Network plus exam cram

From Wikibooks, the open-content textbooks collection

Jump to: navigation, search

Contents

[edit] Domain 1.0 - Media and Topologies - 20%

[edit] 1.1 Recognize the following logical or physical network topologies given a diagram, schematic or description:

  • Star
  • Bus
  • Mesh
  • Ring
  • hybrid

1) A Star network is defined as a network where all computer connect to a central computer or server. It looks like this:

Image:Star topology.png

2) A bus network is defined as a network where all computers share a central backbone to connect all computers together. It looks like this:

Image:Bus topology.png

3) A mesh network is defined as a network where all computers are connected to each other. It looks like this:

Image:Mesh topology.png

Note while the the figure depicting a mesh network is very commonly used, it is not accurate. Computers are rarely connected directly to each other. They usually go through an intermediate network device. Correctly depicted, the devices connecting to each other should be network devices such as switches or routers. Indeed, some form of mesh or partial mesh between network devices is very common in enterprise networks.

4) A ring network is defined as a network where one computer connects to another to form a ring. It looks like this:

Image:Ring topology.png

[edit] 1.2 Specify the main features of 802.x standards and FDDI (Fiber Distributed Data Interface) networking technologies, including:

  • Speed
  • Access method (CSMA / CA (Carrier Sense Multiple Access / Collision Avoidance) and CSMA / CD

(Carrier Sense Multiple Access / Collision Detection))

  • Topology
  • Media


1) 802.2 LLC [Logical Link Control (IEEE 802.2, ISO, OSI)]
Speed: speed depends on the network
Access method: Used with CSMA/CD and token passing.
Topology: Used in Ethernet and Token-Ring networks.
Media: Used with ethernet and token-ring, defines putting the signal on the media.

2) 802.3 Ethernet
Speed: Speed ranges from 10 MBPS to 10 GBPS.
Access method: CSMA/CD
Topology: Commonly used in bus and star configurations.
Media: Either copper or fiber optic based media.

3) 802.5 Token Ring
Speed: 4 MBPS to 1 GBPS
Access method: Token passing
Topology: Star (even though it says Ring, its physical topology is a star)
Media: IBM "Type-1" Shielded Twisted Pair (copper)

4) 802.11x wireless
Speed: 1 MBPS to 108 MBPS
Access method: CSMA/CA
Topology: Wireless - uses wireless access-points to connect users.
Media: Wireless - radio frequencies

5) FDDI
Speed: 100 to 200 MBPS
Access method: Token passing
Topology: Token Ring
Media: Fiber or copper (called CDDI if copper is used, and not FDDI)

[edit] 1.3 Specify the characteristics (speed, length, topology, and cable type) of the following cable standards:

  • 10BASE-T and 10BASE-FL 802.3
  • 100BASE-TX and 100BASE-FX
  • 1000BASE-T, 1000BASE-CX, 1000BASE-SX and 1000BASE-LX
  • 10GBASE-SR, 10GBASE-LR and 10GBASE-ER

1) 10BASE-T
Speed: 10 MBPS
Length: 100 meters
Topology: Ethernet
Cable type: CAT 3 or better

2) 10BASE-FL
Speed: 10 MBPS
Length: 2000 meters
Topology: Ethernet
Cable type: Fiber optic

3) 100BASE-TX
Speed: 100 MBPS (200 mbps - full duplex)
Length: Network segments limited to 100 meters
Topology: Ethernet
Cable type: cat 5 cable

4) 100BASE-FX
Speed: 100 MBPS
Length: 400 meters half duplex or 2000 meters for full duplex
Topology: Ethernet
Cable type: Fiber optic

5)1000BASE-T
Speed: 1 GBPS
Length: each network segment is limited to 100 meters.
Topology: Ethernet
Cable type: Cat 5e ("category 5 enchanced") or cat 6 cable.

6) 1000BASE-CX
Speed: 1 GBPS
Length: 25 meters per network segment
Topology: Ethernet
Cable type: Copper based - STP (shielded twisted pair)

7) 1000BASE-SX
Speed: 1 GBPS
Length: 550 meters.
Topology: Ethernet
Cable type: Multi-mode fiber optics with 0.85 micrometer core.

8) 1000BASE-LX
Speed: 1 GBPS
Length: 5000 meters.
Topology: Ethernet
Cable type: Single mode fiber optic cable.

9) 10 GBASE-SR
Speed: 10 GBPS
Length: 300 meters
Topology: Ethernet
Cable type: Multi-mode fiber optics.

10) 10 GBASE-LR
Speed: 10 GBPS
Length: 2000 meters
Topology: Ethernet
Cable type: Single-mode fiber optics. Used over dark fiber connected to SONET equipment.

11) 10 GBASE-ER
Speed: 10 GBPS
length: 40,000 meters
Topology: Ethernet
Cable type: Uses either single or multi-mode fiber. Used over dark fiber connected to SONET equipment.

[edit] 1.4 Recognize the following media connectors and describe their uses:

  • RJ-11 (Registered Jack)
  • RJ-45 (Registered Jack)
  • F-Type
  • ST (Straight Tip, Stick & Twist - typical with Single-Mode Fiber)
  • AUI and BNC were removed
  • SC (Subscriber Connector or Standard Connector or Stick & Click - typical with Multi-Mode Fiber)
  • IEEE 1394 (FireWire)
  • Fiber LC (Local Connector)
  • MT-RJ (Mechanical Transfer Registered Jack)
  • USB (Universal Serial Bus)


1) RJ-11
Usage: Analog Telephone Systems (POTS - 4 Pins, 2 wires)
Looks like: The other end of the phone the part that goes in the wall

2) RJ-45 (POTS - 8 Pins, 8 wires)
Usage: Ethernet connection
Looks like: A big phone connector

3) F-type
Usage: cable boxes, VCRs, WebTV ect
Looks like:

4) ST
Usage: Gigabit ethernet
Looks like:

5) SC
Usage: Gigabit ethernet
Looks like:

6) IEEE 1394 (firewire)
Usage: digital video serial bus, 400 MBPS speed. IEEE1394b (Firewire 2 essentially) offers up to 800Mbps transfer rates.
Looks like:

7) Fiber-LC
Usage: Gigabit ethernet
Looks like:

8) MT-RJ
Usage: Gigabit ethernet
Looks like:

9) USB
Usage: Used to connect peripherals to the computer (similar to firewire, but slower) only 11mbps. USB 2.0 allows for up to 450 Mbps transfer rates.
Looks like: Has a trident looking symbol on it.

