N10-004

CERTIFICACIN DE NETWORK PLUS

PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Wed, 09 Nov 2011 16:40:46 UTC

Contents
Articles
Network Plus Certification Introduction Objectives Technologies Common Protocols Common Ports Addressing Formats Addressing Methods Routing Protocols Routing Properties Wireless Cables Connectors Physical Topologies Wiring Standards Wide Area Networks Local Area Networks Logical Topologies Wiring Distribution Common Devices Specialized Devices Advanced Switching Wireless OSI Model Documentation Types Documentation Implementation Performance Monitoring Performance Optimization Troubleshooting Methodology Connectivity Issues Command Line Tools Software Tools Hardware Tools Security Devices 1 2 3 16 16 17 18 19 20 21 21 22 28 31 33 36 38 41 42 44 49 50 50 50 51 51 52 52 53 54 55 56 56 59

Firewalling Access Security User Authentication Device Security Threat Mitigation Memory Aids

60 61 62 63 64 65

References
Article Sources and Contributors Image Sources, Licenses and Contributors 66 67

Article Licenses
License 69

Network Plus Certification

Network Plus Certification

This wikibook discusses the information necessary to obtain the CompTIA Network+ certification. The Network+ certification is an internationally recognized validation of the technical knowledge required of foundation-level IT network practitioners. The CompTIA Network+ and A+ exams can be applied together toward the Microsoft Certified Systems Administrator (MCSA) program, and other corporations such as Novell, Cisco and HP also recognize CompTIA Network+ as part of their certification tracks. The Network+ certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate and configure basic network infrastructure, describe networking technologies, basic design principles, and adhere to wiring standards and use testing tools. Although not a prerequisite, it is recommended that CompTIA Network+ candidates have at least nine months of experience in network support or administration or adequate academic training, along with a CompTIA A+ certification.

Book contents
Introduction Exam Objectives Domain 1: Network Technologies Domain 2: Network Media and Topologies Domain 3: Network Devices Domain 4: Network Management Domain 5: Network Tools Domain 6: Network Security Appendix A: Memory Aids

Resources
Related Wikibooks
A+ Certification CCNA Certification Communication Networks FOSS: Network Infrastructure and Security Wireless Home Network Basics

External links
Official CompTIA Network+ Certification Site [1]

References
[1] http:/ / certification. comptia. org/ network/

Introduction

Introduction
The Network+ Exam is just one exam, and for those who took it before January 1st, 2011, it never expires. (Those taking the test after that date must either retake it at a set interval or submit proof of their continuing education in networking. The COMPTIA website has more details.) It has 100 multiple-choice "situational and identification" questions. Basically, if you know your hardware and software, as well as know what to do in a given situation, you should pass. You are given 90 minutes to take the exam, which should be plenty if you are fully prepared. It's recommended by CompTIA that you already have an A+ Certification under your belt and at least nine months networking experience, but the only prerequisite for taking the exam is paying the exam fee ($240 US). Minimum passing score is 720 on a scale of 100-900, but that doesn't really mean what you think it means: some questions are worth more than others. The test is available in English, German, Japanese and Korean. While the A+ certification is definitely an industry standard and a prerequisite for many jobs, the Network+ is less so, but gaining in popularity. The goals of the Network+ Certification is to ensure that employers hire people who will not need to be trained in network fundamentals before being hired. A Network+ Certified tech should be able to make recommendations for installing or expanding a network, document and perform preventative maintenance on a network, and troubleshoot network problems as they arise. Having an A+ and Network+ Certification should mean that you are fully capable of being an on-site technical support person, a network administrator of a local area network, or a valuable asset to an enterprise-level networking team, but not exactly be running it.

Scope of this Wikibook

The scope of this book is to provide a solid foundation for network administration. It should include all of the information that is needed to pass the CompTIA Network+ Exam, and match its scope. In fact, the finished product should look like the official CompTIA Network+ exam objectives, but expanded with more information and explanation.

Structure of this Wikibook

This "book" is not a "book" per se, but rather a few introductory pages and, more importantly, a study guide with a collection of links to articles in Wikipedia and the most relevant information summarized for each concept. The reason for this is twofold: there is no need to "re-invent the wheel" when there are so many great articles that serve the purpose of explaining, say, the OSI model. Two, a person interested in this "book" is one that wants to take and pass the Network+ Exam, and this method may be better suited to them than a traditional book, allowing them to quickly review concepts just before the exam or delve into the details of anything not immediately familiar.

Exam overview
The objectives of the Network+ exam are broken down into 6 categories: Network Technologies Understand the protocols used over a network and the ports they use, the addressing systems used on a network, and how a network can be implemented via wireless technologies. Network Media and Topologies Identify cables and connectors used to network computers together, understand the various manners in which a network can be physically laid out, and have knowledge of the standards used for communication within a network and between networks. Network Devices

Introduction Differentiate between the various devices used on a network and understand their function, installation, and configuration. Have deeper knowledge of the functions of a switch and the factors to consider when setting up a wireless network. Network Management Understand the different conceptual layers in the networking model, the need for proper network documentation, the process of troubleshooting network problems, and the options for increasing network performance. Network Tools Be aware of the command line, software, and hardware tools available for installation, testing, and troubleshooting networks. Network Security Know what hardware devices, software, and policies will ensure the security of the data and devices on a network and be aware of the corresponding threats they are designed to guard against. Have knowledge of the methods users can use to securely access a network and how their identities can be verified before granting access in the first place.

Objectives
Domain Network Technologies Network Media and Topologies Network Devices Network Management Network Tools Network Security Total % of Examination 20% 20% 17% 20% 12% 11% 100%

These objectives are up to date for the 2009 edition of the CompTIA Network+ exam. The Network+ certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate and configure basic network infrastructure, describe networking technologies, basic design principles, and adhere to wiring standards and use testing tools. The skills and knowledge measured by this examination were derived from an industry-wide job task analysis and validated through an industry-wide global survey in Q2 2008. The results of this survey were used in weighing the domains and ensuring that the weighting is representative of the relative importance of the content. The table to the right lists the domains measured by this examination and the extent to which they are represented. Network+ exams are based on these objectives. Note: The bulleted lists below each objective are not exhaustive lists. Even though they are not included in this document, other examples of technologies, processes, or tasks pertaining to each objective may also be included on the exam.

Objectives

Network Technologies - 20%

Explain the function of common networking protocols:
Objective 1.1 ARP (Address Resolution Protocol) DHCP (Dynamic Host Configuration Protocol) DNS (Domain Name System) FTP (File Transfer Protocol) HTTP (Hypertext Transfer Protocol) HTTPS (Hypertext Transfer Protocol Secure) ICMP (Internet Control Message Protocol) IGMP (Internet Group Management Protocol) IMAP4 (Internet Message Access Protocol version 4) NTP (Network Time Protocol) POP3 (Post Office Protocol version 3) RTP (Real-time Transport Protocol) - VoIP (Voice over Internet Protocol) SIP (Session Initiation Protocol) - VoIP (Voice over Internet Protocol) SMTP (Simple Mail Transfer Protocol) SNMP2/3 (Simple Network Management Protocol version 2 or 3) SSH (Secure Shell) TCP (Transmission Control Protocol) TCP/IP (Transmission Control Protocol/Internet Protocol) suite Telnet TFTP (Trivial File Transfer Protocol) TLS (Transport Layer Security) UDP (User Datagram Protocol)

Identify commonly used TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) default ports:
Objective 1.2 TCP (Transmission Control Protocol) ports: 20 - FTP (File Transfer Protocol) 21 - FTP (File Transfer Protocol) 22 - SSH (Secure Shell) 23 - Telnet 25 - SMTP (Simple Mail Transfer Protocol) 53 - DNS (Domain Name System) 80 - HTTP (Hypertext Transfer Protocol) 110 - POP3 (Post Office Protocol version 3) 123 - NTP (Network Time Protocol) 143 - IMAP4 (Internet Message Access Protocol version 4) 443 - HTTPS (Hypertext Transfer Protocol Secure)

UDP (User Datagram Protocol) ports: 53 - DNS (Domain Name System) 67 - BOOTPS/DHCP (Bootstrap Protocol/Dynamic Host Configuration Protocol) 69 - TFTP (Trivial File Transfer Protocol)

Objectives 161 - SNMP (Simple Network Management Protocol)

Identify the following address formats:

Objective 1.3 IPv4 (Internet Protocol version 4) IPv6 (Internet Protocol version 6) MAC (Media Access Control) addressing

Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes:
Objective 1.4 Addressing Technologies: Subnetting Classful vs. classless - e.g. CIDR (Classless Inter-Domain Routing), Supernetting NAT (Network Address Translation) PAT (Port Address Translation)

SNAT (Static Network Address Translation) Public vs. private DHCP (Dynamic Host Configuration Protocol) - static, dynamic APIPA (Automatic Private Internet Protocol Addressing) Addressing schemes: Unicast Multicast Broadcast

Identify common IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) routing protocols:
Objective 1.5 Link state: OSPF (Open Shortest Path First) IS-IS (Intermediate System - Intermediate System) Distance vector: RIP (Routing Information Protocol) RIPv2 (Routing Information Protocol version 2) BGP (Border Gateway Protocol) Hybrid: EIGRP (Enhanced Interior Gateway Routing Protocol)

Objectives

Explain the purpose and properties of routing:

Objective 1.6 IGP (Interior Gateway Protocol) vs. EGP (Exterior Gateway Protocol) Static vs. dynamic Next hop Understanding routing tables and how they pertain to path selection Explain convergence (steady state)

Compare the characteristics of wireless communication standards:

Objective 1.7 802.11 a/b/g/n: Speeds Distance Channels Frequency

Authentication and encryption: WPA (Wi-Fi Protected Access) WEP (Wired Equivalent Privacy) RADIUS (Remote Authentication Dial In User Service) TKIP (Temporal Key Integrity Protocol)

Network Media and Topologies - 20%

Categorize standard cable types and their properties:
Objective 2.1 Type: Category 3, 5, 5e, and 6 STP (Shielded Twisted Pair), UTP (Unshielded Twisted Pair) Multimode fiber, single-mode fiber Coaxial

RG-59 RG-6 Serial Plenum vs. Non-plenum Properties: Transmission speeds Distance Duplex Noise immunity - security, EMI (Electromagnetic Interference) Frequency

Objectives

Identify common connector types:

Objective 2.2 RJ-11 (Registered Jack 11) RJ-45 (Registered Jack 45) BNC (Bayonet Neill-Concelman) SC (Subscriber Connector or Standard Connector or Siemon Connector) ST (Straight Tip) LC (Local Connector) RS-232 (Recommended Standard 232)

Identify common physical network topologies:

Objective 2.3 Star Mesh Bus Ring Point to point Point to multipoint Hybrid

Given a scenario, differentiate and implement appropriate wiring standards:

Objective 2.4 568A 568B Straight vs. crossover Rollover Loopback

Categorize WAN technology types and properties:

Objective 2.5 Type: Frame relay E1/T1 (E-Carrier Level 1/T-Carrier Level 1) E3/T3 (E-Carrier Level 3/T-Carrier Level 3) ADSL (Asymmetric Digital Subscriber Line) SDSL (Symmetric Digital Subscriber Line) VDSL (Very High Bitrate Digital Subscriber Line) Cable modem Satellite OC-x (Optical Carrier) Wireless

ATM (Asynchronous Transfer Mode) SONET (Synchronous Optical Networking) MPLS (Multiprotocol Label Switching)

