CompTIA N10-008 Network+ Exam Preparation Notes and Need to Know Topics

Unlike other vendor-specific networking certifications, CompTIA Network+ prepares you to support the network regardless of the platform. It forms the foundation you need before specializing in a vendor solution. CompTIA Network+ is the only industry certification that covers both wired and wireless networks. This post includes information about the need-to-know topics for the exam.

Feb 7, 2023 - 18:32
CompTIA N10-008 Network+ Exam Preparation Notes and Need to Know Topics
CompTIA Network+

Please see the PDF version of these notes below. You may download and use it. It is free.

Open System Interconnection Reference Model

     Network Models -OSI and TCP/IP- Explained - superuser (kbsuperuser.com)

     All People Seem To Need Data Processing.

     OSI enables to communicate with other technicians easily, examine applications and understand how an application works.

     Layer 1 – Physical: Signaling, Cabling, Connectors

     Ability to get the signal. Troubleshoot it by fixing cable, punch-down, run loopback, test/replace cable, swap adapters.

     Layer 2 – Data Link: MAC (Media Access Control) address on Ethernet.

     Switching Layer

     Layer 3 – Network: “Routing” layer -> associating with IP Address.

     Forwarding decisions based on IP Address.

     Communication between different networks.

     Layer 4 – Transport: “Post Office” Layer.

     How data is delivered where it has been delivered.

     E.g. Webpage is divided small parts and send to destination, they will be combined later.

     Layer 5 – Session: Communication management between devices.

     Start / Stop / Restart communication

     Control protocols, tunneling protocols

     Layer 6 – Presentation: Character encoding, application encryption

     Always combined with Layer 7.

     Layer 7 – Application: The layer the eyes see.

     HTTP, HTTPS, FTP, DNS, POP3

Encapsulation and Decapsulation


     Each layer has a header and payload.

 

TCP Flags

     Header describes the payload and contain important information with TCP Flags.

     According to flags the way of communication will be defined.


 

Maximum Transmission unit (MTU) and Building Ethernet Frame

     Maximum IP Packet to transmit. Above the values fragmentation starts.

     Fragmentation slow things down and if one is lost, the packet is lost.

     Automated methods between hoops are often inaccurate.


     If MTU is set to 1500, that does not mean the usable value 1500. “Ethernet Header – IP Header – TCP Header and CRC” also needs to be calculated.

     MTU is configured once generally and does not change.

     If the organization uses tunneling small sizes will be needed. So the size should be set to automatic.

     Test it with ICMP:

     Ping -f -l 1472 8.8.8.8

     Ping -d -s 1472 8.8.8.8

 

 

Network Topologies

     Network Topologies Explained - superuser (kbsuperuser.com)

     Useful in planning a new network.

     Assist to understand the signal flow. “How signal goes from “A” to “B”?

     Useful for troubleshooting.

     Star “Hub and Spoke”: Hub in the center, spokes are located outside. Used in most large and small networks. No point is directly connected to other.


     Ring: Used in many popular topologies. Token ring is no longer used. Ring is still used in WAN and MAN. Dual rings are created for fault tolerance.


     Bus: Used in early local networks. Coaxial cable was the bus. Simple but prone to errors. One break can fail all connection


     Mesh: Multiple links to same place. Fully connected or partially connected. Can set primary and secondary ways. Redundancy, Fault Tolerance, Load Balancing. Used in WANs.


     Hybrid: Combination of one or more topologies. More networks are hybrid. E.g. Using start topology in local, using ring in the center.

 

     Wireless Topologies:

     Infrastructure: All devices are connected via access point. This is the most common used.

     Ad Hoc Networking: No pre-existing infrastructure. Devices communication among themselves.

     Mesh: Devices work together to form a mesh. Many different kinds of devices can be linked. Self-form and self-heal!

  

Network Types

-          Peer to Peer: Everyone talks to everyone. All devices are both server and clients. Easy to deploy with low cost. Since all distributed difficult to administer and difficult to secure.

-          Client – Server: Clients talk to server. No communication between clients. Performance and administration are advantages but cost and complexity are high.

-          Local Area Network: Local is relative but we can accept the local if the sources are in the same place. High-speed connectivity. If the speed is not high then it is not local.

-          Metropolitan Area Network: A network in a city. It is larger than LAN, smaller than WAN. Third parties are included for connecting different sites. Governments can have their own MAN since they can lay cables underground.

-          Wide Area Network: Much larger distance. Many different WAN technologies are included such as point to point, MPLS, Satellite.

-          Wireless Local Area Network: 802.11 Technologies. Limited Area but it can be expanded with more access points to a specific area.

-          Personnel Area Network: Wireless headset, Bluetooth, IR, NFC, audio connection to a car.

-          Campus Area Network: Corporate Area Network. Limited Area such as group of buildings, no third party included. Fiber connected so the speed is high.

-          Network Attached Storage: Connect to a share storage device across network. File-Level Access: any change needs to be done in the storage. Needs to overwrite all data.

-          Storage Area Network: Looks and feels like a local storage device. Block level access is enabled. Efficient write and read is available.

-        Multiprotocol Label Switching: MPLS created by learning from ATM and Frame Delay. Packets through the WAN have a label.  Routing is decided and it is easily connected. Any type of connection or protocol can be sent with MPLS.

o   Labels are put / pushed onto packet when enter the cloud.

o   Labels are popped of on the way out.

-          mGRE (Multipoint Generic Router Encapsulation): Used extensively for Dynamic Multipoint VPN. It is common in cisco routers. Remote sites communicate to each other and the VPN builds itself. It is a dynamic mesh. Sites establish connection if needed and it will be cancelled automatically when not needed.