[edit] 1.5 Recognize the following media types and describe their uses:

  • Category 3, 5, 5e, and 6
  • Connectors were removed and media types are listed in detail
  • UTP (Unshielded Twisted Pair)
  • STP (Shielded Twisted Pair)
  • Coaxial cable
  • SMF (Singlemode Fiber) optic cable
  • MMF (Multimode Fiber) optic cable

1) Category 3 cable
Usage: Ethernet based networks running at 10 mbps.
Looks like:


2) Category 5 cable
Usage: Ethernet based networks running at 100 mbps.
Looks like: Looks the same as cat 3 cable, check on the cable to see what type it is.

3) Category 5e cable
Usage:Ethernet based networks running at 1 gbps. Also supports increased network segements of 350 meters instead of 100 meters with regular cat 5 cable.
Looks like: Looks the same as cat 3 cable, check on the cable to see what type it is.

4) Category 6 cable
Usage: Ethernet based networks running at 1 gbps. Its backwards compatiable with cat 5 and cat 3 based networks. Range is 220 meters.
Looks like: Looks the same as cat 3 cable, check on the cable to see what type it is.

5) UTP
Usage: UTP is just another way of saying cat 3, cat 5, cat 5e and cat 6 cable.
Looks like: cat 3, cat5, cat5e, and cat 6 cable.
Image:Utp_patch.gif
6) STP
Usage: STP provides extra protection against EMI (interference) and cross talk. The wire bundle is wrapped in a foil to shield it.
Looks like: cat 3, cat 5, cat5e, and cat 6 cable.

7) Coaxial cable
Usage: Coaxial cable is another term for copper cable.
Looks like: rg58, rg6, rg8

coax

cut coax cable (no connectors)

cut coax cable (no connectors)
Cable Coaxial.jpg

coax cable with end connectors

coax cable with end connectors

8) SMF optical cable
Usage: Fiber uses light transmissions, travels much farther then copper based media, small in diameter and it's lightweight, and it offers significantly faster transmission speeds than other cable media. The downsides to fiber cables are: cables are made of fiberglass or plastic and can break if bent in too sharp of a radius; repair is technically difficult so repair usually involves replacement; cost; they cost tons of money to buy
Looks like: similar to a normal cat cable except it is smaller and SMF is usually yellow

9) MMF optical cable
Usage: Similar to SMF but not as fast or long as single mode fiber.
Looks like: similar to a normal cat cable except it is smaller, but usually bigger then a SMF cable, and MMF is usually orange

Image:MMF_optical.jpg

[edit] 1.6 Identify the purposes, features and functions of the following network components:

  • Hubs
  • Switches
  • Bridges
  • Routers
  • Gateways
  • CSU / DSU (Channel Service Unit / Data Service Unit)
  • NICs (Network Interface Card)
  • ISDN (Integrated Services Digital Network) adapters
  • WAPs (Wireless Access Point)
  • Modems
  • Transceivers (media converters)
  • Firewalls

1) Hubs
Purpose: A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets
Features: Connects a LAN network together
Functions: The function of a hub is to take data from one of the connected devices and forward it to all the other ports on the hub

2) Switches
Purpose: Similar to a hub, in that it provides a central connection between two or more computers on a network, but with some intelligence. They provide traffic control for packets Rather than forwarding data to all the connected ports, a switch forwards data only to the port on which the destination system is connected
Features: Connect a LAN network together as well as intelligently filter the traffic on the network
Functions: The function of a switch is take sort the data packets from its connected devices and distribute them only where needed, reducing the amount of traffic on a network
Image:Switch.JPG

3) Bridges
Purpose: A Bridge is a networking device which connects multiple LANs and forwards or filters data packets between them based on their destination address
Features: Bridges are networking devices that connect networks together
Functions: The function of a bridge is to prevent unnecessary data from crossing connected networks
Image:Bridge.JPG

4) Routers
Purpose: Routers are network devices that literally route data around the network. By examining data as it arrives, the router can determine the destination address for the data; then, by using tables of defined routes, the router determines the best way for the data to continue its journey
Features: Connects networks together and routes information between them so that unnecessary data is not sent to the other networks
Functions: The function of a Router is to determine the next point a data packet needs to be forwarded to on to its destination
Image:Router.JPG

5) Gateways
Purpose: Gateway is a networking device which translates between two dissimilar protocols. A gateway links and translates between local area networks with different protocols
Features: Makes it possible to receive different formatted data and translate to a format which your computer can understand
Functions: The function of a gateway is to translate data from one format to another

6) CSU/DSU (Channel Service Unit / Data Service Unit)
Purpose: A hardware device used to interface between a serial port and a digital circuit. Allows for the connection of networks far apart from each other
Features: Connect a WAN together
Functions: The function of a CSU/DSU is to act as a translator between the LAN data format and the WAN data format
Image:CSUDSU.JPG

7) NICs (Network Interface Card)
Purpose: is a device which plugs into a computer and adapts the network interface to the appropriate standard
Features: The NIC card is used to connect your computer to the network
Functions: The function of a NIC is to connect to the network using a physical card (physical network)

8) ISDN (Integrated Services Digital Network)
Purpose: A device which allows your computer to transmit over ISDN lines
Features: An alternative to a modem, it uses ISDN phone lines
Functions: The function of a ISDN is to connect your computer to an ISDN phone line

9) WAPs (Wireless Access Point)
Purpose: is a transceiver or radio component in a wireless LAN that acts as the transfer point between wired and wireless signal and vice versa
Features: Connects your wired and your wireless devices together
Functions: The function of a WAP is to connect your wireless devices to your wired network setup
Image:WirelessAP.JPG

10) Modem
Purpose: is a device which enables a computer to transmit digital data over analog telephone lines
Features: Connects your computer to the internet using a modem (dial up)
Functions: The function of a modem is to enables a computer to transmit digital data over analog telephone lines

11) Transceivers
Purpose: media converter, is a device which interfaces between the network and a local node
Features: Converts different types of connectors together
Functions: The function of a Transceiver is to connect different media types and connectors together on the network

12) Firewalls
Purpose: a networking device, either hardware or software based, that controls access to your organization's network
Features: Allows for control of administration on your network
Functions: The function of a Firewall is to prevent outside sources from connecting to your networks


[edit] 1.7 Specify the general characteristics (For example: carrier speed, frequency, transmission type and topology) of the following wireless technologies:

  • 802.11 (Frequency hopping spread spectrum)
  • 802.11x (Direct sequence spread spectrum)
  • Infrared
  • Bluetooth

802.11 (FHSS)
FHSS is a technology which allows a transmission to be sent over several frequency. It hops these frequencies in a random but predictable sequence. This type of system reduces interference since it uses several frequencies to communicate.

802.11x (DSSS) *x is a variable
DSSS uses a data signal which is combined with a higher data rate bit sequence, called a chipping code, to increase the signal's resistance to interference. A DSSS signal uses a predefined spreading code which jumps much faster than FHSS.

