NETWORK MODELS

- networking model = refers to a comprehensive set of documents.

- protocol = is a set of logical rules that devices must follow to communicate
- TCP/IP model = defines and references a large collection of protocols (RFCs) that allow
computers to communicate
- network segmentation = breaking networks into smaller pieces
- collision domain = when one device on a network sends a packet and everybody listens
- switch = creates different collision domains within a single broadcast domain
- router = creates multiple broadcast domains for each interface

OSI Model

1.Application layer = provides services that applications need (FTP,DNS,HTTP,SSL,VoIP,IMAP)

2.Transport layer = includes TCP and UDP and provides TCP Error Recovery

- adjacent-layer interaction = interaction of different layers on the same computer

- same-layer interaction = interaction of same layers on different computers
3.Network layer (IP - defines addressing and routing rules, IPv4, IPv6, ICMP, IGMP)

Encapsulation process by OSI

4.Link layer (physical connection of link between devices - Ethernet, LAN, WAN, PPP, FR, ARP)
- includes two distinct functions:
a) functions related to the physical transmission of the data
b) protocols and rules that control the use of the physical media.

Encapsulation process of TCP/IP

TCP:
UDP:
-windowing
-no windowing
-connection oriented (SYN-ACK)
-connectionless
-guarantees delivery
-best effort delivery
-error detection
-no error detection
3way handshake = when ports are of different speed (1.SYN 2.SYN/ACK 3.ACK)
ISN = initial sequence number
flow control = raise/lower window size

7.Application = where user interacts with the network, makes sure the remote
communication partner is available, ensures that both ends agree on the rules, what we see
6.Presentation = how should data be presented (encryption and encoding)? SSL/TLS
5.Session = manager of data transfer process, handles creation, maintenance & teardown of
communication channel, half-duplex, duplex, tunneling protocols
4.Transport (segments) = establish logical end2end connection (tcp,udp)
3.Network (packets) = what valid paths exists from A to B? what path is best? router, ip
2.Data Link (frames=1500bytes) = switches, ethernet, hdlc, ppp, fr, mac, fcs
1.Physical (bits) = ones and zeroes, cables, signals, connectors, hubs, NIC

4way handshake = connection termination (1-FIN/ACK 2.ACK 3.ACK,FIN 4.ACK)

CRC = checks if frame is valid without errors

L1 - CABLING AND TOPOLOGY

3.Fiber Optic

Three types of cables: a) coaxial b) twisted pair c) fiber-optic

1.Coaxial
-shields from EMI (magnetic fields, light, fans, copy machines, refrigerators)
-BNC connectors (retired) and F-type connectors (currently) and RG59 cables

-prevents EMI
-pair of fibers (one for sending, one for receiving)
-most common size is 62.5/125microm
-MMF (multimode fiber, 850nm) = fiber optic that uses LED (modal distortion)
-SMF (single mode fiber, 1310 or 1550nm) = fiber optic that uses lasers
-susceptible to light leakage, modal distortion, attenuation
4.Serial
-RS232, 9pin male DB9 connector

2.Twisted Pair
-STP (shielded) = reduces crosstalk (lights, electric motors)
-UTP (unshielded) = no protection, most common, CAT ratings, 100m max

5.Parallel
-P2P topology, 2Mbps, 25pin female DB connector

CAT Rating
Max frequency
Max Bandwidth
Status with TIA/EIA
CAT 1
< 1 MHz
Analog phone lines No longer recognized
CAT 2
4 MHz
4 Mbps
No longer recognized
CAT 3
16 MHz
16 mbps
Recognized
CAT 4
20 MHz
20 Mbps
No longer recognized
CAT 5
100 MHz
100 Mbps
No longer recognized
CAT 5e
100 MHz
1000 Mbps
Recognized
CAT 6
250 MHz
1000 Mbps
Recognized
CAT 6a
500 MHz
10 Gbps
Recognized
Telecommunication room (IDF) = all cables go here
Main distribution frame (MDF) = room with all the equipment (demarc, telco, lan...)
Run = single horizontal cable
UTP cable:
-solid core (better conductor, brakes easily)
-stranded core (resistant to breaking)
1U = 1.75inchnes
Patch panel = box with a row of female connectors (ports) in the front (110block most used)
Patch cable = short stranded UTP cable
Demarc = diving line of responsibility
NIU (network interface unit) = model, a demarc point in personal home
Smart jacks = used for loop testing
Cable drop = where cable comes out of the wall
Multimeter = testing continuity (0 ohm = conn, infinite ohm = no conn)
Cable tester (wiremap) = shorts, crossed wires