-          SD-WAN: A wan built for cloud. Useful for cloud application. No need to hop from a centralized point data center. Easy quick access to cloud based applications.

 

WAN Termination

-          Demarcation Point (The Demarc): The physical point which connects internal network to service provider network.

o   Demarc is in a central point in a building and it is usually a network interface device. It makes easy to troubleshoot if know the borders of the responsibility.

o   Service provider puts a “Network Interface Unit (NIU)” to determine and control demarc. It is usually a “smart jack” can be circuit card in a chassis. It can be monitored by screen to follow alarms and status.

Virtual Networks

-          Since the numbers of the servers has changed and there are lots of physical / virtual servers, managing the network al changed.

-          Network Function Virtualization (NFV): Replace all physical network devices with virtual versions and manage from hypervisor. Provides same functionality as a physical device. (Routing switching, load balancing, firewall etc.) No need a physical device so it is easy to deploy.

-          Virtual Machine Manager: Manages all virtual platform and guest OS from one screen like vSphere Client. Provides Hardware management such as CPU, RAM, Networking, Security.

-          Virtual Switch (vswitch): Same functionality with a physical switch. Capable of forwarding, link aggregation, port mirroring, NetFlow etc. Automation is easy.

-          Virtual network Interface Card (vNIC): Virtual machines needs vNIC to communicate with others. Additional features also available such as VLAN, multiple interfaces etc.

Provider Links

-          Satellite Networking: Non-terrestrial communication, high cost, 50 bit down and 3 bit up are common, works with line of sight. Difficult remote sites can be handled.

-          Copper: Relatively inexpensive, limited bandwidth, easy to install, used in WAN to cable modem, always combined with fiber.

o   DSL / ADSL: Uses telephone lines, Distance limitation. If you are close to source, you are lucky. 200 Mbit down 20 Mbit up.

o   Cable Broadband / Cable Modem: Transmission different frequencies, different traffic types such as voice, tv, data.

o   DOCSIS: “Data over cable service interface specification” provides high speed 50-100 Mbit.

-          Fiber: High speed, frequencies of light, long distances. High installation cost, high maintenance cost, difficult to repair.

-          Metro Ethernet: A contained regional area. Connect the sites with ethernet. Fiber always used in provider site and copper always used in client site.

Cabling

-          Copper Cabling: Twisting is the key for success. Do it once and do it correct! Balanced pair operation needed which means Transmit+ Transmit- / Receive+ Receive-


-          Optical Fiber: No RF signal so very hard to monitor. Supports long distances, Immune to radio interference.

o   Multimode: Short Range. Up to 2 km. Inexpensive LED.

o   Single mode: smaller core, long range. Up to 100 km. Expensive. Laser Beams.

o   The amount of return must be less so:

§  Ultra-Polished Connector: Zero-degree, high return loss.

§  Angle-Polished Connector: 8 degrees, low return loss.

 

-          Network Connectors:

o   LC: 2 different fibers to send and receive.

o   ST: Plug and twist.

o   SC: Squared, push and pull, separate or together

o   MRTJ: Small, 2 tiny fibers, smallest space

o   RJ11 Connector: Telephone and DSL, 6 position 2 conductor. If 6 position 4 conductor it is RJ14.

o   RJ45: 8 position 8 conductor. Modular, ethernet.

o   F Connector: Cable Television, DOCSIS.

 

 

 

-          Network Transceivers:

o   Media Converter: OSI Layer 1 – provides signal conversion in physical layer. Extends copper wire over long distance, can put into chassis.

o   Transceiver: Usually a single component. Provides modular interfaces and duplex communication.

o   BiDi Transceiver: User 2 different wave lengths, reduce number of fiber cost by half.

o   SFP: Commonly used to provide 1G connection.

o   SFP+: Same size with SFP Supports up to 16G connection, commonly 10G.

o   QSFP: 4 channel SFP. 4 x 1G

o   QSFP+: 4 channel SFP+. 4 x 10 G

o   BiDi QSFP / BiDi QSFP+: Additional efficiency over a single fiber.

 

 

-          Cable Management:

o   Copper Patch Panel: End user – Punch Down Block – Patch Cable – Switch. Only move the patch cables between switches.

o   Fiver Distribution Point: Permanent fiber installation needs panel in both ends so it is costly. Not to tight. Often includes a service loop for future changes.

o   66 Block: Analog voice, left and right patched, easy to follow the path, just a punch down tool is enough. Generally replaced with 110 Block.

o   110 Block: Patch CAT5 – CAT 6. Punched into a block.

o   Krone Block: Alternative 110 Block. Analog + Digital.

o   BIX: 1970 Model old system.

 

 

 

 

 

-          Ethernet Standards: Most popular networking technology. Standard, Common, nearly universal.


o   10 BASE-T: 2 pair, minimum CAT3, max 100 meters.

o   100 BASE-TX: “Fast Ethernet” Min CAT5, 2 pair, Max 100 meters.

o   1000 BASE-T: 4 pair balanced, max 100 meters, 125 MHz, CAT5/CAT5E

o   10G BASE-T: 4 pair balanced, Frequency 500 MHz, Min CAT6 (Unshielded 55m, shielded 100 m), CAT6A 100 meters.

o   40G BASE-T: 4 pair balanced, min CAT8, max 30 meters.

o   100 Megabit Ethernet over Fiber: pair of multimode fiber, laser components, 400 meters half duplex, 2 km full duplex.

o   Gigabit Ethernet over Fiber: 200 meters to 5 km.

o   10Gigabit Ethernet over Fiber: 20 meters to 10 km.

o   Wavelength-Division Multiplexing: Bidirectional Communication over a single fiber by using different wave lengths.