IEEE Standard---- RF Used -- Spread Spectrum -- Data Rate (Mbps)
802.11 --------------- 2.4GHz --------- DSSS ---------------- 1/2
802.11 --------------- 2.4GHz --------- FHSS ---------------- 1/2
802.11a ------------- 5GHz ------------ OFDM ----------------- 54
802.11b -------------- 2.4GHz --------- DSSS ---------------- 11
802.11g -------------- 2.4Ghz --------- OFDM ---------------- 54

1) 802.11
Carrier speed: 500 Kbps
Frequency: FHSS
Transmission type: Frequency transmission
Topology: Ad hoc

2) 802.11x
Carrier speed: (see chart)
Frequency: DSSS and OFDM (Orthogonal Frequency-Division Multiplexing)
Transmission type: Frequency spectrum transmission
Topology: Ad hoc

3) Infrared
Carrier speed: 115.2 Kbps
Frequency: Light
Transmission type: Uses light to transmit
Topology: Ad hoc

4) Bluetooth
Carrier speed: 720 Kbps
Frequency: Radio waves (FHSS)
Transmission type: Uses Radio waves to communicate
Topology: Ad hoc

[edit] 1.8 Identify factors which affect the range and speed of wireless service (For example: interference, antenna type and environmental factors).


Range
Affected by interference?
The layout of your building can reduce the range. A lot of concrete walls can reduce your range.
Affected by antenna type?
The size of the antenna and the placement greatly affect the range of their signals
Any environmental factors that limit the range?
The weather and amount of water vapor in the air can affect your signals strength

Speed
Affected by interference?
The layout of your building can reduce the speed
Affected by antenna type?
The size of the antenna and its signal can affect your speed
Any environmental factors that limit the speed?
The weather and amount of water vapor can weaken the signal and affect your speed

  • You should also know...

The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. The antenna properties include the gain, beamwidth , and transmission angle
Omnidirectional antennas radiate in a 360-degree pattern in the horizontal place
Patch Antennas are directional antennas with a wide beam width
Yagi antennas are directional antennas with a coverage pattern of 28-80 degrees
Parabolic dish antennas are very high-gain antennas which have very sharp beam of radiation

---

[edit] Domain 2.0 Protocols and Standards 20%

[edit] 2.1 Identify a MAC (Media Access Control) address and its parts.

Each and every Ethernet device interface to the network media (e.g., network adapter, port on a hub) has a unique MAC address, which is "burned" into the hardware when it is manufactured. MAC addresses uniquely identify each node in a network at the Media Access Control layer, the lowest network layer, the one that directly interfaces with the media, such as the actual wires in a twisted-pair Ethernet. In modern Ethernets the MAC address consists of six bytes which are usually displayed in hexadecimal; e.g.,

00-0A-CC-32-FO-FD

MAC addresses have two parts:

1) the first half of the numbers (ie. 00-0A-CC) are the manufacture's code. You can use this code to find out who built the network interface card (NIC).

2) The second half of the numbers (ie. 32-FO-FD) are the card's individual serial number.

[edit] 2.2 Identify the seven layers of the OSI (Open Systems Interconnect) model and their functions.

There are seven layers of the OSI model. When a network devices wants to sent data over the network it begins at layer 7 and moves to layer 1 (encoding). From there it is sent to the receiving computer and the computer decodes that message by beginning at layer 1 and moving to layer 7. An easy way of remembering the layers is to keep this saying in mind "Please do not throw small people around."

Layer 7
Application
Description: Applications and application interfaces for OSI networks. Provides access to lower layers and functions.

Layer 6
Presentation
Description: Negotiates syntatic representations and performs data transformations , e.g. compression and code conversion.

Layer 5
session
Description: Coordinates connection and interaction between applications, established dialog, manages and synchronizes data flow direction.

Layer 4
transport
Description: Ensures end-to-end data transfer and integrity across the network. Assembles packets for routing by layer 3.

Layer 3
network
Description: Routes and relays data units across a network of nodes. Manages flow control and call establishment procedures.

Layer 2
data link
Description: Transfers data units from one network unit to another over transmission circuit. Ensures data integrity between nodes.

Layer 1
Physical

Description: Delimits and encodes the bits onto the physical medium. Defines electrical, mechanical and procedural formats.

[edit] 2.3 Identify the OSI (Open Systems Interconnect) layers at which the following network components operate:

  • Hubs
  • Switches
  • Bridges
  • Routers
  • NICs (Network Interface Card)
  • WAPs (Wireless Access Point)

Hub: Layer 1
Switches: Layer 2
Bridges: Layer 2
Routers: Layer 3
NICs: Layer 2 and Layer 1
WAPs: Layer 1

[edit] 2.4 Differentiate between the following network protocols in terms of routing, addressing schemes, interoperability and naming conventions:

  • IPX / SPX (Internetwork Packet Exchange / Sequence Packet Exchange)
  • NetBEUI (Network Basic Input / Output System Extended User Interface)
  • AppleTalk / AppleTalk over IP (Internet Protocol)
  • TCP / IP (Transmission Control Protocol / Internet Protocol)

1.) IPX/SPX (Internetwork Packet Exchange / Sequence Packet Exchange)
Routing: Routable, multilayered networking protocol
Address Schemes: 12-byte IPX internetwork number represented by 24 hexadecimal digits.
Interoperability:
Naming Conventions:

2.) NetBEUI (Network Basic Input / Output System Extended User Interface)
Routing: Non-routable networking protocol.
Address Schemes: 16-byte name, 15-bytes represent characters in the name, the hidden 16th byte represents the type of service provided by the device.
Interoperability:
Naming Conventions: Must be resolved to a MAC address. Uses WINS to register the name, LMHOSTS is the file that stores the name

3.) AppleTalk / AppleTalk over IP
Routing: Routable networking protocol.
Address Schemes:
Interoperability:Legacy networks can interoperate with TCP/IP based networks.
Naming Conventions:

4.) TCP/IP (Transmission Control Protocol / Internet Protocol)
Routing Routable networking protocol
Address Schemes 32-bit binary number assigned via static (administrator entered) or DHCP (Dynamic Host Configuration Protocol, network assigned).
Interoperability
Naming Conventions Host name used for IP address, resolved via DNS (Domain Name Server)which uses the HOSTS file to match IP address to hosts name

[edit] 2.5 Identify the components and structure of IP (Internet Protocol) addresses (IPv4, IPv6) and the required setting for connections across the Internet.