Objectives ISDN BRI (Integrated Services Digital Network Basic Rate Interface) ISDN PRI (Integrated Services Digital Network Primary Rate Interface) POTS (Plain Old Telephone Service) PSTN (Public Switched Telephone Network)

Properties: Circuit switch Packet switch Speed Transmission media Distance

Categorize LAN technology types and properties:

Objective 2.6 Types: Ethernet 10BaseT 100BaseTX 100BaseFX 1000BaseT 1000BaseX 10GBaseT 10GBaseSR 10GBaseLR 10GBaseER 10GBaseSW 10GBaseLW 10GBaseEW

Properties: CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Broadcast Collision Bonding Speed Distance

Explain common logical network topologies and their characteristics:

Objective 2.7 Peer to peer Client/server VPN (Virtual Private Network) VLAN (Virtual Local Area Network)

Objectives

Install components of wiring distribution:

Objective 2.8 Vertical and horizontal cross connects Patch panels 66 block 110 block MDFs (Main Distribution Frames) IDFs (Intermediate Distribution Frames) 25 pair 100 pair Demarc Demarc extension Smart jack Verify wiring installation Verify wiring termination

Network Devices - 17%

Install, configure, and differentiate between common network devices:
Objective 3.1 Hub Repeater Modem NIC (Network Interface Card) Media converters Basic switch Bridge Wireless access point Basic router Basic firewall Basic DHCP (Dynamic Host Configuration Protocol) server

Identify the functions of specialized network devices:

Objective 3.2 Multilayer switch Content switch IDS/IPS (Intrusion Detection System/Intrusion Prevention System) Load balancer Multifunction network devices DNS (Domain Name System) server Bandwidth shaper

Proxy server CSU/DSU (Channel Service Unit/Data Service Unit)

Objectives

10

Explain the advanced features of a switch:

Objective 3.3 PoE (Power over Ethernet) Spanning tree VLAN (Virtual Local Area Network) Trunking Port mirroring Port authentication

Implement a basic wireless network:

Objective 3.4 Install client Access point placement Install access point Configure appropriate encryption Configure channels and frequencies Set ESSID (Enhanced Service Set Identifier) and beacon Verify installation

Network Management - 20%

Explain the function of each layer of the OSI (Open Systems Interconnection) model:
Objective 4.1 1. 2. 3. 4. 5. 6. 7. Physical Data Link Network Transport Session Presentation Application

Identify types of configuration management documentation:

Objective 4.2 Wiring schematics Physical and logical network diagrams Baselines Policies, procedures, and configurations Regulations

Objectives

11

Given a scenario, evaluate the network based on configuration management documentation:

Objective 4.3 Compare wiring schematics, physical and logical network diagrams, baselines, policies and procedures, and configurations to network devices and infrastructure Update wiring schematics, physical and logical network diagrams, configurations, and job logs as needed

Conduct network monitoring to identify performance and connectivity issues using the following:
Objective 4.4 Network monitoring utilities (e.g. packet sniffers, connectivity software, load testing, throughput testers) System logs, history logs, event logs

Explain different methods and rationales for network performance optimization:

Objective 4.5 Methods: QoS (Quality of Service) Traffic shaping Load balancing High availability Caching engines Fault tolerance

Reasons: Latency sensitivity High bandwidth applications VoIP (Voice over Internet Protocol) Video applications Uptime

Given a scenario, implement the following network troubleshooting methodology:

Objective 4.6 1. 2. 3. 4. 5. 6. 7. 8. 9. Information gathering - identify symptoms and problems Identify the affected areas of the network Determine if anything has changed Establish the most probable cause Determine if escalation is necessary Create an action plan and solution identifying potential effects Implement and test the solution Identify the results and effects of the solution Document the solution and the entire process

Objectives

12

Given a scenario, troubleshoot common connectivity issues and select an appropriate solution:
Objective 4.7 Physical issues: Crosstalk Near End crosstalk Attenuation Collisions Shorts Open impedance mismatch (echo) Interference

Logical issues: Port speed Port duplex mismatch Incorrect VLAN (Virtual Local Area Network) Incorrect IP (Internet Protocol) address Wrong gateway Wrong DNS (Domain Name System) server Wrong subnet mask

Issues that should be identified but escalated: Switching loop Routing loop Route problems Proxy arp Broadcast storms

Wireless issues: Interference (bleed, environmental factors) Incorrect encryption Incorrect channel Incorrect frequency ESSID (Enhanced Service Set Identifier) mismatch Standard mismatch (802.11 a/b/g/n) Distance Bounce Incorrect antenna placement

Objectives

13

Network Tools - 12%

Given a scenario, select the appropriate command line interface tool and interpret the output to verify functionality:
Objective 5.1 traceroute ipconfig ifconfig ping arping arp nslookup hostname dig mtr

route nbtstat netstat

Explain the purpose of network scanners:

Objective 5.2 Packet sniffers Intrusion detection software Intrusion prevention software Port scanners

Given a scenario, utilize the appropriate hardware tools:

Objective 5.3 Cable testers Protocol analyzer Certifiers TDR (Time-domain Reflectometer) OTDR (Optical Time-domain Reflectometer) Multimeter Toner probe Butt set Punch down tool Cable stripper Snips Voltage event recorder Temperature monitor

Objectives

14

Network Security - 11%

Explain the function of hardware and software security devices:
Objective 6.1 Network-based firewall Host-based firewall IDS (Intrusion Detection System) IPS (Intrusion Prevention System) VPN (Virtual Private Network) concentrator

Explain common features of a firewall:

Objective 6.2 Application layer vs. network layer Stateful vs. stateless Scanning services Content filtering Signature identification Zones

Explain the methods of network access security:

Objective 6.3 ACL (Access Control List) MAC (Media Access Control) filtering IP (Internet Protocol) address filtering Tunneling and encryption SSL VPN (Secure Sockets Layer Virtual Private Network) VPN (Virtual Private Network) L2TP (Layer 2 Tunneling Protocol) PPTP (Point-to-Point Tunneling Protocol) IPSEC (Internet Protocol Security) Remote access RAS (Remote Access Service) RDP (Remote Desktop Protocol) PPPoE (Point-to-Point Protocol over Ethernet) PPP (Point-to-Point Protocol) VNC (Virtual Network Computing) ICA (Independent Computing Architecture)

Objectives

15

Explain methods of user authentication:

Objective 6.4 PKI (Public Key Infrastructure) Kerberos AAA (Authentication, Authorization, and Accounting) RADIUS (Remote Authentication Dial In User Service) TACACS+ (Terminal Access Control Access Control System+) Network access control 802.1x CHAP (Challenge Handshake Authentication Protocol) MS-CHAP (Microsoft Handshake Authentication Protocol) EAP (Extensible Authentication Protocol)

Explain issues that affect device security:

Objective 6.5 Physical security Restricting local and remote access Secure methods vs. unsecure methods SSH (Secure Shell), HTTPS (Hypertext Transfer Protocol Secure), SNMPv3 (Simple Network Management Protocol version 3), SFTP (Secure File Transfer Protocol), SCP (Secure Copy Protocol) Telnet, HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), RSH (Remote Shell), RCP (Remote Copy Protocol), SNMPv1/2 (Simple Network Management Protocol version 1 or 2)

Identify common security threats and mitigation techniques:

Objective 6.6 Security threats: DoS (Denial of Service) Viruses Worms Attackers Man in the middle Smurf Rogue access points Social engineering (phishing)

Mitigation techniques: Policies and procedures User training Patches and updates

Technologies

16

Technologies
The Network Technologies Domain consists of 20% of the CompTIA Network+ exam. Objective 1.1: Common Protocols Objective 1.2: Common Ports Objective 1.3: Addressing Formats Objective 1.4: Addressing Methods Objective 1.5: Routing Protocols Objective 1.6: Routing Properties Objective 1.7: Wireless

Common Protocols
Objective 1.1: Explain the function of common networking protocols
In computing, a protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection. While protocols can vary greatly in purpose and sophistication, most specify one or more of the following properties: Detection of the underlying physical connection (wired or wireless), or the existence of the other endpoint or node Handshaking (dynamically setting parameters of a communications channel) Negotiation of various connection characteristics How to start and end a message How to format a message What to do with corrupted or improperly formatted messages (error correction) How to detect unexpected loss of the connection, and what to do next Termination of the session and or connection.

TCP/IP (Transmission Control Protocol/Internet Protocol) suite

The Internet Protocol Suite (commonly known as TCP/IP) is the set of communications protocols used for the Internet and other similar networks. The Internet Protocol Suite, like many protocol suites, may be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The TCP/IP model consists of four layers. From lowest to highest, these are the Link Layer, the Internet Layer, the Transport Layer, and the Application Layer. Some have attempted to map the Internet Protocol model onto the seven-layer OSI Model. The mapping results in the TCP/IP Link Layer corresponding to the OSI Data Link and Physical layers in terms of functionality. The Internet Layer is usually directly mapped to the OSI's Network Layer. At the top of the hierarchy, the Transport Layer is always mapped directly into the OSI Layer 4 of the same name. OSI's Application Layer, Presentation Layer, and Session Layer are collapsed into TCP/IP's Application Layer. The following table provides some examples of the protocols grouped in their respective layers. See the below sections for details on each protocol.

Common Protocols

17

Application Transport Internet Link

DNS, TFTP, TLS/SSL, FTP, HTTP, IMAP4, POP3, SIP, SMTP, SNMP, SSH, Telnet, RTP TCP, UDP IP (IPv4, IPv6), ICMP, IGMP ARP

Common Ports
Objective 1.2: Identify commonly used TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) default ports
See Objective 1.1: Common Protocols for information on the protocols that communicate using these ports.

TCP (Transmission Control Protocol) ports

Port 20 21 22 23 25 53 80 110 123 143 443 Protocol FTP (File Transfer Protocol) FTP (File Transfer Protocol) SSH (Secure Shell) Telnet SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) HTTP (Hypertext Transfer Protocol) POP3 (Post Office Protocol version 3) NTP (Network Time Protocol) IMAP4 (Internet Message Access Protocol version 4) HTTPS (Hypertext Transfer Protocol Secure)

UDP (User Datagram Protocol) ports

Port 53 67 69 161 DNS (Domain Name System) BOOTPS/DHCP (Bootstrap Protocol/Dynamic Host Configuration Protocol) TFTP (Trivial File Transfer Protocol) SNMP (Simple Network Management Protocol) Protocol

Addressing Formats

18

Addressing Formats
Objective 1.3: Identify the following address formats

IPv4 (Internet Protocol version 4)

An illustration of an IP address (version 4), in both dot-decimal notation and binary.

IPv6 (Internet Protocol version 6)

An illustration of an IP address (version 6), in hexadecimal and binary.

Addressing Formats

19

MAC (Media Access Control) addressing

Addressing Methods
Objective 1.4: Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes

Addressing Technologies

Subnetting

Addressing schemes

Addressing Methods

20

Addressing Schemes

Unicast

Multicast

Broadcast

Routing Protocols
Objective 1.5: Identify common IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) routing protocols

Link state Distance vector Hybrid

Routing Properties

21

Routing Properties
Objective 1.6: Explain the purpose and properties of routing

Wireless
Objective 1.7: Compare the characteristics of wireless communication standards

IEEE 802.11
802.11a Speed Distance Channels Frequency 802.11b 802.11g 802.11n 600 Mbit/s

54 Mbit/s 11 Mbit/s 54 Mbit/s

35 meters 38 meters 100 meters 300 meters 24 5 GHz 11 2.4 GHz 11 2.4 GHz 24 2.4/5 GHz

Authentication and encryption

WPA (Wi-Fi Protected Access)
Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues: 1) Either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first security choice in most installation instructions. 2) In the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full security, must be longer than the typical 6 to 8 character passwords users are taught to employ.