 

 

 

 

 

 

 

Network Addressing:

-          Binary Math:

 

-          IPv4 Addressing:

o   Every device needs a unique IP address.

o   Subnet Mask shows the device subnet => where the data should be sent.

o   Default Gateway => Communicate local subnet to outside. Must be in the same subnet with IP.

o   Loopback Address: Reference itself. 127.0.0.1-127.255.255.255.254.

o   Reserved Address: Future or testing. 240.0.0.1-254.255.255.254. Class E.

o   32 Bits, 4 octets, 4 bytes. Max value is 255.

 

-          Network Address Translation: IPv4 supports 4.29 billion address but more than 20 billion devices are connected now. So unique IP address defining is not possible. Routers keeps the NAT table.



 

-          Network Communication:

o   Unicast: one to one communication. Send information between 2 systems. Does not scale optimally for reel time streaming media. (web browser, file transfer)

o   Broadcast: one to all communication. Source sends and all receives. Limited scope in broadcast domain. (Routing updates, ARP requests). Used in IPv4. IPv6 uses Multicast.

o   Multicast: one to many of many communications. Only interested parties. Difficult to scale across large network. Extensive use in IPv6.

o   Anycast: one to one of many. Closest device will reply of many. Commonly used in DNS.

 

-          Construction of Subnet:

o   Why Subnetting: Very difficult to connect all devices simultaneously. Provide more manageable and secure network.

o   Variable Length Subnet Mask (VLSM): Customize network and subnets according to requirements. Using different subnet masks in the same classful network. Just like cutting pizza smaller pieces.

o   Network Address: First IP Address of subnet. Set all host bits to zero.

o   First Usable Address: Network Address +1

o   Broadcast Address: Last IP of subnet. Set all host bits to 1.

o   Last Usable Address: Broadcast Address -1

-          IPv6 Addressing:

o   128 bits address – 16 bytes. 6.8 billion people can get 5X1027 each.

o   DNS is now more important.

o   Group of zeros can be abbreviated with double column.

o   Removing leading zeros is optional.

o   DHCP can still be used but it is better to use IPv6 and MAC Address together. (Extended Unique Identifier)

 

-          IPv6 Subnetting: Internet Assigned Number Authority (IANA) provides blocks to Regional Internet Registries (RIR). RIRs assign smaller subnets to ISPs. ISPs provide /48 subnet to clients.

-          Tunnelling IPv6:

o   6to4 Addressing: Send IP6 over IPv4. Does not support NAT. Creates IPv6 based on IPv4. Require relay routers.

o   4in6 Tunneling: Since there are challenges it is not used currently.

o   Teredo: Tunnel IPv6 through IPv4. No special IPv6 is needed. Temporary design. Used in Windows.

o   Miredo: Same functions with Teredo but used in Linux.

o   Dual Stock Routing: Router run both. IPv4 and IPv6 routing tables are separately saved.

-          Neighbor Solicitation: Since there is no broadcast with IPv6, multicast requests.

-          Neighbor Discovery Protocol (NDP): Works with multicast.

-          Stateless Address Autoconfiguration (SLAAC): Configuring IP without DHCP. Needs “Duplicate Address Detection (DAD)” needs to be used to find duplicate addresses.

-          Router Solicitation and Router Advertisement are used to discover routers.

 

Ports and Protocols:


-          https://kbsuperuser.com/tcp-udp-explained

-          https://kbsuperuser.com/tcpip-cheat-sheet

-          Common Ports - Cheat Sheet - superuser (kbsuperuser.com)


 

  

DHCP Overview:

-          What is DHCP and How DHCP works? - superuser (kbsuperuser.com)

-          DHCP - Cheat Sheet - superuser (kbsuperuser.com)

 

-          When connected to a switch:

o   Sent DHCP discover (0.0.0.0:udp:68) to 255.255.255.255:udp/67

o   DHCP sent offer message from own local IP:udp/67 with broadcast 255.255.255.255:udp/68

o   Client sent DHCP request message from broadcast and tell server that it wants to use offered IP address.

o   DHCP server sends DHCP ACK message as broadcast and client configure itself.

o   If there is no DHCP server in LAN. The broadcast will not be forwarded outside. So DHCP Relay needs to be configured. If it is configured. The process goes same but only with the help of the router.

 

-          Configuring DHCP:

o   Scope: IP Address Range, Excluded Address, Subnet Mask, Lease Duration, DNS, Default Gateway.

o   After the lease duration address reclaimed and added back to pool.

o   Automatic Assignment: DHCP gives the IP Address from past assignments.

o   Static Assignment: Administratively configured. Add MAC address and assign IP address for servers, admin computers etc.

-          DHCP Renewal Process:

o   T1 Timer: Check the lending DHCP server to renew IP Address. %50 lease time (by default)

o   T2 Timer: If the original DHCP server is down try rebinding from any DHCP Server. %87.5 lease time.

o   E.g. Lease Time=8 days. T1=4 days and T2=7 days.

o   No checkback needed in the first half of the lease time.

 

 

 

 

 

 

 

 

DNS Overview:

-          What is DNS and How DNS works? - superuser (kbsuperuser.com)




 

 

NTP Overview:

-          Every device has own clock. And synchronization of devices important. (log files, authentication, outage details etc.)

-          NTP Server: Listen on udp/123 responds to NTP Clients.

-          NTP Clients: Request time from NTP Server.

