access replaced WEP and initially was more secure. Still in common use but now relatively easy to crack. Also uses RC4 encryption but this time with a 48 bit IV but uses TKIP as part of the encryption process TKIP – Temporal Key Integrity Protocol combines the IV with the key before encrypting and also changes the session key dynamically after a number of packets The weakness of WPA is the passphrase, a length of under 12 characters makes it breakable in a reasonable time
134 7/30/2015 7/30/2015
134
©2007 – Body Temple
67
Wireless Encryption WPA2 is the replacement for WPA and conforms to the 802.11i standard for security Uses the AES encryption algorithm along with CCMP Has been broken but is still seen as secure CCMP – Cipher block Chaining Message authentication Protocol is the process used with AES to provide encryption and provide confidentiality along with authentication of frames
135 7/30/2015 7/30/2015
135
©2007 – Body Temple
Wireless Encryption Wireless authentication can be handled by the access point or by an external server such as RADIUS or TACACS+ The standard that covers external authentication is IEEE 802.1x There are other authentication mechanisms that are part of the EAP – Extensible Authentication Protocol framework. This allows for new technologies to be compatible with wireless. EAP is not usually encrypted LEAP – Lightweight EAP was developed by Cisco and was designed to replace TKIP in WPA PEAP – Protected EAP encapsulates EAP in a TLS tunnel which provides encryption
136 7/30/2015 7/30/2015
136
©2007 – Body Temple
68
MODULE 11 AUTHENTICATION AND ACCESS CONTROL
137 7/30/2015 7/30/2015
137
©2007 – Body Temple
Access Control List (ACL) Often ACLs are utilised on routers to determine which packets are allowed to route through, based on the requesting device’s source or destination Internet Protocol (IP) address or Port Number (Port Filtering)
138 7/30/2015 7/30/2015
138
©2007 – Body Temple
69
Tunneling
Virtual Private Network (VPN) Provides a secure connection between 2 endpoints using a variety of authentication and encryption techniques for the following:
• Remote Access (RAS) – Host-to-Site • Site-to-Site / Host-to-Host • Business-to-Business (B2) / Extranet VPN 139 7/30/2015 7/30/2015
139
©2007 – Body Temple
VPN Types
The main types of tunnels to be familiar with: • Secure Socket Layer (SSL) • Layer 2 Tunneling Protocol (L2TP) • Point to Point Tunneling Protocol (PPTP) • IP Security (IPSEC) • Generic Routing Encapsulation (GRE)
140 7/30/2015 7/30/2015
140
©2007 – Body Temple
70
VPN Types VPN
Port
PPTP
1723
L2TP
1701
IPSEC
500
GRE
47
SSL
443
Notes
ESP (id 50) / AH (id51)
141 7/30/2015 7/30/2015
141
©2007 – Body Temple
IPSEC
Encapsulating Security Payload (ESP) Authenticating Header (AH) Security Association (ISAKMP)
Tunnel Mode Transport Mode
142 7/30/2015 7/30/2015
142
©2007 – Body Temple
71
ENCRYPTION
SYMMETRIC • DES • 3DES • AES
ASYMMETRIC • PUBLIC & PRIVATE Key • Diffie-Hellman • RSA (Rivest, Shamir, Adleman) • PGP (Pretty Good Privacy) 143 7/30/2015 7/30/2015
143
©2007 – Body Temple
Citrix
Terminal Emulation Microsoft based Terminal Services on this technology
144 7/30/2015 7/30/2015
144
©2007 – Body Temple
72
Remote Desktop Microsoft Remote Desktop Services / Terminal Services Uses Remote Desktop Protocol (RDP – Port 3389) May be secured with HTTPS Allows for Remote Desktops for Administration, Remote Assistance and Remote Applications May also be utilised in Virtual Desktop Infrastructure
145 7/30/2015 7/30/2015
145
©2007 – Body Temple
USER AUTHENTICATION
AUTHENTICATION – Proving you are who you say you are!