IPv4

  • Structure: 32-bit number, usually formated for better human readability into 4 bytes printed as decimal value (0-255) for each byte separated by dots (with least significant byte on the right). Example: 123.1.56.233
  • Components:
  • Required settings for connections across the internet:
    • IPv4-Address for Host
    • Subnet mask for Subnet the host is connected to
    • Address of router for traffic to hosts outside the current subnet
    • Address of Domain Name Service (DNS) server

IPv6

  • Structure: 128-bit number, usually formated for better human readability into 8 words (2 bytes) printed as 4-digit hexadecimal numbers separated by semicolons. One continuous section of zeros can be abbreviated as two adjacent semicolons (::). Example: AB01:B300:0000:0000:7891:1266:FEEF:7E55 ; which can be abbreviated as: AB01:B300::7891:1266:FEEF:7E55
  • Components:
  • Required settings for connections across the internet:

[edit] 2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks (For example: Class A, B and C).

Class A 1.0.0.0~126.0.0.0 Subnet 255.0.0.0

Class B 128.16-31.0.0~191.16-31.0.0 Subnet 255.255.0.0

Class C 192.0.0.0~223.0.0.0 Subnet 255.255.255.0

The IP range 127.0.0.0 is reserved for testing, such as 127.0.0.1 is the loopback address for the NIC.

[edit] 2.7 Identify the purpose of subnetting. Default gateways was removed.

The purpose of subnetting is to form smaller networks from one larger network. By doing this we end up getting a faster network because of reduced overhead (broadcast traffic).

[edit] 2.8 Identify the differences between private and public network addressing schemes.

If a host is connected to a public network, then its IP address can be viewed and pinged by anyone. An example of this is www.google.com. Anyone on the internet can view and ping www.google.com, therefore it is on a public network.

A private network is a network that uses RFC 1918 IP address space. Computers may be allocated addresses from this address space when it is necessary for them to communicate with other computing devices on an internal network (non-Internet).

Private networks are becoming quite common in office local area network (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every computer, printer and other device that the organizations use. Another reason for the extensive use of private IP addresses is the shortage of publicly registered IP addresses. IPv6 was created to alleviate this shortage, but is yet to be in widespread use.

Routers on the Internet are (normally) configured to discard any traffic using private IP addresses. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via the internet, different organisations can use the same private address range without risking address conflicts (communications accidentally reaching third party which is using the same IP address).

[edit] 2.9 Identify and differentiate between the following IP (Internet Protocol) addressing methods:

  • Static - A static IP address is a number (in the form of a dotted quad) that is assigned to a computer by an Internet service provider (ISP) to be its permanent address on the Internet.
  • Dynamic - An IP address that is assigned to a host (computer) when they connect to the netword by a DHCP server. When the host disconnects, that IP address is once again free to give to another host. A dynamic IP address is not necessarily different every time a host connects.
  • Self-assigned (APIPA (Automatic Private Internet Protocol Addressing))

A feature of Microsoft Windows, APIPA is a DHCP failover mechanism. With APIPA, DHCP clients can obtain IP addresses when DHCP servers are nonfunctional. APIPA exists in all popular versions of Windows except Windows NT. When a DHCP server fails, APIPA allocates addresses in the private range 169.254.0.1 to 169.254.255.254. Clients verify their address is unique on the LAN using ARP. When the DHCP server is again able to service requests, clients update their addresses automatically.

In APIPA, all devices use the default network mask 255.255.0.0 and all reside on the same subnet.

[edit] 2.10 Define the purpose, function and use of the following protocols used in the TCP / IP (Transmission Control Protocol / Internet Protocol) suite:

  • TCP (Transmission Control Protocol) - Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data using Stream Sockets. The protocol guarantees reliable and in-order delivery of data from sender to receiver. TCP also distinguishes data for multiple connections by concurrent applications (e.g., Web server and e-mail server) running on the same host.
  • UDP (User Datagram Protocol) - Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol or Unreliable Datagram Protocol.UDP does not guarantee reliability or ordering in the way that TCP does.
  • FTP (File Transfer Protocol) - Is used to transfer data from one computer to another over the Internet, or through a network. Specifically, FTP is a commonly used protocol for exchanging files over any network that supports the TCP/IP protocol (such as the Internet or an intranet).
  • SFTP (Secure File Transfer Protocol) - a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer, but is intended to be usable with other protocols as well.
  • TFTP (Trivial File Transfer Protocol) - Trivial File Transfer Protocol (TFTP) is a very simple file transfer protocol, with the functionality of a very basic form of FTP; it was first defined in 1980. Since it is so simple, it is easy to implement in a very small amount of memory, an important consideration at that time. TFTP was therefore useful for booting computers such as routers which did not have any data storage devices. It is still used to transfer small files between hosts on a network.
  • SMTP (Simple Mail Transfer Protocol) - Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. SMTP is a relatively simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist) and then the message text is transferred.
  • HTTP (Hypertext Transfer Protocol) - Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on the World Wide Web. Its original purpose was to provide a way to publish and retrieve HTML hypertext pages.
  • HTTPS (Hypertext Transfer Protocol Secure) - A URL scheme used to indicate a secure HTTP connection. It is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default TCP port (443) and an additional encryption/authentication layer between the HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.
  • POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access Protocol version 4) - POP3 and IMAP4 are the two most prevalent Internet standard protocols for e-mail retrieval. Virtually all modern e-mail clients and servers support both.
  • Telnet - A network protocol used on the Internet or local area network (LAN) connections. Telnet is used to connect to another computer on the network and administer them.
  • SSH (Secure Shell) - Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections.
  • ICMP (Internet Control Message Protocol) - It is chiefly used by networked computers' operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached. The ping command uses ICMP.
  • ARP/RARP (Address Resolution Protocol/Reverse Address Resolution Protocol) - The Address Resolution Protocol (ARP) is the standard method for finding a host's hardware (MAC) address when only its network layer address is known. Due to the overwhelming prevalence of IPv4 and Ethernet, ARP is primarily used to translate IP addresses to Ethernet MAC addresses. Reverse Address Resolution Protocol (RARP) is a network layer protocol used to obtain an IP address for a given hardware (MAC) address.
  • NTP (Network Time Protocol) - A protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer.
  • NNTP (Network News Transport Protocol) - NNTP is an Internet application protocol used primarily for reading and posting Usenet articles (aka netnews), as well as transferring news among news servers.
  • SCP (Secure Copy Protocol) - SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. The SCP protocol is similar to the BSD rcp protocol, however unlike rcp, data is encrypted during transfer, to avoid potential packet sniffers extracting usable information from the data packets. The protocol itself does not provide authentication and security; it relies on the underlying protocol, SSH, to provide these features.
  • LDAP (Lightweight Directory Access Protocol) - An application protocol for querying and modifying directory services running over TCP/IP.
  • IGMP (Internet Group Multicast Protocol) - IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast connections.
  • LPR (Line Printer Remote) - a printer protocol that uses TCP/IP to establish connections between printers and workstations on a network.