-          NTP Server / Client: Get time from other server, respond queries.

-          Stratum Layers:

o   0: Atomic clock, GPS Clock, very accurate.

o   1: Synchronized to stratum 0.

o   2: Synchronized to stratum 1.

o   Downtime wins.

-          It is very important to plan who will be the server and who will be the client. If there are more than 1 server is defined as NTP. The small stratum is more accurate so it wins.

 

Network Architectures:

-          Core: Center of the network. Webserver, Database, Applications etc.

-          Distribution: Midpoint between users and core communication between access switches.

-          Access: Where the users and end-user devices connected.


 

 

 

 

 

-          SDN: Extend the functionality and management. Perfectly build for cloud.

 

-          Spine and Leaf Architecture: Top of rack switching. Simple cabling, redundancy, fast connection, adding new switch is costly. No direct connection between leaves and spines.


 

 

 

 

 

 

 

 

Cloud Models:

-          Cloud Computing Explained - superuser (kbsuperuser.com)

-          IaaS – HaaS: Outsourcing the equipment. Organization is still responsible for security and management.

-          SaaS: No local installation. Provider responsible for managing and security. Gmail, Office 365 etc.

-          PaaS: No Server No Software. Someone else handles the platform organization handles the development. Public: Everyone has access. Community: Share resources with other organizations. Private: Organization owned local data center. Hybrid: a mix of public and private.

-          DaaS: virtual desktop infrastructure. Minimum operating system needed on the client. Applications run on remote server. Network connection must be strong.

Designing Cloud:

-          On-Demand computing power: One click to create server, switch etc.

-          Elasticity: Scale up and down easily.

-          Multitenancy: Many clients can use the same infrastructure.

-          Infrastructure as Code: Define server, network, applications as code. Modify, copy, move code.

-          Orchestration: Automation is the key. Services appear and disappear automatically. Security policies are also automated.

-          Connecting to Cloud: VPN, Virtual Private Cloud Gateway, VPC Endpoint.

-          VM Sprawl Avoidance: Since it is easy to build server, switch, fw etc. the process will get out of hand after some time. Formal process needs to be followed.

-          VM Escape Protection: VM owners should not break VM Instance and interact with OS / Hardware.

 

Networking Devices:

-          Hub: OSI Layer 1 – Multiport repeater – Half duplex – 10/100 Mbit/sec.

-          Bridge: OSI Layer 2 – Switch 2-4 ports, traffic is based on MAC – can connect different topologies.

-          Switch: OSI Layer 2 – More ports and features. Forward traffic based on MAC.

-          Router: OSI Layer 3 – Routes traffic between IP Subnets.

-          Access Point: Connect wired and wireless networks.

-          Cable Modem: Transmission across multiple frequencies. Data, voice, video.

-          DSL / ADLS Modem: Download is faster.

-          Repeater: Receive and forward signal. No decision made.

-          Converting Media: OSI Layer 1 – Convert F/O to copper, copper to F/O

-          Layer 3 Capable Switch / Layer 3 Switch / Multilayer Switch: Switch, Routing

-          Wireless Networks / Wireless LAN Controller: Centralized management of Access points. Deploy, config, monitor and report usage via one point.

-          Load Balancer: Multiple servers, invisible to end-users. Large scale implementation, fault tolerance, managed access servers.

-          IDS and IPS: Intrusion Detection And Prevention Systems (IDS&IPS) Explained - superuser (kbsuperuser.com)

-          Proxies: Sits between user and external network. Receive the request on their behalf. Caching, URL Filtering, access control, scanning.

-          VPN: encrypted tunnel, often integrated to firewall.

-          VOIP: Phone switch.

-          Network Based Firewalls: Filter traffic by port number / application. Encrypt traffic, Layer 3 device, NAT, routing.

 

Networked Devices:

-          VOIP: Each device is a computer, individual config.

-          Printer: B&W, Colored, All in One, Ethernet, 802.11 Wireless, Bluetooth.

-          Card Reader: Access to door / rooms, biometric auth.

-          Cameras: CCTV, motion recognition, object detection, central recording device

-          HVAC: heating, ventilation, air conditioning managed commonly by one PC.

-          IoT: Appliances, refrigerators, smart devices, usually wireless.

-          SCADA / ICS: Power generation, manufacture equipment, real time info.

 

Dynamic Routing:

-          Routers listen for subnet information from other routers.

-          Routers also provide information to other routers. With the gathered information routers determine the best path.

-          If change occurs, then convergence process take place for every protocol.

-          Which routing protocol:

o   Define the best path: State of link, how far away?

o   Rank the routes best to worst.

o   Convergence time can widely change.

-          Distance-Vector Protocol: How many hoops away is another network? Good for small networks, usually automatic. Routing Information Protocol (RIP)

-          Link-State routing Protocol: Connectivity is the key. More often in large network. Open shortest Path First.

-          Hybrid Routing Protocols: Mixed of link state and distance vector protocol.

o   Border Gateway Protocol defines the path with criteria “network topology”, “speed”, “rules” etc.

 

Routing Technologies:

-          Routing Tables: A list of directions for packets.

-          Hop: A packet passes through router, a hop to next router.

-          Router does not know how to get everywhere, just need to know how to go another place. If configured wrong, it will create loop and the data will go wrong direction.

-          IPv4 Time To Live & IPv6 Hop Limit: Avoid packet hop forever.