6.FireWire
-P2P topology, 800 Mbps

TDR (time domain reflectometer) = continuity + wiremap

Cable certifier = verifying that every cable meets TIA/EIA standards
Attenuation = signal weakening due to long cable
Optical Time Domain Reflectometer (OTDR) = for testing fiber cables
Bonding or Link Aggregation = combining multiple NICs
Link light flickering = connection problems
Activity light = flickers when everything is OK
Toner (tone generator + tone probe) = find cable with sound

L2 - ETHERNET BASICS
Ethernet = wired only LAN standards that define (by IEEE) physical and data link layers
WLAN = IEEE 802.11
Crossover cable: If the endpoints transmit on the same pin pair
Straight Through cable: If the endpoints transmit on different pin pairs (conn 2 hubs)
Attenuation = signal breaking as it travels
Repeater = creates clear copy of the signal (Hub)

preamble = tells receiving NIC where the incoming frame starts

type = type of data, ipv4 or ipv6
pad = adds extra data if the frame is less than 64 bytes
fcs = crc detects damaged frame

Bridge = hub with filtering and forwarding (L2)

Switch = has SAT (Source Address Table) and can daisy-chain
MAC address = 6 bytes (48bits) in HEX aka Unicast address (EUI-48 or MAC-48)
OUI = unique 3byte code (first 24bits)
Group address = identifies more than one LAN card
Unicast address = destined for one particular host
Broadcast address = sent to all
Multicast address = destined for a group of hosts
LLC (Logical Link Control) = talks to OS. places data into frames, creates CRC
Half-duplex = can either send or receive (CSMA/CD
Full-duplex = can send and receive at the same time
Auto-negotiation = setting up speed automatically
Fast Link Pulse (FLP) =
Normal Link Pulse (NLP) =

CSMA/CD (802.3)
-examines the cable before sending the frame
-detects traffic, waits a few milliseconds (generates random #), rechecks, sends out frame
-max 10% is acceptable
Crossover cable
-used for connecting hubs together
-has reversed pins
STP (Spanning Tree Protocol) = 802.1D
-prevents loops (detects and blocks the loop port)
Troubleshooting
-light off = fault port

ETHERNET NETWORKS

10BASE-T = CAT3 UTP cable, RJ45 connector, uses two pairs only (1,2 send - 3,6 receive)
baseband, star-bus topology (physical star, logical bus)
10BASE-FL = fiber optic, 2km max, prevents EMI and crosstalk, MMF, SC or ST connector
100BASE-T4 = CAT3, retired
100BASE-TX (100BASE-T) = CAT5, star-bus topology, 1024 nodes, UTP or STP with RJ45
100BASE-FX = 802.3, fiber-optic, MMF, SC or ST connector, star-bus, 2km, 1024 nodes
1000BASE-T = CAT5e/6, 4pair, RJ45, 200m
1000BASE-X = 4pair UTP or STP, 100m max
1000BASE-CX = twinaxial cable, 150ohm, 25m, copper
1000BASE-SX = fiber-optic cable, MMF, 220-500m, SC connector
1000BASE-LX = SMF, LC or SC
10GBASE-SR = S (short wavelength), R (LAN), 26-300m
10GBASE-SW = W (SONET/WAN), 26-300m
10GBASE-Lx = L (long wavelength), 10km
10GBASE-Ex = X (extra long wavelength), 40km
SFF (Small Form Factor) = new fiber connector
MT-RJ (Mechanical transfer Registered Jack) = new fiber connector

L3 - TCP/IP BASIC
IP = works at Internet layer on TCP/IP model (IPv4, IPv6, ICMP), 32bits
Packet to LAN = needs MAC and IP (sends ARP)
Packet to WAN = sends to default gateway (router)
RARP = was used for get L3 address when MAC was known
IP Header:

TCP:
-windowing
-connection oriented (SYN-ACK)
-guarantees delivery
-error detection

UDP:
-no windowing
-connectionless
-best effort delivery
-no error detection

TCP Header:

DHCP (BOOTS):1.Discover messages 2.Offer message 3.ACK messages - PORT: 67/68

Scope = a pool of IP addresses
Reservation = reserves IP addresses
Lease = when host accepts IP address from a DHCP server, fixed amount of time
APIPA = automatic IP addressing (169.254)
Establish a lease manually on Windows: ipconfig /release & ipconfig /renew
Establish a lease manually on Unix: sudo ifconfig eht0 down & down

1.HOW MANY SUBNETS?