[edit] 2.11 Define the function of TCP / UDP (Transmission Control Protocol / User Datagram Protocol) ports.

In the TCP and UDP protocols used in computer networking, a port is a special number present in the header of a data packet. Ports are typically used to map data to a particular process running on a computer.

Ports can be readily explained with an analogy: think of IP addresses as the street address of a block of flats, and the port number as the number of a particular flat within that building. If a letter (a data packet) is sent to the flats (IP) without a flat number (port number) on it then nobody knows who it is for (which service it is for). In order for the delivery to work, the sender needs to include a flat number along with the address of the flats to ensure the letter gets to the right destination.

[edit] 2.12 Identify the well-known ports associated with the following commonly used services and protocols:

  • 20 FTP (File Transfer Protocol)
  • 21 FTP (File Transfer Protocol)
  • 22 SSH (Secure Shell)
  • 23 Telnet
  • 25 SMTP (Simple Mail Transfer Protocol)
  • 53 DNS (Domain Name Service)
  • 69 TFTP (Trivial File Transfer Protocol)
  • 80 HTTP (Hypertext Transfer Protocol)
  • 110 POP3 (Post Office Protocol version 3)
  • 119 NNTP (Network News Transport Protocol)
  • 123 NTP (Network Time Protocol)
  • 143 IMAP4 (Internet Message Access Protocol version 4)
  • 443 HTTPS (Hypertext Transfer Protocol Secure)

[edit] 2.13 Identify the purpose of network services and protocols (For example: DNS (Domain Name Service), NAT (Network Address Translation), ICS (Internet Connection Sharing), WINS (Windows Internet Name Service), SNMP (Simple Network Management Protocol), NFS (Network File System), Zeroconf (Zero configuration), SMB (Server Message Block), AFP (Apple File Protocol), LPD (Line Printer Daemon) and Samba). Example list updated.

DNS - DNS translates IP addresses into host names and vice versa. Think of it as a phone book for the Internet. For example, when you type in www.google.com, DNS translates this into 64.233.169.104 and allows you to connect to it.

NAT - Involves re-writing the source and/or destination addresses of IP packets as they pass through a Router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address.

ICS - Internet Connection Sharing (ICS) is the name given by Microsoft to a feature in recent versions of its Windows operating system (as of Windows 98 Second Edition) for sharing a single Internet connection on one computer between other computers on the same local area network. It makes use of DHCP and Network address translation (NAT).

WINS - Windows Internet Name Service (WINS) is Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names. Effectively, WINS is to NetBIOS names is what DNS is to domain names - a central mapping of host names to network addresses. However, the mappings are dynamically updated (e.g. at workstation boot), so that when a client needs to contact another computer on the network it can get its up-to-date DHCP allocated address.

SNMP - SNMP is used by network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

NFS - Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network as easily as if the network devices were attached to its local disks.

Zeroconf - A set of techniques that automatically create a usable IP network without configuration or special servers. This allows inexpert users to connect computers, networked printers, and other items together and expect them to work automatically.

SMB - Server Message Block (SMB) is an application-level network protocol mainly applied to shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated Inter-process communication mechanism. It is mainly used by Microsoft Windows equipped computers, where it's known simply as "Microsoft Windows Network".

AFP - In Mac OS X, AFP is one of several file services supported including Server Message Block (SMB), Network File System (NFS), File Transfer Protocol (FTP), and WebDAV. It currently supports Unicode file names, POSIX and access control list permissions, UNIX quotas, resource forks, named extended attributes, and advanced file locking. In Mac OS 9 and earlier, AFP was the primary protocol for file services.

LPD - Line Printer Daemon (LPD) A set of programs that provide printer spooling and network print server functionality for Unix-like systems.

[edit] 2.14 Identify the basic characteristics (For example: speed, capacity, and media) of the following WAN (Wide Area Networks) technologies:

  • Packet switching
  • Circuit switching
  • ISDN (Integrated Services Digital Network)
  • FDDI (Fiber Distributed Data Interface)
  • T1 (T Carrier level 1) / E1 / J1
  • T3 (T Carrier level 3) / E3 / J3
  • OCx (Optical Carrier)
  • X.25
  • Frame relay, ATM and Sonet/SDH removed.

[edit] 2.15 Identify the basic characteristics of the following internet access technologies:

  • xDSL (Digital Subscriber Line) - Typically, the download speed of consumer DSL services ranges from 256 kilobits per second (kbit/s) to 24,000 kbit/s, depending on DSL technology, line conditions and service level implemented. Typically, upload speed is lower than download speed for Asymmetric Digital Subscriber Line (ADSL) and equal to download speed for Symmetric Digital Subscriber Line (SDSL). Essentially, DSL connections work by splitting up a single phone line into two 'bands'. The ISP data runs without interference from the phone data using only the high frequencies. The user typically installs a filter on each of the phones which filters those out from the phone, so that the phone only uses or hears the lower frequencies. This creates two completely independent 'bands', allowing the high frequencies to be used by the DSL simultaneously with the phone line without interfering.
  • Broadband Cable (Cable modem) - The term cable Internet access refers to the delivery of Internet service over this infrastructure. The proliferation of cable modems, along with DSL technology, has enabled broadband Internet access in many countries. Bandwidth of business cable modem service typically range from 3 Megabits per second (Mbit/s) up to 30 Mbit/s or more. The upstream bandwidth on residential cable modem service usually ranges from 384 Kilobits per second (kbit/s) to 6 Mbit/s or more. There are few attempts to offer different service tiers beyond the traditional 'home' and 'business' designations.
  • POTS / PSTN (Plain Old Telephone Service / Public Switched Telephone Network) - Plain old telephone service, or POTS, is a term which describes the voice-grade telephone service that remains the basic form of residential and small business service connection to the telephone network in most parts of the world. While POTS provides limited features, low bandwidth and no mobile capabilities, it does provide greater reliability than other telephony systems (mobile phone, VoIP, etc.).

The public switched telephone network (PSTN) is the network of the world's public circuit-switched telephone networks, in much the same way that the Internet is the network of the world's public IP-based packet-switched networks. Originally a network of fixed-line analog telephone systems, the PSTN is now almost entirely digital, and now includes mobile as well as fixed telephones.

  • Satellite - Satellite Internet services are used in locations where terrestrial Internet access is not available and in locations which move frequently. Internet access via satellite is available worldwide, including vessels at sea and mobile land vehicles.
  • Wireless - Wireless is basically the same as wired except data is transferred through radio waves instead of electrically through twisted pair cable.