-          Default Route: A route when no other route matches. Go that way to 0.0.0.0/0

Introduction to Ethernet:

-          Ethernet Frame:


 

Network Switching:

-          Switches:

o   Forward / Drop Frame based on MAC Address.

o   Gather / Update MAC Address

o   Maintain loop free environment (STP)

-          Address Resolution Protocol (ARP): Determine a MAC address based on an IP address.

-          PoE Power Modes:

o   Mode A: Power on data pairs greater than 1 Gbps.

o   Mode B: Power on spare pairs.

o   POE: 802.3 standard / 15.4 watt / 350 mA.

o   POE+: 802.3 standard / 25.5 watt / 600 mA.

VLAN and TRUNK:

-          VLAN and TRUNK Explained - superuser (kbsuperuser.com)

 

Spanning Tree Protocol:

-          There is no TTL in Layer 2. So, loop protection should be handled. Unplugging the cable solves the problem.

-          States:

o   Blocking: Not forwarding to prevent loop.

o   Listen: Not forwarding and cleaning MAC.

o   Learning: Not forwarding adding to MAC.

o   Forwarding: Data passes, operational.

o   Disabled: Admin has turned off the port.

-          STP is 802.1D and RSTP is 802.1w. 802.1w is compatible with 802.1D.

 

 

Interface Configurations:

-          Basic Interface Config: speed / duplex. Generally automatic. Need to match on both sides.

-          IP Address Management: Layer 3 interfaces, VLAN Interfaces, Management Interfaces. IP Address, Subnet Mask, GW CIDR Block, DNS needs to be configured.

-          VLAN Assignment: Each device each port should be assigned to a VLAN.

-          LAG and Mirroring: Multiple interface acts like one interface with LAG. Mirroring copy traffic from one interface to another.

-          Jumbo Frame: Send frames more than 1500 bytes of payload. (9216 bytes.) Especially for backup and high traffic services.

-          Ethernet Flow Control: Ethernet is non-deterministic. So, never knows how fast or slow it will be. IEEE 802.3x pause frame and tell other devices pause frame before sending.

-          Port Security: Prevent unauthorized users from connecting based on source MAC Address. Unique rules for every interface.

 

Wireless Standards:

 

Wireless Technologies:

-          Frequency: 2.4 or 5 GHz or both or additional bands. Channels are numbered by IEEE not to overlap each other.

-          Bandwidth: 20 for 2.4, 40,80,160 MHz for 5 GHz.

-          SSID: Same for all access points in order to connect once and resume using. Access points have BSSID just like MAC Address.

-          Omnidirectional Antennas: Signal is evenly distributed all sites.

-          Directional Antennas: Send – receive single direction. E.g. between buildings.

Wireless Encryption:

-          Users needs to be authenticated before login and the communication needs to be encrypted.

-          WPA: Released 2002 after WEP weakness. Every packet gets a unique 128 bits encryption key. But still everyone can listen and the key must be given to right person.

-          WPA-2: Released 2004. Use AES encryption and CBC-MAC.

-          WPA-3: Released 2018. Stronger encryption with Message Integrity Check. Handshake method have changed. Not only user is authenticated to AP, AP also authenticate to user.

 

Cellular Standards:

-          Separate land into “cells”.

-          2G: Primary for voice.

-          3G: Upgraded data connectivity.

-          4G and LTE: GSM + CDMA providers.

-          5G: 10G, higher frequencies.

 

Performance Metrics:

-          Device Performance: Temperature, CPU Usage, Memory

-          Bandwidth Monitor: Network Statics, SNMP, NetFlow etc.

-          Latency: Delay between request and response.

-          Jitter: The time between frames. Real time media a sensitive.

-          Monitoring Interface: Links status, error rate, discard, packet drops etc.

SNMP

-          Database of collected data.

-          Pull from devices udp / 61

-          SNMPv1: Structured tables in the clear.

-          SNMPv2: Data types, enhancements, still clear.

-          SNMPv3: Message integrity, authentication, encryption.

-          Creating graphs with collected data is too important.

-          SNMP Trap: udp / 162. If a value exceeds defined threshold value send alert / message

 

Logs and Mirroring:

-          View the traffic information from router, switch, fw, etc.

-          Audit Logs: What did they do? When did they do?

-          Syslog: Standard for message logging. Usually integrated to SIEM. Set the levels and follow the alerts.

-          Interface Errors:

o   Runt occurs if frame is less than 64 bits.

o   Gia occurs if frame is bigger than 1518.

o   CRC occurs if there is a problem with interface or bad cable.

o   Encapsulation error.

-          Environmental Sensors: Temperature, humidity, electrical, flooding.

-          NetFlow: Gather stats from all traffic.

-          Uptime and Downtime: A summary of availability.

 

 

Plans and Procedures:

-          Change Management: Change Management Explained - superuser (kbsuperuser.com)

-          Security Incidents: What to do when an incident happens? User click a mail attachment, DDoS, Confidential info is stolen etc.

-          Disaster Recovery Plan: Disaster Recovery Planning Explained - superuser (kbsuperuser.com)

-          Continuity of Operations Planning (COOP): Relay on computer but alternate it with paper receipts, fax, phone calls etc.

-          System Life Cycle: Managing asset disposal.

-          Standard Operating Procedures: What to do? Documentation is the key.

-          Common Agreements: SLA, MoU

-          Non-Disclosure Agreements: Must stay confidential not to be distributed.

 

 

Security Policies:

-          Password Policy: Resist guessing, greater than 8 chars, symbols, numbers etc.

-          Acceptable use Policies: Rules of behavior.

-          BYOD: what happens if lost? What happens if employee sells?

-          Remote Access Policies: Encrypted connection, credentials, who can reach internal area from outside?

