Академический Документы
Профессиональный Документы
Культура Документы
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Wed, 09 Nov 2011 16:40:46 UTC
Contents
Articles
Network Plus Certification Introduction Objectives Technologies Common Protocols Common Ports Addressing Formats Addressing Methods Routing Protocols Routing Properties Wireless Cables Connectors Physical Topologies Wiring Standards Wide Area Networks Local Area Networks Logical Topologies Wiring Distribution Common Devices Specialized Devices Advanced Switching Wireless OSI Model Documentation Types Documentation Implementation Performance Monitoring Performance Optimization Troubleshooting Methodology Connectivity Issues Command Line Tools Software Tools Hardware Tools Security Devices 1 2 3 16 16 17 18 19 20 21 21 22 28 31 33 36 38 41 42 44 49 50 50 50 51 51 52 52 53 54 55 56 56 59
Firewalling Access Security User Authentication Device Security Threat Mitigation Memory Aids
60 61 62 63 64 65
References
Article Sources and Contributors Image Sources, Licenses and Contributors 66 67
Article Licenses
License 69
Book contents
Introduction Exam Objectives Domain 1: Network Technologies Domain 2: Network Media and Topologies Domain 3: Network Devices Domain 4: Network Management Domain 5: Network Tools Domain 6: Network Security Appendix A: Memory Aids
Resources
Related Wikibooks
A+ Certification CCNA Certification Communication Networks FOSS: Network Infrastructure and Security Wireless Home Network Basics
External links
Official CompTIA Network+ Certification Site [1]
References
[1] http:/ / certification. comptia. org/ network/
Introduction
Introduction
The Network+ Exam is just one exam, and for those who took it before January 1st, 2011, it never expires. (Those taking the test after that date must either retake it at a set interval or submit proof of their continuing education in networking. The COMPTIA website has more details.) It has 100 multiple-choice "situational and identification" questions. Basically, if you know your hardware and software, as well as know what to do in a given situation, you should pass. You are given 90 minutes to take the exam, which should be plenty if you are fully prepared. It's recommended by CompTIA that you already have an A+ Certification under your belt and at least nine months networking experience, but the only prerequisite for taking the exam is paying the exam fee ($240 US). Minimum passing score is 720 on a scale of 100-900, but that doesn't really mean what you think it means: some questions are worth more than others. The test is available in English, German, Japanese and Korean. While the A+ certification is definitely an industry standard and a prerequisite for many jobs, the Network+ is less so, but gaining in popularity. The goals of the Network+ Certification is to ensure that employers hire people who will not need to be trained in network fundamentals before being hired. A Network+ Certified tech should be able to make recommendations for installing or expanding a network, document and perform preventative maintenance on a network, and troubleshoot network problems as they arise. Having an A+ and Network+ Certification should mean that you are fully capable of being an on-site technical support person, a network administrator of a local area network, or a valuable asset to an enterprise-level networking team, but not exactly be running it.
Exam overview
The objectives of the Network+ exam are broken down into 6 categories: Network Technologies Understand the protocols used over a network and the ports they use, the addressing systems used on a network, and how a network can be implemented via wireless technologies. Network Media and Topologies Identify cables and connectors used to network computers together, understand the various manners in which a network can be physically laid out, and have knowledge of the standards used for communication within a network and between networks. Network Devices
Introduction Differentiate between the various devices used on a network and understand their function, installation, and configuration. Have deeper knowledge of the functions of a switch and the factors to consider when setting up a wireless network. Network Management Understand the different conceptual layers in the networking model, the need for proper network documentation, the process of troubleshooting network problems, and the options for increasing network performance. Network Tools Be aware of the command line, software, and hardware tools available for installation, testing, and troubleshooting networks. Network Security Know what hardware devices, software, and policies will ensure the security of the data and devices on a network and be aware of the corresponding threats they are designed to guard against. Have knowledge of the methods users can use to securely access a network and how their identities can be verified before granting access in the first place.
Objectives
Domain Network Technologies Network Media and Topologies Network Devices Network Management Network Tools Network Security Total % of Examination 20% 20% 17% 20% 12% 11% 100%
These objectives are up to date for the 2009 edition of the CompTIA Network+ exam. The Network+ certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate and configure basic network infrastructure, describe networking technologies, basic design principles, and adhere to wiring standards and use testing tools. The skills and knowledge measured by this examination were derived from an industry-wide job task analysis and validated through an industry-wide global survey in Q2 2008. The results of this survey were used in weighing the domains and ensuring that the weighting is representative of the relative importance of the content. The table to the right lists the domains measured by this examination and the extent to which they are represented. Network+ exams are based on these objectives. Note: The bulleted lists below each objective are not exhaustive lists. Even though they are not included in this document, other examples of technologies, processes, or tasks pertaining to each objective may also be included on the exam.
Objectives
Identify commonly used TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) default ports:
Objective 1.2 TCP (Transmission Control Protocol) ports: 20 - FTP (File Transfer Protocol) 21 - FTP (File Transfer Protocol) 22 - SSH (Secure Shell) 23 - Telnet 25 - SMTP (Simple Mail Transfer Protocol) 53 - DNS (Domain Name System) 80 - HTTP (Hypertext Transfer Protocol) 110 - POP3 (Post Office Protocol version 3) 123 - NTP (Network Time Protocol) 143 - IMAP4 (Internet Message Access Protocol version 4) 443 - HTTPS (Hypertext Transfer Protocol Secure)
UDP (User Datagram Protocol) ports: 53 - DNS (Domain Name System) 67 - BOOTPS/DHCP (Bootstrap Protocol/Dynamic Host Configuration Protocol) 69 - TFTP (Trivial File Transfer Protocol)
Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes:
Objective 1.4 Addressing Technologies: Subnetting Classful vs. classless - e.g. CIDR (Classless Inter-Domain Routing), Supernetting NAT (Network Address Translation) PAT (Port Address Translation)
SNAT (Static Network Address Translation) Public vs. private DHCP (Dynamic Host Configuration Protocol) - static, dynamic APIPA (Automatic Private Internet Protocol Addressing) Addressing schemes: Unicast Multicast Broadcast
Identify common IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) routing protocols:
Objective 1.5 Link state: OSPF (Open Shortest Path First) IS-IS (Intermediate System - Intermediate System) Distance vector: RIP (Routing Information Protocol) RIPv2 (Routing Information Protocol version 2) BGP (Border Gateway Protocol) Hybrid: EIGRP (Enhanced Interior Gateway Routing Protocol)
Objectives
Authentication and encryption: WPA (Wi-Fi Protected Access) WEP (Wired Equivalent Privacy) RADIUS (Remote Authentication Dial In User Service) TKIP (Temporal Key Integrity Protocol)
RG-59 RG-6 Serial Plenum vs. Non-plenum Properties: Transmission speeds Distance Duplex Noise immunity - security, EMI (Electromagnetic Interference) Frequency
Objectives
ATM (Asynchronous Transfer Mode) SONET (Synchronous Optical Networking) MPLS (Multiprotocol Label Switching)
Objectives ISDN BRI (Integrated Services Digital Network Basic Rate Interface) ISDN PRI (Integrated Services Digital Network Primary Rate Interface) POTS (Plain Old Telephone Service) PSTN (Public Switched Telephone Network)
Properties: CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Broadcast Collision Bonding Speed Distance
Objectives
Objectives
10
Objectives
11
Conduct network monitoring to identify performance and connectivity issues using the following:
Objective 4.4 Network monitoring utilities (e.g. packet sniffers, connectivity software, load testing, throughput testers) System logs, history logs, event logs
Reasons: Latency sensitivity High bandwidth applications VoIP (Voice over Internet Protocol) Video applications Uptime
Objectives
12
Given a scenario, troubleshoot common connectivity issues and select an appropriate solution:
Objective 4.7 Physical issues: Crosstalk Near End crosstalk Attenuation Collisions Shorts Open impedance mismatch (echo) Interference
Logical issues: Port speed Port duplex mismatch Incorrect VLAN (Virtual Local Area Network) Incorrect IP (Internet Protocol) address Wrong gateway Wrong DNS (Domain Name System) server Wrong subnet mask
Issues that should be identified but escalated: Switching loop Routing loop Route problems Proxy arp Broadcast storms
Wireless issues: Interference (bleed, environmental factors) Incorrect encryption Incorrect channel Incorrect frequency ESSID (Enhanced Service Set Identifier) mismatch Standard mismatch (802.11 a/b/g/n) Distance Bounce Incorrect antenna placement
Objectives
13
Objectives
14
Objectives
15
Mitigation techniques: Policies and procedures User training Patches and updates
Technologies
16
Technologies
The Network Technologies Domain consists of 20% of the CompTIA Network+ exam. Objective 1.1: Common Protocols Objective 1.2: Common Ports Objective 1.3: Addressing Formats Objective 1.4: Addressing Methods Objective 1.5: Routing Protocols Objective 1.6: Routing Properties Objective 1.7: Wireless
Common Protocols
Objective 1.1: Explain the function of common networking protocols
In computing, a protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection. While protocols can vary greatly in purpose and sophistication, most specify one or more of the following properties: Detection of the underlying physical connection (wired or wireless), or the existence of the other endpoint or node Handshaking (dynamically setting parameters of a communications channel) Negotiation of various connection characteristics How to start and end a message How to format a message What to do with corrupted or improperly formatted messages (error correction) How to detect unexpected loss of the connection, and what to do next Termination of the session and or connection.
Common Protocols
17
DNS, TFTP, TLS/SSL, FTP, HTTP, IMAP4, POP3, SIP, SMTP, SNMP, SSH, Telnet, RTP TCP, UDP IP (IPv4, IPv6), ICMP, IGMP ARP
Common Ports
Objective 1.2: Identify commonly used TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) default ports
See Objective 1.1: Common Protocols for information on the protocols that communicate using these ports.
Addressing Formats
18
Addressing Formats
Objective 1.3: Identify the following address formats
Addressing Formats
19
Addressing Methods
Objective 1.4: Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes
Addressing Technologies
Subnetting
Addressing schemes
Addressing Methods
20
Addressing Schemes
Unicast
Multicast
Broadcast
Routing Protocols
Objective 1.5: Identify common IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) routing protocols
Routing Properties
21
Routing Properties
Objective 1.6: Explain the purpose and properties of routing
Wireless
Objective 1.7: Compare the characteristics of wireless communication standards
IEEE 802.11
802.11a Speed Distance Channels Frequency 802.11b 802.11g 802.11n 600 Mbit/s
35 meters 38 meters 100 meters 300 meters 24 5 GHz 11 2.4 GHz 11 2.4 GHz 24 2.4/5 GHz
Wireless
22
Cables
Objective 2.1: Categorize standard cable types and their properties
Category 3
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 3 was a popular cabling format among computer network administrators in the early 1990s, but fell out of popularity in favor of the very similar, but higher performing, Category 5 standard. Cat 3 is currently still in use in two-line telephone systems, and can easily be adapted to run Voice over Internet Protocol (as long as a dedicated local area network for the telephones is created). Transmission speed: up to 10 Mbit/s Distance: 100 meters Duplex (two-way communication): Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below
23
Category 5
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 5 cable includes four twisted pairs in a single cable jacket. This use of balanced lines helps preserve a high signal-to-noise ratio despite interference from both external sources and other pairs (this latter form of interference is called crosstalk). Transmission speed: up to 100 Mbit/s Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 100 MHz
Category 5e
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 5e cable is an enhanced version of Category 5 that adds specifications for far end crosstalk. Transmission speed: up to 1000 Mbit/s (also known as 1 Gbit/s) Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 350 MHz
Category 6
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 6 features more stringent specifications for crosstalk and system noise than Category 5e. Transmission speed: up to 10 Gbit/s Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 250 MHz (500 MHz for Category 6a)
Cables
24
Cables
25
Multimode fiber
In fiber-optic communication, a multimode fiber is a type of optical fiber mostly used for communication over shorter distances, such as within a building or on a campus. More than one signal can be transmitted at a time by bouncing the light off of the walls of the core because of the size of its core, greater than 10 microns. It can be made of glass or plastic, as the tolerances required over shorter distances allow for the use of plastic. The shorter distance also allows for the use of a laser or a less expensive LED (light emitting diode) as the source of light traveling through the fiber.
Speed
Distance
Duplex: Full (one fiber each direction) Noise immunity: not susceptible to electromagnetic interference
Cables
26
Single-mode fiber
In fiber-optic communication, a single-mode optical fiber (SMF) is an optical fiber designed to carry only a single ray of light (mode) over a great distance. Its core measures 8-10 microns and allows for less dispersion of light than multimode fiber. It requires the use of a laser in order to reach long distances at high speeds. Transmission speed: up to 10 Gbit/s Distance: 40 kilometers Duplex: Full (one fiber each direction) Noise immunity: not susceptible to electromagnetic interference
The structure of a typical single-mode fiber. 1. Core: 8 m diameter 2. Cladding: 125 m dia. 3. Buffer: 250 m dia. 4. Jacket: 400 m dia.
Coaxial cable
RG-59
RG-59 is a specific type of coaxial cable, often used for low-power video signal connections. Its high-frequency losses are too great to allow its use over long distances; in these applications, RG-6 (see below) is used instead. RG-59 coaxial cable is commonly packed-in with consumer equipment, such as VCRs or digital cable/satellite receivers. Manufacturers tend to include only RG-59 cables because of its low cost (when compared to RG-6). However, given the short lengths provided (usually 4-6 feet / 1.2-1.8 m), this is generally sufficient for its typical use.
A section of RG-59 cable with its end stripped. A: outer plastic sheath B: copper braid shield C: inner dielectric insulator D: copper core
Cables
27
RG-6
RG-6 is a common type of coaxial cable used in a wide variety of residential and commercial applications. The most commonly-recognized variety of RG-6 is cable television(CATV) distribution coax, used to route cable television signals to and within homes, and RG-6 type cables have become the standard for CATV, mostly replacing the smaller RG-59.
Serial cable
A serial cable is a cable that can be used to transfer information between two devices using serial communication, often using the RS-232 standard. Serial cables may use connectors with 9 or 25 pins, but other connectors are used.
Connectors
28
Connectors
Objective 2.2: Identify common connector types
position 1 2 3 4 5 6
RJ25 pin 1 2 3 4 5 6
RJ14 pin
RJ11 pin
Pair 3
T/R T T R T R R
+ + +
1 2 3 4 1 2
2 1 1 2 3
Connectors
29
Connectors
30
ST (Straight Tip)
A fiber-optic connector with a socket that is locked in place with a bayonet lock. ST was the first de-facto standard for fiber-optic cabling, and has since been made an official standard.
Connectors
31
Physical Topologies
Objective 2.3: Identify common physical network topologies
A topology is basically a way to organize the network. The physical topology is the way you physically lay out the network, like a map, and the logical topology is the way the information flows on the network. Usually, the physical and logical topology is the same, but sometimes they can differ, such as in a physical star/logical ring topology.
Star
Network where all nodes are connected to a centralized point (Hub or switch). Used with: 10BaseT, 100BaseTX Pros: Cheap, easy setup and maintenance, reliable, and fault tolerant. Common wired standards of today. Cons: In a given collision domain (a hub-based network segment), all nodes receive the same signal, giving rise to collisions and security concerns.
Physical Topologies
32
Mesh
Mesh networks differ from other networks in that the different parts can all connect to each other via multiple hops. This allows for rerouting around broken paths by taking an alternate path to the destination. If all nodes in a mesh network are connected to every other node in the network, the network is known as fully connected. Used with: WANs (Wide Area Networks), including the Internet. Pros: Best fault tolerance available. If one node fails, the network still runs. With some router protocols, traveling packets automatically find the quickest path to take in the network, given the meshed routes. Cons: Complicated, expensive, and difficult to set up.
Bus
Network in straight, linear sequence of nodes, terminated on both ends. Used with: 10BASE5 (Thicknet), 10BASE2 (Thinnet) Pros: Good for small networks. Now considered obsolete. Cons: More expensive than the common *BaseT of today. Like Ring-based networks, if one node fails, the entire network goes down. Difficult to troubleshoot. Cables need to be terminated on both ends with terminating devices.
Bus network layout
Ring
Network in the form of a ring, where the packets (tokens) move to the next node in the ring. Only one node has the token at any one time. This is usually a logical token ring with a physical star topology. Used with: FDDI (Fiber Distributed Data Interface) and Token Ring Pros: Low signal degeneration. Since only one node can pass the token at any one time, it inherently reduces collisions significantly. Cons: Expensive. Difficult to find a problem segment. If one node fails, whole network goes down. Dual-ring implementations provide redundancy and makes failures less likely.
Ring network layout
Physical Topologies
33
Point-to-point
A switch provides a series of point-to-point circuits, via microsegmentation, which allows each client node to have a dedicated circuit and the added advantage of having full duplex connections.
Point-to-multipoint
A hub provides a point-to-multipoint (or simply multipoint) circuit which divides the total bandwidth supplied by the hub among each connected client node. This topology is seen in ATM (Asynchronous Transfer Mode) and Frame Relay links, as well as X.25 networks when used as links for a network layer protocol like IP (Internet Protocol).
Hybrid
Hybrid networks use a combination of any two or more topologies in such a way that the resulting network does not exhibit one of the standard topologies (e.g., bus, star, ring, etc.). For example, a tree network connected to a tree network is still a tree network, but two star networks connected together exhibit a hybrid network topology. A hybrid topology is always produced when two different basic network topologies are connected. Two common examples for Hybrid network are: star ring network and star bus network A Star Ring network consists of two or more star topologies connected using a MAU (Media Access Unit) as a centralized hub. A Star Bus network consists of two or more star topologies connected using a bus trunk (the bus trunk serves as the network's backbone).
Wiring Standards
Objective 2.4: Given a scenario, differentiate and implement appropriate wiring standards
Wiring Standards
34
3 2 tip white/green stripe white/orange stripe
Wiring Standards
35
Gigabit crossover
Pin 1 Connection 1 pair 2 Connection 2 pair 3 white/orange stripe white/green stripe 2 2 3 orange solid 3 3 2 white/green stripe 4 1 4 blue solid 5 1 4 white/blue stripe 6 3 2 green solid 7 4 1 white/brown stripe blue solid 8 4 1 brown solid white/blue stripe orange solid brown solid white/brown stripe white/orange stripe green solid Connection 1 Connection 2 Pins on plug face (jack is reversed)
Rollover
A rollover cable (also known as Cisco console cable) is a type of null modem cable that is most commonly used to connect a computer terminal to a router's console port. This cable is typically flat (and has a light blue color) to help distinguish it from other types of network cabling. It gets the name rollover because the pinouts on one end are reversed from the other, as if the wire had been rolled over and you were viewing it from the other side.
Loopback
The term loopback is generally used to describe methods or procedures of routing electronic signals, digital data streams, or other flows of items, from their originating facility quickly back to the same source entity without intentional processing or modification. This is primarily intended as a means of testing the transmission infrastructure. All TCP/IP (Transmission Control Protocol/Internet Protocol) implementations support a loopback device, which is a virtual network interface implemented in software only and not connected to any hardware, but which is fully integrated into the computer system's internal network infrastructure. Any traffic that a computer program sends to the loopback interface is immediately received on the same interface. A loopback interface has several uses. It may be used by network client software on a computer to communicate with server software on the same computer. For example, a computer running a web server can point a web browser to the loopback address to access that computer's own web site. This works without any actual network connectionso it is useful for testing services without exposing them to security risks from remote network access. Likewise, pinging the loopback interface is a basic test of the functionality of the IP (Internet Protocol) stack in the operating system.
36
Frame relay
In the context of computer networking, frame relay consists of an efficient data transmission technique used to send digital information. It is a message forwarding "relay race" like system in which data packets, called frames, are passed from one or many start-points to one or many destinations via a series of intermediate node points. Network providers commonly implement frame relay for voice and data as an encapsulation technique, used between Local Area Networks over a Wide Area Network. Each end-user gets a private line (or leased line) to a frame-relay node. The frame-relay network handles the transmission over a frequently-changing path transparent to all end-users.
The designers of frame relay aimed at a telecommunication service for cost-efficient data transmission for intermittent traffic between local area networks and between end-points in a wide area network. Frame relay puts data in variable-size units called "frames" and leaves any necessary error correction (such as retransmission of data) up to the end points. This speeds up overall data transmission. For most services, the network provides a PVC (Permanent Virtual Circuit), which means that the customer sees a continuous, dedicated connection without having to pay for a full-time leased line, while the service provider figures out the route each frame travels to its destination and can charge based on usage. Frame relay relays packets at the data link layer (layer 2) of the OSI (Open Systems Interconnection) model rather than at the network layer (layer 3). Speed: Frame relay complements and provides a mid-range service between basic rate ISDN (Integrated Services Digital Network), which offers bandwidth at 128 kbit/s, and ATM (Asynchronous Transfer Mode), which operates in somewhat similar fashion to frame relay but at speeds from 155.520 Mbit/s to 622.080 Mbit/s. Packet switched
37
Cable modem
The term cable Internet access refers to the delivery of Internet service over this infrastructure. The proliferation of cable modems, along with DSL technology, has enabled broadband Internet access in many countries. Bandwidth of business cable modem service typically range from 3 Mbit/s up to 30 Mbit/s or more. The upstream bandwidth on residential cable modem service usually ranges from 384 kbit/s to 6 Mbit/s or more. Speed: 38.0/10.0 Mbit/s (DOCSIS v1.0), 40/30 Mbit/s (DOCSIS v2.0), 160/120 Mbit/s (DOCSIS v3.0)
Satellite
Speed: 16/1 Mbit/s
Wireless
Network where all nodes communicate via radio waves directly to each other (ad-hoc mode), or to a router (infrastructure mode): Distance: 30 meters Speed: 11 Mbit/s (802.11b), 54 Mbit/s (802.11a, 802.11g), 300 Mbit/s (802.11n)
38
Ethernet
Ethernet is a family of frame-based computer networking technologies for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the Physical Layer of the OSI networking model, through means of network access at the Media Access Control (MAC) /Data Link Layer, and a common addressing format. Ethernet is standardized as IEEE 802.3. The combination of the twisted pair versions of Ethernet for connecting end systems to the network, along with the fiber optic versions for site backbones, is the most widespread wired LAN technology. It has been in use from around 1980[1] to the present, largely replacing competing LAN standards such as token ring, FDDI, and ARCNET. Ethernet was originally based on the idea of computers communicating over a shared coaxial cable acting as a broadcast transmission medium. The methods used show some similarities to radio systems, although there are fundamental differences, such as the fact that it is much easier to detect collisions in a cable broadcast system than a radio broadcast. The common cable providing the communication channel was likened to the ether and it was from this reference that the name "Ethernet" was derived. From this early and comparatively simple concept, Ethernet evolved into the complex networking technology that today underlies most LANs. The coaxial cable was replaced with point-to-point links connected by Ethernet hubs
Local Area Networks and/or switches to reduce installation costs, increase reliability, and enable point-to-point management and troubleshooting. StarLAN was the first step in the evolution of Ethernet from a coaxial cable bus to a hub-managed, twisted-pair network. The advent of twisted-pair wiring dramatically lowered installation costs relative to competing technologies, including the older Ethernet technologies. Above the physical layer, Ethernet stations communicate by sending each other data packets, blocks of data that are individually sent and delivered. As with other IEEE 802 LANs, each Ethernet station is given a single 48-bit MAC address, which is used to specify both the destination and the source of each data packet. Network interface cards (NICs) or chips normally do not accept packets addressed to other Ethernet stations. Adapters generally come programmed with a globally unique address, but this can be overridden, either to avoid an address change when an adapter is replaced, or to use locally administered addresses. Despite the significant changes in Ethernet from a thick coaxial cable bus running at 10 Mbit/s to point-to-point links running at 1 Gbit/s and beyond, all generations of Ethernet (excluding early experimental versions) share the same frame formats (and hence the same interface for higher layers), and can be readily interconnected. Due to the ubiquity of Ethernet, the ever-decreasing cost of the hardware needed to support it, and the reduced panel space needed by twisted pair Ethernet, most manufacturers now build the functionality of an Ethernet card directly into PC motherboards, eliminating the need for installation of a separate network card.
39
10BaseT
Speed: 10 Mbit/s Medium: Category 3 twisted-pair copper cable Distance: 100 meters
100BaseTX
Speed: 100 Mbit/s Medium: Category 5 twisted-pair copper cable Distance: 100 meters
100BaseFX
Speed: 100 Mbit/s Medium: Multimode optical fiber Distance: 2 kilometers
1000BaseT
Speed: 1000 Mbit/s (also known as 1 Gbit/s) Medium: Category 5e twisted-pair copper cable Distance: 100 meters
40
1000BaseX
Speed: 1000 Mbit/s (also known as 1 Gbit/s) Medium: Multimode optical fiber, Single-mode optical fiber Distance: 550 meters (Multimode), 2 kilometers (Single-mode)
10GBaseT
Speed: 10 Gbit/s Medium: Category 6 twisted-pair copper cable Distance: 100 meters
10GBaseSR/10GBaseSW
"Short range" 10GBaseSW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same type of fiber and supports the same distances as 10GBaseSR. Speed: 10 Gbit/s Medium: Multimode optical fiber Distance: 26 meters, 82 meters, 300 meters; depending on cable type
10GBaseLR/10GBaseLW
"Long range" 10GBaseLW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same types of fiber and supports the same distance as 10GBaseLR. Speed: 10 Gbit/s Medium: Single-mode optical fiber Distance: 10 kilometers
10GBaseER/10GBaseEW
"Extended range" 10GBaseEW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same type of fiber and supports the same distance as 10GBaseER. Speed: 10 Gbit/s Medium: Single-mode optical fiber Distance: 40 kilometers
Logical Topologies
41
Logical Topologies
Objective 2.7: Explain common logical network topologies and their characteristics
A topology is basically a way to organize the network. The physical topology is the way you physically lay out the network, like a map, and the logical topology is the way the information flows on the network. Usually, the physical and logical topology is the same, but sometimes they can differ, such as in a physical star/logical ring topology.
Peer to peer
A peer-to-peer (P2P) computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. P2P networks are typically used for connecting end users via largely decentralized connections. Such networks are useful for many purposes. Sharing content files containing audio, video, data or anything in digital format is very common, and real time data, such as telephony traffic, is also passed using P2P technology. A pure P2P network does not have the notion of clients or servers but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This A peer-to-peer based network. model of network arrangement differs from the client/server model (see below) where communication is usually to and from a central server. A typical example of a file transfer that is not P2P is an FTP (File Transfer Protocol) server where the client and server programs are quite distinct: the clients initiate the download/uploads, and the servers react to and satisfy these requests.
Client/server
Client-server describes the relationship between two computer programs in which one program, the client program, makes a service request to another, the server program. Standard networked functions such as email exchange, web access and database access, are based on the client-server model. For example, a web browser is a client program at the user computer that may access information at any web server in the world. To check your bank account from your computer, a web browser client program in your computer forwards your request to a web server program at the bank. That program may in turn forward the request to its own database client program that sends a request to a database server at another bank computer to retrieve your account balance. The balance is returned to the bank database client, which in turn serves it back to the web browser client in your personal computer, which displays the information for you.
Logical Topologies The client-server model has become one of the central ideas of network computing. Most business applications being written today use the client-server model. So do the Internet's main application protocols, such as HTTP (Hypertext Transfer Protocol), SMTP (Simple Mail Transfer Protocol), Telnet, and DNS (Domain Name System), among others. Specific types of clients include web browsers, email clients, and online chat clients. Specific types of servers include web servers, FTP (File Transfer Protocol) servers, application servers, database servers, mail servers, file servers, and print servers..
42
Wiring Distribution
Objective 2.8: Install components of wiring distribution
66 block
A 66 block has a maximum 16 MHz Category 3 signaling compatibility.
A 66 punch block.
Wiring Distribution
43
110 block
A 110 block a maximum 100 MHz Category 5 signaling compatibility.
Wiring Distribution
44
25 pair
This is a cable from a telephone company's lines containing 25 twisted pairs that is then punched down into a 66 block (see above).
100 pair
This is a cable from a telephone company's lines containing 100 twisted pairs that is then punched down into a 110 block (see above).
25-pair, 50 conductors.
Common Devices
Objective 3.1: Install, configure, and differentiate between common network devices
Computer networking devices are units that mediate data in a computer network and are also called network equipment. Units which are the last receiver or generate data are called hosts or data terminal equipment.
Network switches
Hub
Hubs connect computers together in a star topology network. Due to their design, they increase the chances for collisions. Hubs operate in the physical layer of the OSI model and have no intelligence. Hubs flood incoming packets to all ports all the time. For this reason, if a network is connected using hubs, the chances of a collision increases linearly with the number of computers (assuming equal bandwidth use). Hubs pose a security risk since all packets are flooded to all ports all the time. If a user has packet sniffing software, they can extract data from the network and potentially decode it and use it. Hubs make it easy to "spy" on users on the same LAN as you.
Common Devices
45
Repeater
A repeater is an electronic device that receives a signal and retransmits it at a higher level and/or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances without degradation. Because repeaters work with the actual physical signal, and do not attempt to interpret the data being transmitted, they operate on the physical layer, the first layer of the OSI model.
Modem
Modem (from modulator-demodulator) is a device that turns the digital 1s and 0s of a personal computer into sounds that can be transmitted over the telephone lines of Plain Old Telephone Systems (POTS), and once received on the other side, converts those sounds back into a form used by a USB, Ethernet, serial, or network connection. Modems are generally classified by the amount of data they can send in a given time, normally measured in bits per second, or "bps".
A wireless repeater.
Media converters
Media converters are simple networking devices that make it possible to connect two dissimilar media types such as twisted pair with fiber optic cabling. They were introduced to the industry nearly two decades ago, and are important in interconnecting fiber optic cabling-based systems with existing copper-based, structured cabling systems. Media converters support many different data communication protocols including Ethernet, T1/E1, T3/E3, as well as multiple cabling types such as coaxial, twisted pair, multimode and single-mode fiber optics. When expanding the reach of a Local Area Network to span multiple locations, media converters are useful in connecting multiple LANs to form one large "campus area network" that spans over a limited geographic area. As local networks are primarily copper-based, media converters can extend the reach of the LAN over single-mode fiber up to 130 kilometers with 1550 nm optics.
Common Devices
46
Basic switch
Switches are often confused with bridges because they also operate at the data link layer of the OSI model. Similar to a hub, switches provide a central connection between two or more computers on a network, but with some intelligence. They provide traffic control for packets; rather than forwarding data to all the connected ports, a switch forwards data only to the port on which the destination system is connected. They use a database of MAC addresses to determine where computers are located and very efficiently send packets only where they need to go. The database is created dynamically as computers communicate on the network. The switch simply watches the incoming packets and memorizes the MAC address and port a packet arrives on. If a packet arrives with a destination computer that the switch does not have an address for in its MAC address table, it will flood the packet out all connected ports. A switch creates separate collision domains for each physical connection. A switch will only create separate broadcast domains if separate VLANs (Virtual Local Area Networks) are assigned to different ports on the switch. Otherwise, a broadcast received on one port will be flooded out all ports except the one it came in on.
Bridge
Bridges can be identified by the fact that they operate at the data link layer of the OSI model. Bridges have intelligence and can "bridge" two of their ports together at very high speed. They use a database of MAC addresses to determine where computers are located and very efficiently send frames only where they need to go. The database is created dynamically as computers communicate on the network. A bridge simply watches the incoming frame and memorizes the MAC address and port a frame arrives on. It uses this information to locate a computer if a packet comes in that must be forwarded to it. If a frame arrives at the bridge and the bridge does not know where to send it, the bridge will flood the frame just like a hub does. Bridging is often inaccurately called switching.
Common Devices
47
Basic router
Routers operate at the network layer of the OSI model and efficiently route information between Local Area Networks. Since routers operate in the third layer, the network layer, they must understand layer 3 addressing... such as TCP/IP. A router will divide a broadcast domain by not forwarding broadcasts on one connected network to another connected network. Routers operate in two different planes: the control plane, in which the router learns the outgoing interface that is most appropriate for forwarding specific packets to specific destinations, and the forwarding plane, which is responsible for the actual process of sending a packet received on a logical interface to an outbound logical interface.
Common Devices
48
Basic firewall
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages entering or leaving the Local Area Network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed.
Specialized Devices
49
Specialized Devices
Objective 3.2: Identify the functions of specialized network devices
Proxy server
A proxy server is a server that makes Internet connections on behalf of the client PCs. All the requests for Internet access that are made by a client on a network are executed by the proxy server. In other words, a proxy server acts as a point of contact between a private network and a public network such as the Internet. Using a proxy improves the control administrators have over the network because proxies can be configured, among other things, to prohibit access to non-business-related sites or to restrict Internet access to groups that do not need it. Also the overall performance of the network is increased due to the proxy's ability to cache the pages that users view the most. Another advantage is the record keeping capabilities of the proxy server. This is used by organizations to monitor the use employees make of the Internet, as it records the requests made along with the time and duration of those requests.
Advanced Switching
50
Advanced Switching
Objective 3.3: Explain the advanced features of a switch
Wireless
Objective 3.4: Implement a basic wireless network
OSI Model
Data unit Host Data layers Layer Function 7. Application Network process to application 6. Presentation Data representation and encryption 5. Session Segment Media Packet layers Frame Bit 4. Transport 3. Network 2. Data Link 1. Physical Interhost communication End-to-end connections and reliability Path determination and logical addressing Physical addressing Media, signal and binary transmission
Objective 4.1: Explain the function of each layer of the OSI (Open Systems Interconnection) model
The Open Systems Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the Application, Presentation, Session, Transport, Network, Data Link, and Physical Layers. It is therefore often referred to as the OSI Seven Layer Model. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives service from the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. Reference Appendix A: Memory Aids to assist in the recall of the layers in the correct order.
OSI Model
51
Application
The application layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network resources for the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer.
Documentation Types
Objective 4.2: Identify types of configuration management documentation
Wiring schematics
Wiring schematics are drawings of where all the wires and circuits are. It also shows where and how they are connected. A wiring schematic is used to troubleshoot problems and to make sure that all the connections have been made and that everything is present. It assists in the replacement of cabling in case of a short circuit and eases the process of determining where new wires can be installed when additional capacity is needed.
Documentation Implementation
Objective 4.3: Given a scenario, evaluate the network based on configuration management documentation
Performance Monitoring
52
Performance Monitoring
Objective 4.4: Conduct network monitoring to identify performance and connectivity issues
Throughput testers
A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time). On a network, a throughput tester sends a specific amount of data through the network and measures the time it takes to transfer that data, arriving at a measure of the actual bandwidth. Use a throughput tester to validate the bandwidth on your network, and to identify when the bandwidth is significantly below what it should be. Note: A throughput tester can help you identify when a network is slow, but does not give you sufficient information to identify why it is slow.
Logs
Performance Optimization
Objective 4.5: Explain different methods and rationales for network performance optimization
Troubleshooting Methodology
53
Troubleshooting Methodology
Objective 4.6: Given a scenario, implement the following network troubleshooting methodology
These steps should be followed in the order that they appear.
Troubleshooting Methodology
54
Connectivity Issues
Objective 4.7: Given a scenario, troubleshoot common connectivity issues and select an appropriate solution
Physical issues
Crosstalk
Crosstalk refers to any phenomenon by which a signal transmitted on one circuit or channel of a transmission system creates an undesired effect in another circuit or channel. This can occur within the different pairs of wires in a cable and is mitigated by using twisted pair cabling. In a wireless environment, two different wireless access points that are broadcasting on channels too close together in frequency can reduce the quality of the connection between themselves and wireless users. In telecommunications, crosstalk is often distinguishable as pieces of speech or signaling tones leaking from other people's connections. If the connection is analog, twisted pair cabling can often be used to reduce the effects of crosstalk. Alternatively, the signals can be converted to digital form, which is much less susceptible to crosstalk.
Logical issues
Port duplex mismatch
A duplex mismatch occurs when two devices are using different duplex settings. In this case, one device will try to transmit using full duplex, while the other will expect half duplex communications. By default, devices are configured to use autonegotiation to detect the correct duplex setting to use. If a duplex method cannot be agreed upon, devices should default to using half duplex. A duplex mismatch can occur in the following cases: Both devices are configured to use different duplex settings. Autonegotiation does not work correctly on one device. One device is configured for autonegotiation and the other device is manually configured for full duplex. Symptoms of a duplex mismatch include very slow network communications. Ping tests might appear to complete correctly, but normal communications work well below the expected speeds, even for half duplex communications.
Connectivity Issues
55
Wrong gateway
If the gateway is configured incorrectly, remote clients can't access network resources, local hosts can't access the Internet and they can't access hosts outside the local subnet.
Software Tools
56
Software Tools
Objective 5.2: Explain the purpose of network scanners
Hardware Tools
Objective 5.3: Given a scenario, utilize the appropriate hardware tools
Cable testers
Hardware Tools
57
Multimeter
Toner probe
Cable stripper
Hardware Tools
58
Snips
Temperature monitor
Security Devices
59
Security Devices
Objective 6.1: Explain the function of hardware and software security devices
Network-based firewall
Network based firewalls monitor traffic on the entire network segment, meaning an administrator monitors and controls firewall services from a central location.
Host-based firewall
Host based firewalls is installed on an individual system and monitors and controls inbound and outbound traffic for just that system.
Software firewall
Firewalling
60
Firewalling
Objective 6.2: Explain common features of a firewall
Firewalling
61
Content filtering
Many workplaces, schools, and colleges restrict the web sites and online services that are made available in their buildings. This is done with a specialized proxy, called a content filter. Requests made to the open Internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns with associated content attributes. This database is updated weekly by site-wide subscription, much like a virus filter subscription. The administrator instructs the web filter to ban broad classes of content (such as sports, pornography, online shopping, gambling, or social networking). Requests that match a banned URL pattern are rejected immediately. Assuming the requested URL is acceptable, the content is then fetched by the proxy. At this point a dynamic filter may be applied on the return path. For example, JPEG files could be blocked based on flesh tone matches, or language filters could dynamically detect unwanted language. Web filtering proxies are not able to peer inside secure HTTP transactions. As a result, users wanting to bypass web filtering will typically search the internet for an open and anonymous HTTPS proxy. They will then program their browser to proxy all requests through the web filter to this anonymous proxy. Those requests will be encrypted. The web filter cannot distinguish these transactions from, say, a legitimate access to a financial website. Thus, content filters are only effective against unsophisticated users.
Access Security
Objective 6.3: Explain the methods of network access security
Access Security
62
User Authentication
Objective 6.4: Explain methods of user authentication
Kerberos
Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner, and also a suite of free software published by Massachusetts Institute of Technology (MIT) which implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping or replay attacks.
User Authentication
63
Device Security
Objective 6.5: Explain issues that affect device security
Physical security
Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts. It can be as simple as a locked door or as elaborate as multiple layers of armed security guards and guardhouses. In a well designed system, these features must complement each other. There are at least four layers of physical security: Environmental design Mechanical and electronic access control Intrusion detection Video monitoring
The goal is to convince potential attackers that the likely costs of attack exceed the value of making the attack.
Device Security
64
Secure Method SSH (Secure Shell) HTTPS (Hypertext Transfer Protocol Secure) SFTP (Secure File Transfer Protocol)
Unsecure Method Telnet and RSH (Remote Shell) HTTP (Hypertext Transfer Protocol) FTP (File Transfer Protocol)
SNMPv3 (Simple Network Management Protocol version 3) SNMPv1/2 (Simple Network Management Protocol version 1 or 2) SCP (Secure Copy Protocol) RCP (Remote Copy Protocol)
Threat Mitigation
Objective 6.6: Identify common security threats and mitigation techniques
Security threats
DoS (Denial of Service)
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Routers may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them. However, the trend among the attacks is to have legitimate content but bad intent. Intrusion-prevention systems which work on content recognition cannot block behavior based DoS attacks.
Viruses
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously.
Threat Mitigation In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them. As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.
65
Mitigation techniques
Memory Aids
OSI Model
A Priest Saw Two Nuns Doing Push-ups
Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Please
Do
Not
Throw
Sausage
Pizza
Away
Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer
Please
Do
Not
Touch
Steve's
Pet
Alligator
Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer
Pew
Dead
Ninja
Turtles
Smell
Particularly
Awful
Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer
All
People
Seem
To
Need
Data
Processing
Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
All
People
Should
Try
New
Diet
Pepsi
Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
66
67
68
License
69
License
Creative Commons Attribution-Share Alike 3.0 Unported //creativecommons.org/licenses/by-sa/3.0/