Packet Manages network band- The shaper monitors and controls bandwidth Frame Relay 56Kbps to Copper/fiber- PVCs

y 56Kbps to Copper/fiber- PVCs and Frame Relay is a

shaper width usage. 1.544Mbps optic SVCs packet-oriented
VPN Increases remote-access Establishes a secure connection (tunnel) protocol, and it
concentrator security between the sending and receiving network uses variable-length
packets.
The Network+ Cram Sheet Access point Used to create a wire-
devices.
Uses the wireless infrastructure network mode SONET/OCx 51.8Mbps to Fiber-optic — SONET defines
This Cram Sheet contains the distilled key facts about the CompTIA Network+ exam. Review less LAN and to extend to provide a connection point between WLANs 2.4Gbps synchronous data
this information as the last thing you do before you enter the testing center, paying special a wired network and a wired Ethernet LAN. transfer over optical
attention to those areas in which you think you need the most review. You can transfer any of HIDS Host-based intrusion Monitors the host, analyzes data, and identifies cable.
these facts from your head onto a blank sheet of paper immediately before you begin the exam. detection intrusion attempts.
u Punchdown tools are used to attach twisted-pair network cable to connectors within a
Network Architecture IDS/IPS Detects and prevents Monitors the network and attempts to detect/ patch panel. Specifically, they connect twisted-pair wires to the insulation displacement
intrusions prevent intrusion attempts. connector (IDC).
u A local-area network (LAN) is a data network that is restricted to a single geographic location
u Unshielded twisted-pair (UTP) cabling is classified by category. Categories 5/5e and 6/6a
and typically encompasses a relatively small area, such as an office building or school. The u An intrusion detection system (IDS) can detect malware or other dangerous traffic that may pass
offer transmission distances of 100 meters.
function of the LAN is to interconnect workstation computers and devices for the purpose of undetected by the firewall. Most IDSs can detect potentially dangerous content by its signature.
sharing files and resources. u F-type connectors are used with coaxial cable, most commonly to connect cable
u An intrusion prevention system (IPS) is a network device that continually scans the network,
modems and TVs. F-type connectors are a screw-type connector.
u A wide-area network (WAN) is a network that spans more than one geographic location, often looking for inappropriate activity. It can shut down any potential threats.
connecting separated LANs. WANs are slower than LANs and often require additional and u ST, FC, SC, LC, and MT-RJ connectors are associated with fiber cabling. ST and FC con-
u A virtual private network (VPN) extends a LAN by establishing a remote connection, a con-
costly hardware such as routers, dedicated leased lines, and complicated implementation nectors offer a twist-type attachment, and SC, LC, and MT-RJ connectors are push-on.
nection tunnel, using a public network such as the Internet. Common VPN implementations
procedures. include site to site/host to site/host to host. u RJ-45 connectors are used with UTP cable and are associated with networking applica-
u Cisco has created architecture that can look at the different types of media available and the tions. RJ-11 connectors are used with telephone cables. RJ-48C connectors are used for
u PPTP creates a secure tunnel between two points on a network, over which other connectivity
application types and make a choice about what the best combination to use is. Known as T1 and ISDN termination.
protocols, such as Point-to-Point Protocol (PPP), can be used. This tunneling functionality is
a Medianet, this can be useful with video teleconferencing (VTC) and is often used with SIP the basis for VPNs. u Plenum-rated cables are used to run cabling through walls or ceilings.
(Session Initiation Protocol), which runs over IP, and associated with ISDN (Integrated Services u The horizontal cabling extends from the telecommunications outlet, or network outlet with
u VPNs are created and managed by using protocols such as Point-to-Point Tunneling Protocol
Digital Network). RJ-45 connectors, at the client end. It includes all cable from that outlet to the telecom-
(PPTP) and Layer 2 Tunneling Protocol (L2TP), which build on the functionality of PPP. This
u The role of the client computer in the client/server model is to request the data from the server makes it possible to create dedicated point-to-point tunnels through a public network such as munication room to the horizontal cross-connect.
and present that data to the users. the Internet. Currently, the most common methods for creating secure VPNs include IP Secu- u Vertical cable, or backbone cable, refers to the media used to connect telecommunica-
u A topology refers to a network’s physical and logical layout. A network’s physical topology rity (IPsec) and Secure Sockets Layer/Transport Layer Security (SSL/TLS). tion rooms, server rooms, and remote locations and offices.
refers to the actual layout of the computer cables and other network devices. A network’s logi- u Terminal Access Controller Access Control System+ (TACACS+) is a security protocol
cal topology refers to the way in which the network appears to the devices that use it. designed to provide centralized validation of users who are attempting to gain access to a Table 3  Selected ADSL Speeds
u Documentation should also include diagrams of the physical and logical network design. The router or network access server (NAS).
physical topology refers to how a network is physically constructed—how it looks.