Wireless

22

WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP was intended to provide confidentiality comparable to that of a traditional wired network. Several serious weaknesses were identified by cryptanalysts; a WEP connection can be cracked with readily available software in one minute or less. WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, followed by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite its weaknesses, WEP provides a level of security that may deter casual snooping.

RADIUS (Remote Authentication Dial In User Service)

Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. See Objective 6.4: User Authentication for more information.

Roaming using a proxy RADIUS AAA server.

Cables
Objective 2.1: Categorize standard cable types and their properties

Category 3
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 3 was a popular cabling format among computer network administrators in the early 1990s, but fell out of popularity in favor of the very similar, but higher performing, Category 5 standard. Cat 3 is currently still in use in two-line telephone systems, and can easily be adapted to run Voice over Internet Protocol (as long as a dedicated local area network for the telephones is created). Transmission speed: up to 10 Mbit/s Distance: 100 meters Duplex (two-way communication): Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below

Cables Frequency: 16 MHz

23

Category 5
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 5 cable includes four twisted pairs in a single cable jacket. This use of balanced lines helps preserve a high signal-to-noise ratio despite interference from both external sources and other pairs (this latter form of interference is called crosstalk). Transmission speed: up to 100 Mbit/s Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 100 MHz

Category 5e
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 5e cable is an enhanced version of Category 5 that adds specifications for far end crosstalk. Transmission speed: up to 1000 Mbit/s (also known as 1 Gbit/s) Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 350 MHz

Category 6
Part of a family of copper cabling standards defined jointly by the Electronic Industries Alliance and the Telecommunications Industry Association. Category 6 features more stringent specifications for crosstalk and system noise than Category 5e. Transmission speed: up to 10 Gbit/s Distance: 100 meters Duplex: Full if point-to-point (see Objective 2.3) Noise immunity: Good if STP (Shielded Twisted Pair), Poor if UTP (Unshielded Twisted Pair) - see below Frequency: 250 MHz (500 MHz for Category 6a)

Cables

24

UTP (Unshielded Twisted Pair)

Eight copper wires twisted into four color-coded pairs and then wound inside a jacket to reduce crosstalk.

Unshielded Twisted Pair

UTP cable format

STP (Shielded Twisted Pair)

Eight copper wires twisted into four color-coded pairs and then wound inside a shield of wire mesh to prevent electromagnetic interference.

STP cable format

Cables

25

Shielded Twisted Pair

Multimode fiber
In fiber-optic communication, a multimode fiber is a type of optical fiber mostly used for communication over shorter distances, such as within a building or on a campus. More than one signal can be transmitted at a time by bouncing the light off of the walls of the core because of the size of its core, greater than 10 microns. It can be made of glass or plastic, as the tolerances required over shorter distances allow for the use of plastic. The shorter distance also allows for the use of a laser or a less expensive LED (light emitting diode) as the source of light traveling through the fiber.
Speed

The propagation of light through a multi-mode optical fiber.

Distance

100 Mbit/s 2 kilometers 1 Gbit/s 10 Gbit/s 550 meters 300 meters

Duplex: Full (one fiber each direction) Noise immunity: not susceptible to electromagnetic interference

Cables

26

Single-mode fiber
In fiber-optic communication, a single-mode optical fiber (SMF) is an optical fiber designed to carry only a single ray of light (mode) over a great distance. Its core measures 8-10 microns and allows for less dispersion of light than multimode fiber. It requires the use of a laser in order to reach long distances at high speeds. Transmission speed: up to 10 Gbit/s Distance: 40 kilometers Duplex: Full (one fiber each direction) Noise immunity: not susceptible to electromagnetic interference
The structure of a typical single-mode fiber. 1. Core: 8 m diameter 2. Cladding: 125 m dia. 3. Buffer: 250 m dia. 4. Jacket: 400 m dia.

Coaxial cable
RG-59
RG-59 is a specific type of coaxial cable, often used for low-power video signal connections. Its high-frequency losses are too great to allow its use over long distances; in these applications, RG-6 (see below) is used instead. RG-59 coaxial cable is commonly packed-in with consumer equipment, such as VCRs or digital cable/satellite receivers. Manufacturers tend to include only RG-59 cables because of its low cost (when compared to RG-6). However, given the short lengths provided (usually 4-6 feet / 1.2-1.8 m), this is generally sufficient for its typical use.

A section of RG-59 cable with its end stripped. A: outer plastic sheath B: copper braid shield C: inner dielectric insulator D: copper core

Cables

27

RG-6
RG-6 is a common type of coaxial cable used in a wide variety of residential and commercial applications. The most commonly-recognized variety of RG-6 is cable television(CATV) distribution coax, used to route cable television signals to and within homes, and RG-6 type cables have become the standard for CATV, mostly replacing the smaller RG-59.

Serial cable
A serial cable is a cable that can be used to transfer information between two devices using serial communication, often using the RS-232 standard. Serial cables may use connectors with 9 or 25 pins, but other connectors are used.

Plenum vs. Non-plenum

Plenum cable is cable that is laid in the plenum spaces of buildings. The plenum is the space that can facilitate air circulation for heating Serial Cables are typically used for RS-232 and air conditioning systems, by providing pathways for either communication. heated/conditioned or return airflows. Space between the structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum; however, some drop ceiling designs create a tight seal that does not allow for airflow and therefore may not be considered a plenum air-handling space. The plenum space is typically used to house the communication cables for the building's computer and telephone network. Cable which is to be run between floors in non-plenum areas is rated as riser cable. The fire requirements on riser cable are not as strict. Thus, plenum cable can always replace riser cable, but riser cable cannot replace plenum cable in plenum spaces.

Connectors

28

Connectors
Objective 2.2: Identify common connector types

RJ-11 (Registered Jack 11)

RJ-11 is a physical interface often used for terminating telephone wires. It is probably the most familiar of the registered jacks, being used for single line Plain Old Telephone Service (POTS) telephone jacks in most homes across the world. RJ-14 is similar, but for two lines, and RJ-25 is for three lines. The telephone line cord and its plug are more often a true RJ-11 with only two conductors.

position 1 2 3 4 5 6

RJ25 pin 1 2 3 4 5 6

RJ14 pin

RJ11 pin

Pair 3

T/R T T R T R R

+ + +

Cat 5e/6 colors white/green white/orange blue white/blue orange green

Colors white/green white/orange blue/white white/blue orange/white green/white

Old colors orange black red green yellow blue

1 2 3 4 1 2

2 1 1 2 3

RJ-45 (Registered Jack 45)

The 8 Position 8 Contact (8P8C) (often incorrectly called RJ-45) plugs and sockets are most regularly used as an Ethernet connector. 8P8C connectors are typically used to terminate twisted pair cable.

Connectors

29

BNC (Bayonet Neill-Concelman)

The BNC (Bayonet Neill-Concelman) connector is a very common type of connector used for terminating coaxial cable. The BNC connector is used for RF signal connections, for analog and digital video signals, amateur radio antenna connections, aviation electronics (avionics) and many other types of electronic test equipment. It is an alternative to the RCA connector when used for composite video on commercial video devices, although many consumer electronics devices with RCA jacks can be used with BNC-only commercial video equipment via a simple adapter.

SC (Subscriber Connector or Standard Connector)

A fiber-optic connector with a push-pull mechanism to allow locking in place while still being simple to insert and remove.

Connectors

30

ST (Straight Tip)
A fiber-optic connector with a socket that is locked in place with a bayonet lock. ST was the first de-facto standard for fiber-optic cabling, and has since been made an official standard.

LC (Local Connector or Lucent Connector)

Developed by Lucent. It looks like a smaller version of the SC connector. It is used in Telco environments.

Connectors

31

RS-232 (Recommended Standard 232)

RS-232 (Recommended Standard 232) is a standard for serial binary data signals connecting between DTE (Data Terminal Equipment) and DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports.

Physical Topologies
Objective 2.3: Identify common physical network topologies
A topology is basically a way to organize the network. The physical topology is the way you physically lay out the network, like a map, and the logical topology is the way the information flows on the network. Usually, the physical and logical topology is the same, but sometimes they can differ, such as in a physical star/logical ring topology.

Star
Network where all nodes are connected to a centralized point (Hub or switch). Used with: 10BaseT, 100BaseTX Pros: Cheap, easy setup and maintenance, reliable, and fault tolerant. Common wired standards of today. Cons: In a given collision domain (a hub-based network segment), all nodes receive the same signal, giving rise to collisions and security concerns.

Star network layout

Physical Topologies

32

Mesh
Mesh networks differ from other networks in that the different parts can all connect to each other via multiple hops. This allows for rerouting around broken paths by taking an alternate path to the destination. If all nodes in a mesh network are connected to every other node in the network, the network is known as fully connected. Used with: WANs (Wide Area Networks), including the Internet. Pros: Best fault tolerance available. If one node fails, the network still runs. With some router protocols, traveling packets automatically find the quickest path to take in the network, given the meshed routes. Cons: Complicated, expensive, and difficult to set up.

Mesh network layout

Bus
Network in straight, linear sequence of nodes, terminated on both ends. Used with: 10BASE5 (Thicknet), 10BASE2 (Thinnet) Pros: Good for small networks. Now considered obsolete. Cons: More expensive than the common *BaseT of today. Like Ring-based networks, if one node fails, the entire network goes down. Difficult to troubleshoot. Cables need to be terminated on both ends with terminating devices.
Bus network layout

Ring
Network in the form of a ring, where the packets (tokens) move to the next node in the ring. Only one node has the token at any one time. This is usually a logical token ring with a physical star topology. Used with: FDDI (Fiber Distributed Data Interface) and Token Ring Pros: Low signal degeneration. Since only one node can pass the token at any one time, it inherently reduces collisions significantly. Cons: Expensive. Difficult to find a problem segment. If one node fails, whole network goes down. Dual-ring implementations provide redundancy and makes failures less likely.
Ring network layout

Physical Topologies

33

Point-to-point
A switch provides a series of point-to-point circuits, via microsegmentation, which allows each client node to have a dedicated circuit and the added advantage of having full duplex connections.

Point-to-multipoint
A hub provides a point-to-multipoint (or simply multipoint) circuit which divides the total bandwidth supplied by the hub among each connected client node. This topology is seen in ATM (Asynchronous Transfer Mode) and Frame Relay links, as well as X.25 networks when used as links for a network layer protocol like IP (Internet Protocol).

Hybrid
Hybrid networks use a combination of any two or more topologies in such a way that the resulting network does not exhibit one of the standard topologies (e.g., bus, star, ring, etc.). For example, a tree network connected to a tree network is still a tree network, but two star networks connected together exhibit a hybrid network topology. A hybrid topology is always produced when two different basic network topologies are connected. Two common examples for Hybrid network are: star ring network and star bus network A Star Ring network consists of two or more star topologies connected using a MAU (Media Access Unit) as a centralized hub. A Star Bus network consists of two or more star topologies connected using a bus trunk (the bus trunk serves as the network's backbone).