[edit] 2.16 Define the function of the following remote access protocols and services:

  • RAS (Remote Access Service) - Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was a service provided by Windows NT which allows most of the services which would be available on a network to be accessed over a modem link. The service includes support for dialup and logon, and then presents the same network interface as the normal network drivers (albeit slightly slower). It is not necessary to run Windows NT on the client - there are client versions for other Windows operating systems. A feature built into Windows NT that enables users to log into an NT-based LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and NetBEUI.
  • PPP (Point-to-Point Protocol) - commonly used to establish a direct connection between two nodes. It can connect computers using serial cable, phone line, trunk line, cellular telephone, specialized radio links, or fiber optic links. Most Internet service providers use PPP for customers' dial-up access to the Internet. Two common encapsulated forms of PPP are used in a similar role with Digital Subscriber Line (DSL) Internet service. These are: Point-to-Point Protocol over Ethernet (PPPoE), and Point-to-Point Protocol over ATM (PPPoA)
  • SLIP (Serial Line Internet Protocol) - The Serial Line Internet Protocol (SLIP) is a mostly obsolete encapsulation of the Internet Protocol designed to work over serial ports and modem connections. SLIP modifies a standard Internet datagram by appending a special "SLIP END" character to it, which allows datagrams to be distinguished as separate. SLIP requires a port configuration of 8 data bits, no parity, and either EIA hardware flow control, or CLOCAL mode (3-wire null-modem) UART operation settings. SLIP does not provide error detection, being reliant on other higher-layer protocols for this. Therefore SLIP on its own is not satisfactory over a particularly error-prone dial-up connection. It is however still useful for testing OS' real-time capabilities under load (by looking at flood-ping statistics).
  • PPPoE (Point-to-Point Protocol over Ethernet) - a network protocol for encapsulating PPP frames inside Ethernet frames. It is used mainly with ADSL services where individual users connect to the ADSL transceiver (modem) over ethernet. It was developed by UUNET, Redback Networks, and RouterWare and has been standardized in RFC 2516. Ethernet networks are packet-based and have no concept of a connection or circuit. But using PPPoE, users can virtually "dial" from one machine to another over an ethernet network, establish a point to point connection between them and then transport data packets over the connection.
  • PPTP (Point-to-Point Tunneling Protocol) - The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions.
  • VPN (Virtual Private Network) - A virtual private network (VPN) is a private communications network often used by companies or organizations, to communicate confidentially over a public network. VPN traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider. A VPN can send data (e.g., voice, data or video, or a combination of these media) across secured and encrypted private channels between two points.
  • RDP (Remote Desktop Protocol) - Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Services. Clients exist for most versions of Windows (including handheld versions), and other operating systems such as Linux, FreeBSD, Solaris and Mac OS X. The server listens by default on TCP port 3389. Microsoft refers to the official RDP client software as either Remote Desktop Connection (RDC) or Terminal Services Client (TSC).

[edit] 2.17 Identify the following security protocols and describe their purpose and function:

  • IPSec (Internet Protocol Security) - A suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. IPsec protocols operate at the network layer, layer 3 of the OSI model.
  • L2TP (Layer 2 Tunneling Protocol) - A tunneling protocol used to support virtual private networks (VPNs). L2TP acts like a data link layer (layer 2 of the OSI model) protocol for tunneling network traffic between two peers over an existing network (usually the Internet). L2TP is in fact a layer 5 protocol session layer, and uses the registered UDP port 1701. The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec.
  • SSL (Secure Sockets Layer) - Cryptographic protocol which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. The SSL protocol allow applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security—in which both ends of the "conversation" are sure with whom they are communicating—is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients.
  • WEP (Wired Equivalent Privacy) - Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP was intended to provide confidentiality comparable to that of a traditional wired network. Several serious weaknesses were identified by cryptanalysts; a WEP connection can be cracked with readily available software in one minute or less. WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, followed by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite its weaknesses, WEP provides a level of security that may deter casual snooping.
  • WPA (Wi-Fi Protected Access) - Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues: 1) Either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first security choice in most installation instructions. 2) In the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full security, must be longer than the typical 6 to 8 character passwords users are taught to employ.
  • 802.1x - IEEE 802.1X is an IEEE standard for port-based Network Access Control; it is part of the IEEE 802 (802.1) group of protocols. It provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails. It is used for certain closed wireless access points, and is based on the EAP, Extensible Authentication Protocol (RFC 2284).

[edit] 2.18 Identify authentication protocols (For example: CHAP (Challenge Handshake Authentication Protocol), MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), PAP (Password Authentication Protocol), RADIUS (Remote Authentication Dial-In User Service), Kerberos and EAP (Extensible Authentication Protocol)).

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterward. The verification is based on a shared secret (such as the client user's password).

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000. Windows Vista drops support for MS-CHAPv1.

Compared with CHAP, MS-CHAP:

  • is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol
  • provides an authenticator-controlled password change mechanism
  • provides an authenticator-controlled authentication retry mechanism
  • defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Password Authentication Protocol, sometimes abbreviated PAP, is a simple authentication protocol used to authenticate a user to a remote access server or Internet service provider(ISP). PAP is underused by Point to Point Protocol (PPP). Authentication is a process of validating a user, accessing the resources. Almost all Network operating system remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure, it is used as a last resort when the remote access server does not support a stronger authentication protocol.

Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.

Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner, and also a suite of free software published by Massachusetts Institute of Technology (MIT) which implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping or replay attacks.

Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined by RFC 3748. Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs. Recently, the WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.

[edit] Domain 3.0 Network Implementation 25%

[edit] 3.1 Identify the basic capabilities (For example: client support, interoperability, authentication, file and print services, application support and security) of the following server operating systems to access network resources:

  • UNIX/Linux/Mac OS X Server
  • Netware
  • Macintosh was removed.
  • Windows
  • Appleshare IP (Internet Protocol)

[edit] 3.2 Identify the basic capabilities needed for client workstations to connect to and use network resources (For example: media, network protocols and peer and server services).

A client will need:

  • A network card (either physical or wireless)
  • Software drivers that let that card talk to the operating system
  • Network protocol drivers (usually come with the operating system) to communicate with other machines on the network
  • Presentation layer software that interprets the network data into information understood by the rest of the machine (also called Client Services in some operating systems)

A server will need:

  • All of the above, plus
  • Software that handles network requests for information, returning information from the server to the client. Sometimes call Server Services.

[edit] 3.3 Identify the appropriate tool for a given wiring task (For example: wire crimper, media tester / certifier, punch down tool or tone generator).