DSL Variation Upload Speed* Download Speed*
u RADIUS (Remote Authentication Dial-In User Service) is a security standard that uses a client/
u Wireless networks typically are implemented using one of two wireless topologies: infrastruc- server model to authenticate remote network users. ADSL 1Mbps 3Mbps
ture (managed, wireless topology) or ad hoc (unmanaged, wireless topology). u In a network that does not use Dynamic Host Configuration Protocol (DHCP), you need to ADSL2 1.3Mbps 12Mbps
u The term hybrid topology also can refer to the combination of wireless and wired networks, watch for duplicate IP addresses that prevent a user from logging on to the network.
ADSL2+ 1.4Mbps 24Mbps
but often just refers to the combination of physical networks.
Table 2  Comparing WAN Technologies
u The bus network topology is also known as a linear bus because the computers in such
Table 1  Network Devices Summary
a network are linked using a single cable called a trunk or backbone. If a terminator on a
WAN Speed Supported Switching Key Characteristics
Device Description Key Points bus network is loose, data communications might be disrupted. Any other break in the
Technology Media Method Used cable will cause the entire network segment to fail.
Hub Connects devices on A hub does not perform any tasks besides sig-
an Ethernet twisted-pair nal regeneration. It simply forwards data to all ISDN BRI: 64Kbps Copper/fiber- Can be used ISDN can be used u In a star configuration, all devices on the network connect to a central device, and this
network nodes connected to it. to 128Kbps optic for circuit- to transmit all types central device creates a single point of failure on the network.
switching of traffic, including u The wired mesh topology requires each computer on the network to be individually
Switch Connects devices on a A switch forwards data to its destination by PRI: 64Kbps
or packet- voice, video, and connected to every other device. This configuration provides maximum reliability and
twisted-pair network using the MAC address embedded in each to 1.5Mbps
switching data. Basic Rate redundancy for the network.
packet. It only forwards data to nodes that need connections Interface (BRI) uses
to receive it. u A wireless infrastructure network uses a centralized device known as a wireless access
2B+D channels; point (AP). Ad hoc wireless topologies are a peer-to-peer configuration and do not use a
Router Connects networks A router uses the software-configured network Primary Rate wireless access point.
address to make forwarding decisions. Interface (PRI) uses
Modem Provides serial com- Modems modulate the digital signal into analog 23B+D channels. Table 4  Twisted-Pair Cable Categories
munication capabilities at the sending end and perform the reverse B channels are
across phone lines function at the receiving end. 64Kbps. ISDN uses Category Common Application
the public network
Firewall Provides controlled data Firewalls can be hardware or software based. and requires dial-in 3 16Mbps
access between net- They are an essential part of a network’s secu- access. 5 100Mbps
works rity strategy.
T-carrier T1: Copper/fiber- Circuit T-carrier is used to 5e 1000Mbps
Multilayer Functions as a switch or Operates on Layers 2 and 3 of the OSI model as
(T1, T3) 1.544Mbps optic switching create point-to-point 6 10/100/1000Mbps plus 10Gbps
switch router a switch and can perform router functionality.
network connections
Content Forwards data by appli- Content switches can identify and forward data T3:
for private networks. 6a 10Gbps and beyond networking
switch cation by its port and application. 44.736Mbps

Load Distributes network load Load balancing increases redundancy and per- ATM 1.544Mbps to Copper/fiber- Cell switching ATM uses fixed cells
balancer formance by distributing the load to multiple 622Mbps optic that are 53 bytes
servers. long.