2.HOW MANY HOSTS?

3.WHAT SUBNET IS THE IP ON?

Private IP Addresses
Class A
10.0.0.0 - 10.255.255.255 / 255.0.0.0
Class B
172.16.0.0 - 172.31.255.255 / 255.240.0.0
Class C
192.168.0.0 - 192.168.255.255 / 255.255.0.0
4.WHAT IS THE IP RANGE?

ROUTING
Default route = what to do in case the route is not in the table
Print routing table = netstat -r OR route print
Directed broadcast = broadcast for a specific subnet
No gateway = if the gateway is the same as the NIC address, it means NO gateway
NAT = enables private addresses to connect to the internet
replaces the Source IP with its outside interface address on outgoing packets
PAT = NAT for one2many connection, uses port numbers to map traffic from hosts
works only for outgoing connections
Port Forwarding = used for incoming connections
Metrics: MTU, Cost, Bandwidth, Latency, Hop Count, Load, Packet Loss, Reliability, Speed
Routing protocols:
1.Distance Vector Protocol
-calculates total cost and compares it to total costs of other routes pointing to the network
-transmits entire routing table to other routers in the WAN
-has a max hops for sending its routing table
-deletes all except the route with the lowest cost
-convergence = when table updating between routers is completed
-works fine with less than 10 routers
a) RIPv1
-IGP (interior gateway protocol)
-max hop count of 15, dynamic
-sends out update every 30s
-cant use VLSM (variable-length subnet masks)
-no authentication
-single hop cost is 1
b) RIPv2
-IGP (interior gateway protocol)
-added VLSM
-added authentication
c) BGP
-BGP
-connecting all AS together
-configured manually, very reliable
-AS = one or more networks governed by a single dynamic routing protocol
uses ASN (1.33428) instead of an IP address

2.Link State
-advertises changes only as they appear
a) OSPF
-IGP (interior gateway protocol)
-fast convergence (dynamic protocol)
-used internally in an AS
-sends out LSA (link state advertisement) or hello packets looking for other routers
-after convergence, sends out hello packets every 30min
-hop cost is based on the link speed
-assigned area IDs that look like IP addresses (area 0 = backbone = most important area)
-DR (designated router) = relays information to all other routers in the network
-BDR (backup designated router) = backup DR
-if link broken, sends out alert packet and corrects the path
-prevents loops
-supports authentication
b) IS-IS
-IGP
-similar to OSPF
-sends only updates
-supports IPv6
3.Hybrid
a) EIGRP
-IGP (interior gateway protocol)
-Cisco proprietary (metrics: total delay, min bw, reliability, load, mtu)
-supports (ip, ipx, appletalk), uses DUAL, RTP
Connecting to a router:
-rollover or Yost cable to serial port
-basic settings:
9600 baud
8 data bits
1 stop bit
No parity
Troubleshooting: tracert, mtr / pathping

L4 - TCP/IP APPLICATIONS
Session = connection between two computers
SESSION START

SESSION END

UDP = DHCP, NTP, SNTP, TFTP, ICMP, IGMP

Port number = 16bit, 0 - 65,535
Well known = 0 - 1024
Ephemeral = 1024 - 5000
Registered = 1024 - 49,152
Private = 49,152 - 65,535
7 ping/tracert
9 wake on lan
20 ftp-data
22 ssh
23 telnet
25 smtp
53 dns
57 mta
69 tftp
80 http
88 kerberos-auth
110 pop3
119 nntp
123 ntp
137/8/9 netbios
384 remote net server
161 snmp
220 imap3
443 https
465 smtps
587 msa
953 dnss
989/90 sftp
993 imaps
3389 rdp
Socket (Endpoint) = connection data stored on two computers

21 ftp-control
43 whois
79 finger
115 simple ftp
143 imap4
389 ldap
873 rsync
995 pop3s

Open sessions = netstat -n

Listening ports = netstat -an
Show process ID = netstat - ano
Show process = netstat -b
Timeout period = ~ 2min
SSL = encryption, authentication, nonrepudiation

DNS
FQDN = name.host OR www.domain.com
Zone = container for a single domain
Record = single line
DNS name limit = 255 chars
SOA = single zone for all host names on the domain
FQDN cache = ipconfig /displaydns
Delete cache = ipconfig /flushdns
AAAA = IPv6 address
CNAME (alias) = host.domain.