Wiring Standards
Objective 2.4: Given a scenario, differentiate and implement appropriate wiring standards

T568A vs. T568B

T568A and T568B are two definitions of pin/pair assignments for eight-conductor twisted-pair cabling, such as Category 3, Category 5 and Category 6 unshielded twisted-pair (UTP) cables. These assignments define the pinout, or order of connections, for wires in RJ-45 eight-pin modular connector plugs and sockets. Cables that are terminated with differing standards on each end will not function normally.

T568A and T568B Wiring

Pin 568A Pair 568B Pair Wire 568A Color 568B Color Pins on plug face (socket is reversed)

Wiring Standards

34
3 2 tip white/green stripe white/orange stripe

ring green solid orange solid

tip white/orange stripe white/green stripe

ring blue solid blue solid

tip white/blue stripe white/blue stripe

ring orange solid green solid

tip white/brown stripe white/brown stripe

ring brown solid brown solid

Straight vs. crossover

The 10BASE-T and 100BASE-TX Ethernet standards use one wire pair for transmission in each direction. This requires that the transmit pair of each device be connected to the receive pair of the device on the other end. When an end device is connected to a switch or hub, this crossover is done internally in the switch or hub. A standard straight through cable is used for this purpose where each pin of the connector on one end is connected to the corresponding pin on the other connector. One terminal device may be connected directly to another without the Modular crossover adapter use of a switch or hub, but in that case the crossover must be done externally in the cable. Since 10BASE-T and 100BASE-TX use pairs 2 and 3, these two pairs must be swapped in the cable. This is a crossover cable. A crossover cable must also be used to connect two internally crossed devices (e.g., two hubs) as the internal crossovers cancel each other out. This can also be accomplished by using a straight through cable in series with a modular crossover adapter. Because the only difference between the 568A and 568B pin/pair assignments are that pairs 2 and 3 are swapped, a crossover cable may be envisioned as a cable with one connector following 568A and the other 568B. Such a cable will work for 10BASE-T or 100BASE-TX. 1000BASET (Gigabit crossover), which uses all four pairs, requires the other two pairs (1 and 4) to be swapped and also requires the solid/striped within each of those two pairs to be swapped.

Wiring Standards

35

Gigabit crossover
Pin 1 Connection 1 pair 2 Connection 2 pair 3 white/orange stripe white/green stripe 2 2 3 orange solid 3 3 2 white/green stripe 4 1 4 blue solid 5 1 4 white/blue stripe 6 3 2 green solid 7 4 1 white/brown stripe blue solid 8 4 1 brown solid white/blue stripe orange solid brown solid white/brown stripe white/orange stripe green solid Connection 1 Connection 2 Pins on plug face (jack is reversed)

Rollover
A rollover cable (also known as Cisco console cable) is a type of null modem cable that is most commonly used to connect a computer terminal to a router's console port. This cable is typically flat (and has a light blue color) to help distinguish it from other types of network cabling. It gets the name rollover because the pinouts on one end are reversed from the other, as if the wire had been rolled over and you were viewing it from the other side.

Loopback
The term loopback is generally used to describe methods or procedures of routing electronic signals, digital data streams, or other flows of items, from their originating facility quickly back to the same source entity without intentional processing or modification. This is primarily intended as a means of testing the transmission infrastructure. All TCP/IP (Transmission Control Protocol/Internet Protocol) implementations support a loopback device, which is a virtual network interface implemented in software only and not connected to any hardware, but which is fully integrated into the computer system's internal network infrastructure. Any traffic that a computer program sends to the loopback interface is immediately received on the same interface. A loopback interface has several uses. It may be used by network client software on a computer to communicate with server software on the same computer. For example, a computer running a web server can point a web browser to the loopback address to access that computer's own web site. This works without any actual network connectionso it is useful for testing services without exposing them to security risks from remote network access. Likewise, pinging the loopback interface is a basic test of the functionality of the IP (Internet Protocol) stack in the operating system.

Wide Area Networks

36

Wide Area Networks

Objective 2.5: Categorize WAN technology types and properties
You can connect more than one Local Area Network (see Objective 2.6) together with a router to form a Wide Area Network (WAN). Many companies who have multiple buildings may connect them together to form a WAN. A WAN can be any scope, but when it is in a group of buildings in the same geographical location, it is sometimes called a CAN, or Campus Area Network. If it spans a larger geographic area, such as an entire city, like a local government may have, it is called a MAN, or Metropolitan Area Network. Note: This is just for simplicity's sake. Technically, there are more differences than just size and scope between a MAN, a CAN, and a WAN, like communication standards, but these differences are beyond the scope of the Network+ Exam.

Frame relay
In the context of computer networking, frame relay consists of an efficient data transmission technique used to send digital information. It is a message forwarding "relay race" like system in which data packets, called frames, are passed from one or many start-points to one or many destinations via a series of intermediate node points. Network providers commonly implement frame relay for voice and data as an encapsulation technique, used between Local Area Networks over a Wide Area Network. Each end-user gets a private line (or leased line) to a frame-relay node. The frame-relay network handles the transmission over a frequently-changing path transparent to all end-users.

A basic frame relay network

The designers of frame relay aimed at a telecommunication service for cost-efficient data transmission for intermittent traffic between local area networks and between end-points in a wide area network. Frame relay puts data in variable-size units called "frames" and leaves any necessary error correction (such as retransmission of data) up to the end points. This speeds up overall data transmission. For most services, the network provides a PVC (Permanent Virtual Circuit), which means that the customer sees a continuous, dedicated connection without having to pay for a full-time leased line, while the service provider figures out the route each frame travels to its destination and can charge based on usage. Frame relay relays packets at the data link layer (layer 2) of the OSI (Open Systems Interconnection) model rather than at the network layer (layer 3). Speed: Frame relay complements and provides a mid-range service between basic rate ISDN (Integrated Services Digital Network), which offers bandwidth at 128 kbit/s, and ATM (Asynchronous Transfer Mode), which operates in somewhat similar fashion to frame relay but at speeds from 155.520 Mbit/s to 622.080 Mbit/s. Packet switched

Wide Area Networks

37

E1/T1 (E-Carrier Level 1/T-Carrier Level 1)

Speed: 2.048 Mbit/s (E1) and 1.544 Mbit/s (T1)

E3/T3 (E-Carrier Level 3/T-Carrier Level 3)

Speed: 34.368 Mbit/s (E3) and 44.736 Mbit/s (T3)

ADSL (Asymmetric Digital Subscriber Line)

Speed: 8.0/1.024 Mbit/s

SDSL (Symmetric Digital Subscriber Line)

Speed: 1.544 Mbit/s

VDSL (Very High Bitrate Digital Subscriber Line)

Speed: 100 Mbit/s

Cable modem
The term cable Internet access refers to the delivery of Internet service over this infrastructure. The proliferation of cable modems, along with DSL technology, has enabled broadband Internet access in many countries. Bandwidth of business cable modem service typically range from 3 Mbit/s up to 30 Mbit/s or more. The upstream bandwidth on residential cable modem service usually ranges from 384 kbit/s to 6 Mbit/s or more. Speed: 38.0/10.0 Mbit/s (DOCSIS v1.0), 40/30 Mbit/s (DOCSIS v2.0), 160/120 Mbit/s (DOCSIS v3.0)

Satellite
Speed: 16/1 Mbit/s

OC-x (Optical Carrier)

Speed: 51.84 Mbit/s (OC-1) - 159,252 Mbit/s (OC-3072)

Wireless
Network where all nodes communicate via radio waves directly to each other (ad-hoc mode), or to a router (infrastructure mode): Distance: 30 meters Speed: 11 Mbit/s (802.11b), 54 Mbit/s (802.11a, 802.11g), 300 Mbit/s (802.11n)

Wide Area Networks

38

ATM (Asynchronous Transfer Mode)

Speed: 155.520 Mbit/s to 622.080 Mbit/s Packet switched

ISDN BRI (Integrated Services Digital Network Basic Rate Interface)

Speed: 144 Kbit/s

ISDN PRI (Integrated Services Digital Network Primary Rate Interface)

Speed: 2.048 Mbit/s (E1-based), 1.544 Mbit/s (T1-based)

POTS (Plain Old Telephone Service)

Plain old telephone service, or POTS, is a term which describes the voice-grade telephone service that remains the basic form of residential and small business service connection to the telephone network in most parts of the world. While POTS provides limited features, low bandwidth and no mobile capabilities, it does provide greater reliability than other telephony systems (mobile phone, VoIP, etc.).

PSTN (Public Switched Telephone Network)

Circuit switched

Local Area Networks

Objective 2.6: Categorize LAN technology types and properties
A LAN, or Local Area Network, is a small network of computers, usually in the same building. They consist of several nodes (the PCs, or to be technical, the Network Interface Cards), all connected together using a topology and the cables that connect the nodes.

Ethernet
Ethernet is a family of frame-based computer networking technologies for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the Physical Layer of the OSI networking model, through means of network access at the Media Access Control (MAC) /Data Link Layer, and a common addressing format. Ethernet is standardized as IEEE 802.3. The combination of the twisted pair versions of Ethernet for connecting end systems to the network, along with the fiber optic versions for site backbones, is the most widespread wired LAN technology. It has been in use from around 1980[1] to the present, largely replacing competing LAN standards such as token ring, FDDI, and ARCNET. Ethernet was originally based on the idea of computers communicating over a shared coaxial cable acting as a broadcast transmission medium. The methods used show some similarities to radio systems, although there are fundamental differences, such as the fact that it is much easier to detect collisions in a cable broadcast system than a radio broadcast. The common cable providing the communication channel was likened to the ether and it was from this reference that the name "Ethernet" was derived. From this early and comparatively simple concept, Ethernet evolved into the complex networking technology that today underlies most LANs. The coaxial cable was replaced with point-to-point links connected by Ethernet hubs

Local Area Networks and/or switches to reduce installation costs, increase reliability, and enable point-to-point management and troubleshooting. StarLAN was the first step in the evolution of Ethernet from a coaxial cable bus to a hub-managed, twisted-pair network. The advent of twisted-pair wiring dramatically lowered installation costs relative to competing technologies, including the older Ethernet technologies. Above the physical layer, Ethernet stations communicate by sending each other data packets, blocks of data that are individually sent and delivered. As with other IEEE 802 LANs, each Ethernet station is given a single 48-bit MAC address, which is used to specify both the destination and the source of each data packet. Network interface cards (NICs) or chips normally do not accept packets addressed to other Ethernet stations. Adapters generally come programmed with a globally unique address, but this can be overridden, either to avoid an address change when an adapter is replaced, or to use locally administered addresses. Despite the significant changes in Ethernet from a thick coaxial cable bus running at 10 Mbit/s to point-to-point links running at 1 Gbit/s and beyond, all generations of Ethernet (excluding early experimental versions) share the same frame formats (and hence the same interface for higher layers), and can be readily interconnected. Due to the ubiquity of Ethernet, the ever-decreasing cost of the hardware needed to support it, and the reduced panel space needed by twisted pair Ethernet, most manufacturers now build the functionality of an Ethernet card directly into PC motherboards, eliminating the need for installation of a separate network card.