 u 568A and 568B are telecommunications standards from TIA (Telecommunications u 6to4 is a tunneling technology, allowing IPv6 packets to be transmitted over an IPv4 network Table 7  Comparison of Switching Methods
Industry Association) and EIA (Electronic Industries Association) that specify the pin without having to create a complex tunnel. It is often used during the transition period when
arrangements for the RJ-45 connectors on UTP or STP cables. The number 568 refers to a network is being updated and is not intended to be a permanent solution. Its counterpart is Switching Pros Cons Key Features
the order in which the wires within the cable are terminated and attached to the con- 4to6. Method
nector. Often referred to as T568A and T568B (for termination standard), they are quite u Teredo gives full IPv6 connectivity for IPv6-capable hosts, which are on the IPv4 Internet but Packet Packets can be Packets can become The two types of packet
similar; the difference is the order in which the pins are terminated. The signal is the same lack direct native connection to an IPv6 network. Teredo can do this from behind NAT devices switching routed around lost while taking alter- switching are datagram and
for both. Both are used for patch cords in an Ethernet network. (such as home routers). One of the most popular Teredo implementations is Miredo; it is a cli- network con- native routes to the virtual circuit. Datagram
u Cable certifiers are used to test cables such as CAT6 and CAT6a and verify they meet ent designed allow full IPv6 connectivity to systems that are strictly IPv4 based. gestion. Packet destination. Messages packets are independently
specifications for frequency and speed. switching makes are divided into pack- sent and can take different
u A wire crimper is a tool that you use to attach media connectors to the ends of cables. Table 6  Comparing IPv4 and IPv6 efficient use of ets that contain source paths throughout the net-
u Wire strippers come in a variety of shapes and sizes. Some are specifically designed to network band- and destination infor- work. Virtual circuit uses a
Address Feature IPv4 Address IPv6 Address
strip the outer sheathing from coaxial cable, and others are designed to work with UTP width. mation. logical connection between
cable. Wire snips are used to cleanly cut the cable. Loopback address 127.0.0.1 0:0:0:0:0:0:0:1 (::1) the source and destination
Network-wide addresses IPv4 public address Global unicast IPv6 addresses device.
u Voltage event recorders are used to monitor the quality of power used on the network or
by network hardware. ranges Circuit Offers a Dedicated channels Offers the capability
u Toner probes are used to locate cables hidden in floors, ceilings, or walls and to track Private network 10.0.0.0 Site-local address ranges switching dedicated can cause delays of storing messages
cables from the patch panel to their destination. addresses (FEC0::) transmission because a channel is temporarily to reduce
172.16.0.0 channel that is unavailable until one network congestion.
u Protocol analyzers can be hardware or software based. Their primary function is to ana-
lyze network protocols such as Transfer Control Protocol (TCP), User Datagram Protocol 192.168.0.0 reserved until it is side disconnects. Uses
(UDP), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and more. disconnected. a dedicated physical
Autoconfigured IPv4 automatic private IP Link-local addresses of FE80:: link between the
u A time-domain reflectometer (TDR) is a device used to send a signal through a particular addresses addressing (169.254.0.0) prefix sending and receiving
medium to check the cable’s continuity. devices.
u An optical time-domain reflectometer (OTDR) performs the same basic function as a wire u Quality of service (QoS) allows administrators to predict bandwidth use, monitor that use, and
media tester, but on optical media. control it to ensure that bandwidth is available to applications that need it. u Shaping by application: Administrators can control traffic based on the types of network traffic
u Packet sniffers are either a hardware device or software that eavesdrop on transmissions u A router that uses a link-state protocol differs from a router that uses a distance-vector and assigning that category a bandwidth limit.
that are traveling throughout the network. protocol because it builds a map of the entire network and then holds that map in memory. u iSCSI (Internet Small Computer System Interface) allows SCSI commands to be sent over IP
u Throughput testers identify the rate of data delivery over a communication channel. Link-state protocols include Open Shortest Path First (OSPF) and Intermediate System-to- networks to SCSI devices.