  • Wire Crimper: When you need to make a network patch cable
  • Media Tester: When you need to test a network cable (either in wall or a patch cable) and the connectors along the path the signal follows.
  • Punch Down Tool: When you need to connect an infrastructure network cable (ie, the cable that goes in the wall) to the back of a patch panel.
  • Tone Generator: When you don't know where a particular cable comes out in a wiring closet, this will send a signal down the cable that you can audibly detect on the other end.

[edit] 3.4 Given a remote connectivity scenario comprised of a protocol, an authentication scheme, and physical connectivity, configure the connection. Includes connection to the following servers:

  • UNIX / Linux / MAC OS X Server
  • Netware
  • This objective was derived in part from 3.7 and 3.10 in the 2001 version.
  • Windows
  • Appleshare IP (Internet Protocol)

[edit] 3.5 Identify the purpose, benefits and characteristics of using a firewall.

                           Firewalls

In today's network environments, firewalls are being used to protect systems from external as well as internal threats. Although firewalls initially became popular in corporate environments, many home networks with a broadband Internet connection now also implement a firewall to protect against Internet borne threats.

Essentially, a firewall is an application, device, system, or group of systems that controls the flow of traffic between two networks. The most common use of a firewall is to protect a private network from a public network such as the Internet. However, firewalls are also increasingly being used as a means to separate a sensitive area of a private network from less-sensitive areas.

At its most basic, a firewall is a device (it could be a computer system or a dedicated hardware device) that has more than one network interface and manages the flow of network traffic between those interfaces. How it manages the flow and what it does with certain types of traffic depends on its configuration.

             A basic firewall implementation

Image:Firewall-01.JPG

Strictly speaking, a firewall performs no action on the packets it receives besides the basic functions just described. However, in a real-world implementation, a firewall is likely to offer other functionality, such as Network Address Translation (NAT) and proxy server services. Without NAT, any host on the internal network that needs to send or receive data through the firewall needs a registered IP address. Although there are such environments, most people have to settle for using a private address range on the internal network and therefore rely on the firewall system to translate the outgoing request into an acceptable public network address.

Although the fundamental purpose of a firewall is to protect one network from another, you need to configure the firewall to allow some traffic through. If you don't need to allow traffic to pass through a firewall, you can dispense with it entirely and completely separate your network from others.

A firewall can employ a variety of methods to ensure security. A firewall can use just one of these methods, or it can combine different methods to produce the most appropriate and robust configuration. The following sections discuss the various firewall methods that are commonly used: packet-filtering firewalls, circuit-level firewalls, and application gateway firewalls.

                  Packet-filtering Firewalls

Of the firewall methods discussed in this chapter, packet filtering is the most commonly implemented. Packet filtering enables the firewall to examine each packet that passes through it and determine what to do with it, based on the configuration. A packet-filtering firewall deals with packets at the data-link and network layers of the Open Systems Interconnect (OSI) model. The following are some of the criteria by which packet filtering can be implemented:

IP address By using the IP address as a parameter, the firewall can allow or deny traffic, based on the source or destination IP address. For example, you can configure the firewall so that only certain hosts on the internal network are able to access hosts on the Internet. Alternatively, you can configure it so that only certain hosts on the Internet are able to gain access to a system on the internal network.

Port number "TCP/IP (Transmission Control Protocol/Internet Protocol)," the TCP/IP suite uses port numbers to identify which service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow. You might, for example, open port 80 on the firewall to allow Hypertext Transfer Protocol (HTTP) requests from users on the Internet to reach the corporate Web server. You might also, depending on the application, open the HTTP Secure (HTTPS) port, port 443, to allow access to a secure Web server application.

Protocol ID Because each packet transmitted with IP has a protocol identifier in it, a firewall can read this value and then determine what kind of packet it is. If you are filtering based on protocol ID, you specify which protocols you will and will not allow to pass through the firewall

MAC address This is perhaps the least used of the packet-filtering methods discussed, but it is possible to configure a firewall to use the hardware-configured MAC address as the determining factor in whether access to the network is granted. This is not a particularly flexible method, and it is therefore suitable only in environments in which you can closely control who uses which MAC address. The Internet is not such an environment

                     Circuit-level Firewalls

Circuit-level firewallsare similar in operation to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model. The biggest difference between a packet-filtering firewall and a circuit-level firewall is that a circuit-level firewall validates TCP and UDP sessions before opening a connection, or circuit, through the firewall. When the session is established, the firewall maintains a table of valid connections and lets data pass through when session information matches an entry in the table. The table entry is removed, and the circuit is closed when the session is terminated.

                  Application Gateway Firewalls

The application gateway firewall is the most functional of all the firewall types. As its name suggests, the application gateway firewall functionality is implemented through an application. Application gateway firewall systems can implement sophisticated rules and closely control traffic that passes through. Features of these firewalls can include user authentication systems and the capability to control which systems an outside user can access on the internal network. Some also provide bandwidth control mechanisms. Because application gateway firewalls operate above the Session layer of the OSI model, they can provide protection against any software-based network traffic that attempts to pass through them.

The three firewall methods described in this chapter are often combined into a single firewall application. Packet filtering is the basic firewall function. Circuit-level functionality provides NAT,(Network Address Translation) and an application gateway firewall provides proxy functionality. This is a good point to remember for the Network+ exam. --Swiftfox 07:05, 13 May 2006 (UTC)

[edit] 3.6 Identify the purpose, benefits and characteristics of using a proxy service.

A Proxy server is a server that makes internet connections on behalf of the client PCs. All the requests for internet access that are made by a client on a network are executed by the proxy server. In other words a proxy server acts as a point of contact between a private network and a public network such as the internet.

Using a proxy improves the control administrators have over the network because proxys can be configured among other things to prohibit access to non business related sites or to restrict internet access to groups that do not need it.

Also the overall performance of the network is increased due to the proxys ability to cache the pages that users view the most, since this pages are stored on the proxy it can resolve the IP addresses from a hostname without requiring to access the DNS server.

Another advantage is the record keeping capabilities of the proxy servers. This is used by organizations to monitor the use employees make of the internet as it records the requests made along with the time and duration of those requests.

Proxys can be configure manually and automatically. For intranet use make sure that the box for the "Bypass proxy server for local addresses" option is checked.

[edit] 3.7 Given a connectivity scenario, determine the impact on network functionality of a particular security implementation (For example: port blocking / filtering, authentication and encryption).

[edit] 3.8 Identify the main characteristics of VLANs (Virtual Local Area Networks).

A virtual LAN, commonly known as a vLAN or as a VLAN, is a method of creating independent logical networks within a physical network. Several VLANs can co-exist within such a network. This helps in reducing the broadcast domain and aids in network administration by separating logical segments of a LAN (like company departments) that should not exchange data using a LAN (they still can exchange data by routing).

A VLAN consists of a network of computers that behave as if connected to the same wire - even though they may actually be physically connected to different segments of a LAN. Network administrators configure VLANs through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs emerges when physically moving a computer to another location: it can stay on the same VLAN without the need for any hardware reconfiguration.

[edit] 3.9 Identify the main characteristics and purpose of extranets and intranets.

An intranet is a private computer network that uses Internet protocols, network connectivity to securely share part of an organization's information or operations with its employees. Sometimes the term refers only to the most visible service, the internal website. The same concepts and technologies of the Internet such as clients and servers running on the Internet protocol suite are used to build an intranet. HTTP and other Internet protocols are commonly used as well, FTP.There is often an attempt to use Internet technologies to provide new interfaces with corporate 'legacy' data and information systems.

Briefly, an intranet can be understood as "a private version of the Internet," or as a version of the internet confined to an organization.

An extranet is a private network that uses Internet protocols, network connectivity, and possibly the public telecommunication system to securely share part of an organization's information or operations with suppliers, vendors, partners, customers or other businesses. An extranet can be viewed as part of a company's Intranet that is extended to users outside the company (e.g.: normally over the Internet). It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with other companies as well as to sell products to customers.

Briefly, an extranet can be understood as "a private intranet over the Internet".

An argument has been made that "extranet" is just a buzzword for describing what institutions have been doing for decades, that is, interconnecting to each other to create private networks for sharing information. Even if this argument is valid, the term "extranet" is still applied and can be used to eliminate the use of the above description.

Another very common use of the term "extranet" is to designate the "private part" of a website, where "registered users" can navigate, enabled by authentication mechanisms on a "login page".

[edit] 3.10 Identify the purpose, benefits and characteristics of using antivirus software.

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).

Antivirus software typically uses two different techniques to accomplish this:

Examining (scanning) files to look for known viruses matching definitions in a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods. Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.

[edit] 3.11 Identify the purpose and characteristics of fault tolerance:

  • Power
  • Link redundancy
  • Storage
  • Services

[edit] 3.12 Identify the purpose and characteristics of disaster recovery:

  • Backup / restore
  • Offsite storage
  • Hot and cold spares
  • Hot, warm and cold sites

vital activities:

Business Continuity a lifeblood responsibility.
Disaster recovery a fundamental responsibility.

[edit] Domain 4.0 Network Support - 35%

[edit] 4.1 Given a troubleshooting scenario, select the appropriate network utility from the following:

  • Tracert / traceroute: Traceroute is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network. This can help identify routing problems or firewalls that may be blocking access to a site. Traceroute is also used by penetration testers to gather information about network infrastructure and IP ranges around a given host. It can also be used when downloading data, and if there are multiple mirrors available for the same piece of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.
  • ping: If you are having connectivity problems, you can use the ping command to check the destination IP address you want to reach and record the results. The ping command displays whether the destination responded and how long it took to receive a reply. If there is an error in the delivery to the destination, the ping command displays an error message.
  • arp: You can use Arp to check for and resolve problems that might occur when multiple hosts end up with the same IP address. If the MAC address displayed for a particular IP address in your PC’s arp table (via arp –a) isn’t what you expect, it might be that you have two hosts on your network that have been assigned the same IP address. Of course, since the IP address is supposed to be a unique identifier of each host on the TCP/IP network, having multiple hosts with the same address is not a good thing. The symptom to a user of this is that a user tries to get to a machine by IP address and either cannot, or gets to the wrong machine (the one with the bad IP address). You can go to the machine that you think is at that IP address and type arp –N if_addr (where if_addr is the network interface number, normally 0) to display its MAC address. If it doesn’t match the one displayed by the arp –a command on your PC, you’ve found the problem.
  • netstat: Netstat is a utility that you can use to display your computer's connections to the Internet. It's a useful tool for monitoring connections and diagnosing problems. You can tweak netstat commands by adding arguments at the end of the command. Since netstat is run from a command prompt, it doesn't require you to install special software.
  • nbtstat: The nbtstat command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat - a < name > command performs a NetBIOS adapter status command on the computer name specified by < name> . The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name.
  • ipconfig / ifconfig: Common uses for ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface.[1] At boot time, many UNIX-like operating systems initialize their network interfaces with shell-scripts that call ifconfig. As an interactive tool, system administrators routinely use the utility to display and analyze network interface parameters. The following example output samples display the state of a single active interface each on a Linux-based host (interface eth0) and the ural0 interface on an OpenBSD installation. ipconfig (internet protocol configuration) in Microsoft Windows is a console application that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings.
  • winipcfg: WINIPCFG is a graphical version of IPCONFIG. It can be found in the Windows client operating systems, such as Windows 9.x. It may also be found in the Windows NT Resource Kit optional CD. To use WINIPCFG go to the Command Prompt and type WINIPCFG.
  • nslookup / dig: nslookup, dig, and host are useful commands that allow you to perform DNS queries, and to test out your DNS configuration.

[edit] 4.2 Given output from a network diagnostic utility (For example: those utilities listed in objective 4.1), identify the utility and interpret the output

[edit] 4.3 Given a network scenario, interpret visual indicators (For example: link LEDs (Light Emitting Diode) and collision LEDs (Light Emitting Diode)) to determine the nature of a stated problem.

[edit] 4.4 Given a troubleshooting scenario involving a client accessing remote network services, identify the cause of the problem (For example: file services, print services, authentication failure, protocol configuration, physical connectivity and SOHO (Small Office / Home Office) router).

[edit] 4.5 Given a troubleshooting scenario between a client and the following server environments, identify the cause of a stated problem:

  • UNIX / Linux / Mac OS X Server
  • Netware
  • Windows
  • Appleshare IP (Internet Protocol)

[edit] 4.6 Given a scenario, determine the impact of modifying, adding or removing network services (For example: DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name Service) and WINS(Windows Internet Name Service)) for network resources and users.

[edit] 4.7 Given a troubleshooting scenario involving a network with a particular physical topology (For example: bus, star, mesh or ring) and including a network diagram, identify the network area affected and the cause of the stated failure.

[edit] 4.8 Given a network troubleshooting scenario involving an infrastructure (For example: wired or wireless) problem, identify the cause of a stated problem (For example: bad media, interference, network hardware or environment).

[edit] 4.9 Given a network problem scenario, select an appropriate course of action based on a logical troubleshooting strategy. This strategy can include the following steps:

1. Identify the symptoms and potential causes

2. Identify the affected area

3. Establish what has changed

4. Select the most probable cause

5. Implement an action plan and solution including potential effects

6. Test the result

7. Identify the results and effects of the solution

8. Document the solution and process

[edit] Further reading

Retrieved from "http://en.wikibooks.org/wiki/Network_plus_exam_cram"
Personal tools
Create a book