39

10BaseT
Speed: 10 Mbit/s Medium: Category 3 twisted-pair copper cable Distance: 100 meters

100BaseTX
Speed: 100 Mbit/s Medium: Category 5 twisted-pair copper cable Distance: 100 meters

100BaseFX
Speed: 100 Mbit/s Medium: Multimode optical fiber Distance: 2 kilometers

1000BaseT
Speed: 1000 Mbit/s (also known as 1 Gbit/s) Medium: Category 5e twisted-pair copper cable Distance: 100 meters

Local Area Networks

40

1000BaseX
Speed: 1000 Mbit/s (also known as 1 Gbit/s) Medium: Multimode optical fiber, Single-mode optical fiber Distance: 550 meters (Multimode), 2 kilometers (Single-mode)

10GBaseT
Speed: 10 Gbit/s Medium: Category 6 twisted-pair copper cable Distance: 100 meters

10GBaseSR/10GBaseSW
"Short range" 10GBaseSW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same type of fiber and supports the same distances as 10GBaseSR. Speed: 10 Gbit/s Medium: Multimode optical fiber Distance: 26 meters, 82 meters, 300 meters; depending on cable type

10GBaseLR/10GBaseLW
"Long range" 10GBaseLW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same types of fiber and supports the same distance as 10GBaseLR. Speed: 10 Gbit/s Medium: Single-mode optical fiber Distance: 10 kilometers

10GBaseER/10GBaseEW
"Extended range" 10GBaseEW is designed to interoperate with OC-192 (Optical Carrier) SONET (Synchronous Optical Networking) equipment using a light-weight SONET frame running at 9.953 Gbit/s. It uses the same type of fiber and supports the same distance as 10GBaseER. Speed: 10 Gbit/s Medium: Single-mode optical fiber Distance: 40 kilometers

Logical Topologies

41

Logical Topologies
Objective 2.7: Explain common logical network topologies and their characteristics
A topology is basically a way to organize the network. The physical topology is the way you physically lay out the network, like a map, and the logical topology is the way the information flows on the network. Usually, the physical and logical topology is the same, but sometimes they can differ, such as in a physical star/logical ring topology.

Peer to peer
A peer-to-peer (P2P) computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. P2P networks are typically used for connecting end users via largely decentralized connections. Such networks are useful for many purposes. Sharing content files containing audio, video, data or anything in digital format is very common, and real time data, such as telephony traffic, is also passed using P2P technology. A pure P2P network does not have the notion of clients or servers but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This A peer-to-peer based network. model of network arrangement differs from the client/server model (see below) where communication is usually to and from a central server. A typical example of a file transfer that is not P2P is an FTP (File Transfer Protocol) server where the client and server programs are quite distinct: the clients initiate the download/uploads, and the servers react to and satisfy these requests.

Client/server
Client-server describes the relationship between two computer programs in which one program, the client program, makes a service request to another, the server program. Standard networked functions such as email exchange, web access and database access, are based on the client-server model. For example, a web browser is a client program at the user computer that may access information at any web server in the world. To check your bank account from your computer, a web browser client program in your computer forwards your request to a web server program at the bank. That program may in turn forward the request to its own database client program that sends a request to a database server at another bank computer to retrieve your account balance. The balance is returned to the bank database client, which in turn serves it back to the web browser client in your personal computer, which displays the information for you.

A server based network.

Logical Topologies The client-server model has become one of the central ideas of network computing. Most business applications being written today use the client-server model. So do the Internet's main application protocols, such as HTTP (Hypertext Transfer Protocol), SMTP (Simple Mail Transfer Protocol), Telnet, and DNS (Domain Name System), among others. Specific types of clients include web browsers, email clients, and online chat clients. Specific types of servers include web servers, FTP (File Transfer Protocol) servers, application servers, database servers, mail servers, file servers, and print servers..

42

VLAN (Virtual Local Area Network)

A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical Local Area Network, but it allows for end stations to be grouped together even if they are not located on the same network switch. Network reconfiguration can be done through software instead of physically relocating devices. See Objective 3.3: Advanced Switching for more information on the functions of VLANs.

Wiring Distribution
Objective 2.8: Install components of wiring distribution

66 block
A 66 block has a maximum 16 MHz Category 3 signaling compatibility.

A 66 punch block.

Wiring Distribution

43

110 block
A 110 block a maximum 100 MHz Category 5 signaling compatibility.

An 110 punch block.

MDFs (Main Distribution Frames)

Unshielded twisted pair (copper) and optical fiber distribution frame.

Wiring Distribution

44

25 pair
This is a cable from a telephone company's lines containing 25 twisted pairs that is then punched down into a 66 block (see above).

100 pair
This is a cable from a telephone company's lines containing 100 twisted pairs that is then punched down into a 110 block (see above).

25-pair, 50 conductors.

Common Devices
Objective 3.1: Install, configure, and differentiate between common network devices
Computer networking devices are units that mediate data in a computer network and are also called network equipment. Units which are the last receiver or generate data are called hosts or data terminal equipment.

Network switches

Hub
Hubs connect computers together in a star topology network. Due to their design, they increase the chances for collisions. Hubs operate in the physical layer of the OSI model and have no intelligence. Hubs flood incoming packets to all ports all the time. For this reason, if a network is connected using hubs, the chances of a collision increases linearly with the number of computers (assuming equal bandwidth use). Hubs pose a security risk since all packets are flooded to all ports all the time. If a user has packet sniffing software, they can extract data from the network and potentially decode it and use it. Hubs make it easy to "spy" on users on the same LAN as you.

Common Devices

45

Repeater
A repeater is an electronic device that receives a signal and retransmits it at a higher level and/or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances without degradation. Because repeaters work with the actual physical signal, and do not attempt to interpret the data being transmitted, they operate on the physical layer, the first layer of the OSI model.

Modem
Modem (from modulator-demodulator) is a device that turns the digital 1s and 0s of a personal computer into sounds that can be transmitted over the telephone lines of Plain Old Telephone Systems (POTS), and once received on the other side, converts those sounds back into a form used by a USB, Ethernet, serial, or network connection. Modems are generally classified by the amount of data they can send in a given time, normally measured in bits per second, or "bps".
A wireless repeater.

NIC (Network Interface Card)

A network interface card is a computer hardware component designed to allow computers to communicate over a computer network. It is both an OSI layer 1 (physical layer) and layer 2 (data link layer) device, as it provides physical access to a networking medium and provides a low-level addressing system through the use of MAC addresses. It allows users to connect to each other either by using cables or wirelessly. Most motherboards today come equipped with a network interface card in the form of a controller, with the hardware built into the board itself, eliminating the need for a standalone card.

Media converters
Media converters are simple networking devices that make it possible to connect two dissimilar media types such as twisted pair with fiber optic cabling. They were introduced to the industry nearly two decades ago, and are important in interconnecting fiber optic cabling-based systems with existing copper-based, structured cabling systems. Media converters support many different data communication protocols including Ethernet, T1/E1, T3/E3, as well as multiple cabling types such as coaxial, twisted pair, multimode and single-mode fiber optics. When expanding the reach of a Local Area Network to span multiple locations, media converters are useful in connecting multiple LANs to form one large "campus area network" that spans over a limited geographic area. As local networks are primarily copper-based, media converters can extend the reach of the LAN over single-mode fiber up to 130 kilometers with 1550 nm optics.

Common Devices

46

Basic switch
Switches are often confused with bridges because they also operate at the data link layer of the OSI model. Similar to a hub, switches provide a central connection between two or more computers on a network, but with some intelligence. They provide traffic control for packets; rather than forwarding data to all the connected ports, a switch forwards data only to the port on which the destination system is connected. They use a database of MAC addresses to determine where computers are located and very efficiently send packets only where they need to go. The database is created dynamically as computers communicate on the network. The switch simply watches the incoming packets and memorizes the MAC address and port a packet arrives on. If a packet arrives with a destination computer that the switch does not have an address for in its MAC address table, it will flood the packet out all connected ports. A switch creates separate collision domains for each physical connection. A switch will only create separate broadcast domains if separate VLANs (Virtual Local Area Networks) are assigned to different ports on the switch. Otherwise, a broadcast received on one port will be flooded out all ports except the one it came in on.

Bridge
Bridges can be identified by the fact that they operate at the data link layer of the OSI model. Bridges have intelligence and can "bridge" two of their ports together at very high speed. They use a database of MAC addresses to determine where computers are located and very efficiently send frames only where they need to go. The database is created dynamically as computers communicate on the network. A bridge simply watches the incoming frame and memorizes the MAC address and port a frame arrives on. It uses this information to locate a computer if a packet comes in that must be forwarded to it. If a frame arrives at the bridge and the bridge does not know where to send it, the bridge will flood the frame just like a hub does. Bridging is often inaccurately called switching.

Common Devices

47

Wireless access point

A wireless access point (WAP or AP) is a device that allows wireless communication devices to connect to a wireless network using Wi-Fi, Bluetooth or related standards. The WAP usually connects to a wired network, and can relay data between the wireless devices (such as computers or printers) and wired devices on the network. A typical corporate use involves attaching several WAPs to a wired network and then providing wireless access to the office Local Area Network. Within the range of the WAPs, the wireless end user has a full network connection with the benefit of mobility. In this instance, the WAP functions as a gateway for clients to access the wired network. A Hot Spot is a common public application of WAPs, where wireless clients can connect to the Internet without regard for the particular networks to which they have attached for the moment. The concept has become common in large cities, where a combination of coffeehouses, libraries, as well as privately owned open access points, allow clients to stay more or less continuously connected to the Internet, while moving around. A collection of connected Hot Spots can be referred to as a lily-pad network. Home networks generally have only one WAP to connect all the computers in a home. Most are wireless routers, meaning converged devices that include a WAP, router, and often an Ethernet switch in the same device. Many also converge a broadband modem. In places where most homes have their own WAP within range of the neighbors' WAP, it's possible for technically savvy people to turn off their encryption and set up a wireless community network, creating an intra-city communication network without the need of wired networks.

Basic router
Routers operate at the network layer of the OSI model and efficiently route information between Local Area Networks. Since routers operate in the third layer, the network layer, they must understand layer 3 addressing... such as TCP/IP. A router will divide a broadcast domain by not forwarding broadcasts on one connected network to another connected network. Routers operate in two different planes: the control plane, in which the router learns the outgoing interface that is most appropriate for forwarding specific packets to specific destinations, and the forwarding plane, which is responsible for the actual process of sending a packet received on a logical interface to an outbound logical interface.

Common Devices

48

Basic firewall
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages entering or leaving the Local Area Network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed.

Basic DHCP (Dynamic Host Configuration Protocol) server

When a DHCP-configured client (be it a computer or any other network-aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as the default gateway, the domain name, the DNS (Domain Name System) servers, other servers such as time servers, and so forth. Upon receipt of a valid request the server will assign the computer an IP address, a lease (the length of time for which the allocation is valid), and other IP configuration parameters, such as the subnet mask and the default gateway. The query is typically initiated immediately after booting and must be completed before the client can initiate IP-based communication with other hosts.

Specialized Devices

49

Specialized Devices
Objective 3.2: Identify the functions of specialized network devices

IDS/IPS (Intrusion Detection System/Intrusion Prevention System)

An Intrusion Detection System (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms). An Intrusion Prevention System is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology.

Proxy server
A proxy server is a server that makes Internet connections on behalf of the client PCs. All the requests for Internet access that are made by a client on a network are executed by the proxy server. In other words, a proxy server acts as a point of contact between a private network and a public network such as the Internet. Using a proxy improves the control administrators have over the network because proxies can be configured, among other things, to prohibit access to non-business-related sites or to restrict Internet access to groups that do not need it. Also the overall performance of the network is increased due to the proxy's ability to cache the pages that users view the most. Another advantage is the record keeping capabilities of the proxy server. This is used by organizations to monitor the use employees make of the Internet, as it records the requests made along with the time and duration of those requests.