Intermediate System (IS-IS).
u Port scanners are a software-based utility. They are a security tool designed to search a u Fibre Channel is widely used for high-speed fiber networking and has become common in
network host for open ports on a TCP/IP-based network. u Hops are the means by which distance-vector routing protocols determine the shortest way enterprise SANs.
to reach a given destination. Each router constitutes one hop, so if a router is four hops away
from another router, there are three routers, or hops, between itself and the destination. Network Operations
Table 5  IPv4 Private Address Ranges
u Routing Information Protocol version 2 (RIPv2) is a distance-vector routing protocol used for
TCP/IP. u The operating systems associated with remote equipment are SCADA (supervisory control and
Class Address Range Default Subnet Mask
u The route add command adds a static route to the routing table. The route add com- data acquisition) and ICS (industrial control system). A typical configuration includes an ICS
A 10.0.0.0 to 10.255.255.255 255.0.0.0 server, distributed control system (DCS) devices creating a closed network, a remote terminal
mand with the -p switch makes the static route persistent.
B 172.16.0.0 to 172.31.255.255 255.255.0.0 unit, and a programmable logic controller.
u Distance-vector routing protocols operate by having each router send updates about all the
other routers it knows about to the routers directly connected to it. u A honeypot is a computer that has been designated as a target for computer attacks.
C 192.168.0.0 to 192.168.255.255 255.255.255.0
u When you want the best of both worlds, distance-vector and link-state, you can turn to a u Temperature monitors keep track of the temperature in wiring closets and server rooms.
u A MAC address is a 6-byte hexadecimal address that allows a device to be uniquely hybrid protocol. A popular hybrid protocol is the Border Gateway Protocol (BGP). u Power over Ethernet (PoE) is a technology that allows electrical power to be transmitted over
identified on the network. A MAC address combines numbers and the letters A to F. An u Default gateways are the means by which a device can access hosts on other networks for twisted-pair Ethernet cable. The power is transferred, along with data, to provide power to
example of a MAC address is 00:D0:59:09:07:51. which it does not have a specifically configured route. remote devices. These devices may include remote switches, wireless access points, Voice
u A Class A TCP/IP address uses only the first octet to represent the network portion, a u The NIST (National Institute of Standards and Technology) defines three cloud computing over IP (VoIP) equipment, and more. PoE+ is the IEEE 802.3at updated standard to the original
Class B address uses two octets, and a Class C address uses three octets. service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure 802.3af PoE standard.
as a service (IaaS). u Spanning Tree Protocol (STP) is designed to prevent routing loops from occurring. STP is used
u Class A addresses span from 1 to 126, with a default subnet mask of 255.0.0.0.
u The NIST defines four possible cloud delivery models: private, public, community, and hybrid. with network bridges and switches. With the help of spanning-tree algorithm (STA), STP avoids
u Class B addresses span from 128 to 191, with a default subnet mask of 255.255.0.0. or eliminates loops on a Layer 2 bridge. It is defined as IEEE 802.1D and the more recent
u Virtualization makes it possible to take a single physical device and make it appear as if it is a
u Class C addresses span from 192 to 223, with a default subnet mask of 255.255.255.0. number of standalone entities. Rapid Spanning Tree (802.1w).
u The 127 network ID is reserved for the IPv4 local loopback. u There two methods of virtualization implementation: Type I (known as bare metal) and Type II u Virtual LANs (VLANs) are used for network segmentation. 802.1Q is the Institute of Electrical
u Network Address Translation (NAT) translates private network addresses into public net- (known as hosted). Type I is independent of the operating system and boots before the OS; and Electronics Engineers (IEEE) specification developed to ensure interoperability of VLAN
work addresses. Type II is dependent on the operating system and cannot boot until the OS is up, and it needs technologies from the various vendors.
u Subnetting is a process in which parts of the host ID portion of an IP address are used to the OS to stay up so that it can operate. u VLAN trunking is the application of trunking to the virtual LAN—now common with routers,
create more network IDs. u The machine on which virtualization software is running is known as a host; the virtual firewalls, VMware hosts, and wireless access points. VLAN trunking provides a simple and
machines (VMs) themselves are known as guests. cheap way to offer a nearly unlimited number of virtual network connections. The requirements
u APIPA (Automatic Private IP Addressing) is a system used on Windows to automatically
self-assign an IP address in the 169.x.x.x range in the absence of a DHCP server. u A virtual switch works the same as a physical switch but allows multiple switches to exist on are only that the switch, the network adapter, and the OS drivers all support VLANs.