Authentication protocols: • Something that you know – Password/Pin • Something that you have – Smartcard/token • Something that you are - Biometric
146 7/30/2015 7/30/2015
146
©2007 – Body Temple
73
User Authentication
Certificate Services (Public Key Infrastructure –PKI) Kerberos Active Directory (Domain) Local Authentication – Security Accounts Management (SAM)
147 7/30/2015 7/30/2015
147
©2007 – Body Temple
Authentication Protocols
Password Authentication Protocol PAP Challenge Handshake Protocol CHAP Microsoft CHAP MS-CHAP (MS-CHAPv2)
Extensible Authentication Protocol EAP 802.1x – Network Access Control NAC
148 7/30/2015 7/30/2015
148
©2007 – Body Temple
74
Network Access Control
Cisco NAC / Microsoft NPAS (NAP) Posture Assessment • Antimalware • Updates • Firewall
Guest Networks Quarantine Networks 149 7/30/2015 7/30/2015
149
©2007 – Body Temple
AAA
Centralized Authentication, Authorization and Accounting: Remote Authentication Dial-in User Service RADIUS Terminal Access Controller Access-Controller System TACACS+ (Cisco)
150 7/30/2015 7/30/2015
150
©2007 – Body Temple
75
KERBEROS
Authentication protocol for TCP/IP networks allowing centralization of authentication on a single server (Domain Controller) Uses UDP / TCP port 88 Key Distribution Center TGT (Ticket Granting Ticket) TGS (Ticket Granting Session)
151 7/30/2015 7/30/2015
151
©2007 – Body Temple
Authorization
Permissions Rights Access Controls Share / Security Permissions Security Groups
152 7/30/2015 7/30/2015
152
©2007 – Body Temple
76
MODULE 12 NETWORK THREATS
153 7/30/2015 7/30/2015
153
©2007 – Body Temple
SECURITY
CIA • Confidentiality • Integrity
• Availability
AAA • Authentication • Authorization • Accounting 154 7/30/2015 7/30/2015
154
©2007 – Body Temple
77
SECURITY THREATS
Denial of Service (DOS) Distributed DOS (DDOS) • Smurf • Fraggle • Botnet • SYN Flood 155 7/30/2015 7/30/2015
155
©2007 – Body Temple
SECURITY THREATS
DNS Poisoning ARP Cache Poisoning IP Spoofing Session Hijacking VLAN Hopping
156 7/30/2015 7/30/2015
156
©2007 – Body Temple
78
Malicious Software (Malware)
Virus Worm Trojan Horse Rootkit Adware/Spyware Antimalware / Antivirus System well patched and maintained
157 7/30/2015 7/30/2015
157
©2007 – Body Temple
VULNERABILITIES
Unnecessary Services/Applications Unpatched Systems/Applications Open Ports Unencrypted systems RF Emanation/TEMPEST Insider Threats 158 7/30/2015 7/30/2015
158
©2007 – Body Temple
79
WIRELESS SECURITY
WAR Driving / WAR Chalking WEP/WPA/WPA2 Cracking Rogue Access Point Evil Twin Bluejacking Bluesnarfing 159 7/30/2015 7/30/2015
159
©2007 – Body Temple
SOCIAL ENGINEERING
Using or manipulating users for nefarious gain – Flattery and Authority • Phishing
• Vishing • Tailgating • Shoulder Surfing • Hoax 160 7/30/2015 7/30/2015
160
©2007 – Body Temple
80
SECURITY POLICIES
Security Audit Clean Desk Policy Password Policy Acceptable Usage Policy
161 7/30/2015 7/30/2015
161
©2007 – Body Temple
MITIGATION
User Training and Awareness Patches and Upgrades • OS
• Application • Drivers • Firmware
Anti-Malware Software 162 7/30/2015 7/30/2015
162
©2007 – Body Temple
81
Network Security - MITIGATION
Firewalls IDS IPS PROXY SERVERS
163 7/30/2015 7/30/2015
163
©2007 – Body Temple
VULNERABILITY SCANNERS
NESSUS NMAP MBSA
164 7/30/2015 7/30/2015
164
©2007 – Body Temple
82
PHYSICAL SECURITY
Security Zones • Proximity readers • Mantraps • Badges/Tags
Comms Room Security CCTV
Access Controls 165 7/30/2015 7/30/2015
165
©2007 – Body Temple
RISK AVOIDANCE
Disaster Recovery • Disaster Recovery Plan (DRP)
Business Continuity • Business Continuity Plan (BCP)
Power • Redundant systems • Uninterruptable Power Supply (UPS) 166 7/30/2015 7/30/2015
166
©2007 – Body Temple
83