CSU/DSU (Channel Service Unit/Data Service Unit)

Advanced Switching

50

Advanced Switching
Objective 3.3: Explain the advanced features of a switch

Wireless
Objective 3.4: Implement a basic wireless network

Install access point

OSI Model
Data unit Host Data layers Layer Function 7. Application Network process to application 6. Presentation Data representation and encryption 5. Session Segment Media Packet layers Frame Bit 4. Transport 3. Network 2. Data Link 1. Physical Interhost communication End-to-end connections and reliability Path determination and logical addressing Physical addressing Media, signal and binary transmission

Objective 4.1: Explain the function of each layer of the OSI (Open Systems Interconnection) model
The Open Systems Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the Application, Presentation, Session, Transport, Network, Data Link, and Physical Layers. It is therefore often referred to as the OSI Seven Layer Model. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives service from the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. Reference Appendix A: Memory Aids to assist in the recall of the layers in the correct order.

OSI Model

51

Application
The application layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network resources for the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer.

Documentation Types
Objective 4.2: Identify types of configuration management documentation

Wiring schematics
Wiring schematics are drawings of where all the wires and circuits are. It also shows where and how they are connected. A wiring schematic is used to troubleshoot problems and to make sure that all the connections have been made and that everything is present. It assists in the replacement of cabling in case of a short circuit and eases the process of determining where new wires can be installed when additional capacity is needed.

Documentation Implementation
Objective 4.3: Given a scenario, evaluate the network based on configuration management documentation

Performance Monitoring

52

Performance Monitoring
Objective 4.4: Conduct network monitoring to identify performance and connectivity issues

Network monitoring utilities

Packet sniffers
See Objective 5.2: Software Tools.

Throughput testers
A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time). On a network, a throughput tester sends a specific amount of data through the network and measures the time it takes to transfer that data, arriving at a measure of the actual bandwidth. Use a throughput tester to validate the bandwidth on your network, and to identify when the bandwidth is significantly below what it should be. Note: A throughput tester can help you identify when a network is slow, but does not give you sufficient information to identify why it is slow.

Logs

Performance Optimization
Objective 4.5: Explain different methods and rationales for network performance optimization

QoS (Quality of Service)

Quality of Service (QoS) refers to resource reservation control mechanisms rather than the achieved service quality. Quality of Service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. Quality of Service guarantees are important if the network capacity is insufficient, especially for real-time streaming multimedia applications such as Voice over Internet Protocol, online games and IP-TV, since these often require fixed bit rate and are delay sensitive, and in networks where the capacity is a limited resource, for example in cellular data communication. An alternative to complex QoS control mechanisms is to provide high quality communication by generously over-provisioning a network so that capacity is based on peak traffic load estimates. This approach is simple and economical for networks with predictable and light traffic loads. The performance is reasonable for many applications. This might include demanding applications that can compensate for variations in bandwidth and delay with large receive buffers, which is often possible for example in video streaming. In networks typical of enterprises, however, the costs of increasing bandwidth can be substantial and over-provisioning is hard to justify. In these cases, QoS allows for prioritization of time-sensitive data without the expense of upgrading cabling and equipment.

Troubleshooting Methodology

53

Troubleshooting Methodology
Objective 4.6: Given a scenario, implement the following network troubleshooting methodology
These steps should be followed in the order that they appear.

Information gathering - identify symptoms and problems

Ask the user to describe the problem, check for error messages, and recreate the problem. Resist the urge to start fixing things at this point.

Identify the affected areas of the network

Determine how large the problem is. For example, fixes for one client workstation would likely be very different than fixes for an entire network segment.

Determine if anything has changed

Most often, problems are caused by new hardware or software or changes to the configuration. If necessary, ask questions to discover what might have changed that could have caused the problem.

Establish the most probable cause

Look for common errors or solutions that can be tried quickly.

Determine if escalation is necessary

When forwarding the problem on to someone else, be sure to describe the nature of the problem, the actions you have already taken, and the symptoms that lead you to believe the problem is outside of your area of responsibility.When forwarding the problem on to someone else, be sure to describe the nature of the problem, the actions you have already taken, and the symptoms that lead you to believe the problem is outside of your area of responsibility.

Create an action plan and solution identifying potential effects

Your plan might include purchases for hardware or equipment that need approval before proceeding. In addition, your plan might involve taking some services offline for a period of time. Identifying the affects ahead of time helps you put measures into place to eliminate or reduce any potential negative consequences.

Troubleshooting Methodology

54

Implement and test the solution

When side effects have been weighed against the fix and all concerns have been addressed, fix the problem. If necessary, implement additional steps to correct the problem if your first solution did not work. After you think you have resolved the problem, test the result.

Identify the results and effects of the solution

Make sure that the solution has fully fixed the problem and has not caused any other problems.

Document the solution and the entire process

In the future, you can check your documentation to see what has changed or to help you remember the solution to common problems.

Connectivity Issues
Objective 4.7: Given a scenario, troubleshoot common connectivity issues and select an appropriate solution

Physical issues
Crosstalk
Crosstalk refers to any phenomenon by which a signal transmitted on one circuit or channel of a transmission system creates an undesired effect in another circuit or channel. This can occur within the different pairs of wires in a cable and is mitigated by using twisted pair cabling. In a wireless environment, two different wireless access points that are broadcasting on channels too close together in frequency can reduce the quality of the connection between themselves and wireless users. In telecommunications, crosstalk is often distinguishable as pieces of speech or signaling tones leaking from other people's connections. If the connection is analog, twisted pair cabling can often be used to reduce the effects of crosstalk. Alternatively, the signals can be converted to digital form, which is much less susceptible to crosstalk.

Logical issues
Port duplex mismatch
A duplex mismatch occurs when two devices are using different duplex settings. In this case, one device will try to transmit using full duplex, while the other will expect half duplex communications. By default, devices are configured to use autonegotiation to detect the correct duplex setting to use. If a duplex method cannot be agreed upon, devices should default to using half duplex. A duplex mismatch can occur in the following cases: Both devices are configured to use different duplex settings. Autonegotiation does not work correctly on one device. One device is configured for autonegotiation and the other device is manually configured for full duplex. Symptoms of a duplex mismatch include very slow network communications. Ping tests might appear to complete correctly, but normal communications work well below the expected speeds, even for half duplex communications.

Connectivity Issues

55

Incorrect VLAN (Virtual Local Area Network)

Incorrectly assigning a port to a VLAN might prevent a device from communicating through the switch.

Wrong gateway
If the gateway is configured incorrectly, remote clients can't access network resources, local hosts can't access the Internet and they can't access hosts outside the local subnet.

Issues that should be identified but escalated Wireless issues

Command Line Tools

Objective 5.1: Given a scenario, select the appropriate command line interface tool and interpret the output to verify functionality

Software Tools

56

Software Tools
Objective 5.2: Explain the purpose of network scanners

Hardware Tools
Objective 5.3: Given a scenario, utilize the appropriate hardware tools

Cable testers

TDR (Time-domain Reflectometer)

Signal transmitted and reflected from a discontinuity

OTDR (Optical Time-domain Reflectometer)

Hardware Tools

57

Multimeter

Toner probe

Punch down tool

Cable stripper

Hardware Tools

58

Snips

Voltage event recorder

Temperature monitor

Security Devices

59

Security Devices
Objective 6.1: Explain the function of hardware and software security devices

Network-based firewall
Network based firewalls monitor traffic on the entire network segment, meaning an administrator monitors and controls firewall services from a central location.

Host-based firewall
Host based firewalls is installed on an individual system and monitors and controls inbound and outbound traffic for just that system.

VPN (Virtual Private Network) concentrator

VPN concentrators increase remote access security. Concentrators sit between the VPN client and VPN server, creating a tunnel authenticating users and encrypting data as it travels. They also regulate and monitor data transfer across the tunnel, and control inbound and outbound traffic as an endpoint or router.

Software firewall

Firewalling

60

Firewalling
Objective 6.2: Explain common features of a firewall

Application layer vs. network layer

The application layer firewall is the most functional of all the firewall types. As its name suggests, the application layer firewall functionality is implemented through an application. Application layer firewall systems can implement sophisticated rules and closely control traffic that passes through. Features of these firewalls can include user authentication systems and the capability to control which systems an outside user can access on the internal network. Some also provide bandwidth control mechanisms. Because they operate above the session layer of the Open Systems Interconnect (OSI) model, they can provide protection against any software-based network traffic that attempts to pass through them. Network layer filtering through the analysis of packets enables the firewall to examine each packet that passes through it and determine what to do with it, based on the configuration. A packet-filtering firewall deals with packets at the data-link and network layers of the OSI model. The following are some of the criteria by which packet filtering can be implemented: IP address By using the IP address as a parameter, the firewall can allow or deny traffic, based on the source or destination IP address. For example, you can configure the firewall so that only certain hosts on the internal network are able to access hosts on the Internet. Alternatively, you can configure it so that only certain hosts on the Internet are able to gain access to a system on the internal network. Port number The TCP/IP (Transmission Control Protocol/Internet Protocol) suite uses port numbers to identify which service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow. You might, for example, open port 80 on the firewall to allow Hypertext Transfer Protocol (HTTP) requests from users on the Internet to reach the corporate Web server. You might also, depending on the application, open the HTTP Secure (HTTPS) port, port 443, to allow access to a secure Web server application. Protocol ID Because each packet transmitted with IP has a protocol identifier in it, a firewall can read this value and then determine what kind of packet it is. If you are filtering based on protocol ID, you specify which protocols you will and will not allow to pass through the firewall. MAC address This is perhaps the least used of the packet-filtering methods discussed, but it is possible to configure a firewall to use the hardware-configured MAC address as the determining factor in whether access to the network is granted. This is not a particularly flexible method, and it is therefore suitable only in environments in which you can closely control who uses which MAC address. The Internet is not such an environment.

Firewalling

61

Content filtering
Many workplaces, schools, and colleges restrict the web sites and online services that are made available in their buildings. This is done with a specialized proxy, called a content filter. Requests made to the open Internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns with associated content attributes. This database is updated weekly by site-wide subscription, much like a virus filter subscription. The administrator instructs the web filter to ban broad classes of content (such as sports, pornography, online shopping, gambling, or social networking). Requests that match a banned URL pattern are rejected immediately. Assuming the requested URL is acceptable, the content is then fetched by the proxy. At this point a dynamic filter may be applied on the return path. For example, JPEG files could be blocked based on flesh tone matches, or language filters could dynamically detect unwanted language. Web filtering proxies are not able to peer inside secure HTTP transactions. As a result, users wanting to bypass web filtering will typically search the internet for an open and anonymous HTTPS proxy. They will then program their browser to proxy all requests through the web filter to this anonymous proxy. Those requests will be encrypted. The web filter cannot distinguish these transactions from, say, a legitimate access to a financial website. Thus, content filters are only effective against unsophisticated users.