the same host, saving the implementation of additional hardware. u The VLAN Trunking Protocol (VTP) is a proprietary protocol from Cisco.
u Domain Name Service (DNS) resolves hostnames to IP addresses. DNS record types
include (A, MX, AAAA, CNAME, PTR). Dynamic DNS (DDNS) automatically updates DNS u A virtual firewall (VF) is either a network firewall service or an appliance running entirely within u Proxy servers typically are part of a firewall system. They have become so integrated with
the virtualized environment. Regardless of which implementation, a virtual firewall serves the firewalls that the distinction between the two can sometimes be lost.
information often in real time.
same purpose as a physical one: packet filtering and monitoring. The firewall can also run in a
u Port Address Translation (PAT) is a variation on NAT in which all systems on the LAN are guest OS VM. u In-band network device management is local management (the most common method), and
translated into the same IP address but with different port number assignment. Destina- u In a virtual environment, shared storage can be done on storage-area network (SAN), network- out-of-band management is done remotely.
tion Network Address Translation (DNAT) is used to publish a private network service to a attached storage (NAS), and so on, the virtual machine sees only a “physical disk.” With u IEEE 802.11 wireless systems communicate with each other using radio frequency signals in
publically available IP address. Although the term varies by vendor, SNAT is a proprietary clustered storage, you can use multiple devices to increase performance. the band between 2.4GHz and 2.5GHz or 5.0GHz. Of those in the 2.4 to 2.5 range, neigh-
extension of NAT. boring channels are 5MHz apart. Applying two channels that allow the maximum channel
u Switches introduce microsegmentation, by which each connected system effectively operates
on its own dedicated network connection. separation decreases the amount of channel crosstalk and provides a noticeable performance
increase over networks with minimal channel separation.
 u Authorization is the method used to determine whether an authenticated user has access to Test the theory to determine Once theory is confirmed,
a particular resource. This is commonly determined through group association—a particular cause. determine next steps to
group may have a specific level of security clearance. resolve problem.
u Accounting refers to the tracking mechanisms used to keep a record of events on a system.
If theory is not confirmed,
u User authentication methods include multifactor authentication, two-factor authentication, and
The Network+ Cram Sheet Continued single sign-on.
reestablish new theory or
escalate.
u Half-duplex mode enables each device to both transmit and receive, but only one of these u Kerberos is one part of a strategic security solution that provides secure authentication Establish a plan of action
processes can occur at a time. services to users, applications, and network devices. It eliminates the insecurities caused by to resolve the problem and
passwords being stored or transmitted across the network.
u Full-duplex mode enables devices to receive and transmit simultaneously. identify potential effects.
u A public key infrastructure (PKI) is a collection of software, standards, and policies that are
u 802.3 defines the carrier sense multiple access with collision detection (CSMA/CD) media access Implement the solution or
combined to allow users from the Internet or other unsecured public networks to securely
method used in Ethernet networks. This is the most popular networking standard used today. exchange data. escalate as necessary.
u An antenna’s strength is its gain value. u A public key is a nonsecret key that forms half of a cryptographic key pair that is used with a Verify full system functional-
public key algorithm. The public key is freely given to all potential receivers. ity and if applicable imple-
Table 8  Comparing Omnidirectional and Unidirectional Antennas ment preventative measures.
u A private key is the secret half of a cryptographic key pair that is used with a public key
algorithm. The private part of the public key cryptography system is never transmitted over a Document findings, actions,
Characteristic Omnidirectional Unidirectional Advantage/Disadvantage
network. and outcomes.
Wireless area General cover- Focused cov- Omnidirectional allows 360-degree u A certificate is a digitally signed statement that associates the credentials of a public key to
coverage age area erage area. coverage, giving it a wide coverage u The netstat -a command can be used on a Windows-based system to see the
the identity of the person, device, or service that holds the corresponding private key.
area. Unidirectional provides a tar- status of ports.
geted path for signals to travel. u Message digest 5 algorithm (MD5) and Secure Hash (SHA) are cryptographic hash functions.
u You can ping the local loopback adapter by using the command ping 127.0.0.1. If
u RAID 0 (redundant array of independent/inexpensive disks) offers no fault tolerance and this command is successful, you know that the TCP/IP suite is installed correctly on your
Wireless trans- Limited Long point-to- Omnidirectional antennas provide improves I/O performance. It requires a minimum of two disks.