-          On-Boarding: New comers needs to sign IT Agreement

-          Off-Boarding: What to do when someone leaves?

-          Data Loss Prevention: Look for confidential data before transfer.

-          Security policy includes everything not a static document and change is constant.

 

Network Documentation:

-          Floor Plans: Where the wires are laid? Where are the wireless? Patch Panels?

-          Physical Network Maps: How each device is connected to other?

-          Distribution Frames: Patch Panels, passive cable termination, MDFs, IDFs

-          Logical Network Maps: High level views. Useful for planning.

-          Managing Cables: ANSI / TIA / EIA606, everything needs to be labeled.

-          Site survey: Determine existing and plan new requirements.

-          Audit and Assessment Report: Are we following the rules?

-          Baseline: Seeing current situation and following it.

 

High Availability and Disaster Recovery:

-          Disaster Recovery Planning Explained - superuser (kbsuperuser.com)

-          Fault Tolerance: Maintain uptime in the case of a failure. Add cost and complexity.

-          Redundancy: Redundant hardware components, RAID, UPS, Cluster, Load Balance

-          Port Aggregation: connect 2G instead of just 1G to create HA.

-          Infrastructure Support: UPS, PDU, Generators, HVAC, Fire Suspension.

-          Recovery Sites: Alternate processing site.

o   Cold Site: No hardware, empty building / room, no data.

o   Hot Site: Exact replica of current data center.

o   Warm Site: Rackspace, some hardware, between cold and hot.

o   Cloud Site: Use cloud for some sources.

-          Network Redundancy:

o   Active-Passive: 2 devices configured and installed; one fall second continue.

o   Active-Active: Use both devices at the same time. Config is different data may flow different routes.

o   Diverse Paths: Create multiple paths with different ISPs.

o   HA Protocols: First Hop Redundancy, Virtual router Redundancy.

 

-          Availability Concepts:

o   Recovery:

§  Recovery Time Objective (RTO): How long it will take to take it back?

§  Recovery Point Objective (RPO): How much data loss is acceptable?

§  Mean Time to Repair (MTTR): Time required to fix the issue.

§  Mean Time Between Failure (MTBF): Predict time between outages.

 

 

Network Security:

-          CIA Triad: Infosec - CIA Triad Explained - superuser (kbsuperuser.com)

 

-          Security Concepts:

o   Vulnerability: A weakness in system.

o   Zero-Day Attack: Vulnerabilities not found yet.

o   Threat: Vulnerability can be exploited by threat.

o   Insider Threats: Least privilege, create policies.

o   Vulnerability Databases: CVE Community, National Vulnerability Database.

o   Exploits: Take advantage of vulnerability, gain control of a system.

o   Role Based Access Control: provide access according to user role.

o   Zero Trust: Holistic approach to network security. No one is trusted unless verified.

 

-          Defense in Depth:

o   Layering the defense.

o   Physical Controls: Door locks, fences, rack blocks, cameras.

o   Technical Controls: Hardware, software, firewall, AD, encryption.

o   Firewall, screened subnet, hashing, salting, authentication, IPS, VPN, Card, badge, antimalware, antivirus, security guard.

o   Physical Segmentation: Separate devices, separate infrastructure.

o   Logical Segmentation: VLAN.

o   Separation of Duties: Split knowledge, dual control.

o   Network Access Control:

§  IEEE 802.1x port-based access after auth.

§  EAP or RADIUS

§  Disable un-used ports

§  MAC address checking to stop spoofing.

o   Honey Pots:

§  Attract attackers and trap them to a pot. Create a virtual world to explore. See the capabilities and methods of attackers.

 

-          Authentication Methods:

o   Local Auth: Credentials stored on local machine. Not centralized.

o   MFA: More than one factor. Something you are, something you love, something you know, somewhere you are, something you do.

o   RADIUS: Centralized auth for users. Supported widely by manufacturers.

o   TACACS: Terminal Access Controller Access Control System.

o   LDAP: Protocol for reading writing directories over an IP Network.

o   Kerberos: One-time auth is enough.

 

-          Risk Management: Risk Management Explained - superuser (kbsuperuser.com)

 

-          Common Attacks: Types of Cyber Attacks Explained - superuser (kbsuperuser.com)

 

 

Network Hardening

-          SNMP

-          Router Advertisement Guard

-          Port Security

-          Dynamic ARP Inspection

-          Patch Management

-          Control Plane Policing

-          Role-based Access

-          Private VLAN

-          Access Control List

-          Firewall Rules

-          Disabling un-used ports

-          Change default credentials

-          Password complexity

-          DHCP Snooping

-          Changing default VLAN

-          Upgrading firmware

 

Wireless Security:

-          MAC Filtering

-          Antenna Placement

-          Wireless Isolation

-          Wireless Security Nodes

-          EAP

-          Geo Config

-          Captive Portal

Remote Access:

-          Use VPNs via firewall, standalone hardware, software etc.

-          Full Tunnel: All traffic goes to corporate FW even if not related with organization.

-          Split Tunnel: Only corporate related traffic goes to corporate firewall.

-          Remote Desktop Connection: RDP, VNC. Use Remote Desktop Gateway.

-          Use SSH tcp/22 and encrypt all traffic.

-          Out of band management: serial connection, USB, console router

 

Physical Security:

-          CCTV: Object detection, motion detection, plate and face detection.

-          Asset Tracking Tags: Record all assets.