REDUNDANCY
DISKS • RAID POWER • UPS SERVERS • Clustering • Virtualization NETWORK • Redundant Switches / NICs
7/30/2015 7/30/2015
167
167 ©2007 – Body Temple
RAID
RAID 0 RAID 1 RAID 5 RAID 10
168 7/30/2015 7/30/2015
168
©2007 – Body Temple
84
MODULE 13 Wide Area Networking
169 7/30/2015 7/30/2015
169
©2007 – Body Temple
WAN Terminology CPE - Customer Premises Equipment Demarc – (demarcation point) marks the interface between customer-premises equipment and network service provider equipment. NI – Network Interface (coincides with Demarc)
CSU/DSU (Channel service unit/data service unit) - Connects WAN to customer network Local loop • Connects Demarc to Switching Office (Carrier’s POP) • From Phone Room Closet to Demarc CO – Central Office which connects customer to switched network SOHO – Small Office Home Office 170 7/30/2015 7/30/2015
170
©2007 – Body Temple
85
WAN Media
Copper Carriers (Telephone Industry) • T1 / T3 Lines
Fiber Carriers • Synchronous Optical Network (SONET)(US) • Synchronous Digital Hierarchy (SDH)(EUR)
171 7/30/2015 7/30/2015
©2007 – Body Temple
171
Copper Carriers
CARRIER
CHANNELS
SPEED
T1
24
1.544 Mbps
T3
672
44.736 Mbps
E1
32
2.048 Mbps
E3
512
34.368 Mbps
172 7/30/2015 7/30/2015
172
©2007 – Body Temple
86
Optical Carriers (Synchronous Optical Network) SONET Optical Level
Line Speed
OC-1
51.85 Mbps
OC-3
155.52 Mbps
OC-12
622.08 Mbps
OC-24
1.244 Gbps
OC-48
2.488 Gbps
OC-192
9.952 Gbps
OC-255
13.21 Gbps
OC-768
39.82 Gbps
173 7/30/2015 7/30/2015
173
©2007 – Body Temple
Fiber – Wavelength Division Multiplexing
WDM – Allows for several different optical carriers on a single optical fiber by using different wavelengths. Two technologies used are: • DWDM – Dense WDM • CWDM – Coarse WDM
174 7/30/2015 7/30/2015
174
©2007 – Body Temple
87
Packet Switching
Allows for protocols to use T and OC linked mesh connections to ‘route’ from one location to another Originally used X.25 (CCITT Packet Switching Protocol) Now mostly uses: Frame Relay Asynchronous Transfer Mode (ATM)
175 7/30/2015 7/30/2015
175
©2007 – Body Temple
FRAME RELAY
Primarily used for T-Carrier lines Uses Frame Relay Bridges and/or Routers No guarantee of data integrity but low error rate Creates a Permanent Virtual Circuit (PVC) A permanent virtual circuit (PVC) is a virtual circuit established for repeated use between the same types of equipment.
176 7/30/2015 7/30/2015
176
©2007 – Body Temple
88
ATM
High speed reliable links used for: Voice Data Fax Media (Video/Audio/Imaging)
177 7/30/2015 7/30/2015
177
©2007 – Body Temple
Multi Protocol Label Switching (MPLS)
Replacement for Frame Relay and ATM The process of transporting IP packets by encapsulating them and using a label to specify a path through the network The idea is based upon removing the need for routing table lookups Labels can be based upon source address, QoS value or other parameters Labels can override the routing table MPLS can run over a variety of layer 2 technologies
178 7/30/2015 7/30/2015
178
©2007 – Body Temple
89
‘The Last Mile’
Connection between user and central office Dial-up Digital Subscriber Line (DSL) Cable Satellite Fiber Broadband over Powerline (BPL)
179 7/30/2015 7/30/2015
179
©2007 – Body Temple
DIAL UP POTS or PSTN Expensive Unreliable Requires a dial-up Uses Point to Point Protocol (PPP) to connect, authenticate and negotiate network protocol (TCP/IP) V-Standards V.22 (1,200Bps) – V.92 (57,600 bps)
180 7/30/2015 7/30/2015
180
©2007 – Body Temple
90
Integrated Services Digital Network (ISDN)
ISDN consists of two Channels: Bearer (B Channels) Carry Data, Voice information
Delta (D Channels) Carry setup and configuration information
Basic Rate Interface (BRI) uses 2B+D Primary Rate Interface (PRI) uses 23B+D (US) 8-30B+D (EUR) 181 7/30/2015 7/30/2015