mission range point range. a 360-degree coverage pattern system and is functioning.
u RAID 1, disk mirroring, provides fault tolerance and requires two hard disks. Separate disk u In Windows, the tracert command reports how long it takes to reach each router in
and, as a result, far less range.
controllers can be used—a strategy known as disk duplexing. the path. It’s a useful tool for isolating bottlenecks in a network. The traceroute com-
Unidirectional antennas focus the
wireless transmission; this focus u RAID 5, disk striping with distributed parity, requires a minimum of three disks—the total size mand performs the same task on UNIX and Linux systems.
enables greater range. of a single disk being used for the parity calculation. u Address Resolution Protocol (ARP) is the part of the TCP/IP suite whose function is to
u In a full backup, all data is backed up. Full backups do not use the archive bit, but they do resolve IP addresses to MAC addresses.
Wireless Restricted The Omnidirectional antennas are limited
clear it.
coverage unidirectional to their circular pattern range. u netstat is used to view both inbound and outbound TCP/IP network connections.
shaping wireless Unidirectional antennas can be u Incremental backups back up all data that has changed since the last full or incremental
u nbtstat is used to display protocol and statistical information for NetBIOS over TCP/IP
range can be adjusted to define a specific pattern, backup. They use and clear the archive bit.
connections.
increased and wider or more focused. u Unsecure protocols include Telnet, HTTP, SLIP, FTP, Trivial FTP (TFTP), Simple Network Man-
u ipconfig shows the IP configuration information for all NICs installed in a system.
decreased. agement Protocol version 1/2 (SNMPv1/v2).
u ipconfig /all is used to display detailed TCP/IP configuration information.
u Physical security controls include mantraps. video monitoring, proximity readers/key fob,
u Multiuser multiple input, multiple output (MUMIMO) is an enhancement over the original MIMO keypad/cipher locks, biometrics, and security guards. u ipconfig /renew is used on Windows operating systems to renew the system’s
technology. It allows antennas to be spread over a multitude of independent access points. u First responders are those who initially respond to an incident: the occurrence of any event DHCP information.
that endangers a system or network. u When looking for client connectivity problems using ipconfig, you should ensure that the
Network Security gateway is set correctly.
u Forensic incident response procedures include securing the area, documenting the scene,
u A firewall is considered a logical security measure and is one of the cornerstone concepts of eDiscovery/data collection, maintaining the chain of custody, and properly securing data while u The ifconfig command is the Linux equivalent of the ipconfig command.
network security. Firewalls can be host or network based and can provide application/context- transporting. u The nslookup command is a TCP/IP diagnostic tool used to troubleshoot DNS problems.
driven detection. u Bluejacking is sending unsolicited messages over a Bluetooth connection. Bluesnarfing is the u A network’s demarcation point refers to the connection point between the Internet service
u At its most basic, a firewall is a device that has more than one network interface and manages gaining of unauthorized access through a Bluetooth connection. provider’s (ISP) part of the network and the customer’s portion of the network.
the flow of network traffic between those interfaces. u Many factors cause electromagnetic interference (EMI), including computer monitors and
u A demilitarized zone (DMZ) is part of a network on which you place servers that must be Troubleshooting
fluorescent lighting fixtures.
accessible by sources both outside and inside your network. u Copper-based media is prone to EMI, whereas fiber-optic cable is immune to it.
u An access control list (ACL) typically refers to specific access permissions assigned to an Table 9  Network Troubleshooting Methodology
u Data signals might also be subjected to crosstalk, which occurs when signals from two
object or device on the network. For example, using Media Access Control (MAC) address cables, or from wires within a single cable, interfere with each other.
filtering wireless routers can be configured to restrict who can and cannot access the router Steps Actions Considerations
based on the MAC address. Identify the problem. Gather information. u The weakening of data signals as they traverse the media is called attenuation.
u When a port is blocked, you disable the capability for traffic to pass through that port, thereby Duplicate the problem, if u A straight-through cable is used to connect systems to the switch or hub using the MDI-X
filtering that traffic. possible. (medium-dependent interface crossed) ports.
u L2TP authenticates the client in a two-phase process. It authenticates the computer and then u A T1 crossover cable is used to connect two T1 CSU/DSU devices in a back-to-back
Question users.
the user. configuration.
