EXAM/(CRAM The Network+ Cram Sheet This Cram Sheet contains the distilled key facts about the CompTIA Network+ exam. Review this information as the last thing you do before you enter the testing center, paying special attention to those areas in which you think you need the most review. You can transfer any of these facts from your head onto a blank sheet of paper immediately before you begin the exam. Networking Fundamentals > As datas passed up or down through the OS! model structure, headers are added (going down) or removed (going up) at each layer—a process called encapsulation {when added) or decapsulation (when removed). fable 1—Summary of the OSI Model ‘OSI Layer Description “Application (ayer) Provides acoossto the network for applications and oerian = user functions. Displays incoming information and prepares outgoing information for network access. Presentation (Layer 6) | Converts data from the appication layer into a format that can be sent over the network. Converts data from the session layer into a format that the appication layer can understand. Enerypis and decrypts data, Provides compression and decompression functionality ‘Session (Layer 5) ‘Synchronizes the data exchange between applications on separate devices. Handles ear detection and notification to the peer layer on the other device. jransport (Layer 4) Establishes, maintains, and bresks connectons between twa devices. Determines the ordering and priorities of data. Performs erar checking and verification and handles retransmissions it necessary. Network (Layer 3) Provides mechanisms for the routing of data between devices cross single o multiple network segments, Handes the discovery of destination systems and addressing. Data link {Layer 2) Has two distinet sublayers: link layer control {LLC} and media access. cantral (MAC). Performs eror detection and handling for the transmitted signals. Defines the method by which the medium is accessed. Defines. hardware addressing through the MAG sublayer. Physical (Layer 1) Defines the network's physical structure. Defines voltage/signal rates and the physical connection methods. Defines the nhysical topology. > A local-area network (LAN) is a data network that is restricted to a single geographic location and typically encompasses a relatively small area, such as an office building or school, The func- tion of the LAN is to interconnect workstation computers and devices for the pumpose of sharing files and resources. & A wide-area network (WAN) is. network that spans more than one geographic location, often connecting separated LANS. WANS are slower than LANs and often require additional and costly hardware such as routers, dedicated leased lines, and complicated implementation procedures, > Personal multiple LANs within that limited geographical area are usually called a campus-area network (CAN). CAN may have nothing to do with a college but consists of office buildings in an enterprise “campus,” industrial complex, military base, or anywhere else. In reality, a CAN is a WAN, but what makes it istinct is the confined geographic area it includes, > A personal-area network (PAN) is essentially a LAN created to share data among devices associated with you. Wireless technologies have taken PAN further and intaduced anew term— wireless personal-area network (WPAN), WPAN refers to the technologies involved in connecting dovicas in very close proximity to exchange data or resources, usually through the use of Bluetooth, infrared, or nezr-fleld communication (NFC). > A software-defined wide-area network (SDWAN) is an extension of software-defined network ing (SDN), which is commonly used in telecom and data centers, on a large scale, The concept behind itis to take many of the principles that make cloud computing so attractive and make them accessible at the WAN level» A storage-area network (SAN) consists of just what the name implies: networkedl/shared storage ‘devices. With clustered storage, you can use multiple devices to increase performance. SANS are subsets of LANs and offer block-level data storage that appears within the operating systems ‘of the connected devices as locally attached devices. > The role of the client computer in the client/server model is to request the data from the server and present that data to the users. » A topology refers to a network's physical and logical layout. A network's physical topology refers to the actual layout of the computer cables and other network devices. & network's logical topol- ‘ogy refers to the way in which the network appears to the devices that use it. > Documentation should also include diagrams of the physical and logical network design. The physical topology refers to how a network is physically constructed—how it looks. > Wireless networks typically are implernented using one of two wireless topologies: infrastructure (managed, wireless topology) or ad hoc (unmanaged, wireless tepology). » The term hybrid topology also can refer to the combination of wireless and wired networks but ‘often just refers to the Combination of physical networks, » Unshielded twisted-pair (UTP) cabling is classified by category. Categories include 5/5e, 6/6a, 7, and 8 and offer transmission distances of 100 meters > F-type connectors are used with coaxial cable, most commonly to connect cable modems and ‘TVs, F-type connectors are screw-type comectors, » ST, FC, SC, LC, and MT-RJ connectors are associated with fiber cabling. ST and FC connectors coffera twist-type attachment, and SC, LC, and MT-RJ connectors are push-on. You can choose ‘to purchase ones that are either angled physical contact (APC) er uttra-physical contact (UPC). > RU-45 connectors are used with UTP: cable and are associated with networking applications, AU-11 connectors are