-          Tamper Detection: Use tampered stickers

-          Employee Training: One on one, posters, signs, messages/

-          Access Control Hardware: Gate, lock, camera

-          Badge Reader, biometrics, smart locks

-          Locking cabinets

-          Data destruction

-          Access control vestibules

 

Network Troubleshooting:

-          Identify the Problem: Gather information, Question Users, Check Help Desk Tickets, Get as many details as possible.

-          Find out if anything changed

-          Establish a Theory: Start with obvious Consider everything, divide and conquer problem.

-          Confirm the theory: Determine next steps to resolve the problem. If it does not work try with another theory.

-          Create a plan of action: Build the plan what to do. Identify potential effects.

-          Implement the solution: Try the fix, escalate as necessary, get help from a 3rd party.

-          Verify full system functionality: Check the solution with customer.

-          Document Findings: Add the results to knowledgebase.

-          Briefly:

o   Identify problem

o   Establish a theory of probable cause

o   Test the theory

o   Establish a plan of action

o   Implement the solution

o   Verify full system function

o   Document findings

 

Cable Connectivity:

-          Using Right Cable: Speed / Bandwidth, Throughput, Distance

-          Unshielded and Shielded Cable: U / S / F Cable

-          S/FTP, F/UTP means: Shielded outside / Foil Shielding inside, Foil outside / No shielding inside

-          Active / Circulating Plenum Airspace

-          Traditional Cable Jacket: Polyvinyl chloride (PVC)

-          Fire-Rated Cable Jacket: Fluorinated ethylene polymer (FEP) or low-smoke polyvinyl chloride (PVC)

-          Serial Console Cables: D-Subminiature or D-Sub like DB-9 or DB-25. Commonly used for RS-232. Now used for configuration port.

-          Rollover Cable – Rolled Cable – Cisco Console Cable - Yost Cable: A standard for RJ-45 to serial communications

-          Ethernet cross-over cables: Connect to Ethernet devices without using a switch by using crossover cable. Can be a good alternative to a console connection.

-          PoE: One wire for both network and electricity. Phones, cameras, access points.

 

Wired Network Troubleshooting:

-          Attenuation: Gradual diminishing of signal over distance

-          Decibel: Signal strength ratio measurements. Scales up logarithmically. Can lose all connectivity, intermittent connectivity, poor performance. Test each connection.

-          Avoiding EMI and Interference: No twisting, watch bend radius, don’t use staples. Avoid power cords, electrical systems. Test after installation.

-          Troubleshooting pin-outs: Test the cables prior to implementation. There may be incorrect pin-out.

-          Bad Ports: Interface errors may indicate bad cable or hardware problem. Verify port configurations, verify two-way connections, Poor Throughput. Check the speed settings.

-          Opens and shorts: Two connections are touching. Wires inside of a cable or connection. May be difficult to find. Replace the cable. Advance troubleshoot can be done with a TDR.

-          Incorrect Transceivers: Have to match the fiber. Single Mode – Single Mode.

-          Duplex / Speed Mismatch: Speed 10 / 100 / 1000 / Auto, Duplex Half / Full / Auto. Cause less than expected throughput.

-          Reversing transmit and receive: Wiring mistake on cable ends or punch downs. Some network interfaces will automatically correct. (Auto-MDIX)

-          TX/RX Reversal: No Connectivity. Try turning Auto-MDIX on. Locate reversal location.

-          Dirty Optical Cables: Always use your dust caps.

 

Hardware Tools:

-          Cable Crimpers: Coaxial, twisted pair, fiber. Connect the modular connector to Ethernet Cable. Get a good pair of electrician’s scissors.

-          Make sure to use correct modular connectors.

-          Punch-Down tools: Punch a wire into wiring block such as 66 / 110 blocks. Trims the wires during the punch.

-          Document everything, tag everything.

-          Tone Generator: follow the tone to find the cable. Easy wire tracing.

-          Loopback Plugs: Useful for testing physical ports or fooling the applications. Serial / RS-232, Ethernet, T1, fiber. These are not cross-over cables.

-          TDR or OTDR: Estimate cable lengths both copper and fiber. Cable impedance information, signal losses, locate copper or fiber breaks. Resolve layer 1 issues quickly. Helps to validate installation.

-          Multimeters: AC, DC, Continuity.

-          Cable Testers: Relatively simple, continuity test. Can identify missing pins. Not usually used for frequency testing.

-          Taps and Port Mirrors: Intercept network traffic and send a copy to a packet capture device. Disconnect the link put a tap in the middle and do the analysis.

-          Fusion Splicer: Joins two ends of a fiver together. Add a connector to end of a fiber, extend the length, remove damaged section.

-          Light Meter: Shows how much light is getting through. Useful during installation.

-          Spectrum Analyzer: See the frequencies and conflicts.

 

Software Tools:

-          Wireless packet analysis: Easy to monitor. You have to be quiet and listening. “Wireshark”

-          Protocol Analyzers: Solve complex application issues. Get and shows the details. Gather frames and view traffic patterns. “Wireshark”

-          Speed Test Sites: Bandwidth Testing. Measure at different times of the day. IPS sites, speedof.me, speetest.net

-          iPerf: Performance monitoring and speed testing. Set iPerf server and client.

-          IP and port scanners: Active scan for IP Addresses and open ports. Set the range and see who responds. Nmap / Zenmap / Angry IP Scanner.

-          NetFlow: Gather traffic statics from all traffic flows. Probe watches network communication. Summary records are sent to collector.

-          TFTP Server: perfect for initial file transfers and firmware upgrades.

-          Terminal Emulator: Encrypted Terminal communication

 

 

 

Command Line Tools:

-          Ping: Tests Reachability. Determine Round-trip time and uses ICMP.