Identify symptoms. u When you have two dissimilar types of network media, a media converter is used to allow
u To create secure data transmissions, IPsec uses two separate protocols: Authentication
Header (AH) and Encapsulating Security Payload (ESP). Determine whether any- them to connect.
thing has changed. u When it comes to wireless, distance from the AP is one of the first things to check when
u PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used to connect multiple network
users on an Ethernet local area network to a remote site through a common device. Approach multiple prob- troubleshooting AP coverage.
lems individually. u Data rate refers to the theoretical maximum of a wireless standard, such as 100Mbps.
u The Remote Desktop Protocol (RDP) and Independent Computer Architecture (ICA) protocols
allow client systems to access and run applications on a remote system, using that system’s Establish a theory of prob- Question the obvious. Throughput refers to the actual speeds achieved after all implementation and interference
resources. Only the user interface, keystrokes, and mouse movement are transferred between able cause. factors.
the client and server computers. Consider multiple Top-to-bottom/
u Authentication refers to the mechanisms used to verify the identity of the computer or user approaches. bottom-to-top OSI
attempting to access a particular resource. This includes passwords and biometrics. model
Divide and conquer
Table 10  802.11 Wireless Standards Table 12  Port Assignments for Commonly Used Protocols ICMP Internet Control Message Used on IP-based networks for error reporting,
IEEE Frequency/ Speed Topology Transmission Access Protocol Port Assignment Protocol flow control, and route testing.
Standard Medium Range Method FTP 20, 21 ARP Address Resolution Resolves IP addresses to MAC addresses to
Protocol enable communication between devices.
802.11 2.4GHz RF 1 to Ad hoc/ 20 feet indoors CSMA/ SSH 22
2Mbps infrastructure CA RARP Reverse Address Resolves MAC addresses to IP addresses.
Telnet 23 Resolution Protocol
802.11a 5GHz Up to Ad hoc/ 25 to 75 feet CSMA/ SMTP 25
54Mbps infrastructure indoors; range CA NTP Network Time Protocol Used to communicate time synchronization infor-
can be affected DNS 53 mation between devices.
by building mate- DHCP 67, 68 NNTP Network News Transfer Facilitates the access and downloading of mes-
rials TFTP 69 Protocol sages from newsgroup servers.
802.11b 2.4GHz Up to Ad hoc/ Up to 150 feet CSMA/ HTTP 80 SCP Secure Copy Protocol Allows files to be copied securely between two
11Mbps infrastructure indoors; range CA systems. Uses Secure Shell (SSH) technology to
can be affected POP3 110 provide encryption services.
by building mate- NNTP 119 LDAP Lightweight Directory A protocol used to access and query direc-
rials NTP 123 Access Protocol tory services systems such as Microsoft Active
802.11g 2.4GHz Up to Ad hoc/ Up to 150 feet CSMA/ NetBIOS 137–139 Directory.
54Mbps infrastructure indoors; range CA IGMP Internet Group Provides a mechanism for systems within the
IMAP4 143
can be affected Management Protocol same multicast group to register and communi-
by building mate- SNMP 161
cate with each other.
rials HTTPS 443
DNS Domain Name System/ Resolves hostnames to IP addresses.
802.11n 2.4GHz/ Up to Ad hoc/ 175+ feet CSMA/ SMB 445 Service
5GHz 600Mbps infrastructure indoors; range CA H.323 1720
can be affected DHCP Dynamic Host Automatically assigns TCP/IP information.
by building mate- MGCP 2427, 2727 Configuration Protocol
rials RDP 3389 SNMP Simple Network Used in network management systems to monitor
802.11ac 5GHz Up to Ad hoc/ 115+ feet indoors; CSMA/ Management Protocol network-attached devices for conditions that may
RTP 5004, 5005
1.3Gbps infrastructure range can be CA need attention from an administrator.
SIP 5060, 5061
affected by TLS Transport Layer Security A security protocol designed to ensure privacy
building materials between communicating client/server applica-
Table 13  TCP/IP Suite Selected Summary tions.