181
©2007 – Body Temple
DSL
Asymmetric Digital Subscriber Line (ADSL) Symmetric DSL (SDSL) Very High Bitrate DSL (VDSL)
Uses existing telephone lines via DSL modem Standard RJ11 connectors Low pass filters to remove DSL for telephone calls Always on
182 7/30/2015 7/30/2015
182
©2007 – Body Temple
91
Wireless WAN
Cellular WAN High Speed Packet Access (HSPA+) WiMAX (World Wide Interoperability for Microwave Access) LTE (Long Term Evolution)
183 7/30/2015 7/30/2015
183
©2007 – Body Temple
VOIP
Uses existing IP network for voice calls Uses three standards RTP – Real Time Transport Protocol
SIP – Session Initiation Protocol H.323
184 7/30/2015 7/30/2015
184
©2007 – Body Temple
92
Troubleshooting WAN Issues
Key problems areas: • Lack of Internet connectivity • Interface errors • Split Horizon • DNS • Router configurations • Security Policy (Firewalls) 185 7/30/2015 7/30/2015
©2007 – Body Temple
185
MODULE 14 TROUBLESHOOTING
186 7/30/2015 7/30/2015
186
©2007 – Body Temple
93
Basics of Troubleshooting Identify the Problem Document
Establish probable cause
Verify functionality
Implement and test solution 7/30/2015 7/30/2015
187
Test Theory
Plan of Action 187 ©2007 – Body Temple
Tools of the trade
Protocol Analyzer Throughput Tester Remote Desktop Software Command Line Tools Wireless Analyzer
188 7/30/2015 7/30/2015
188
©2007 – Body Temple
94
TCP/IP Utilities
IPCONFIG /all /displaydns /registerdns /flushdns /release /renew 189 7/30/2015 7/30/2015
189
©2007 – Body Temple
IFCONFIG (UNIX/LINUX) Eth0 up (enables 1st Ethernet Card) Eth0 down (disables)
190 7/30/2015 7/30/2015
190
©2007 – Body Temple
95
ICMP
PING PATHPING TRACERT
MTR (UNIX/LINUX) (Similar to TRACERT and PING)
191 7/30/2015 7/30/2015
191
©2007 – Body Temple
ARP
Address Resolution Protocol IP to MAC Address
192 7/30/2015 7/30/2015
192
©2007 – Body Temple
96
NETSTAT
-a (connections and listening ports) -o (process ID) -r (routing table)
193 7/30/2015 7/30/2015
193
©2007 – Body Temple
NBTSTAT NETBIOS Names (is case sensitive) -n (local system) -c (cache)
-R (purge and reload cache)
194 7/30/2015 7/30/2015
194
©2007 – Body Temple
97
NSLOOKUP
DNS Diagnosis -ls (list) -d (domain) -t (type)
195 7/30/2015 7/30/2015
195
©2007 – Body Temple
DIG
UNIX/LINUX addition to NSLOOKUP
196 7/30/2015 7/30/2015
196
©2007 – Body Temple
98
Network Monitoring
Baselines • CPU • RAM • HDD • NETWORK
Performance Monitor System Logs (syslog) Traffic Analyzer (Wireshark) SNMP – Simple Network Management Protocol 197 7/30/2015 7/30/2015
197
©2007 – Body Temple
SIEM
Security information and event management (SIEM) is a term for software products and services combining security information management Used for the collation of the following types of information: • Data aggregation • Correlation • Alerting • Compliance • Retention • Forensic analysis 7/30/2015 7/30/2015
198
198 ©2007 – Body Temple
99
Windows Performance Monitoring
199 7/30/2015 7/30/2015
199
©2007 – Body Temple
SNMP Monitoring
200 7/30/2015 7/30/2015
200
©2007 – Body Temple
100
Simple Network Management Protocol
Allows the administrator to set a ‘trap’ on a device to collect information Uses UDP to send communication from the management system to the agent to get information or change configuration SNMPv3 adds message integrity, authentication and encryption. Uses port 161 201 7/30/2015 7/30/2015
201
©2007 – Body Temple
Testing Equipment
Multimeter Testing resistance for shorts
202 7/30/2015 7/30/2015
202
©2007 – Body Temple
101
Tone Locators and Toner Probes
Locate cable runs
203 7/30/2015 7/30/2015
203
©2007 – Body Temple
Cable Tester
Broken wires Improperly wired Cable shorts May record speed and settings (Certifier)