PTR (reverse lookup zone) = IP2domain

NetBIOS = name resolution for internal networks (file sharing), SMB later, CIFS today
LMHOSTS = listof netbios names
NetBIOS cache check = nbtstat -c
NetBT = NetBIOS over TCP/IP
CIFS = windows domain (PCs in w2k8), workgroup (group of PCs), AD (group of PC share 1WD)
Manually register dns = ipconfig /registerdns
DNSSEC = security and auth to prevent others act like DNS

SECURING TCP/IP
1.Encryption
-scrambling/descrambing, mixing up, changing data
-cipher = algorithm run to encrypt data
-symmetric encryption = DES, 3DES, IDEA, Blowfish, RC4, AES
-asymmetric encryption = RSA

Authentication standards:
-PPP = point2point connection, five phases:
1.Link dead = modem is off, no link
2.Link establishment = LCP communicates with LCP on another side
3.Authentication = user/pass login
4.Network layer protocol = TCP/IP, NetWare IPX/SPX, NetBEUI
5.Termination = link closed
2.Nonrepudiation
-uses two methods to authenticate:
-guaranteed the data is unchanged and that it came from the source
-hash = math function run on data that result in checksum (MD5, CRAM-MD5, SHA-1, SHA-2) 1.PAP = transmits username and password in plaintext
-digital signatures = PKI (certificates)
2.CHAP = hash-based, prevents man-in-the-middle attacks (MS-CHAP most secure)
3.Authentication
-verify user accessing
4.Authorization
-permissions and user groups
-ACL = list of permissions
ACL Access Models:
a) Mandatory
-every resource is assigned a label that defines the security level (MAC)
b) Discretionary
-resource has an owner that can assign access to that resource
c) Role Based
-defines user access based on the roles, most popular
L7 - SSL/TLS and others
L6,5,4,1 - no encryption
L3 - IPSec
L2 - proprietary encryption devices
Encryption standards:
-SSH = uses PKI (RSA), used as a tunnel
Hybrid:
-SSL/TLS = created by Netscape, TLS today
-IPSec = works at L3/Network, transport (payload encrypted) & tunnel mode (all encrypted)
protocols that work with IPSec: AH, ESP, ISAKMP, IKE, KINK

-AAA = Authentication, Authorization, Accounting

-port auth = users authing to a particular point-of-entry (port)
-central database with usernames
1.RADIUS = supports multiple NASs and PPP (PAP, CHAP, MS-CHAP), UDP1812/3, 1645/6
2.TACACS+ = single server stores ACLs for all devices, Cisco prop, TCP49, PAP,CHAP,MD5
-Kerberos = authentication protocol for TCP/IP
-no PPP, single auth server
-KDC (Key Distribution Center): a) AS-Auth Server b) TGS-Ticket Granting Service
-hash based, token based
-EAP = Extensible Auth Protocol
-single standard to allow two devices to authenticate
-not a protocol but a PPP wraper
-used in wireless networks
-EAP-PSK = most popular in wi-fi, using AES decryption
-EAP-TLS = uses RADIUS, requires certificates, used in wi-fi
-EAP-TTLS = tunneled TLS, uses single server-side cert
-EAP-MS-CHAPv2 = password with encrypted TLS tunnel
-EAP-MD5 = uses MD5 hashes, weak
-LEAP = used mostly by Cisco wi-fi products, combo of MS-CHAP and RADIUS
-802.1X
-port authentication NAC mechanism for ethernet
-puts EAP inside ethernet frame
-combined RADIUS AAA with EAP
-most popular in wireless

