Fatskills
Practice. Master. Repeat.
Study Guide: CompTIA Network+ N10-008 Exam: Domain-Wise Important Things To Know About IT Networking (Cheatsheet)
Source: https://www.fatskills.com/comptia-network-certification-exam/chapter/comptia-network-n10-008-exam-domain-wise-important-things-to-know-about-it-networking-cheatsheet

CompTIA Network+ N10-008 Exam: Domain-Wise Important Things To Know About IT Networking (Cheatsheet)

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~33 min read

Networking Fundamentals
As data is passed up or down through the OSI model structure, headers are added (going down) or removed (going up) at each layer–a process called encapsulation (when added) or decapsulation (when removed).

Table: Summary of the OSI Model

OSI Layer

Description

Application (Layer 7)

Provides access to the network for applications and certain end-user functions. Displays incoming information and prepares outgoing information for network access.

Presentation (Layer 6)

Converts data from the application layer into a format that can be sent over the network. Converts data from the session layer into a format that the application layer can understand. Encrypts and decrypts data. Provides compression and decompression functionality.

Session (Layer 5)

Synchronizes the data exchange between applications on separate devices. Handles error detection and notification to the peer layer on the other device.

Transport (Layer 4)

Establishes, maintains, and breaks connections between two devices. Determines the ordering and priorities of data. Performs error checking and verification and handles retransmissions if necessary.

Network (Layer 3)

Provides mechanisms for the routing of data between devices across single or multiple network segments. Handles the discovery of destination systems and addressing.

Data link (Layer 2)

Has two distinct sublayers: link layer control (LLC) and media access control (MAC). Performs error detection and handling for the transmitted signals. Defines the method by which the medium is accessed. Defines hardware addressing through the MAC sublayer.

Physical (Layer 1)

Defines the network’s physical structure. Defines voltage/signal rates and the physical connection methods. Defines the physical topology.

 

A local-area network (LAN) is a data network that is restricted to a single geographic location and typically encompasses a relatively small area, such as an office building or school. The function of the LAN is to interconnect workstation computers and devices for the purpose of sharing files and resources.
A wide-area network (WAN) is a network that spans more than one geographic location, often connecting separated LANs. WANs are slower than LANs and often require additional and costly hardware such as routers, dedicated leased lines, and complicated implementation procedures.
Personal multiple LANs within that limited geographical area are usually called a campus-area network (CAN). CAN may have nothing to do with a college but consists of office buildings in an enterprise “campus,” industrial complex, military base, or anywhere else. In reality, a CAN is a WAN, but what makes it distinct is the confined geographic area it includes.
A personal-area network (PAN) is essentially a LAN created to share data among devices associated with you. Wireless technologies have taken PAN further and introduced a new term– wireless personal-area network (WPAN). WPAN refers to the technologies involved in connecting devices in very close proximity to exchange data or resources, usually through the use of Bluetooth, infrared, or near-field communication (NFC).
A software-defined wide-area network (SDWAN) is an extension of software-defined networking (SDN), which is commonly used in telecom and data centers, on a large scale. The concept behind it is to take many of the principles that make cloud computing so attractive and make them accessible at the WAN level.
A storage-area network (SAN) consists of just what the name implies: networked/shared storage devices. With clustered storage, you can use multiple devices to increase performance. SANs are subsets of LANs and offer block-level data storage that appears within the operating systems of the connected devices as locally attached devices.
The role of the client computer in the client/server model is to request the data from the server and present that data to the users.
A topology refers to a network’s physical and logical layout. A network’s physical topology refers to the actual layout of the computer cables and other network devices. A network’s logical topology refers to the way in which the network appears to the devices that use it.
Documentation should also include diagrams of the physical and logical network design. The physical topology refers to how a network is physically constructed–how it looks.
Wireless networks typically are implemented using one of two wireless topologies: infrastructure (managed, wireless topology) or ad hoc (unmanaged, wireless topology).
- hybrid topology also can refer to the combination of wireless and wired networks but often just refers to the combination of physical networks.
Unshielded twisted-pair (UTP) cabling is classified by category. Categories include 5/5e, 6/6a, 7, and 8 and offer transmission distances of 100 meters.
F-type connectors are used with coaxial cable, most commonly to connect cable modems and TVs. F-type connectors are screw-type connectors.
ST, FC, SC, LC, and MT-RJ connectors are associated with fiber cabling. ST and FC connectors offer a twist-type attachment, and SC, LC, and MT-RJ connectors are push-on. You can choose to purchase ones that are either angled physical contact (APC) or ultra-physical contact (UPC).
RJ-45 connectors are used with UTP cable and are associated with networking applications. RJ-11 connectors are used with telephone cables. RJ-48C connectors are used for T1 and ISDN termination.
Plenum-rated cables are used to run cabling through walls or ceilings.
The horizontal cabling extends from the telecommunications outlet, or network outlet with RJ-45 connectors, at the client end. It includes all cable from that outlet to the telecommunication room to the horizontal cross-connect.
Vertical cable, or backbone cable, refers to the media used to connect telecommunication rooms, server rooms, and remote locations and offices.
Two main types of punchdown blocks are type 66 and type 110. Block 66 was used primarily for voice communication, and the 110 block is used to connect network cable to patch panels. Krone and Bix blocks also exist. These two require different blades in the punchdown tools (Krone, for example, requires a separate scissor-like mechanism for trimming the wire) to work with them. Bix (Building Industry Cross-connect) is certified for Cat 5e. Bix is popular in older implementations, and Krone is more popular internationally.