204 7/30/2015 7/30/2015
204
©2007 – Body Temple
102
Cable Tester (advanced)
Time-Domain Reflector (TDR) Optical TDR (for Fiber)
205 7/30/2015 7/30/2015
205
©2007 – Body Temple
Cable Issues Bad wiring/connectors Crosstalk Near End/Far End Crosstalk Attenuation Collisions Shorts Echo (Open Impedance Mismatch) Interference/EMI Split pairs TX/RX Reverse 7/30/2015 7/30/2015
206
206 ©2007 – Body Temple
103
Fiber Cable Issues
Cable Mismatch Bad connectors/dirty connectors Distance limitations Bend Radius
207 7/30/2015 7/30/2015
207
©2007 – Body Temple
Cable Stripper / Crimper
208 7/30/2015 7/30/2015
208
©2007 – Body Temple
104
Butt Set
Used to test Telephone Lines
209 7/30/2015 7/30/2015
209
©2007 – Body Temple
Other Network Issues
Temperature Environment (Humidity) HVAC used to mitigate
210 7/30/2015 7/30/2015
210
©2007 – Body Temple
105
MODULE 15 Management, Monitoring & Optimisation
211 7/30/2015 7/30/2015
211
©2007 – Body Temple
Network Management
Wiring Schematics Physical Network Diagram • Physical Connections
• Network Devices • Computers • Peripherals
212 7/30/2015 7/30/2015
212
©2007 – Body Temple
106
Network Management
Logical Network Diagram • IP Address schemes • Protocols
Domain
• User accounts Organizational Unit
Organizational Unit
Group
Computer
Organizational Unit
Organizational Unit
User
213 7/30/2015 7/30/2015
213
©2007 – Body Temple
Network Management
Asset Management • ISO 19770
IP Address Management • Documentation • IPAM
214 7/30/2015 7/30/2015
214
©2007 – Body Temple
107
Network Management
Policies • Security Policies • Change Management
Standard Business Documents • Statement of Work (SOW) • Memorandum of Understanding (MOU) • Master License Agreement (MLA) • Service Level Agreement (SLA) 215 7/30/2015 7/30/2015
215
©2007 – Body Temple
Change Management Procedures
Document reason for change Change request Configuration procedures Rollback Process Potential Impact Notification 216 7/30/2015 7/30/2015
216
©2007 – Body Temple
108
Change Management Procedures
Approval Process Maintenance Window Authorized Downtime Notification of Change Documentation
217 7/30/2015 7/30/2015
217
©2007 – Body Temple
Network Management
Safety Practices • Electrical Safety • Installation Safety
• Material Safety Data Sheet (MSDS)
218 7/30/2015 7/30/2015
218
©2007 – Body Temple
109
Network Management
Emergency Procedures • Fire Escape Plan • Safety/Emergency Exits • Fail Open/Fail Close • Emergency Alert System • Fire Suppression System
219 7/30/2015 7/30/2015
219
©2007 – Body Temple
Network Optimization
Performance • QOS
Unified Communications Bandwidth • Traffic Shaping
Load Balancing High Availability Caching Engines 220 7/30/2015 7/30/2015
220
©2007 – Body Temple
110
Network Optimization
Backups • Full • Incremental • Differential Backup Type
Data
Backup Time
Restore Time
Storage Space
FULL
All data
Slowest
Fastest
High
INCREMENTAL
New/Modified data
Fast
Slower
Low
DIFFERENTIAL
All data since last full
Moderate
Faster
Moderate 221
7/30/2015 7/30/2015
221
©2007 – Body Temple
Virtualization
Examples of virtualization technology: • VMWare vSphere • Microsoft Hyper-V • Citrix XenServer
222 7/30/2015 7/30/2015
222
©2007 – Body Temple
111
Virtualization
Power Saving Consolidation of Hardware Recovery / Duplication Test and Development Costs
223 7/30/2015 7/30/2015
223
©2007 – Body Temple
Virtualization
Virtual Networking (Switches) Virtual Hard Drives
Virtual Desktops Virtual Applications Network/Infrastructure As A Service (NaaS)(IaaS) Platform As A Service (PaaS) Software As A Service (SaaS) 224 7/30/2015 7/30/2015
224
©2007 – Body Temple
112
Virtualization
Cloud Concepts • Private • Public • Hybrid • Community • Elastic
225 7/30/2015 7/30/2015
225
©2007 – Body Temple
113