Industry Standards, Practices, and Network Theory Protocol Name Description SIP Session Initiation Protocol SIP is an application-layer protocol designed to
establish and maintain multimedia sessions such
u As data is passed up or down through the OSI model structure, headers are added (going IP Internet Protocol A connectionless protocol used to move data as Internet telephony calls.
down) or removed (going up) at each layer—a process called encapsulation (when added) around a network.
RTP Real-time Transport The Internet-standard protocol for the transport of
or decapsulation (when removed). TCP Transmission Control A connection-oriented protocol that offers flow Protocol real-time data.
Protocol control, sequencing, and retransmission of
Table 11  Summary of the OSI Model dropped packets. u A dedicated ground, or isolated ground, has only the one outlet connected to it so that a spike
UDP User Datagram Protocol A connectionless alternative to TCP used for sent to ground from one device does not adversely affect another device.
OSI Layer Description
applications that do not require the functions u Type C fire extinguishers are used for electrical fires.
Application Provides access to the network for applications and certain end-user offered by TCP.
(Layer 7) functions. Displays incoming information and prepares outgoing infor- u The major drawback to gas-based fire suppression systems is that they require sealed envi-
mation for network access. FTP File Transfer Protocol A protocol for uploading and downloading files ronments to operate.
to and from a remote host. Also accommodates u Main distribution frame (MDF) and intermediate distribution frame (IDF) define types of wiring
Presentation Converts data from the application layer into a format that can be sent basic file-management tasks.
(Layer 6) over the network. Converts data from the session layer into a format closets. The main wiring closet for a network typically holds the majority of the network gear,
that the application layer can understand. Encrypts and decrypts data. SFTP Secure File Transfer A protocol for securely uploading and download- including routers, switches, wiring, servers, and more.
Provides compression and decompression functionality. Protocol ing files to and from a remote host. Based on SSH u Cable trays can be used to carry cabling throughout the building. Trays run overhead and usu-
security. ally either resemble racks/wire shelving (having open bottoms) or have solid bottoms to blend
Session Synchronizes the data exchange between applications on separate
TFTP Trivial File Transfer A file transfer protocol that does not have the in easier with the aesthetics of the environment. Trays are often used when reconfiguration
(Layer 5) devices. Handles error detection and notification to the peer layer on
Protocol security or error checking of FTP. TFTP uses UDP may be a regular thing or it is too costly to run wiring through pipe, walls, and other building
the other device.
as a transport protocol and therefore is connec- fixtures.
Transport Establishes, maintains, and breaks connections between two devices. tionless.
(Layer 4) Determines the ordering and priorities of data. Performs error checking Table 14  Standard Business Documents
and verification and handles retransmissions if necessary. SMTP Simple Mail Transfer A mechanism for transporting email across net-
Protocol works. Document Description
Network Provides mechanisms for the routing of data between devices across
(Layer 3) single or multiple network segments. Handles the discovery of destina- HTTP Hypertext Transfer A protocol for retrieving files from a web server. SLA (service level An agreement between a customer and provider detailing the level of
tion systems and addressing. Protocol agreement) service to be provided on a regular basis and in the event of problems.
Data link Has two distinct sublayers: link layer control (LLC) and media access HTTPS Hypertext Transfer A secure protocol for retrieving files from a web MOU (memorandum of An agreement (bilateral or multilateral) between parties defining terms
(Layer 2) control (MAC). Performs error detection and handling for the transmitted Protocol Secure server. understanding) and conditions of an agreement.
signals. Defines the method by which the medium is accessed. Defines POP3/ Post Office Protocol ver- Used to retrieve email from the server on which it MSA (master service A contract defining the terms that the parties will use in all future
hardware addressing through the MAC sublayer. IMAP4 sion 3/ Internet Message is stored. Can only be used to retrieve mail. IMAP agreement) agreements. This speeds negotiations by not requiring negotiations to
Physical Defines the network’s physical structure. Defines voltage/signal rates Access Protocol version 4 and POP cannot be used to send mail. be repetitively done on broad issues and the only negotiations needed
(Layer 1) and the physical connection methods. Defines the physical topology. Telnet Telnet Allows sessions to be opened on a remote host. are on deal-specific issues.
SSH Secure Shell Allows secure sessions to be opened on a remote SOW (statement of A formal document that defines work activities to be performed for a
host. work) client.