Table 2–Twisted-Pair Cable Categories

 

Category

Common Application

5

100 Mbps

5e

1000 Mbps

6

10/100/1000 Mbps plus 10 Gbps

6a

10 Gbps and beyond networking

7

High-speed networking

8

High-speed networking over short distances. Up to 40 Gbps


TIA/EIA 568A and 568B are telecommunications standards from Telecommunications Industry Association (TIA) and Electronic Industries Association (EIA) that specify the pin arrangements for the RJ-45 connectors on UTP or STP cables. The number 568 refers to the order in which the wires within the cable are terminated and attached to the connector. Often referred to as T568A and T568B (for termination standard), they are quite similar; the difference is the order in which the pins are terminated. The signal is the same for both. Both are used for patch cords in an Ethernet network.

Table 3–IPv4 Private Address Ranges

 

Class

Address Range

Default Subnet Mask

A

10.0.0.0 to 10.255.255.255

255.0.0.0

B

172.16.0.0 to 172.31.255.255

255.255.0.0

C

192.168.0.0 to 192.168.255.255

255.255.255.0

- A MAC address is a 6-byte hexadecimal address that allows a device to be uniquely identified on the network. A MAC address combines numbers and the letters A to F. An example of a MAC address is 00:D0:59:09:07:51.
- A Class A TCP/IP address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses three octets.
- Class A addresses span from 1 to 126, with a default subnet mask of 255.0.0.0.
- Class B addresses span from 128 to 191, with a default subnet mask of 255.255.0.0.
- Class C addresses span from 192 to 223, with a default subnet mask of 255.255.255.0.
- The 127 network ID is reserved for the IPv4 local loopback.
- Network Address Translation (NAT) translates private network addresses into public network addresses.
- Subnetting is a process in which parts of the host ID portion of an IP address are used to create more network IDs.
- Automatic Private IP Addressing (APIPA) is a system used on Windows to automatically self-assign an IP address in the 169.x.x.x range in the absence of a DHCP server.
Domain Name Service (DNS) resolves hostnames to IP addresses. DNS record types include A, MX, AAAA, CNAME, and PTR. Dynamic DNS (DDNS) automatically updates DNS information often in real time.
- Port Address Translation (PAT) is a variation on NAT in which all systems on the LAN are translated into the same IP address but with different port number assignments.
In addressing terms, the CIDR value is expressed after the address, using a slash. So, the address 192.168.2.1/24 means that the node’s IP address is 192.168.2.1 and the subnet mask is 255.255.255.0.
- IPv6 networks use Stateless Address Auto Configuration (SLAAC) to assign IP addresses. With SLAAC, devices send the router a request for the network prefix, and the device then uses the prefix along with its own MAC address to create an IP address.

Table 4–Comparing IPv4 and IPv6

 

Address Feature

IPv4 Address

IPv6 Address

Loopback address

127.0.0.1

0:0:0:0:0:0:0:1 (::1)

Networkwide addresses

IPv4 public address ranges

Global unicast IPv6 addresses

Private network addresses

10.0.0.0

172.16.0.0

192.168.0.0

Site-local address ranges (FEC0::)

Autoconfigured addresses

IPv4 automatic private IP addressing (169.254.0.0)

Link-local addresses of FE80:: prefix

- A network’s demarcation point refers to the connection point between the Internet service provider’s (ISP’s) part of the network and the customer’s portion of the network.