used with telephone cables. FU-48C connectors are used for T1 and ISDN ‘tamination. > Plenum-rated cables are used to run cabling through walls or ceilings. » The horizontal cabling extends from the telecommunications outlet, or network outlet with RJ-45, ‘connectors, at the client end. tt includes all cable from that outlet to the telecommunication rom. to the horizontal cross-connect. > Vertical cable, orlbackbone cable, refers to the media used to connect talecommunication rooms, server rooms, and remate locations and offices » Two maintypes ef punchdewn blocks are type 68 and type 110. Block 66 was used primarily for voice communication, and the 110 block is used to connect network cable to patch panels, Krone and Bix blocks also exist. These two require different blades in the punchdown tools (Krone, for example, requires a separate scissor-like mechanism for trimming the wire} to work with them. Bix (Building Industry Cress-cennect) is certified for Cat Se. Bix is popular in older implementations, and Krone is more popular internationally. Table 2—Twisted-Pair Cable Categories Category Common Application 5 100 Mbps Be 71000 Mbps @ 710/100/1000 Mops plus 10 Gbps. Ga 10 Gaps and bayand networking 7 High-speed networking a High Speed networking aver short distances. Up to 40 Gps, > TIWEIA 568 and 568B are telecommunications standards from Telecommunications Industry Association (TIA) and Electronic Industries Association (E/A) that specify the pin arrangements for the RJ-45 connectors on UTP or STP cables. The number 568 refers to the order in which ‘the wires within the cable are terminated and attached to the connector. Often refered to as ‘T568A and T5685 (for termination standard), they are quite similar; the difference is the order in which the pins are terminated. The signal is the same for both. Both are used for patch ‘cords in an Ethemet network. Bo CC mrad Class | Address Range Default Subnet Mask A 10.0.0.0 to 10.255.255.255 255.0.0.0 5 172.16.0.0 to 172.31.255.255 255,255.00 c 192.168.0.0 to 192, 168,255,255 255 255.255.0» A MAC address is a 6-byte hexadecimal address that allows a device to be uniquely identified on the network. A MAG address combines numbers and the letters A to F. An example of a MAC address is 00:D0:59: 09:07:51 } A Class A TCP/IP address uses only the first octet to represent the network portion, a ‘Class B address uses two octets, and a Class C address uses three octets. > Class A addresses span from 1 to 126, with a default subnet mask of 255.0.0.0. > Class B addresses span from 128 to 191, with a default subnet mask of 255,255.0.0. > Class C addresses span from 192 to 223, with a default subnet mask of 255.255 .255.0. > The 127 network ID is reserved for the IPv4 local loopback. Network Address Translation (NAT) translates private network addresses into public network addresses > Subnetting is a process in which parts of the hest ID portion of an IP address are used to create more network IDs. } Automatic Private IP Addressing (APIPA) is a system used on Windows to automatically sself-assign an IP address in the 169.x.x.x range in the absence of a DHCP server, > Domain Name Service (DNS) resolves hostnames to IP addresses. DNS record types include A, MX, AMMA, GNAME, and PTR. Dynamic DNS (DDNS) automatically updates DNS information often in real time. > Port Address Translation (PAT) is a variation on NAT in which all systems on the LAN are translated into the same IP address but with different port number assignments. > In addressing terms, the CIDR value is expressed after the address, using a slash So, the address 192.168.2. 1/24 means that the node's IP address is 192. 168.2.1 and ‘the subnet mask is 255.255 255.0. > IPv6 networks use Stateless Address Auto Configuration (SLAAC) to assign IP addresses. With SLAC, devices send the router a request for the network prefix, and the device ‘then uses the prefix along with its own MAG address to create an IP address. ‘Table 4—Comparing |Pv4 and IPv6 Address Feature IPv4 Address IPV6 Address: Loopback address 127.0.0.1 0:0:0-0:0:0:0:1 (::4) Networkwide addresses | IPv4 public address ‘Global unicast IPv6 addresses ranges Private network 100.00 Site-local address ranges addresses 172.16.0.0 (FECO:) 192.168.0.0 ‘Autoconfigured [Pv4 automatic private IP | Link-local addresses of FEBO:: addresses addressing (169.254.0.0) | prefix >A network's demarcation point refers to the connection point batwieen the Internet service provider's (ISP's) part of the network and the customer's portion of the network Table 5—Port Assignments for Commonly Used Protoc: Protocol | Port Assignment Protocol | Port Assignment FTP 20, 2 SMB a5 SSH 2 ‘Syslog Si SFTP 2 SMTP over | 587 Tenet 2 Ts SMTP 25 LDAPS 26 DNS Ea IMAP aver | 98 DHCP 67,68 SS = THP e a ar 2 SOlseve | 1433 POPS ir) 7 = ‘SQinet 21 IMAP 73 MySQL 3206 SNMP 161, 182 ROP 3389 LOAP 380 SP. 5060, 5067 HTTPS 43D The bus network topology is also known as a linear bus because the computers in such a network are linked using a single cable called a trunk or backbone. If a terminator on a bus network is loose, data communications might be disrupted. Any other break in the cable will cause the entire network segment to tall > Ina star/hub-and-spoke configuration, all devices on the network connect to a central device, and this central device creates a single point of failure on the network. The ring topology is.a logical ring, meaning that the data travels in a circular fashion from ‘one computer to another on the network. Its not a physical ring topolegy. If single computer or section of cable fails, the signa is interrupted. The entire network becomes inaccessible. The wired mesh topology requires each computer onthe network to be individually connected to every other device. This configuration provides maximum reliability and redundancy for the network, } A wireless infrastructure network uses a centralized device known as a wireless access point (WAP). Ad hoc wireless topologies are a peer-to-peer configuration and do not use a wireless access point Table 6—TCP/IP Suite Selected Summary Protocol Protocol Name Description 1P Intemet Protocol ‘Aconnectionless protocol used to move data around a network. TOP Transmission Control Protocol | A connection-oniented protocol that offers flow control, sequencing, and retransmission of dropped packets. UDP User Datagram Protocol ‘Aconnectionless alternative to TCP used for applications that do not require the functions offered by TOP. FIP File Transfer Protocol A protocol for uploading and downloading files to and from a remote host. Also accommodates basic fle- management tasks, SFTP Secure File Transfer Protocol | A protocol for securely uploading and downioading files to and from a remote host. Based on SSH security, TTP Trivial File Transfer Protocol __| A file transfer protocol that does not have the security er emor checking of FIP. TFTP uses UDP as a transport protocol and therefore is connectioniess. SMTP Simple Mail Transfer Protocol | A mechanism for transporting email across networks, HTTP Hypertext Transfer Protecol ‘An insecure protocol for retrieving files from a web server. HTTPS Hypertext Transfer Protocol ‘A secure protocol for retrieving files Secure froma web server, POP3IMAP4 | Post Office Protocol version 3/ | A protocol used to retrieve email from Intemet Message Access the server on which it is stored. Gan Protocol version 4 only be used te retrieve mail. IMAP and POP cannot be used to send mail Telnet Telnet ‘A protocol that allows sessions to be opened on a remote host. Gonsidered insecure. SSH Secure Shell ‘A protocol that allows secure sessions to be opened on a remote host ICMP intemet Control Message ‘A protocol used on IP-based networks for error reporting, flow control, and route testing.Protocol Name. Description ARP ‘Address Resolution Protocol | A protocol that resolves IP addresses to MAG addresses to enable communication between devices. RARP Reverse Address Resolution | A protocol that resolves MAC addresses Protocol to IP addresses, NTP Network Time Protocol ‘A protocol used to communicate time synchronization information between devices, NNTP Network News Transfer ‘A protocol that facilitates the acoess Protocol and downloading of messages from newsgroup servers. scP Secure Copy Protocol ‘A protocol that allows fies to be copied securely between two systems. Uses Secure Shell (SSH) technology to Provide encryption services. LDAP Lightweight Directory Access | A protocol used to access and query Protocol directory Services systems such as Microsoft Active Directory. IGMP Internet Group Management —_| A protocol that provides a mechanism Protocol for systems within the same multicast Group to register and communicate with each other. DNS) Domain Name System/Service | A protocol that resolves hosinames to IP addresses, DHGP Dynamic Host Configuration | A protocol that automatically assigns Protocol TCPYIP information. SNMP. Simple Network Management | A protocol used in network management Protocol systems to monitor network-attached devices for conditions that may need attention from an administrator. TLS Transport Layer Security ‘A security protocol designed to ensure Privacy between communicating client server applications. SIP Session Initiation Protocol ‘An application-layer protocol designed to establish and maintain multimedia sessions Such as Internet telephony calls, > A three-tiered architecture separates the user interface, the functional logic, and thedata storage/access as independent modules/platfoms. & Internet Small Computer System Interface (SCSI) allows SCSI commands to be sent over IP networks to SCSI devices } Fibre Channal is widely used for high-speed fiber networking and has become common in enterprise SANs. > The National Institute of Standards and Technology (NIST} defines thrae cloud computing service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a semice (laa8). > NIST defines four possible cloud delivery models: private, public, community, and hybrid, © A virtual switch (vSwitch) works the same as a physical switch but allows multiple switches to exist on the same host, saving the implementation of additional hardware. > A virtual firewall (VF) is either a network firewall service or an appliance running entirely within the virtualized environment. Regardless of which implementation, a virtual firevall serves the Same purpose as a physical one: packet fitering and monitoring. The firewall can also run ina guest OS. VM. > Ina virtual environment, shared storage can be done on storage-area network (SAN), netwark- attached storage (NAS), and so on, but the virtual machine sees only a “physical disk." With Clustered storage, you can use multiple devices to increase perfomance. Switches introduce microsegmentation, by which each connected system effectively operates onits own dedicated network connection.Be ee lel ag IEEE Frequency/ | Speed | Topology ‘Transmission ‘Access ‘Standard | Medium Range Method 802.11 2aGHZRF | 1to2 ‘Ad hhocl 20 feet indoors CSMA/CA Mbps infrastructure ‘B02.11a | SGHE Up to 54_| Ad hoc/ 25 to 75 feet CSMAICA Mops infrastructure | indoors; range can be affected by building materials BO21ib | 24GHz Upto 11 | Ad hoc? Up to 150 feet CSMACA Mops infrastructure | indoors; range can be affected by buiding materials 802.119 | 24 GHz Up to 54 | Ad hoo/ Up to 150 feet CEMAICA Mbps infrastructure | indoors; range can be affected by building materials e02.11n | 2.4 GHzr Upto 600 | Ad hoos 175+ feet indoors; | CSMA/CA WiFi 4) | 5GHz Mops infrastructure | range can be affected by building materials ‘802.11ac | 5 GHz Upto 13 | Adhoc/ 115+ feet indoors; | CSMA/CA (WiFi 5) Gbps infrastructure | range can be affected by building materials e02.11ax | 2.4 GHzf Upto 14 | Adhocs -230 feet indoors; | CSMA/CA WiFi 6) | 5 GHz Gbps infrastructure | range can be affected by building materials Network Implementations } Quality of service (QoS) allows administrators to predict bandwidth use, monitor that use, and ‘control it to ensure that bandwidth is available to applications that need it. > Arouter that uses a link-state protocel differs from a router that uses a distanoe- vector protocol because it builds a map of the entire network and then holds that map in memory. Link-state protocols include Open Shortest Path First (OSPF) and Intermediate System-to: Intermediate System (S- 8} } Hops are the means by which distance-vector routing protocols determine the shortest way to reach a given destination. Each router constitutes one hop, so if a rauteris four hops away ‘from another router, there are three routers, or hops, between itself and the destination. ® Routing Information Protocol version 2 (RIPV2) is a distance-vector routing protocol used for TCPYP. » The route add command adds a static route to the routing table. The route add command with the =p switch makes the static route persistent. > Distance-veeter routing protecols operate by having each router send updates about all the ‘ther routers it knows about to the routers directly connected to it. Protocols include RIP, RiPv2, and EIGRP. > When you want the best of both worlds, distance-vector and link-state, you can turn toa hybrid protocol. A popular hybrid protocol is the Border Gateway Protocol (BGP) > Defautt gateways are the means by which a device can access hosts on other networks for which it does not have a specifically configured route.EXAM/(CRAM The Network+ Cram Sheet Continued Device Description Key Points Hub ‘Connects devices on an ‘A hub does not pertoem any tasks besides sonal Eineenet twistad-parr network | regeneration. It simply forwards dats 10 all nocles connected 10 fi. Bridge: ‘Connects two network ‘A bridge operates at the data ink layer and i fters, segments forwards, oF floods an incoming frame based on he packet's MAC address ‘Switch ‘Connacts devices on @ ‘A sudich forwards data tolls destination by using ‘twdsted-pair network the MAC addross embedded ineach packet. Itonly forwards datate nodes that need to receive it. Router ‘Connects networks 'A router Uses the software-configured network address tomate forwarding decisions. Repeater ‘Amplites a wireless signal to | This increases the distance fat the elent aystem can (ooosteriweeiess | make it stronger bbe placed from the access point and stil be on he extended networt, Modem Provides seal Modems modiate the digital agnal wie analog at the ‘communication capabilities | sending end and perform fre reverse function at the across phone lines recannig and. Frevall Provides controled data Firewalls can be hardware or software based. They are access between networks an essentid pat of anetwork's securty strategy Mulllaye switch | Functlona.aa a ewitch or ‘Thedevice operates on Layers 2 and 3 of the OS modal renter a3 a swatch and can perform routar funetionality. Load balancer Datibites network oad Load balandnginereases redundancy and performance bby distributing theload tomultipie servers, VPN cencentvator | Increases remote-accesa "This device establishes a secure connection (Rinne) security between the sending and receiving network devices. ‘Access point Used to ceate a wireless "This device uses the wireless Infastucture network LAN and to extend a vied | mode to provide a connection point between WLANS network anda wired Ethemet LAN. TOSS Detects and prevents "This davies monfiors the nabrovk and atiempia to innrusiona detect/prevent intrusion attempts Media comeray | Connacte iwodisoinia typea | ‘This device canbe used for of network med. > Snale mode fiber to Ethernet > Snale mode to multimode fiber > Mutimeds fiber to Etnernat > Fiberto coaxal Wireless LAN Used wih branchvemate When an AP boots, authenticates with contober ‘office depioymants toe 8 contober before it can start workeng ‘winkess aurhentication as an AP, > An intrusion detection system (IDS) can detect malware or other dangerous traffic that may pass undetected by the firewall. Most IDSs can detect potentially dangerous cortent by its signature, > An intrusion prevention system (IPS} isa network device that continually seans the network, looking for inappropriate activity. t an shut down or prevent any potential threats, > A virtual private network (VPN) extends a LAN by establishing a remote connection, a. connection tunnel, using a public network such as the Internet. Common VPN implementations include site to site/hast to site*host to host. > AVPN headend (or headend) is a server that receives the incoming signal.and then decodes/ ‘encodes it and sends it on > PPTP creates a secure tunnel between two points ona network, over which other connectivity protocols, such as Peint-to-Point Protocol (PPP), can be used. This tunneling functionality is the basis for VPNs. > Remote Authentication Dial-in User Service (RADIUS) is a security standard that uses a client/ server model to authenticate remote network users > VPNs are created and managed by using pretecols such as Point-to-Point Tunneling Protocol {PPTP} and Layer 2 Tunneling Protocol {L2TP}, which build on the functionality of PPP. This makes it possible to create dedicated point-to-point tunnels through a public network such as the Internet. Currently, the most common methods for creating secure VPNs include IP Security (IPSec) and Secure Sockets Layer/Transport Layer Security (SSL/TLS).} Terminal Access Controller Access Control System Plus (TACACS+) is a security protocol ‘designed to provide centralized validation of users who are attempting to gain aocess to a router ornetwork access server (NAS) » In anetwork that does not use Dynamic Host Configuration Protocol (DHGP}, you need to watch for duplicate IP addresses that prevent a user from logging on to the network. > IEEE 802.11 wireless systems communicate with each other using radio frequency signals in the band between 2.4 GHz and 2.5:GHz or 5.0 GHz. Of those in the 2.4 to 2.5 range, neighboring channels are 5 MHz apart. Applying two channels that allow the maximum ‘channel separation decreases the amount of channel crosstalk and provides a noticeable performance increase over networks with minimal channel separation. > Half-duplex mode enables each device to both transmit and receive, but only one of these processes can occur at a time, > Full-duplex mode enables devices to receive and transmit simultanecusly. > 802.3 defines the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) media access method used in Ethemet netuorks. This is the most popular networking standard used today. > An antenna's strength is its gain value. Table 9—Comparing Omnidirectional and Unidirectional Antennas Characteristic [ Omnidirectional | Unidirectional | Advantage/Disadvantage Wireless area General coverage | Focused coverage | Omnidirectional allows 260-degree coverage area area ‘coverage, giving it a wide covers ge area. Unidirectional provides a ‘targeted path for signals to travel. Wireless Limited Long point-to- ‘Omnidirectional antennas provide a transmission point range 960-degres coverage pattern and, 5 range a result, far less range. Unidirectional antennas focus the wireless ‘transmission; this focus enables greater range. Wireless: Resticted The unidrectional | Omnidirectional antennas are limited coverage wireless range can | to their circular pattern range. shaping be increased and | Unidirectional antennas ean be decreased adjusted to define a specific pattem, ‘wider or more focused. > Multiuser multiple input, multiple output (MU-MIMO)} is an enhancement over the original MIMO technology, it allows antennas to be spread over a multitude of independent access points. D Virtual LANs (VLANs) are used for network segmentation. 802.10 is the Institute of Electrical and Electronics Engineers (IEEE) specification developed te ensure interoperability of VLAN technologies from the various vendors. > VLAN trunking is the application of trunking to the virtual LAN—now common with routers, firewalls, VMware hosts, and wireless access points. VLAN trunking provides a simple and ‘cheap Way to offer a nearty unlimited number of virtual network connections. The requirements are only that the switch, the network adapter, and the OS drivers all support VLANs, ¥ ‘The VLAN Trunking Protocol (VTP} is a proprietary protocol from Cisco. Proxy servers typically are part of a firewall system. They have become so integrated with firewalls that thedistinction between the two can sometimes be lost. v > in-band network device management is local management (the most commen method), and ‘out-of-band management is done remotely. Network Operations Document Description SLA (service-level ‘An agreement between a customer and provider detailing agreement! the level of service to be provided on a regular basis and in the event of problems. MOU (memorandum of | An agreement (bilateral or muttilateral) between parties understanding) defining terms and conditions of an agreement.Document Description NDA (nondisclosure ‘A document agreeing that information shared will net be agreement) shared further with other parties. ‘AUP (acceptable use ‘A plan that describes how the employees in an organization policy) ‘can use company systems and resources: both software and hardware. } Type C fire extinguishers are used for electrical fires, The major drawback to gas-based fire suppression systems is that they require sealed environments to operate. > Temperature monitors keep track of the temperature in wiring closets and server rooms. 1 Cnboarding a mobile device is the procedures gone through to get it ready to go on the network (scanning for viruses, adding certain apps, and so forth). Cffooarding a device is the process of removing Company-cwmed resources When it iS no longer neaded often done with a wipe or factory reset). > Latency is one of the biggest problems with satellite access, Latency is the time lapse between sending or requesting information and the tim it takes to return. Satelite communication experiences high latency dus to the distance it has to taval as well as weather conditions. Although latency is not restricted solely to satellites, itis one of the easiest forms cf transmission toassociate with it. In reality, lateney can occur with almost any form of transmission. > Jitter is closely ted! to latency but differs in the length of the delay betueen received packets While the sender continues to transmit packets in.a continuous steam and space them evenly apart, the delay between packets received varies instead of remaining constant. This delay can be caused by network congestion, improper queuing, or configuration errors. } Asystem's security log contains events related to:security incidents, such as successful and unsuccessful logon attempts and faled resource access. An application log contains information logged by applications that run on a particular system rather than the operating system itseff. System logs record information about components or drivers in the system, 1 Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from. electrostatic shook NotFloiw is a network protocol analyzer developediby Cisco that collects active IP network traffic as it moves in or out of an interface. Conceming bandvidthithroughput, NetFlow data canibe used to ascertain this information and allow youte decide haw to bes{ respond. > Sysiog isa standard for message logging, It is available on most network devices (such as routers, switches, and firewalls}, as well as printers, and UND/Linux-bas ad systems. Over a network, a:syslog server listens for and then logs data messages coming fram the sysiog client One thing to look for is changes in raw data values; they can be identified through comparisons of eyelic redundancy check (CRC) values, Look for CRC errors, as wellas giants (packets that are discarded because they exceed the medium's maximum packet siz), runts (packets that are discarded because they are smaller than the medium's minimum packet size}, and encapsulation erors, » An SNMP management system is a computer running a special piece of software calleda network management system (NMS). SNMP uses databases of information called Management Information Bases (MBs) to define what parameters are accassibie, which of the parameters are readonly, and which can ibe Set. MIBS are available for thousands of davioes and services, covering every imaginableneed, & Interface monitoring tools awe used towatch for enors, utilzation problems (unusually high, for example), discards, packet drops, resets, and problems with speed/dup lex. > Fault tolerance is the capability to withstand a fauit (allure) without losing data, This can be aceomplished through the use of RAID, backups, and similar technologies. Popular fauitt- tolerant RAID implementations include RAID 1, RAID 5, and RAID 10 (140). } The MTBF is the measurement of the anticipated or predicted incidence of failure of system ‘or component between inherent failures, whereas the MTTR is the measurement of how longit takes to repair a systemor component after a failure occurs. The RTO is the maximum amount coftime that a process or service is allowed to be down.and the consequences stil to be considered acceptable. The RPO is the maximum time in which transactions could be lost from ‘a major incident. } Within afew hours, ahot recovery site-can become a fully functioning element of an organization. A cold recovery site isa ste that can be up and operational ina relatively short ‘amount of tine, such as aday or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office funiture might be in place. A warm site typically has, computers but is not configured ready to go. This means that data might need to be upgraded or ether manual interventions might need to be performed before the network is again operationalNetwork Security » Afrewal is considered a logical sccurty measur and is one ofthe comerstone concepts of network security, Frewalls can behostor network based and can provide appication/cantex-deven detection, > A ite most basio, a frewal is a dovice thathas morethan anenetwark interface and manages the flow of retwork traffic between those interfaces > Ascreened subnet (previously knowns a demilitarized zone or DMZ) is part of a network on which you lace sens thal must be accessible by sources beth outside and inside your network, An access coniral lst (ACL typically refers to specific access permissions assigned to anobject or device on the network, For exemple, using Media Acosss Contr (MAC) ackress filesng, wireless routers can be configured to resiict who canand cannot access theauter based on the MAC address. > When a port is blocked, you disable the capability for traffic to pass trough that port, thereby filteding thattraffic, To cesta secure dala transmissions, PSac uses two seperate protocols: Audhenticaion Header (AH) ard Enoapaulating Securily Payload (ESP) > Authentication refers to the mechanisms used to verify the idenity of tha computer or user attempting to access a particular source. Thisinciudes passwords and biometrics, > Authorization is the method used to determine whether an authenticaled user has access to a particular resource. TNS is Commonly determined through group association: for example, a particular group may: havea specificlevel of seculy clearance. > Accounting refers fo the trackingmechanicms used takeep arecord of evenis.on a system. User authentication method include mutitactor authentication (MFA), two-factor au fhentication 2FA), and single sign-on (SSO). The factors used in authentication systems or methods are based ononeor more of these five factors: >» Something you know, such as a password or PIN Something you have, such as.asmartcard, ken, a iden cation device > Something you are, such as your fingemrints or retinal pattem (often calked biometrics) > Somewhere you are (based on gsalocation) » Something you do, such as an action youmust taketo complete authen toaton b The IEEE standard 802.1% defines port-based security for wireless network access contra > Network access coniral NAC) i a meted to restrict access ‘b the network based onidenity or posture Aposture assessment is any evaluation of a system's security based on settings and applications found. Kerheros is one part ofa strategic securty solution that pravdes secure authentication services to users, applications, and network devices. It eliminates the insecurities caused by passwords being stored or tanarvited across the network public key infrastructure (PK) isa callection of sofware, standards, and policies that arecombined ta allow users from the Intemet or other unsecured public networks to securely exchange data. » Apublic key is a nonsecret key that forms half of a cryptographic key pair that is used with a public Key algorithm. The public key is freely given ta all potential receivers. Aprivate key isthe secret halfof acryplographic key pair that is used with a public key algorithm, The Private par ol the publickey cryptography system f never transrmitied over a network > Acorficate is adigialy signed statement fhat associates the credentials of apuble key ta the identity of the person, device, or service that holds the coresponding private key. Certificate autiorities (CAs) issue and manage certficates. They validate the identity of a network device or user requesting data. » Acertficate mvacaton Ist (CAL) isa ist ofcerfficates that were revoked before they reached the certificate expration dale > ina fullbackup, al data & backedup. Fullbackuns do not use the archive bit, but thay dockear t. > incremental backups back up alldata that has changed since the last fullorincremental backup. They Useand clear the archive Unsecure protocols include Telnet, HTTP, SLIP, FTP, Kivial FTP (TFTP}, and Simple Network Management Pratocal version 1/2(SNMPv1NV2) > Physical security contol include accass contral vestibules (previously known as manizaps}, video monitoring, proximity readers/key fob, keypad/cipher locks, biometrics, and seourity guards. Ahoneypotis a computer fhat has been designated as.a target for computer attacks. A haneynatis an entire network set up fo monitor alfacks fom outsiders Inrole-based access contol(RBAC), access decisions ae deterrined by theroles fhatindividual users have within the erganization. > Sepamtionof duties policies are designed to reduce the isk offrausl and te prevent other losses in an exganizalion. Agoad poy will require more than one persan to acoomplish hey processes. Both RADIUS and TACACS+ provide au hentication, aulharzation, and accounting sences, One natable ifference between TACACS+ and RADIUSis that TACACS+ rees on the connection-acented TCP, ‘whereas RADIUS uses the connectioniess UDP. > Risk management involves recognizing and acknowledging that risks exist and then detenmining what to ip about them. Securly information and even! management (SIEM) products pavide notifications and eealtime analysis of security alerts ard.can help you head off prablems quickly. Sofware progas or code srippets thd execule when acedan praddinedevent accusam kaon as bg ‘bombs.> Thme types of penetiation testing are unknown erwironment {the tester has alssolutely no know edge of the ‘system and is functioning in the same manner as.an outside attacker), known envionment (the festerhas significant inowledge of the system, which simulates an attack fom an insider—arogue empioyee!, and partially Inown environments middis ground between the first two tynes of testing) A buffer overfiow is. type of denisl-of-service (DoS) attack that occurs when more datais put info a butter ‘fvnicaly a memory buffer) than itcan hold, thereby averfiowing t (as the name impies), > Social engnesring is a hacker term for ticking nsonis into reveaing Meir password or some torm of sscurty information. tt might nelude trying tp get users to send passwords or other information over emai, folowing someane closely inio a secured area (known as tailgating), walking inwih them (known as piggyhacking), or looking aver someone's shoulder at their scmen (knewn as shoulder surfing) A mgue DHCP sener added to a network has thepotential i issue an address to aciient, isolating it on an ‘nau honzed network where ts data can becantured, Amque access point describes a situation inwhicha wireless access pointhas been placed an a netwark ‘without the administrator's Inewiedge. © Often users receive 3 varety of emai offering products, services, information, or opportunities. Unsolicited ‘email ofthis type is called phishing (peonouncad fishing’). » With ransomwvare, software—often deliversd through 4 Tiojan horse —takes contalof a system and demands ‘hat a third pary be paid. Users. are usually assured that by paying the extortion amount (he ransom), they wil bbe given the cade needed to revert fheir systems to narmal operations. Wh DNS poisoning, the DNS server is given information about a name server that it hinks is legitimate when tisn't > Snoofing is a technique in which the realsoure of a‘vansmission, fie, aremailis concealed or replaced with a fake source, > Deauthentication is also known as.a disassociation attack, With this type of attack, the intruder sends a frame ta fhe AP with a spoofed address to mate itloak as ifit came fom the vie that disconnects the user fam ‘the network, Thee area number of ways to ascertain a password, butane of fie most cammonis a brute-force attack in ‘which one value atter another is quessed until the nght value is found. > VLAN hopping, as the name implies, is an exploit of resources on a virtual AN that is made possibls because ‘the sources exést on that virtual LAN > Network hardening includes the follawing: Use SNMP\G instasd of earisr versions: use Routers Advertisement ‘Guard, Port Security and Dynamic ARP, control plane policing, and private VLANs; disable unneeded ports: sable unneeded services; change default passwords and avadd common passwords, patch and fierwase Ungrsdes, and management: use ACLS, and implementrols-based Sco ess. > Frew rules are used fb dictate what tmffic canpass behveen the firewall and fhe intemal network. Three possbleactions can be takenbased on the rules criteria: block the cannection (explicit dem}, accent the ‘connection, ar allow the connection if conditions ama met fauch 2s if being secured), This last Coneition is the most difficult to configure, and concitions usually end with an implist deny clause. An implicit deny clause ‘means that if the proviso in question has not been expertly granted, then access is denied. Any wiles technology, but usually GPS and sometimes RFID. canbe used ‘b create virtual geographic boundary. This boundaxyis called a geotence. > Most publicnetnerks, including WHF hotspots, use a captive portal, which requires users to agree fo some ‘condition before they use the network or Intemst. Network Troubleshooting Re Re uur mt dts he ‘Steps Actions: ‘Considerations Identify the problem. Gather information. ‘Question users. entity symptoms, Determine whether anything has changed. Duplicate the problem, f possible, ‘Approach multiple problems individually Establish a theory of probable | Question the obvious, (Consider multiple approaches, Top-to-bottombottom-to-top ‘OSI model Divide ard conquer Test the theory to determine | After theory is confirmed, determine cause, next stops to resolve problem. theory is not confirmed, reestablish new theary or escalate, Establish a plan of action fo recalve the problem and identify potential effects.Implement the salution or escalate as necessary. Verify full system functionality and, ifapplicable, implement preventative measures. Document findings, actions, and outcomes, > Thenetstat -a command can be used on a Windows-based system fp see fhestatus of ports, Ibis. used to ‘wewbath inbound and outbound TGP/P network connections. > Youcan ping thallocal leopback adaptor by using the command ping 427.0.0.4. Hf this command is successful, you know that fe TCP/IP suite is installed comecty on your sysiem and is functoning, > In Windows, the tracert command reports how long # takes to reach each muter in the path. Ifs a uselul ool for ‘solgingbottienscks n anetwork, The traceraute command performsthe same taskon UNK and Lingt systams, > Address Resolution Prtocal (ARP) is the part of the TCP/IP suite whose function is to resohe IP addresses to MAG addresses, > nbistat is used fo display protocol and statistical information for NetBIOS over TCPIIP connections, > ipconfig shows the IP configuration information for alllNICs installed in a system, > ipconfig /all ic used todisplay detailed TOP/P configuration information. > ipconfig /renew is used on Windows operating systems to renew the system's DHCP infarmation. > When looting farclient connectivity problems using Ipconfig, you should ensue thet the gateway is set comectly. > Thelifeonfig command is the Linux equivatent of theiipeonfig command. > Thenslookup command is a TCP/IP diagnostic toal used to toubleshoot DNS problems. b The weskeringof data signals as they traverse themediais called attenuation. > A straight-through cable is used to connect systems to the switch orhub using the MDI-X (medium-dependent interlace crossed) parts. When you hve two dissimilar types of network madia, a media converter is used 1 allow'them to connect, When it comes to wireless, distangs fom the AP & one of the fist things to check whan troubleshooting AP eqverage. > (Data rate refers to the theoretical maximum of a wireless standard, such 2s 1000 Mbps. Throughput refers ‘© ‘he actual speeds achieved after all implementation and interference factors. > Punchdowntoois are used ip attach twisted-pair network cable io connectors within a patch panel, ‘Specifically, they connect twisted -pair wises 4b the insulation de:placamant connector (DC). > Cable certiiers are used to test cables such as GAT7 and CATS and verify they meet specifications for ‘frequency and speed. > A wire crimperis tool that you use to.attach media connectors to the ends of cables, D> Wire strippers comein a variely of shapas and sizes. Some .are specifically designed to strip the outer ‘sheathing from coaxial cable, and others are designed to work with UTP cable. Wire snips are used to cleanly cut theeable. > Voltage event recorders are used to monitor the quaity ofpawer used on the network or by network hardware, > Toner probes are used tb locate cables hidden in floors, csiings, or walls and tb track cables from thepatch iRanel to their destination, Port scanners aresoffware-hased security utifties designed to search anstwerk host for apen parts on a TOP! IP-based network > A WiFi analyzer is used to identfy Wi-Fi problems. It can be helpfulin finding the ideal place for lacaing an ‘access pointor the ideal channel to use. > Protocol analyzers canbe hardware or software based. Their primary function is to analyze network protocols ‘such as Transfer Control Protocol (TCP), User Datagram Protocal (UDP}, Hypertext Transfer Protocol (HTTP), File Transfer Protocol FTP, and more, » A time-domain reflectometer (TDR) is a device used to send a signal through a particular medium ta check fhe ‘cable's continuity, > An optical time-comainreflectometer (OTDR) performs the same basic function as.a wire media teeter, but on ‘optical media, > Pocket sriffars am either hardware devioss or software that eavesdrap on transmissions that are-traveling, ‘throughout the network. > Thmughpat testers kdentity the rateof data delivery over a communication channel > Thadig command 5 used on a Lrux, UNIX, or macOS system taperform manual ONS lookuns. > Thetopdump command is used on LinuwlNIX systems to print the contents of network packets. b> The ipert foolis used for activemeasurements of fhe maximum achievable bandwidth and used fornetwofk tuning > A NetFlow analyzer is used to collect IP network trafic as it enters or exits an intertace and can ikdentify such ‘values as the source and destination of tatfic, class of service, and causes of congestion. > An IP scanners any too! that canscan for |P adresses and related information. An admingtrator can use it to ‘Scan available ports, discover devioes, and get detaiisd hardware and software information on workstatons and servers to manage inventory. > With the route command, you display and modify the routing table on your Windows and Linux systems. When you'r warking with rauiars, ane of the most useful troubleshooting command-line toals ic show. ‘The'show opfons include show interfaces, shew config, and shew ip route.