Access Security
Objective 6.3: Explain the methods of network access security

ACL (Access Control List) Tunneling and encryption

SSL VPN (Secure Sockets Layer Virtual Private Network)
o An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. A virtual private network (VPN) provides a secure communications mechanism for data and other information transmitted between two endpoints. An SSL VPN consists of one or more VPN devices to which the user connects by using his Web browser. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol. An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs: SSL Portal VPN: This type of SSL VPN allows for a single SSL connection to a Web site so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway and is then presented with a Web page that acts as the portal to the other services. SSL Tunnel VPN: This type of SSL VPN allows a Web browser to securely access multiple network services, including applications and protocols that are not Web-based, through a tunnel that is running under SSL. SSL tunnel VPNs require that the Web browser be able to handle active content, which allows them to provide functionality that is not accessible to SSL portal VPNs. Examples of active content include Java, JavaScript, Active X, or Flash applications or plug-ins. [1] http://searchsecurity.techtarget.com/definition/SSL-VPN

Access Security

62

Remote access References

[1] http:/ / searchsecurity. techtarget. com/ definition/ SSL-VPN

User Authentication
Objective 6.4: Explain methods of user authentication

PKI (Public Key Infrastructure)

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. PKI is an arrangement that associates a public key with a user's identity by means of a certificate authority (CA). The user's identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). For each user, the user's identity, the public key, and their association with each other are made transparent in public key certificates issued by the CA.

Kerberos
Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner, and also a suite of free software published by Massachusetts Institute of Technology (MIT) which implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping or replay attacks.

AAA (Authentication, Authorization, and Accounting)

RADIUS (Remote Authentication Dial In User Service)
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.

Network access control CHAP (Challenge Handshake Authentication Protocol)

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterward. The verification is based on a shared secret (such as the client user's password).

User Authentication

63

MS-CHAP (Microsoft Handshake Authentication Protocol)

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. Compared with CHAP, MS-CHAP: provides an authenticator-controlled password change mechanism provides an authenticator-controlled authentication retry mechanism defines failure codes returned in the Failure packet message field MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

EAP (Extensible Authentication Protocol)

Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined by RFC 3748. Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs. Recently, the WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.

Device Security
Objective 6.5: Explain issues that affect device security

Physical security
Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts. It can be as simple as a locked door or as elaborate as multiple layers of armed security guards and guardhouses. In a well designed system, these features must complement each other. There are at least four layers of physical security: Environmental design Mechanical and electronic access control Intrusion detection Video monitoring

The goal is to convince potential attackers that the likely costs of attack exceed the value of making the attack.

Secure methods vs. unsecure methods

Device Security

64

Secure Method SSH (Secure Shell) HTTPS (Hypertext Transfer Protocol Secure) SFTP (Secure File Transfer Protocol)

Unsecure Method Telnet and RSH (Remote Shell) HTTP (Hypertext Transfer Protocol) FTP (File Transfer Protocol)

SNMPv3 (Simple Network Management Protocol version 3) SNMPv1/2 (Simple Network Management Protocol version 1 or 2) SCP (Secure Copy Protocol) RCP (Remote Copy Protocol)

Objective 1.1 also requires knowledge of some of these protocols.

Threat Mitigation
Objective 6.6: Identify common security threats and mitigation techniques

Security threats
DoS (Denial of Service)
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Routers may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them. However, the trend among the attacks is to have legitimate content but bad intent. Intrusion-prevention systems which work on content recognition cannot block behavior based DoS attacks.

Viruses
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously.

Threat Mitigation In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them. As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.

65

Mitigation techniques

Memory Aids
OSI Model
A Priest Saw Two Nuns Doing Push-ups

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

Please

Do

Not

Throw

Sausage

Pizza

Away

Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer

Please

Do

Not

Touch

Steve's

Pet

Alligator

Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer

Pew

Dead

Ninja

Turtles

Smell

Particularly

Awful

Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer

All

People

Seem

To

Need

Data

Processing

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

All

People

Should

Try

New

Diet

Pepsi

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

Article Sources and Contributors

66

Article Sources and Contributors

Network Plus Certification Source: http://en.wikibooks.org/w/index.php?oldid=2027871 Contributors: AdRiley, Adrignola, DavidCary, Hagindaz, Jguk, Robert Horning, SPat, Socratesone, Wknight8111, 18 anonymous edits Introduction Source: http://en.wikibooks.org/w/index.php?oldid=2090252 Contributors: Adrignola, Califman831, Jguk, Luca Masters, Modul8r, Socratesone, 30 anonymous edits Objectives Source: http://en.wikibooks.org/w/index.php?oldid=2131562 Contributors: Adrignola, Bjadter, Dallas1278, DavidCary, Derbeth, Fishpi, Hagindaz, Jguk, Jomegat, Killer2021, Mike.lifeguard, Pmsyyz, QuiteUnusual, RedEagle, Socratesone, Swiftfox, Tannersf, Timewalk, Tmaioli, Vishnuratheesh, Xania, 195 anonymous edits Technologies Source: http://en.wikibooks.org/w/index.php?oldid=1569074 Contributors: Adrignola, Derbeth, Jguk, Modul8r, QuiteUnusual, Socratesone, 21 anonymous edits Common Protocols Source: http://en.wikibooks.org/w/index.php?oldid=2008477 Contributors: Adrignola, JenVan, Swift, 5 anonymous edits Common Ports Source: http://en.wikibooks.org/w/index.php?oldid=1805142 Contributors: Adrignola Addressing Formats Source: http://en.wikibooks.org/w/index.php?oldid=2140089 Contributors: Adrignola, Jomegat, 2 anonymous edits Addressing Methods Source: http://en.wikibooks.org/w/index.php?oldid=1481182 Contributors: Adrignola Routing Protocols Source: http://en.wikibooks.org/w/index.php?oldid=1476373 Contributors: Adrignola Routing Properties Source: http://en.wikibooks.org/w/index.php?oldid=1481180 Contributors: Adrignola Wireless Source: http://en.wikibooks.org/w/index.php?oldid=1805143 Contributors: Adrignola Cables Source: http://en.wikibooks.org/w/index.php?oldid=2204187 Contributors: Adrignola, 1 anonymous edits Connectors Source: http://en.wikibooks.org/w/index.php?oldid=2097318 Contributors: Adrignola, Hagindaz, Herbythyme, Jguk, Jomegat, Olshinski, Recent Runes, Socratesone, 16 anonymous edits Physical Topologies Source: http://en.wikibooks.org/w/index.php?oldid=2171278 Contributors: Adrignola, Epachamo, 3 anonymous edits Wiring Standards Source: http://en.wikibooks.org/w/index.php?oldid=1481158 Contributors: Adrignola Wide Area Networks Source: http://en.wikibooks.org/w/index.php?oldid=2081615 Contributors: Adrignola, 2 anonymous edits Local Area Networks Source: http://en.wikibooks.org/w/index.php?oldid=1510143 Contributors: Adrignola, 1 anonymous edits Logical Topologies Source: http://en.wikibooks.org/w/index.php?oldid=1481150 Contributors: Adrignola Wiring Distribution Source: http://en.wikibooks.org/w/index.php?oldid=1481148 Contributors: Adrignola Common Devices Source: http://en.wikibooks.org/w/index.php?oldid=2054993 Contributors: Adrignola, Mouagip, 4 anonymous edits Specialized Devices Source: http://en.wikibooks.org/w/index.php?oldid=1481144 Contributors: Adrignola Advanced Switching Source: http://en.wikibooks.org/w/index.php?oldid=1481143 Contributors: Adrignola Wireless Source: http://en.wikibooks.org/w/index.php?oldid=1481141 Contributors: Adrignola OSI Model Source: http://en.wikibooks.org/w/index.php?oldid=1805145 Contributors: Adrignola Documentation Types Source: http://en.wikibooks.org/w/index.php?oldid=1481133 Contributors: Adrignola Documentation Implementation Source: http://en.wikibooks.org/w/index.php?oldid=1478341 Contributors: Adrignola Performance Monitoring Source: http://en.wikibooks.org/w/index.php?oldid=2091078 Contributors: Adrignola, 1 anonymous edits Performance Optimization Source: http://en.wikibooks.org/w/index.php?oldid=1481107 Contributors: Adrignola Troubleshooting Methodology Source: http://en.wikibooks.org/w/index.php?oldid=2091108 Contributors: Adrignola, 9 anonymous edits Connectivity Issues Source: http://en.wikibooks.org/w/index.php?oldid=2105524 Contributors: Adrignola, QuiteUnusual, Soeb, 25 anonymous edits Command Line Tools Source: http://en.wikibooks.org/w/index.php?oldid=1481098 Contributors: Adrignola Software Tools Source: http://en.wikibooks.org/w/index.php?oldid=1481097 Contributors: Adrignola Hardware Tools Source: http://en.wikibooks.org/w/index.php?oldid=1481094 Contributors: Adrignola Security Devices Source: http://en.wikibooks.org/w/index.php?oldid=2105533 Contributors: Adrignola, 4 anonymous edits Firewalling Source: http://en.wikibooks.org/w/index.php?oldid=1481090 Contributors: Adrignola Access Security Source: http://en.wikibooks.org/w/index.php?oldid=2105652 Contributors: Adrignola, 2 anonymous edits User Authentication Source: http://en.wikibooks.org/w/index.php?oldid=1481082 Contributors: Adrignola Device Security Source: http://en.wikibooks.org/w/index.php?oldid=1805144 Contributors: Adrignola Threat Mitigation Source: http://en.wikibooks.org/w/index.php?oldid=2082420 Contributors: Adrignola, QuiteUnusual, 1 anonymous edits Memory Aids Source: http://en.wikibooks.org/w/index.php?oldid=2165849 Contributors: Adrignola, ComputerSherpa, Herbythyme, Jguk, Reece, Socratesone, 18 anonymous edits

Image Sources, Licenses and Contributors

67

Image Sources, Licenses and Contributors

Image:100%.svg Source: http://en.wikibooks.org/w/index.php?title=File:100%.svg License: Public Domain Contributors: Siebrand Image:25%.svg Source: http://en.wikibooks.org/w/index.php?title=File:25%.svg License: Public Domain Contributors: Karl Wick Image:50%.svg Source: http://en.wikibooks.org/w/index.php?title=File:50%.svg License: Public Domain Contributors: Siebrand Image:25%.png Source: http://en.wikibooks.org/w/index.php?title=File:25%.png License: Creative Commons Attribution-Sharealike 3.0,2.5,2.0,1.0 Contributors: TouzaxA Image:Ipv4 address.svg Source: http://en.wikibooks.org/w/index.php?title=File:Ipv4_address.svg License: Public Domain Contributors: Indeterminate Image:Ipv6 address.svg Source: http://en.wikibooks.org/w/index.php?title=File:Ipv6_address.svg License: Public Domain Contributors: Indeterminate File:MAC-48 Address.svg Source: http://en.wikibooks.org/w/index.php?title=File:MAC-48_Address.svg License: Creative Commons Attribution-Sharealike 2.5 Contributors: Inductiveload, modified/corrected by Kju Image:Subnet diagram.svg Source: http://en.wikibooks.org/w/index.php?title=File:Subnet_diagram.svg License: Creative Commons Attribution-Sharealike 1.0 Contributors: en:User:Mancini, User:Stannered image:cast.svg Source: http://en.wikibooks.org/w/index.php?title=File:Cast.svg License: Public Domain Contributors: Easyas12c image:unicast.svg Source: http://en.wikibooks.org/w/index.php?title=File:Unicast.svg License: Public Domain Contributors: Easyas12c, Perhelion image:multicast.svg Source: http://en.wikibooks.org/w/index.php?title=File:Multicast.svg License: Public Domain Contributors: Easyas12c, Lupo, 1 anonymous edits image:broadcast.svg Source: http://en.wikibooks.org/w/index.php?title=File:Broadcast.svg License: Public Domain Contributors: Easyas12c File:Fish_routing_scheme.svg Source: http://en.wikibooks.org/w/index.php?title=File:Fish_routing_scheme.svg License: Creative Commons Attribution-ShareAlike 1.0 Generic Contributors: George Shuklin Image:Drawing Roaming RADIUS.png Source: http://en.wikibooks.org/w/index.php?title=File:Drawing_Roaming_RADIUS.png License: Creative Commons Attribution-Sharealike 3.0 Contributors: Kgrr File:Servers at LAAS (FDLS 2007) 0389.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Servers_at_LAAS_(FDLS_2007)_0389.jpg License: Creative Commons Attribution 3.0 Contributors: Guillaume Paumier (user:guillom) Image:UTP cable.jpg Source: http://en.wikibooks.org/w/index.php?title=File:UTP_cable.jpg License: Public Domain Contributors: Baran Ivo File:UTP-cable.png Source: http://en.wikibooks.org/w/index.php?title=File:UTP-cable.png License: Public Domain Contributors: Original uploader was Deregtx at nl.wikipedia File:STP-cable.png Source: http://en.wikibooks.org/w/index.php?title=File:STP-cable.png License: GNU Free Documentation License Contributors: Original uploader was Deelkar at en.wikipedia Image:TwistedPair S-FTP.jpg Source: http://en.wikibooks.org/w/index.php?title=File:TwistedPair_S-FTP.jpg License: GNU Free Documentation License Contributors: Original uploader was Hurzelchen at de.wikipedia (Original text : Hurzelchen) Image:Optical-fibre.svg Source: http://en.wikibooks.org/w/index.php?title=File:Optical-fibre.svg License: Public Domain Contributors: Gringer (talk) Image:Singlemode fibre structure.svg Source: http://en.wikibooks.org/w/index.php?title=File:Singlemode_fibre_structure.svg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Original by Bob Mellish, SVG derivative by Benchill File:RG-59.jpg Source: http://en.wikibooks.org/w/index.php?title=File:RG-59.jpg License: GNU Free Documentation License Contributors: 1-1111, Arj, Biasoli, Chetvorno, Frank C. Mller, GeorgHH, Igno2, Nagy, Pmlineditor, Stunteltje, Tothwolf, Werckmeister, 18 anonymous edits Image:Serial cable (blue).jpg Source: http://en.wikibooks.org/w/index.php?title=File:Serial_cable_(blue).jpg License: Public Domain Contributors: Glenn, Mobius, Tothwolf File:Photo-RJ11.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Photo-RJ11.jpg License: Public Domain Contributors: 32bitmaschine, Pewu, Shaddack, Tothwolf, 1 anonymous edits Image:Wire white green stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_white_green_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire orange.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_orange.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire white orange stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_white_orange_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire black.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_black.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire blue.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_blue.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire blue white stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_blue_white_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire red.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_red.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire white blue stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_white_blue_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire green.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_green.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire orange white stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_orange_white_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire yellow.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_yellow.svg License: GNU General Public License Contributors: Pfctdayelise, Pumbaa80, Rocket000, WikipediaMaster Image:Wire green white stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_green_white_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Uncrimped rj-45 connector close-up.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Uncrimped_rj-45_connector_close-up.jpg License: Public Domain Contributors: Mike1024 Image:BNC connector.jpg Source: http://en.wikibooks.org/w/index.php?title=File:BNC_connector.jpg License: GNU Free Documentation License Contributors: User Meggar on en.wikipedia File:SC-optical-fiber-connector-hdr-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:SC-optical-fiber-connector-hdr-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios File:ST-optical-fiber-connector-hdr-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:ST-optical-fiber-connector-hdr-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios File:LC-optical-fiber-connector-hdr-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:LC-optical-fiber-connector-hdr-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios File:RS-232.jpeg Source: http://en.wikibooks.org/w/index.php?title=File:RS-232.jpeg License: GNU Free Documentation License Contributors: 32bitmaschine, Duesentrieb, Faxe, Mobius, NaSH, 1 anonymous edits Image:NetworkTopology-Star.png Source: http://en.wikibooks.org/w/index.php?title=File:NetworkTopology-Star.png License: Public Domain Contributors: Foobaz, Herbythyme, Kilom691, LoStrangolatore, MisterSanderson, 7 anonymous edits Image:NetworkTopology-Mesh.png Source: http://en.wikibooks.org/w/index.php?title=File:NetworkTopology-Mesh.png License: Public Domain Contributors: Foobaz, Kozuch, 3 anonymous edits Image:NetworkTopology-Bus.png Source: http://en.wikibooks.org/w/index.php?title=File:NetworkTopology-Bus.png License: Public Domain Contributors: Foobaz, LoStrangolatore, MisterSanderson Image:NetworkTopology-Ring.png Source: http://en.wikibooks.org/w/index.php?title=File:NetworkTopology-Ring.png License: Public Domain Contributors: Foobaz, LoStrangolatore, MisterSanderson Image:Rj45plug-8p8c.png Source: http://en.wikibooks.org/w/index.php?title=File:Rj45plug-8p8c.png License: Creative Commons Attribution-ShareAlike 3.0 Unported Contributors: Aaron Kaase

Image Sources, Licenses and Contributors

Image:Wire white brown stripe.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_white_brown_stripe.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Wire brown.svg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_brown.svg License: GNU General Public License Contributors: Pumbaa80, Rocket000, WikipediaMaster Image:Crossover Adapter DSC01805.JPG Source: http://en.wikibooks.org/w/index.php?title=File:Crossover_Adapter_DSC01805.JPG License: Public Domain Contributors: user:ocrho Image:Frame relay.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Frame_relay.jpg License: Public Domain Contributors: Ruwanindika Image:P2P-network.svg Source: http://en.wikibooks.org/w/index.php?title=File:P2P-network.svg License: Public Domain Contributors: User:Mauro Bieg Image:Server-based-network.svg Source: http://en.wikibooks.org/w/index.php?title=File:Server-based-network.svg License: GNU Lesser General Public License Contributors: User:Mauro Bieg Image:66 block.JPG Source: http://en.wikibooks.org/w/index.php?title=File:66_block.JPG License: Creative Commons Attribution-Sharealike 2.5 Contributors: Original uploader was Kgrr at en.wikipedia File:110-punch-block-IDC-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:110-punch-block-IDC-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios Image:Distribution-frame-0a-messy.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Distribution-frame-0a-messy.jpg License: Creative Commons Attribution-ShareAlike 3.0 Unported Contributors: Adamantios Image:Cable-singlecore-25-pair-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Cable-singlecore-25-pair-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios File:Network_switches.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Network_switches.jpg License: unknown Contributors: ShakataGaNai File:4_port_netgear_ethernet_hub.jpg Source: http://en.wikibooks.org/w/index.php?title=File:4_port_netgear_ethernet_hub.jpg License: Public Domain Contributors: Hohum, JackPotte, Plugwash, 1 anonymous edits File:Repeater-schema.svg Source: http://en.wikibooks.org/w/index.php?title=File:Repeater-schema.svg License: Public Domain Contributors: Mouagip File:Ethernet_pci_card.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Ethernet_pci_card.jpg License: Public Domain Contributors: Sub File:Switch.JPG Source: http://en.wikibooks.org/w/index.php?title=File:Switch.JPG License: Public Domain Contributors: Original uploader was RedEagle at en.wikibooks File:Bridge.JPG Source: http://en.wikibooks.org/w/index.php?title=File:Bridge.JPG License: Public Domain Contributors: Original uploader was RedEagle at en.wikibooks File:WirelessAP.JPG Source: http://en.wikibooks.org/w/index.php?title=File:WirelessAP.JPG License: Public Domain Contributors: Original uploader was RedEagle at en.wikibooks File:Cisco1800seriesrouter.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Cisco1800seriesrouter.jpg License: Attribution Contributors: Original uploader was Akc9000 at en.wikipedia File:Firewall-01.JPG Source: http://en.wikibooks.org/w/index.php?title=File:Firewall-01.JPG License: Public Domain Contributors: Swiftfox File:CSUDSU.JPG Source: http://en.wikibooks.org/w/index.php?title=File:CSUDSU.JPG License: Public Domain Contributors: Original uploader was RedEagle at en.wikibooks File:WifiAccessPoint.jpg Source: http://en.wikibooks.org/w/index.php?title=File:WifiAccessPoint.jpg License: GNU General Public License Contributors: GreyCat, Omegatron, Superzerocool, TommyBee, Werckmeister, Xavigaya, 2 anonymous edits File:Bash_screenshot.png Source: http://en.wikibooks.org/w/index.php?title=File:Bash_screenshot.png License: unknown Contributors: Akinom, Andrew pmk, Berland, Emx, Insuranze, Kahlil88, Leileilol, MarSoft, Pixel ;-), Shooke, Trelio, 5 anonymous edits File:Cable-tester-and-analyzer-0c.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Cable-tester-and-analyzer-0c.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios File:Partial transmittance.gif Source: http://en.wikibooks.org/w/index.php?title=File:Partial_transmittance.gif License: Public Domain Contributors: Oleg Alexandrov File:OTDR_-_Yokogawa_AQ7270_-_1.jpg Source: http://en.wikibooks.org/w/index.php?title=File:OTDR_-_Yokogawa_AQ7270_-_1.jpg License: Creative Commons Attribution 3.0 Contributors: Electron Image:Digital Multimeter Aka.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Digital_Multimeter_Aka.jpg License: Creative Commons Attribution-Sharealike 2.5 Contributors: Andr Karwath aka Aka File:Logicprobe_chtaube070101.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Logicprobe_chtaube070101.jpg License: Creative Commons Attribution-Sharealike 2.5 Contributors: Christian Taube Image:Punch-down-tool-Krone-and-110-0a.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Punch-down-tool-Krone-and-110-0a.jpg License: Creative Commons Attribution-Sharealike 3.0 Contributors: Adamantios Image:Wire stripper.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Wire_stripper.jpg License: GNU Free Documentation License Contributors: Raul654 File:Elektronikschere_(smial).jpg Source: http://en.wikibooks.org/w/index.php?title=File:Elektronikschere_(smial).jpg License: Creative Commons Attribution-Sharealike 2.0 Contributors: User Smial on de.wikipedia File:Oscilloscope_sine_square.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Oscilloscope_sine_square.jpg License: Public Domain Contributors: Xato File:Digital_thermometer.jpg Source: http://en.wikibooks.org/w/index.php?title=File:Digital_thermometer.jpg License: Creative Commons Attribution-Sharealike 2.5 Contributors: Xell File:Firewall (networking).png Source: http://en.wikibooks.org/w/index.php?title=File:Firewall_(networking).png License: Public Domain Contributors: Luis F. Gonzalez File:GUI for Uncomplicated Firewall.png Source: http://en.wikibooks.org/w/index.php?title=File:GUI_for_Uncomplicated_Firewall.png License: GNU General Public License Contributors: http://hacktolive.org/ File:Firewall.png Source: http://en.wikibooks.org/w/index.php?title=File:Firewall.png License: Creative Commons Attribution-Sharealike 3.0,2.5,2.0,1.0 Contributors: Bruno Pedrozo Image:1-Wire lock.jpg Source: http://en.wikibooks.org/w/index.php?title=File:1-Wire_lock.jpg License: Creative Commons Attribution-ShareAlike 3.0 Unported Contributors: Stan Zurek

68

License

69

License
Creative Commons Attribution-Share Alike 3.0 Unported //creativecommons.org/licenses/by-sa/3.0/