Table 5–Port Assignments for Commonly Used Protocols

Protocol

Port Assignment

FTP

20, 21

SSH

22

SFTP

22

Telnet

23

SMTP

25

DNS

53

DHCP

67, 68

TFTP

69

HTTP

80

POP3

110

NTP

123

IMAP4

143

SNMP

161, 162

LDAP

389

HTTPS

443

SMB

445

Syslog

514

SMTP over TLS

587

LDAPS

636

IMAP over SSL

993

POP3 over SSL

995

SQL server

1433

SQLnet

1521

MySQL

3306

RDP

3389

SIP

5060, 5061

- The bus network topology is also known as a linear bus because the computers in such a network are linked using a single cable called a trunk or backbone. If a terminator on a bus network is loose, data communications might be disrupted. Any other break in the cable will cause the entire network segment to fail.
- In a star/hub-and-spoke configuration, all devices on the network connect to a central device, and this central device creates a single point of failure on the network.
- The ring topology is a logical ring, meaning that the data travels in a circular fashion from one computer to another on the network. It is not a physical ring topology. If a single computer or section of cable fails, the signal is interrupted. The entire network becomes inaccessible.
- The wired mesh topology requires each computer on the network to be individually connected to every other device. This configuration provides maximum reliability and redundancy for the network.
- A wireless infrastructure network uses a centralized device known as a wireless access point (WAP). Ad hoc wireless topologies are a peer-to-peer configuration and do not use a wireless access point.

Table 6–TCP/IP Suite Selected Summary

Protocol

Name

Description

IP

Internet Protocol

A connectionless protocol used to move data around a network.

TCP

Transmission Control Protocol

A connection-oriented protocol that offers flow control, sequencing, and retransmission of dropped packets.

UDP

User Datagram Protocol

A connectionless alternative to TCP used for applications that do not require the functions offered by TCP.

FTP

File Transfer Protocol

A protocol for uploading and downloading files to and from a remote host. Also accommodates basic file-management tasks.

SFTP

Secure File Transfer Protocol

A protocol for securely uploading and downloading files to and from a remote host. Based on SSH security.

TFTP

Trivial File Transfer Protocol

A file transfer protocol that does not have the security or error checking of FTP. TFTP uses UDP as a transport protocol and therefore is connectionless.

SMTP

Simple Mail Transfer Protocol

A mechanism for transporting email across networks.

HTTP

Hypertext Transfer Protocol

An insecure protocol for retrieving files from a web server.

HTTPS

Hypertext Transfer Protocol Secure

A secure protocol for retrieving files from a web server.

POP3/IMAP4

Post Office Protocol version 3/Internet Message Access Protocol version 4

A protocol used to retrieve email from the server on which it is stored. Can only be used to retrieve mail. IMAP and POP cannot be used to send mail.

Telnet

Telnet

A protocol that allows sessions to be opened on a remote host. Considered insecure.

SSH

Secure Shell

A protocol that allows secure sessions to be opened on a remote host.

ICMP

Internet Control Message Protocol

A protocol used on IP-based networks for error reporting, flow control, and route testing.

ARP

Address Resolution Protocol

A protocol that resolves IP addresses to MAC addresses to enable communication between devices.

RARP

Reverse Address Resolution Protocol

A protocol that resolves MAC addresses to IP addresses.

NTP

Network Time Protocol

A protocol used to communicate time synchronization information between devices.

NNTP

Network News Transfer Protocol

A protocol that facilitates the access and downloading of messages from newsgroup servers.

SCP

Secure Copy Protocol

A protocol that allows files to be copied securely between two systems. Uses Secure Shell (SSH) technology to provide encryption services.

LDAP

Lightweight Directory Access Protocol

A protocol used to access and query directory services systems such as Microsoft Active Directory.

IGMP

Internet Group Management Protocol

A protocol that provides a mechanism for systems within the same multicast group to register and communicate with each other.

DNS

Domain Name System/Service

A protocol that resolves hostnames to IP addresses.

DHCP

Dynamic Host Configuration Protocol

A protocol that automatically assigns TCP/IP information.

SNMP

Simple Network Management Protocol

A protocol used in network management systems to monitor network-attached devices for conditions that may need attention from an administrator.

TLS

Transport Layer Security

A security protocol designed to ensure privacy between communicating client/server applications.

SIP

Session Initiation Protocol

An application-layer protocol designed to establish and maintain multimedia sessions such as Internet telephony calls.

- A three-tiered architecture separates the user interface, the functional logic, and the data storage/access as independent modules/platforms.
- Internet Small Computer System Interface (iSCSI) allows SCSI commands to be sent over IP networks to SCSI devices.
- Fibre Channel is widely used for high-speed fiber networking and has become common in enterprise SANs.
- The National Institute of Standards and Technology (NIST) defines three cloud computing service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
- NIST defines four possible cloud delivery models: private, public, community, and hybrid.
- A virtual switch (vSwitch) works the same as a physical switch but allows multiple switches to exist on the same host, saving the implementation of additional hardware.
A virtual firewall (VF) is either a network firewall service or an appliance running entirely within the virtualized environment. Regardless of which implementation, a virtual firewall serves the same purpose as a physical one: packet filtering and monitoring. The firewall can also run in a guest OS VM.
In a virtual environment, shared storage can be done on storage-area network (SAN), network-attached storage (NAS), and so on, but the virtual machine sees only a “physical disk.” With clustered storage, you can use multiple devices to increase performance.
- Switches introduce microsegmentation, by which each connected system effectively operates on its own dedicated network connection.

Table 7–802.11 Wireless Standards

Network Implementations

- Quality of service (QoS) allows administrators to predict bandwidth use, monitor that use, and control it to ensure that bandwidth is available to applications that need it.
- A router that uses a link-state protocol differs from a router that uses a distance-vector protocol because it builds a map of the entire network and then holds that map in memory. Link-state protocols include Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS).
- Hops are the means by which distance-vector routing protocols determine the shortest way to reach a given destination. Each router constitutes one hop, so if a router is four hops away from another router, there are three routers, or hops, between itself and the destination.
Routing Information Protocol version 2 (RIPv2) is a distance-vector routing protocol used for TCP/IP.


route add command adds a static route to the routing table. The route add command with the -p switch makes the static route persistent.
- Distance-vector routing protocols operate by having each router send updates about all the other routers it knows about to the routers directly connected to it. Protocols include RIP, RIPv2, and EIGRP.
- When you want the best of both worlds, distance-vector and link-state, you can turn to a hybrid protocol. A popular hybrid protocol is the Border Gateway Protocol (BGP).
- Default gateways are the means by which a device can access hosts on other networks for which it does not have a specifically configured route.

Table 8–Network Devices Summary

IEEE Standard

Frequency/Medium

Speed

Topology

Transmission Range

Access Method

802.11

2.4 GHz RF

1 to 2 Mbps

Ad hoc/infrastructure

20 feet indoors

CSMA/CA

802.11a

5 GHz

Up to 54 Mbps

Ad hoc/infrastructure

25 to 75 feet indoors; range can be affected by building materials

CSMA/CA

802.11b

2.4 GHz

Up to 11 Mbps

Ad hoc/infrastructure

Up to 150 feet indoors; range can be affected by building materials

CSMA/CA

802.11g

2.4 GHz

Up to 54 Mbps

Ad hoc/infrastructure

Up to 150 feet indoors; range can be affected by building materials

CSMA/CA

802.11n (WiFi 4)

2.4 GHz/5 GHz

Up to 600 Mbps

Ad hoc/infrastructure

175+ feet indoors; range can be affected by building materials

CSMA/CA

802.11ac (WiFi 5)

5 GHz

Up to 1.3 Gbps

Ad hoc/infrastructure

115+ feet indoors; range can be affected by building materials

CSMA/CA

802.11ax (WiFi 6)

2.4 GHz/5 GHz

Up to 14 Gbps

Ad hoc/infrastructure

~230 feet indoors; range can be affected by building materials

CSMA/CA

Device

Description

Key Points

Hub

Connects devices on an Ethernet twisted-pair network

A hub does not perform any tasks besides signal regeneration. It simply forwards data to all nodes connected to it.

Bridge

Connects two network segments

A bridge operates at the data link layer and it filters, forwards, or floods an incoming frame based on the packet’s MAC address.

Switch

Connects devices on a twisted-pair network

A switch forwards data to its destination by using the MAC address embedded in each packet. It only forwards data to nodes that need to receive it.

Router

Connects networks

A router uses the software-configured network address to make forwarding decisions.

Repeater (booster/wireless extender)

Amplifies a wireless signal to make it stronger

This increases the distance that the client system can be placed from the access point and still be on the network.

Modem

Provides serial communication capabilities across phone lines

Modems modulate the digital signal into analog at the sending end and perform the reverse function at the receiving end.

Firewall

Provides controlled data access between networks

Firewalls can be hardware or software based. They are an essential part of a network’s security strategy.

Multilayer switch

Functions as a switch or router

The device operates on Layers 2 and 3 of the OSI model as a switch and can perform router functionality.

Load balancer

Distributes network load

Load balancing increases redundancy and performance by distributing the load to multiple servers.

VPN concentrator

Increases remote-access security

This device establishes a secure connection (tunnel) between the sending and receiving network devices.

Access point

Used to create a wireless LAN and to extend a wired network

This device uses the wireless infrastructure network mode to provide a connection point between WLANs and a wired Ethernet LAN.

IDS/IPS

Detects and prevents intrusions

This device monitors the network and attempts to detect/prevent intrusion attempts.

Media converter

Connects two dissimilar types of network media

This device can be used for

  • Single mode fiber to Ethernet

  • Single mode to multimode fiber

  • Multimode fiber to Ethernet

  • Fiber to coaxial

Wireless LAN controller

Used with branch/remote office deployments for wireless authentication

When an AP boots, it authenticates with a controller before it can start working as an AP.

- An intrusion detection system (IDS) can detect malware or other dangerous traffic that may pass undetected by the firewall. Most IDSs can detect potentially dangerous content by its signature.
- An intrusion prevention system (IPS) is a network device that continually scans the network, looking for inappropriate activity. It can shut down or prevent any potential threats.
- A virtual private network (VPN) extends a LAN by establishing a remote connection, a connection tunnel, using a public network such as the Internet. Common VPN implementations include site to site/host to site/host to host.
- A VPN headend (or head-end) is a server that receives the incoming signal and then decodes/ encodes it and sends it on.
- PPTP creates a secure tunnel between two points on a network, over which other connectivity protocols, such as Point-to-Point Protocol (PPP), can be used. This tunneling functionality is the basis for VPNs.
- Remote Authentication Dial-In User Service (RADIUS) is a security standard that uses a client/ server model to authenticate remote network users.
- VPNs are created and managed by using protocols such as Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), which build on the functionality of PPP. This makes it possible to create dedicated point-to-point tunnels through a public network such as the Internet. Currently, the most common methods for creating secure VPNs include IP Security (IPSec) and Secure Sockets Layer/Transport Layer Security (SSL/TLS).
- Terminal Access Controller Access Control System Plus (TACACS+) is a security protocol designed to provide centralized validation of users who are attempting to gain access to a router or network access server (NAS).
- In a network that does not use Dynamic Host Configuration Protocol (DHCP), you need to watch for duplicate IP addresses that prevent a user from logging on to the network.
- IEEE 802.11 wireless systems communicate with each other using radio frequency signals in the band between 2.4 GHz and 2.5 GHz or 5.0 GHz. Of those in the 2.4 to 2.5 range, neighboring channels are 5 MHz apart. Applying two channels that allow the maximum channel separation decreases the amount of channel crosstalk and provides a noticeable performance increase over networks with minimal channel separation.
- Half-duplex mode enables each device to both transmit and receive, but only one of these processes can occur at a time.
- Full-duplex mode enables devices to receive and transmit simultaneously.
- 802.3 defines the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) media access method used in Ethernet networks. This is the most popular networking standard used today.
- An antenna’s strength is its gain value.

Table 9–Comparing Omnidirectional and Unidirectional Antennas

Characteristic

Omnidirectional

Unidirectional

Advantage/Disadvantage

Wireless area coverage

General coverage area

Focused coverage area

Omnidirectional allows 360-degree coverage, giving it a wide coverage area. Unidirectional provides a targeted path for signals to travel.

Wireless transmission range

Limited

Long point-to-point range

Omnidirectional antennas provide a 360-degree coverage pattern and, as a result, far less range. Unidirectional antennas focus the wireless transmission; this focus enables greater range.

Wireless coverage shaping

Restricted

The unidirectional wireless range can be increased and decreased

Omnidirectional antennas are limited to their circular pattern range. Unidirectional antennas can be adjusted to define a specific pattern, wider or more focused.


- Multiuser multiple input, multiple output (MU-MIMO) is an enhancement over the original MIMO technology. It allows antennas to be spread over a multitude of independent access points.
- Virtual LANs (VLANs) are used for network segmentation. 802.1Q is the Institute of Electrical and Electronics Engineers (IEEE) specification developed to ensure interoperability of VLAN technologies from the various vendors.
- VLAN trunking is the application of trunking to the virtual LAN–now common with routers, firewalls, VMware hosts, and wireless access points. VLAN trunking provides a simple and cheap way to offer a nearly unlimited number of virtual network connections. The requirements are only that the switch, the network adapter, and the OS drivers all support VLANs.
The VLAN Trunking Protocol (VTP) is a proprietary protocol from Cisco.
- Proxy servers typically are part of a firewall system. They have become so integrated with firewalls that the distinction between the two can sometimes be lost.
- In-band network device management is local management (the most common method), and out-of-band management is done remotely.

Network Operations
Table 10–Standard Business Documents

 

Document

Description

SLA (service-level agreement)

An agreement between a customer and provider detailing the level of service to be provided on a regular basis and in the event of problems.

MOU (memorandum of understanding)

An agreement (bilateral or multilateral) between parties defining terms and conditions of an agreement.

NDA (nondisclosure agreement)

A document agreeing that information shared will not be shared further with other parties.

AUP (acceptable use policy)

A plan that describes how the employees in an organization can use company systems and resources: both software and hardware.


- Type C fire extinguishers are used for electrical fires.
The major drawback to gas-based fire suppression systems is that they require sealed environments to operate.
Temperature monitors keep track of the temperature in wiring closets and server rooms.
Onboarding a mobile device is the procedures gone through to get it ready to go on the network (scanning for viruses, adding certain apps, and so forth). Offboarding a device is the process of removing company-owned resources when it is no longer needed (often done with a wipe or factory reset).
Latency is one of the biggest problems with satellite access. Latency is the time lapse between sending or requesting information and the time it takes to return. Satellite communication experiences high latency due to the distance it has to travel as well as weather conditions. Although latency is not restricted solely to satellites, it is one of the easiest forms of transmission to associate with it. In reality, latency can occur with almost any form of transmission.
Jitter is closely tied to latency but differs in the length of the delay between received packets. While the sender continues to transmit packets in a continuous stream and space them evenly apart, the delay between packets received varies instead of remaining constant. This delay can be caused by network congestion, improper queuing, or configuration errors.
A system’s security log contains events related to security incidents, such as successful and unsuccessful logon attempts and failed resource access. An application log contains information logged by applications that run on a particular system rather than the operating system itself. System logs record information about components or drivers in the system.
Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock.
NetFlow is a network protocol analyzer developed by Cisco that collects active IP network traffic as it moves in or out of an interface. Concerning bandwidth/throughput, NetFlow data can be used to ascertain this information and allow you to decide how to best respond.
Syslog is a standard for message logging. It is available on most network devices (such as routers, switches, and firewalls), as well as printers, and UNIX/Linux-based systems. Over a network, a syslog server listens for and then logs data messages coming from the syslog client.
One thing to look for is changes in raw data values; they can be identified through comparisons of cyclic redundancy check (CRC) values. Look for CRC errors, as well as giants (packets that are discarded because they exceed the medium’s maximum packet size), runts (packets that are discarded because they are smaller than the medium’s minimum packet size), and encapsulation errors.
An SNMP management system is a computer running a special piece of software called a network management system (NMS). SNMP uses databases of information called Management Information Bases (MIBs) to define what parameters are accessible, which of the parameters are read-only, and which can be set. MIBs are available for thousands of devices and services, covering every imaginable need.
Interface monitoring tools are used to watch for errors, utilization problems (unusually high, for example), discards, packet drops, resets, and problems with speed/duplex.
Fault tolerance is the capability to withstand a fault (failure) without losing data. This can be accomplished through the use of RAID, backups, and similar technologies. Popular fault-tolerant RAID implementations include RAID 1, RAID 5, and RAID 10 (1+0).
The MTBF is the measurement of the anticipated or predicted incidence of failure of a system or component between inherent failures, whereas the MTTR is the measurement of how long it takes to repair a system or component after a failure occurs. The RTO is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. The RPO is the maximum time in which transactions could be lost from a major incident.
Within a few hours, a hot recovery site can become a fully functioning element of an organization. A cold recovery site is a site that can be up and operational in a relatively short amount of time, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place. A warm site typically has computers but is not configured ready to go. This means that data might need to be upgraded, or other manual interventions might need to be performed before the network is again operational.

Network Security
- A firewall is considered a logical security measure and is one of the cornerstone concepts of network security. Firewalls can be host or network based and can provide application/context-driven detection.
- At its most basic, a firewall is a device that has more than one network interface and manages the flow of network traffic between those interfaces.
- A screened subnet (previously known as a demilitarized zone or DMZ) is part of a network on which you place servers that must be accessible by sources both outside and inside your network.
- An access control list (ACL) typically refers to specific access permissions assigned to an object or device on the network. For example, using Media Access Control (MAC) address filtering, wireless routers can be configured to restrict who can and cannot access the router based on the MAC address.
- When a port is blocked, you disable the capability for traffic to pass through that port, thereby filtering that traffic.
- To create secure data transmissions, IPSec uses two separate protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).
- Authentication refers to the mechanisms used to verify the identity of the computer or user attempting to access a particular resource. This includes passwords and biometrics.
- Authorization is the method used to determine whether an authenticated user has access to a particular resource. This is commonly determined through group association; for example, a particular group may have a specific level of security clearance.
- Accounting refers to the tracking mechanisms used to keep a record of events on a system.
- User authentication methods include multifactor authentication (MFA), two-factor authentication (2FA), and single sign-on (SSO). The factors used in authentication systems or methods are based on one or more of these five factors:
- Something you know, such as a password or PIN
- Something you have, such as a smartcard, token, or identification device
- Something you are, such as your fingerprints or retinal pattern (often called biometrics)
- Somewhere you are (based on geolocation)
- Something you do, such as an action you must take to complete authentication
- The IEEE standard 802.1X defines port-based security for wireless network access control.
- Network access control (NAC) is a method to restrict access to the network based on identity or posture. A posture assessment is any evaluation of a system’s security based on settings and applications found.
- Kerberos is one part of a strategic security solution that provides secure authentication services to users, applications, and network devices. It eliminates the insecurities caused by passwords being stored or transmitted across the network.
- A public key infrastructure (PKI) is a collection of software, standards, and policies that are combined to allow users from the Internet or other unsecured public networks to securely exchange data.
- A public key is a nonsecret key that forms half of a cryptographic key pair that is used with a public key algorithm. The public key is freely given to all potential receivers.
- A private key is the secret half of a cryptographic key pair that is used with a public key algorithm. The private part of the public key cryptography system is never transmitted over a network.
- A certificate is a digitally signed statement that associates the credentials of a public key to the identity of the person, device, or service that holds the corresponding private key. Certificate authorities (CAs) issue and manage certificates. They validate the identity of a network device or user requesting data.
- A certificate revocation list (CRL) is a list of certificates that were revoked before they reached the certificate expiration date.
- In a full backup, all data is backed up. Full backups do not use the archive bit, but they do clear it.
- Incremental backups back up all data that has changed since the last full or incremental backup. They use and clear the archive bit.
- Unsecure protocols include Telnet, HTTP, SLIP, FTP, Trivial FTP (TFTP), and Simple Network Management Protocol version 1/2 (SNMPv1/v2).
- Physical security controls include access control vestibules (previously known as mantraps), video monitoring, proximity readers/key fob, keypad/cipher locks, biometrics, and security guards.
- A honeypot is a computer that has been designated as a target for computer attacks. A honeynet is an entire network set up to monitor attacks from outsiders.
- In role-based access control (RBAC), access decisions are determined by the roles that individual users have within the organization.
- Separation of duties policies are designed to reduce the risk of fraud and to prevent other losses in an organization. A good policy will require more than one person to accomplish key processes.
- Both RADIUS and TACACS+ provide authentication, authorization, and accounting services. One notable difference between TACACS+ and RADIUS is that TACACS+ relies on the connection-oriented TCP, whereas RADIUS uses the connectionless UDP.
- Risk management involves recognizing and acknowledging that risks exist and then determining what to do about them.
- Security information and event management (SIEM) products provide notifications and real-time analysis of security alerts and can help you head off problems quickly.
- Software programs or code snippets that execute when a certain predefined event occurs are known as logic bombs.
- Three types of penetration testing are unknown environment (the tester has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker), known environment (the tester has significant knowledge of the system, which simulates an attack from an insider–a rogue employee), and partially known environment (a middle ground between the first two types of testing).
- A buffer overflow is a type of denial-of-service (DoS) attack that occurs when more data is put into a buffer (typically a memory buffer) than it can hold, thereby overflowing it (as the name implies).


tailgating), walking in with them (known as piggybacking), or looking over someone’s shoulder at their screen (known as shoulder surfing).
- A rogue DHCP server added to a network has the potential to issue an address to a client, isolating it on an unauthorized network where its data can be captured.
- A rogue access point describes a situation in which a wireless access point has been placed on a network without the administrator’s knowledge.


phishing (pronounced “fishing”).
- With ransomware, software–often delivered through a Trojan horse–takes control of a system and demands that a third party be paid. Users are usually assured that by paying the extortion amount (the ransom), they will be given the code needed to revert their systems to normal operations.
- With DNS poisoning, the DNS server is given information about a name server that it thinks is legitimate when it isn’t.
- Spoofing is a technique in which the real source of a transmission, file, or email is concealed or replaced with a fake source.
- Deauthentication is also known as a disassociation attack. With this type of attack, the intruder sends a frame to the AP with a spoofed address to make it look as if it came from the victim that disconnects the user from the network.
- There are a number of ways to ascertain a password, but one of the most common is a brute-force attack in which one value after another is guessed until the right value is found.
- VLAN hopping, as the name implies, is an exploit of resources on a virtual LAN that is made possible because the resources exist on that virtual LAN.
- Network hardening includes the following: Use SNMPv3 instead of earlier versions; use Routers Advertisement Guard, Port Security and Dynamic ARP, control plane policing, and private VLANs; disable unneeded ports; disable unneeded services; change default passwords and avoid common passwords, patch and firmware upgrades, and management; use ACLs, and implement role-based access.


explicit deny), accept the connection, or allow the connection if conditions are met (such as it being secured). This last condition is the most difficult to configure, and conditions usually end with an implicit deny clause. An implicit deny clause means that if the proviso in question has not been explicitly granted, then access is denied.


geofence.
- Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet.

Network Troubleshooting
Table 11–Network Troubleshooting Methodology

 

Steps

Actions

Considerations

Identify the problem.

Gather information.

 

 

Question users.

 

 

Identify symptoms.

 

 

Determine whether anything has changed.

 

 

Duplicate the problem, if possible.

 

 

Approach multiple problems individually.

 

Establish a theory of probable cause.

Question the obvious.

 

 

Consider multiple approaches.

Top-to-bottom/bottom-to-top OSI model

 

 

Divide and conquer

Test the theory to determine cause.

After theory is confirmed, determine next steps to resolve problem.

 

 

If theory is not confirmed, reestablish new theory or escalate.

 

Establish a plan of action to resolve the problem and identify potential effects.

 

 

Implement the solution or escalate as necessary.

 

 

Verify full system functionality and, if applicable, implement preventative measures.

 

 

Document findings, actions, and outcomes.

 

 


netstat -a command can be used on a Windows-based system to see the status of ports. It is used to view both inbound and outbound TCP/IP network connections.
- ping 127.0.0.1. If this command is successful, you know that the TCP/IP suite is installed correctly on your system and is functioning.


tracert command reports how long it takes to reach each router in the path. It’s a useful tool for isolating bottlenecks in a network. The traceroute command performs the same task on UNIX and Linux systems.
- Address Resolution Protocol (ARP) is the part of the TCP/IP suite whose function is to resolve IP addresses to MAC addresses.


nbtstat is used to display protocol and statistical information for NetBIOS over TCP/IP connections.


ipconfig shows the IP configuration information for all NICs installed in a system.


ipconfig /all is used to display detailed TCP/IP configuration information.


ipconfig/renew is used on Windows operating systems to renew the system’s DHCP information.

ipconfig, you should ensure that the gateway is set correctly.

ifconfig command is the Linux equivalent of the ipconfig command.

nslookup command is a TCP/IP diagnostic tool used to troubleshoot DNS problems.
 

attenuation.
- A straight-through cable is used to connect systems to the switch or hub using the MDI-X (medium-dependent interface crossed) ports.
- When you have two dissimilar types of network media, a media converter is used to allow them to connect.
- When it comes to wireless, distance from the AP is one of the first things to check when troubleshooting AP coverage.
- Data rate refers to the theoretical maximum of a wireless standard, such as 1000 Mbps. Throughput refers to the actual speeds achieved after all implementation and interference factors.
- Punchdown tools are used to attach twisted-pair network cable to connectors within a patch panel. Specifically, they connect twisted-pair wires to the insulation displacement connector (IDC).
- Cable certifiers are used to test cables such as CAT7 and CAT8 and verify they meet specifications for frequency and speed.
- A wire crimper is a tool that you use to attach media connectors to the ends of cables.
- Wire strippers come in a variety of shapes and sizes. Some are specifically designed to strip the outer sheathing from coaxial cable, and others are designed to work with UTP cable. Wire snips are used to cleanly cut the cable.
- Voltage event recorders are used to monitor the quality of power used on the network or by network hardware.
- Toner probes are used to locate cables hidden in floors, ceilings, or walls and to track cables from the patch panel to their destination.
- Port scanners are software-based security utilities designed to search a network host for open ports on a TCP/IP-based network.
- A WiFi analyzer is used to identify Wi-Fi problems. It can be helpful in finding the ideal place for locating an access point or the ideal channel to use.
- Protocol analyzers can be hardware or software based. Their primary function is to analyze network protocols such as Transfer Control Protocol (TCP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and more.
- A time-domain reflectometer (TDR) is a device used to send a signal through a particular medium to check the cable’s continuity.
- An optical time-domain reflectometer (OTDR) performs the same basic function as a wire media tester, but on optical media.
- Packet sniffers are either hardware devices or software that eavesdrop on transmissions that are traveling throughout the network.
- Throughput testers identify the rate of data delivery over a communication channel.


dig command is used on a Linux, UNIX, or macOS system to perform manual DNS lookups.

tcpdump command is used on Linux/UNIX systems to print the contents of network packets.


iperf tool is used for active measurements of the maximum achievable bandwidth and used for network tuning.

- A NetFlow analyzer is used to collect IP network traffic as it enters or exits an interface and can identify such values as the source and destination of traffic, class of service, and causes of congestion.


- An IP scanner is any tool that can scan for IP addresses and related information. An administrator can use it to scan available ports, discover devices, and get detailed hardware and software information on workstations and servers to manage inventory.
 

route command, you display and modify the routing table on your Windows and Linux systems.


show. The show options include show interfaces, show config, and show ip route.

 



ADVERTISEMENT