-          Ipconfig / Ifconfig / IP: ping local router / gateway. Determine TCP/IP information.

-          Nslookup / dig: lookup information from DNS servers. Canonical names, IP Addresses, cache timers etc.

-          Traceroute: Determine the route a packet takes to a destination.  -tracert for windows or traceroute for unix / linux / macos.

-          ARP: Determine a MAC address based on an IP address. Arp -a

-          Netstat: show all active connections. Netstat -a, netstat -b, netstat -n

-          Hostname: View the FQDN and IP address of the device.

-          Route: View the device routing table. Route print, netstat -r

-          Telnet: tcp / 23. Login devices remotely. Insecure communication. A great utility for checking a port or application.

-          TCPDump: capture packets from the command line. Apply filter’s view in the real-time.

-          Nmap: network mapper, port scanner, operating system scan, service scan. Additional scripts can add.

-          Show interface: view interfaces on a device

-          Show config: view the device config – show run

-          Show route: view the routing table – show ip route

 

Wireless Troubleshooting:

-          Performance can vary. Throughput, speed, distance effects the performance.

-          RSSI: The strength of a received radio signal. Closer in decibel-milliwatss to zero is better.

-          Wireless survey tools: Signal coverage, potential interference.

-          EIRP: The radiated signal strength. Transmit strength + antenna gain - cable loss. For 2.4GHz maximum EIRP is +36 dBm or 4W.

-          Omnidirectional antennas are good choice for most environments.

-          Directional antennas focus the signal and provide increased distances. Yagi, Parabolic. Point to point. Antennas are placed at both ends.

-          Polarization: The orientation of an antenna. Transmitting and receiving should be same.

-          AP Association time: Devices must associate with an access point. Also check the connection with wired network controller.

-          Channel Utilization: Everyone can’t talk at one time. Disable legacy, low speed support and use the fastest possible speeds and configurations. Check the channels and adjust the output power, split network.

-          Site Survey: Determine existing wireless landscape, identify existing Aps, work around existing frequencies, plan for ongoing site surveys.

 

 

 

Common Wireless Issues:

-          Overlapping Channels: Create interferences.

-          Attenuation: Signal gets weaker as you move farther. Control the power output. Use a receive antenna with higher gain. Power lost can be seen in the antenna cable coax.

-          Wrong SSID: SSID needs to confirmed and configured correctly.

-          Wrong passphrase: Check the password if not authenticated. Use 802.1x

-          Security type mismatch: make sure the client matches access point. Migrate all WEB to WPA 2/3.

-          Incorrect antenna placement: Avoid overlapping, check locations.

-          Channels: Using Channels 1 – 6 – 11 is recommended.

-          Client Disassociation: Capture the packet via Wireshark. Remove the device which sends disassociation packet.

 

General Network Troubleshooting:

-          Device Configuration Review: Don’t start blindly, view the configuration.

-          Routing Tables: Know how to get from point A to point B. Know which way data will flow. Create a network map.

-          Interface Status: Know the details of the important interfaces. Check the errors.

-          VLAN Assignment: Confirm the specific switch interface.

-          Network Performance Baseline: See the baseline and look for where the problem started. Check the SIEM records.

 

Common Network Issues:

-          Half-duplex Ethernet: If 2 devices communicate simultaneously, there will be a collision. It is normal in half-duplex networks.

-          Full-duplex: Check interface configuration issues, hardware issues if collisions happen.

-          Broadcast Storms: Each device must process every broadcast. Capture the packets and identify the source. Separate the network into smaller broadcast domains.

-          Duplicate MAC Address: Not a common occurrence. If it happens there may be an on-path attack. Use ARP command from another computer and check the IP Address.

-          Duplicate IP Address: Static address assignments may cause. DHCP isn’t a panacea, multiple DHCP Servers overlap. Capture DHCP Process and check it.

-          Multicast Flooding: Switch forward multicast traffic. Configuration needs to be checked.

-          IGMP Snooping: Enable it to forward multicasts traffic to specific ports.

-          Asymmetric Routes: find out the routing with traceroute and view the configuration.

-          Switching Loops: Configure Spanning Tree Protocol correctly.

-          Routing Loops: Check the configuration. Traceroute will show the problem.

-          Missing Route: A route to destination network does not exist. The packet will be dropped.

-          Rogue DHCP Server: IP Addresses assigned by a non-authorized DHCP Server. Intermittent connectivity, no connectivity. Enable DHCP Snooping on the switch. Authorize DHCP servers in Active Directory. Disable the rogue and renew the IP Address.

-          Exhausted DHCP Scope: Check the server and add more IP address if possible. Lower the lease time.

-          IP Configuration Issues: Check the IP Address, Subnet Mask, Gateway and DNS. Monitor the traffic. Check the devices and confirm subnet mask and gateway.

-          Low Optical Link Budget: Clean the connectors. Check the cable with a light meter.

-          Certificate Issues: Something is wrong with certificate. Check the certificate details.

-          Hardware Failure: Application does not respond. Confirm connectivity, run a traceroute. Check the devices, light.

-          Incorrect Firewall Setting: Check the configuration. Are ports protocol allowed? Confirm the rules.

-          Incorrect VLAN Configurations: Check the VLAN assignments on the switch.

-          DNS Issues: Check the IP configuration and DNS settings on the client. Use nslookup or dig. Change the DNS server.

-          NTP Issues: time is important for applications such as Kerberos Active Directory. Configure NTP on all devices and automate the settings.

-          BYOD: Difficult to secure. Devices need to meet the company’s requirements.

 

 

 

 REFERENCES:

 

Files

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow