Академический Документы
Профессиональный Документы
Культура Документы
2
8/10/2018 2
CompTia Network+ Objectives
The table below lists the domains measured by the exam and the extent to which they are represented.
DOMAIN % OF EXAM
1.0 Networking Concepts 23%
2.0 Infrastructure 18%
3.0 Network Operations 17%
4.0 Network Security 20%
5.0 Network trouble shooting 22%
& tools
3
8/10/2018 3
CompTia Network+ Objectives
4
8/10/2018 4
Network+ Modules DAY 1
Module 1: Introduction to Networks
Module 2: The OSI Reference Model
Module 3: Networking Topology, Connectors and
Wiring Standards
Module 4: Ethernet Specifications
Module 5: Network Devices
Module 6: TCP/IP
Module 7: IP Addressing – IPv4 & Ipv6
5
8/10/2018 5
Network+ Modules – DAY 2
Module 8: Routing
Module 9: Switching and VLANs
Module 10: Wireless Networking
Module 11: Authentication and Access Control
Module 12: Network Threats
Module 13: Wide Area Networking
Module 14: Troubleshooting
6
8/10/2018 6
Network+ Modules – DAY 3
Module15: Management, Monitoring and
Optimisation
Exam N10-007
7
8/10/2018 7
What does Network+ Lead to?
8
8/10/2018 8
MODULE 1
INTRODUCTION TO NETWORKS
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
What is a Network
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Clients and Servers
Types of Computer
Workstation / Client
Server
Types of Network
Peer-Peer
Client-Server
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Networking Topology
BUS
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Networking Topology
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
Networking Topology
RING
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Networking Topolgy
MESH
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Networking Topology
VLAN 1
SALES
SEVERS
COMMS ROOM
BACKBONE
VLAN 2
MARKETING
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
MODULE 2
THE OSI REFERENCE MODEL
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
The Open Systems Interconnection Model
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
OSI Reference Model
7 APPLICATION
6 PRESENTATION
5 SESSION
4 TRANSPORT
3 NETWORK
2 DATALINK
1 PHYSICAL
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
OSI
7 APPLICATION
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
OSI
6 PRESENTATION
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
OSI
5 SESSION
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
OSI
4 TRANSPORT
3 NETWORK
2 DATALINK
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
OSI – DATALINK LAYER – IEEE 802 Standards
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
OSI
1 PHYSICAL
7 AWAY
6 PIZZA
5 SAUSAGE
4 THROW
3 NOT
2 DO
1 PLEASE
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
MODULE 3
NETWORKING TOPOLGY, CONNECTORS
AND WIRING STANDARDS
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
CABLE CHARACTERISTICS
Cost
Installation issues
PLENUM Rating
Bandwidth/Speed/Capacity
Duplex/Half Duplex
Serial/Parallel
Distance/Attenuation
Noise immunity
8/1/2018
Security 2
COAXIAL
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Types of Cable
Coax connectors
BNC
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Types of Cable
Twisted Pair
UTP
STP
CAT standards
Connectors
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
Cat 5e Four twisted pairs rated for 100 MHz,
but can handle all four pairs transmitting at
the same time (required for GB Ethernet).
Cat 5 is essentially redundant (can you still
buy it??).
Cat 6 Four twisted pairs rated for 250 Mhz. A
standard from 2002. Used as a riser cable to
connect floors, but for future proof best
practice to install as standard for a new
network. 6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
RJ45
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
RJ45 Wiring Standards
T568A
T568B
STRAIGHT THROUGH
CROSSOVER
ROLLOVER
LOOPBACK
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
T568A / T568B
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
LAB
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
Rollover and Loopback CABLE
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
FIBER OPTIC
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
Media Converter
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
Types of Cable
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
Patching and Cabling
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
66 / 110 Block
17
8/1/2018
8/1/2018 17 ©2007 – Body Temple
Network Transceiver
18
8/1/2018
8/1/2018 18 ©2007 – Body Temple
Demarcation Point
19
8/1/2018
8/1/2018 19 ©2007 – Body Temple
MODULE 4
ETHERNET SPECIFICATIONS
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Introduction to Ethernet
Duplex
• Half-duplex - a device cannot send and receive simultaneously
• All LAN hubs are half-duplex devices •
• Switch interfaces can be configured as half-duplex, but usually only when connecting
to another half-duplex device •
• Full-duplex - data can be sent and received at the same time •
• A properly configured switch interface will be set to full-duple
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Carrier Sense Multiple Access / Collision Detection
CSMA/CD
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
CSMA/CD
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
CSMA/CD
4.Collision occurs
9.Then operation returns to normal and all devices have equal access to the media
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
CSMA/CA (Collision Avoidance)
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Ethernet Standards 802.3
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Common Ethernet Cable Types
Ethernet Name Cable Type Max Distance Notes
10Base5 COAX 500m Thicknet
10Base2 COAX 185m Thinnet
10BaseT UTP 100m
100BaseTX UTP/STP 100m Cat5 upwards
10BaseFL FIBER 500-2000m Ethernet over
Fiber
100BaseFX MMF 2000m
1000BaseT UTP 100m Cat5e upwards
1000BaseSX MMF 550m SC Connector
1000BaseCX Balanced Shielded 25m Special Connector
Copper
1000BaseLX MMF/SMF 550m (Multi) SC and LC
/2000m(Single) Connector
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Common Ethernet Cable Types
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
Ethernet over other standards
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
MODULE 5
NETWORK DEVICES
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Common Network Devices
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
HUBS AND REPEATER – LAYER 1 DEVICES
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
BRIDGE – LAYER 2 DEVICE
BRIDGE
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
SWITCH – LAYER 2 DEVICE
Multiport bridges
Operate at DATALINK layer
Control collision domains
Now used extensively instead of Hubs and Bridges
May also incorporate LAYER 3 technology (VLAN)
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
ROUTER – LAYER 3 DEVICE
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
FIREWALL
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
FIREWALLS - DMZ
DMZ
LAN
9
8/1/2018
INTERNET
8/1/2018 9 ©2007 – Body Temple
FIREWALL - Rules
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
IDS/IPS
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
IDS/IPS
Honeypot / Honeynet
Used to monitor intrusion / attacks and conduct
intelligence gathering
Used to deflect potential attacks
HONEYPOT
DMZ
IDS
INTERNET
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
Wireless Access Points (WAP)
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
Dynamic Host Configuration Protocol (DHCP)
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
DHCP
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
DHCP Settings
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
Specialised Network Devices
17
8/1/2018
8/1/2018 17 ©2007 – Body Temple
Specialised Network Devices
Load Balancer
Fault Tolerance / Redundancy
Used to support servers such as:
• Web Servers
• FTP Servers
• Remote Desktop Servers
• VPN Servers
18
8/1/2018
8/1/2018 18 ©2007 – Body Temple
Domain Naming System (DNS)
19
8/1/2018
8/1/2018 19 ©2007 – Body Temple
DNS Resolution
Host File
Local Resolver Cache Local Host
File
DNS Local
Resolver
Cache
NetBios Cache
DNS Server
WINS
Broadcast
LMHosts
20
8/1/2018
8/1/2018 20 ©2007 – Body Temple
DNS on the INTERNET
ROOT (.)
. COM
Google.com FirebrandTraining.com
UK.FirebrandTraining.com
WWW.UK.FirebrandTraining.com
21
8/1/2018
8/1/2018 21 ©2007 – Body Temple
DNS Records
RECORD INFO
A Host Record (IPv4)
AAAA Host Record (IPv6)
PTR Reverse Lookup Record
NS Named Server Record (DNS Server)
MX Mail Exchange (Email Server)
Alias (Cname) Used to point friendly name records to
other hosts
SOA Start of Authority (controls DNS Zone
transfers and records)
SRV Service Locator records (eg. location of
Domain Controllers and associated
services)
22
8/1/2018
8/1/2018 22 ©2007 – Body Temple
Specialised Network Devices
Proxy Server
Two main types: LAN
PROXY SERVER
23
8/1/2018
8/1/2018 23 ©2007 – Body Temple
Specialised Network Devices
24
8/1/2018
8/1/2018 24 ©2007 – Body Temple
Specialised Network Devices
VPN CONCENTRATOR
Dedicated device to handle multiple VPN
(Virtual Private Network) connections and
associated configurations
25
8/1/2018
8/1/2018 25 ©2007 – Body Temple
Basic Network Device layout
VLANS
SWITCH
SERVERS
ROUTER
FIREWALL
DMZ
26
8/1/2018
8/1/2018 26 ©2007 – Body Temple
Network documentation
Baseline
• How does the network and traffic flow look normally
Cable management
• ANSI/TIA/EIA 606
Change management
• How do you manage any changes to the network i.e. equipment upgrades
27
8/1/2018
8/1/2018 27 ©2007 – Body Temple
MODULE 6
TCP/IP
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Department of Defense (DoD) TCP/IP Model
Application
Presentation APPLICATION
Session
Transport TRANSPORT
Network
INTERNET
Datalink
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
PORTS
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Lots of Ports
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Port rules
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Internet Layer Protocols
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Introduction to IP
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Transport Protocols
Transmission Control Protocol (TCP)
• Connection Orientated
• TCP Three Way Handshake – Syn, Syn-Ack, Ack
• Recovery from errors
• Can manage out-of-order messages or retransmissions
• Flow control - the receiver can manage how much data is sent
IPv4
IPv6
Windows Clients use dual stack
Command Line Utilities:
• IPCONFIG
• IFCONFIG (Linux/Unix)
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
ICMP
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
ARP
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
MODULE 7
IP ADDRESSING
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Internet Protocol (IP)
IPv4
32 Bit Address Scheme
Divided into Network Address and Host
Subnet Mask
Broken in 4 Octets (8 bits)
Represented by dotted-decimal notation
Eg. 192.168.2.200 / 24
Or 192.168.2.200
255.255.255.0
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Binary to Decimal
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
IP
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
SUBNETTING
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
IPv6
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Hexadecimal
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Binary to Hex Conversion
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
IPv6
IPv6 Statistics…
340,282,366,920,938,463,463,374,607,431,768
,211,456 (340 undecillion) addresses
6.8 billion people could have
5,000,000,000,000,000,000,000,000,000
addresses each!
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
IPv6 Configuration
Tunnelling IPv6
• 6 to 4 addressing to send IPv6 over an existing IPv4 network
• Creates an IPv6 based on the IPv4 address
Teredo/Miredo
• Tunnel IPv6 through NATed IPv4, end-to-end IPv6 through an IPv4 network
• No special IPv6 router needed for temporary use
• Miredo - Open-source Teredo for Linux,
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
IPv6 configuration
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
IPv6 Configoration
Finding Router
• ICMPv6 adds the Neighbour Discovery Protocol routers, also send unsolicited RA
messages
• From the multicast destination of ff02::1 transfers IPv6 address information, prefix
value, and prefix length, etc.
• Sent as a multicast neighbour Advertisement (NA)
No ARP
• So how do you find out the MAC address of a device?
• Neighbor Solicitation (NS)
• Sent as a multicast Neighbor Advertisement (NA)
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
Assigning IPv6 addresses
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
Assigning IPv6 addresses
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
IPv6 Addresses
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
IPv6
Unicast Addresses:
▪ Global Unicast (similar to Public IPv4 addresses)
▪ Link Local Unicast (similar to APIPA IPv4
addresses)
▪ Unique Local Unicast (similar to Private IPv4
addresses)
17
8/1/2018
8/1/2018 17 ©2007 – Body Temple
Special IPv6 Addresses
Loopback Address
::1 (127.0.0.1)
Link Local Addresses
FE80:: (Similar to APIPA addresses)
18
8/1/2018
8/1/2018 18 ©2007 – Body Temple
ICMPv6
19
8/1/2018
8/1/2018 19 ©2007 – Body Temple
Troubleshooting IP
21
8/1/2018
8/1/2018 21 ©2007 – Body Temple
NAT
Basic NAT
NAT-T (IPSEC)
NAT-PT (IPv6) External – Public
Interface
101.102.103.104
22
8/1/2018
8/1/2018 22 ©2007 – Body Temple
MODULE 8
ROUTING
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Routing Tables
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Windows Routing Table
Route Print
Netstat -r
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Routing information
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Static Routing
ROUTE ADD
Router Config
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
DYNAMIC ROUTING
Routing Protocols
Distance Vector
▪ Use algorithms to calculate best routes based on distance
(cost) and direction (vector)
▪ Transfer the whole routing table to other routers (up to a
maximum number of hops)
▪ Routing tables are broadcast at regular intervals
▪ Used for small/medium size networks
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Distant Vector Routing Protocols
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Dynamic Routing Protocols
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Routing Protocols
Exterior Gateway
Protocol:
BGP
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
High Availability Routing
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
IPv6 Dynamic Routing
RIPng
EIGRPv6
OSPFv3
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
MODULE 9
SWITCHING AND VLANs
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Switches
LAYER 2 Device
Used to create separate collision domains
Managed or Unmanaged devices
Learn the MAC address of host locations using MAC
address forward/filter table
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Spanning Tree Protocol (STP)
ROOT PORT
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Virtual LAN (VLAN)
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
VIRTUAL LAN (VLAN)
VLAN 2
VLAN 3
VLAN 4
ROUTER
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
VLANs
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
VLAN
VLAN 2
VLAN 3
Trunk Link
VLAN 2
VLAN 4
ROUTER
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
VLAN
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Additional Switch settings/properties
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
Network Time Protocol
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
Network Time Protocol
Configuring NTP
• NTP client, specify the NTP server address (IP or hostname) use multiple NTP servers
(if available) for redundancy
• NTP server, you need at least one clock source, specify the stratum level of the clock.
If there’s a choice, the lower stratum level wins
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
MODULE 10
WIRELESS NETWORKING
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
802.11 Standards
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
WLAN Setup
Ad hoc mode
Wireless clients connect to each other without an AP
Infrastructure mode
Clients connect through an AP through one of two
modes
BSSid (Basic Service Set ID) uses one AP
ESSid (Extended Service Set ID) More than one access
point exists
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Wireless Components
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Wireless Antennas
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
WLAN Setup
Site Survey
Signal Degradation:
• Distance
• Building construction
• Interference
Wireless Security
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Wireless Security
Threats
• Rogue AP
• Evil Twin
• WAR Driving/WAR Chalking
• Man in the Middle (MitM) Attacks
• Denial of Service (DOS)
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Wireless Security
SSID Broadcast
Default security settings
MAC Filters
Shielding
Authentication
Encryption
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Wireless Encryption
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
Wireless Encryption
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
Wireless Encryption
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
Wireless Encryption
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
MODULE 11
AUTHENTICATION AND ACCESS
CONTROL
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Access Control List (ACL)
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Tunneling
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
VPN Types
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
VPN Types
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
IPSEC
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
ENCRYPTION
SYMMETRIC
• DES
• 3DES
• AES
ASYMMETRIC
• PUBLIC & PRIVATE Key
• Diffie-Hellman
• RSA (Rivest, Shamir, Adleman)
• PGP (Pretty Good Privacy)
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
Citrix
Terminal Emulation
Microsoft based Terminal Services on this
technology
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
Remote Desktop
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
USER AUTHENTICATION
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
User Authentication
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
Authentication Protocols
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
Network Access Control
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
KERBEROS
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
Authorization
Permissions
Rights
Access Controls
Share / Security
Permissions
Security Groups
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
MODULE 12
NETWORK THREATS
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
SECURITY
CIA
• Confidentiality
• Integrity
• Availability
AAA
• Authentication
• Authorization
• Accounting
2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
SECURITY THREATS
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
SECURITY THREATS
DNS Poisoning
ARP Cache Poisoning
IP Spoofing
Session Hijacking
VLAN Hopping
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Malicious Software (Malware)
Virus
Worm
Trojan Horse
Rootkit
Adware/Spyware
Antimalware / Antivirus
System well patched and maintained
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
VULNERABILITIES
Unnecessary Services/Applications
Unpatched Systems/Applications
Open Ports
Unencrypted systems
RF Emanation/TEMPEST
Insider Threats
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
WIRELESS SECURITY
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
SOCIAL ENGINEERING
Security Audit
Clean Desk Policy
Password Policy
Acceptable Usage Policy
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
MITIGATION
Firewalls
IDS
IPS
PROXY SERVERS
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
VULNERABILITY SCANNERS
NESSUS
NMAP
MBSA
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
PHYSICAL SECURITY
Security Zones
• Proximity readers
• Mantraps
• Badges/Tags
Comms Room Security
CCTV
Access Controls
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
RISK AVOIDANCE
Disaster Recovery
• Disaster Recovery Plan (DRP)
Business Continuity
• Business Continuity Plan (BCP)
Power
• Redundant systems
• Uninterruptable Power Supply (UPS)
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
REDUNDANCY
DISKS
• RAID
POWER
• UPS
SERVERS
• Clustering
• Virtualization
NETWORK
• Redundant Switches / NICs
8/1/2018
15
RAID 0
RAID 1
RAID 5
RAID 10
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
MODULE 13
Wide Area Networking
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
WAN Terminology
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
Copper Carriers
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
Optical Carriers (Synchronous Optical Network)
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
Fiber – Wavelength Division Multiplexing
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
Packet Switching
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
FRAME RELAY
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
ATM
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
Multi Protocol Label Switching (MPLS)
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
‘The Last Mile’
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
DIAL UP
POTS or PSTN
Expensive
Unreliable
Requires a dial-up
Uses Point to Point Protocol (PPP) to connect, authenticate
and negotiate network protocol (TCP/IP)
V-Standards
V.22 (1,200Bps) – V.92 (57,600 bps)
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
Integrated Services Digital Network (ISDN)
13
8/1/2018
8/1/2018 13 ©2007 – Body Temple
DSL
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
Wireless WAN
Cellular WAN
High Speed Packet Access (HSPA+)
WiMAX (World Wide Interoperability for
Microwave Access)
LTE (Long Term Evolution)
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
VOIP
16
8/1/2018
8/1/2018 16 ©2007 – Body Temple
Troubleshooting WAN Issues
17
8/1/2018
8/1/2018 17 ©2007 – Body Temple
MODULE 14
TROUBLESHOOTING
1
8/1/2018
8/1/2018 1 ©2007 – Body Temple
Basics of Troubleshooting
Identify the
Problem
Establish
Document probable
cause
Verify Test
functionality Theory
Implement
Plan of
and test
Action
solution 2
8/1/2018
8/1/2018 2 ©2007 – Body Temple
Tools of the trade
Protocol Analyzer
Throughput Tester
Remote Desktop Software
Command Line Tools
Wireless Analyzer
3
8/1/2018
8/1/2018 3 ©2007 – Body Temple
TCP/IP Utilities
IPCONFIG
/all
/displaydns
/registerdns
/flushdns
/release
/renew
4
8/1/2018
8/1/2018 4 ©2007 – Body Temple
IFCONFIG (UNIX/LINUX)
Eth0 up (enables 1st Ethernet Card)
Eth0 down (disables)
5
8/1/2018
8/1/2018 5 ©2007 – Body Temple
ICMP
PING
PATHPING
TRACERT
MTR (UNIX/LINUX) (Similar to TRACERT and PING)
6
8/1/2018
8/1/2018 6 ©2007 – Body Temple
ARP
7
8/1/2018
8/1/2018 7 ©2007 – Body Temple
NETSTAT
-a (connections
and listening
ports)
-o (process ID)
-r (routing table)
8
8/1/2018
8/1/2018 8 ©2007 – Body Temple
NBTSTAT
9
8/1/2018
8/1/2018 9 ©2007 – Body Temple
NSLOOKUP
DNS Diagnosis
-ls (list)
-d (domain)
-t (type)
10
8/1/2018
8/1/2018 10 ©2007 – Body Temple
DIG
11
8/1/2018
8/1/2018 11 ©2007 – Body Temple
Network Monitoring
Baselines
• CPU
• RAM
• HDD
• NETWORK
Performance Monitor
System Logs (syslog)
Traffic Analyzer (Wireshark)
SNMP – Simple Network Management Protocol
12
8/1/2018
8/1/2018 12 ©2007 – Body Temple
SIEM
14
8/1/2018
8/1/2018 14 ©2007 – Body Temple
SNMP Monitoring
15
8/1/2018
8/1/2018 15 ©2007 – Body Temple
Simple Network Management Protocol
Multimeter
Testing resistance for
shorts
17
8/1/2018
8/1/2018 17 ©2007 – Body Temple
Tone Locators and Toner Probes
18
8/1/2018
8/1/2018 18 ©2007 – Body Temple
Cable Tester
Broken wires
Improperly wired
Cable shorts
May record speed and
settings (Certifier)
19
8/1/2018
8/1/2018 19 ©2007 – Body Temple
Cable Tester (advanced)
20
8/1/2018
8/1/2018 20 ©2007 – Body Temple
Cable Issues
Bad wiring/connectors
Crosstalk
Near End/Far End Crosstalk
Attenuation
Collisions
Shorts
Echo (Open Impedance Mismatch)
Interference/EMI
Split pairs
TX/RX Reverse 21
8/1/2018
8/1/2018 21 ©2007 – Body Temple
Fiber Cable Issues
Cable Mismatch
Bad connectors/dirty connectors
Distance limitations
Bend Radius
22
8/1/2018
8/1/2018 22 ©2007 – Body Temple
Cable Stripper / Crimper
23
8/1/2018
8/1/2018 23 ©2007 – Body Temple
Butt Set
24
8/1/2018
8/1/2018 24 ©2007 – Body Temple
Other Network Issues
Temperature
Environment (Humidity)
HVAC used to mitigate
25
8/1/2018
8/1/2018 25 ©2007 – Body Temple
MODULE 15
Management, Monitoring &
Optimisation
1
8/3/2018
8/3/2018 1 ©2007 – Body Temple
Network Management
Wiring Schematics
Physical Network Diagram
• Physical Connections
• Network Devices
• Computers
• Peripherals
2
8/3/2018
8/3/2018 2 ©2007 – Body Temple
Network Management
• User accounts
Organizational Unit Organizational Unit
3
8/3/2018
8/3/2018 3 ©2007 – Body Temple
Network Management
Asset Management
• ISO 19770
IP Address Management
• Documentation
• IPAM
4
8/3/2018
8/3/2018 4 ©2007 – Body Temple
Network Management
Policies
• Security Policies
• Change Management
Standard Business Documents
• Statement of Work (SOW)
• Memorandum of Understanding (MOU)
• Master License Agreement (MLA)
• Service Level Agreement (SLA)
5
8/3/2018
8/3/2018 5 ©2007 – Body Temple
Change Management Procedures
6
8/3/2018
8/3/2018 6 ©2007 – Body Temple
Change Management Procedures
Approval Process
Maintenance Window
Authorized Downtime
Notification of Change
Documentation
7
8/3/2018
8/3/2018 7 ©2007 – Body Temple
Network Management
Safety Practices
• Electrical Safety
• Installation Safety
• Material Safety Data Sheet (MSDS)
8
8/3/2018
8/3/2018 8 ©2007 – Body Temple
Network Management
Emergency Procedures
• Fire Escape Plan
• Safety/Emergency Exits
• Fail Open/Fail Close
• Emergency Alert System
• Fire Suppression System
9
8/3/2018
8/3/2018 9 ©2007 – Body Temple
Network Optimization
Performance
• QOS
Unified Communications
Bandwidth
• Traffic Shaping
Load Balancing
High Availability
Caching Engines
10
8/3/2018
8/3/2018 10 ©2007 – Body Temple
Network Optimization
Backups
• Full
• Incremental
• Differential
Backup Type Data Backup Time Restore Time Storage
Space
FULL All data Slowest Fastest High
12
8/3/2018
8/3/2018 12 ©2007 – Body Temple
Virtualization
Power Saving
Consolidation of Hardware
Recovery / Duplication
Test and Development
Costs
13
8/3/2018
8/3/2018 13 ©2007 – Body Temple
Virtualization
Virtual Desktops
Virtual Applications
Network/Infrastructure As A Service (NaaS)(IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
14
8/3/2018
8/3/2018 14 ©2007 – Body Temple
Virtualization
Cloud Concepts
• Private
• Public
• Hybrid
• Community
• Elastic
15
8/3/2018
8/3/2018 15 ©2007 – Body Temple