Secure apps: HTTPS, SCP, SFTP, SNMP, LDAP, NTP

ADVANCED NETWORKING DEVICES

VPN = encrypted tunnel between a remote and private network over the internet
VLAN = single broadcast domain chopped into smaller broadcast domains
Trunking = connecting two switches
Static VLAN = based on ports
Dynamic VLAN = based on MAC addresses
VTP (Virtual Trunk Protocol) = automates updating of VLAN switches
interVLAN routing = process of making a router work between two VLANs
Router = every port has its own IP address
Switch = ports dont have their own IP addresses
PPTP VPN
-server endpoint uses RRAS available on Windows Server
-client2site connection = when host logs into a remote network and becomes a part of it
-auth and encryption

Multilayer switches work best for:

1.Load balancing
-using multiple servers with one IP address
-distributes request evenly
a)DNS load balancing = multiple A records-(round robin-cycling through A records)
b)Multilayer Switch = works at L3,4 with NAT and Port forwarding
c)Content Switch = works at L7, read HTTP requests
2.QoS
-to prioritize traffic based on certain rules
-bandwidth management (traffic shaping)
3.Network Protection
a)Intrusion Protection / Intrusion Detection
-firewall = cannot detect intrusion
-IDS = app that inspect incoming packets
-NIDS (network-based) = sensors places around the network on one of both sides of gateway

L2TP VPN
-Cisco proprietary
-server endpoint is a router, not software
-supports different connections (ethernet, telephone...)
-site2site connection = two LANs functioning as a single network
-no auth, no encryption
SSL VPN
-works at Application Layer
1.SSL Portal VPN = client accesses the VPN and is presented with a secure web page
2.SSL Tunnel VPN = client web browser runs active control (java,fash) and has better access
OpenVPN
IPSec VPN (Cisco Easy VPN)

(scans using signatures)

-HIDS (host-based) = runs on individual system and monitors for events, behavior-based
b)Intrusion Prevention System (IPS)
-reacts to attacks
c)Port Mirroring
- mirrors data to another port for inspecting packets
d)Proxy Serving
-sits between client and a server
e)Port Authentication
-critical component for any AAA auth method (RADIUS, TACACS+, 802.1X)

IPv6
-no more NAT (every IP is routable)
Link-local Address
-DHCPv6 = a)stateful (passing IP and subnets) b)stateless mode (passing optional information) -when PC boots up, it gives itself a link-local address (lika APIPA)
-AAAA = DNS A records
-First 64bit of link-local is always FE80::/64
-IPv6 tunnels = 6to4 (2000:/16), 6in4 (can go through NAT), Taredo (xp,vista,7), ISATAP (adds -Last 64bit are EUI-64 (generated by NIC)
-no need for DHCP or broadcast
IPv4 address at the end of IPv6
-link-local is a unicast address
-tunnel broker = creates tunnel and offers custom-made endpoint client, to use
-max subnet is /64
Notation
-128bit hexadecimal (48bit from upstream router+16bit subnet from default gateway+EUI64) Multicast, Anycast
-double colons and leading zeroes
-uses multicast (FF02::1 - All nodes, FF02::2 - All routers, FF02::1 :FFXX:XXXX - Solicited-Node)
-CIDR subnet masks
-anycast = gives a cluster of computers one IP, routers use BGP to find closest one, sends pckt
Aggregation
-every router underneath another uses a subset of that routers existing routes

Global Address
-used to connect to the internet
-on boot PC sends a solicitation msg FF02::2 looking for a router
-router sends back IP and Subnet

REMOTE CONNECTIVITY
TELEPHONY
modulator = converts digital signal to analog
demodulator = converts analog signal to digital
modem = does both
DS0 = makes up simple data stream of digital part of the telephone system
T-carrier = digital trunks carrier used by phone industry
CSU/DSU = connects leased T1 or T3 lines from telco to customer
CSU = protects the line from lightning striking and EMI
DSU = supplies timing to each port
Demarc (NIU)= line of responsibility
BERT (Bit Error Rate Test) = verifies T1 connection from end2end
T1 = 1.544 Mbps (25 64Kbps DS0 channels)
-point2point connection
-shielded, two-pair cable
-CSU/DSU
-DS1 signaling method = framing bit + 24 chans (1 chan = 8bit DS0 = 193bits/DS1 frame)
-TDM = process of having frames, that carry a portion of every channel, in every frame sent

THE LAST MILE - CONNECTIONS

1.DIAL-UP
a)PSTN or POTS
-LEC = company that provides phone service to individuals
-IXC = company that provides long-distance service
-uses RJ-11 connector
-works with sound only
-analog
-2400 baud rate (baud & bps =< 2400)
-V standards (V.22=1200bps,V22bis=2.4k,V.32=9.6k,V32bis=14.4k,V.34=28k,V.90/92=56k)
-Data compression (V.42=error check,V.42bis=data compression,V.44=data com,MNP5=both)
b)ISDN
-fully digital
-two channels:
a)B (Bearer) Channels = carry data and voice using DS0 @ 64Kbps
b)D (Delta) Channels = carry setup and config @ 16Kbps
-BRI = two B, one D setup
-PRI = full T1 line
-TA = terminal adapter

T3 = 44.736Mbps (672 channels)

E1 = 2048 Mbps (32 channels)
E3 = 34.368 Mbps (512 channels)

2.DSL
-fully digital, RJ-11 and RJ-45 connector
-must be 18,000 feet or 5.5km from the central switch
SONET
-DSLAM = connects multiple customers to the internet
-primary standard for WAN connections
a)SDSL (Symmetric)
-defines interface standards at the L1 and L2
-same dl/ul speed (up to 15 Mbps)
-ring is fault-tolerant
-expensive
-multiplexing = combines DS1, DS3, E1 signals into single SONET frame
b)ASDL (Asymmetric)
-uses STS signal method (payload + overhead)
-different dl/ul speed (dl < 15 mbps, ul < 1 Mbps)
-suitable for SOHO
OC
c)VDSL (Very High Bitrate)
-describes speed, designed to meet the needs of corporations
- same ul/dl speed (up to 100 Mbps = < 300m)
-WDM = enables individual SMF to carry multiple signals by giving each signal diff wavelength -copper lines and fiber-optic
-most expensive
SONET Level
Line Speed
Signal Method
OC-1
51.85 mbps
STS-1
3.CABLE MODEMS
OC-3
155.52 Mbps
STS-3
-coax cable (5-100Mbps/2-10Mbps)
OC-12
622.08 Mbps
STS-12
-BNC and RJ-45
OC-24
1.244 Gbps
STS-24
-DOCSIS 3.0 = increases transmission speed and introduces IPv6
OC-48
2.488 Gbps
STS-48
OC-192
9.955 Gbps
STS-192
4.SATELLITE
OC-256
13.22 Gbps
STS-256
a)One-Way = DL via satellite, UL via PSTN/dial-up
OC-768
39.82 Gbps
STS-768
b)Two-Way = DL/UL via satellite
PACKET SWITCHING = first gen packet switching was X.25 (CCIT protocol)
FR

5.CELLULAR WAN
a)Mobile data service

-efficient
-designed for T-carrier lines
-doesnt guarantee delivery of all frames

-GSM, GPRS, EDGE, HSPDA

b)WiMAX 802.16
-up to 30miles

ATM
-integrated voice, video and data in one connection
-use cells to transport information
-155.52 to 622.08 Mbps

6.LTE, FIBER, BPL (PoE)

MPLS
-uses header info to route packets quicker
-perfect for VPNs

REMOTE ACCESS
a)Dial-up to the Internet = inexpensive
b)Private Dial-up = remote system to private network, doesnt use the internet (RAS)
c)VPN = tunneling
d)Dedicated connection = never disconnected
e)DSL and Cable = split cables degrade signal in half (dB), 0dB is solid, - loss + gain
f)Remote terminal (RDP)
g)VoIP = RTP, SIP, H.323
h)Skype

WIRELESS NETWORKING
802.11 = WiFi standard (2.5GHz), 14 channels (US 1-11, no! 6,7)
Non-overlapping = 1, 6, 11 (by default)
AP = works at L1
Range = 150ft / 45m
BSSID = 48bits of random numbers, one AP, one or more nodes
SSID = 32bit name
ESSID = SSID applied to multiple APs
Spread-spectrum = broadcasts data in small chunks over different frequencies
DSSS = multiple frequencies at a time, 22Mhz
FHSS = one frequency at a time, shifting frequencies (hopping), 1Mhz
OFDM = multiple frequencies with hopping
CSMA/CA = collision avoidance for Wi-Fi (radio is half-duplex, CD doesnt work)
a)DCF = additional back-off wait period, requires nodes to send ACK for every frame
b)PCF = not used
NETWORK MODES
1.Ad Hoc (peer-to-peer) Mode
-no AP, uses Mesh topology
-works best for small <12 computers
-IBSS

802.11 = 2.4GHz, 2Mbps, 300ft/90m, DSSS

802.11b = 2.4GHz, 11mbps, 300ft/90m, DSSS
802.11a = 5.0GHz, 54Mbps, 150ft/45m, DSSS
802.11g = 2.4GHz, 54Mbps, 300ft/90m, OFDM, backwards-compatible (b)
802.11n = 2.4GHz, 100Mbps, 300ft/90m, OFDM, backwards-compatible (a,b,g)
-MIMO = multiple simultaneous connections using multiple antennas
-Transmit beamforming = gets rid of dead spots
SECURITY
1.MAC Address Filtering
-uses ACL and stores a table of IPs (whitelist, blacklist)
2.Athentication
3.Data Encryption
a)WEP
-64 or 128bit algorithm (RC4 encryption)
-key is static and shared
-doesnt support authentication by login, but only by MAC address
b)WPA
-uses TKIP (adds 128bit encryption key)
c)WPA2
-uses AES (128bit cipher)
-if using RADIUS with WPA2 = WPA2-Enterprise
d)PoE
-receives power from ethernet cable
Omnidirectional (dipole antennas) = in all ways
Centered (directional or bean antennas) = one way
AP = normal gain 2dB
Beacon = timing frame sent from AP at regular intervals, enables wi-fi to function
Wireless bridge = connects two networks together (P2P=two bridges, P2M=multiple bridges)

2.Infrastructure Mode
-uses one or more APs
-similar to Star topology
-used to connect to wired
-one AP = BSS (Basic Service Set)
-more APs = ESS (Extended Service Set)

PROTECTING YOUR NETWORK

THREATS
SECURITY
a)System Crash/HW Failure
a)Authentication = Ownership (pass), Knowledge (id card), Inherent (fingerprint, retina)
b)Administrative Access Control (ACLs)
b)Passwords
c)Malware = Virus, Worm, Macro, Trojan, Rootkit, Adware/Spyware
c)Controlling User Accounts (delete expired, use groups
-anti-malware software, training and awareness, policies and procedures, patch management d)Firewalls = NAT, IP,Mac, port blocking/filtering, proxy serving
incident response
e)Network Zones = DMZ, Honeypot
d)Social Engineering = Phishing
f)Vulnerability Scanner = Nmap
e)Man in the Middle
f)DOS = Smurf (ping to broadcast addr), DDOS
g)Physical Intrusion
i)Attack on WiFi = Leeching, Cracking, Rogue AP, Evil Twin

VIRTUALIZATION
supervisor = handles very low-level interaction among HW and SW
hypervisor = runs multiple virtual machines, doesnt require OS

benefits = power saving, HW consolidation, system recovery, snapshots, research

Virtual Machine Managers, KVM, Hypervisors, Virtual Switches, Virtual PBX, NaaS

NETWORK MANAGEMENT
Asset Management = managing each aspect of a network
Monitoring
-performance monitor
-logs and network traffic = syslog, Windows Event Viewer
Configuration Management
-network connectivity = wiring schemes, network diagrams, network maps
-baselines = a log of performance indicators (cpu, hdd, network...)
-policies, procedures, configurations = AUP, Security Policy, Configuration, Regulation
-regulations = what to do in case of an issue
-change management = update documentation on every change

Optimization
-caching
-controlling data throughput = QoS (802.1Q @ L2), traffic shaping
-keeping resources available = HA
-data backup
-UPS
-RAID = RAID0,1,5,6,10
-load balancing

BUILDING A SOHO NETWORK

DESIGN
1.List of requirements (define the network needs)
2.Network design = workstations, servers, equipment room, peripherals
3.Compatibility issues
4.Internal connections
5.External connections
6.Peripherals
7.Security

NAS = network attached storage

R&D = research & development, good for virtualization
equipment room = IDF
LOM = gives access to a server even when the server is shut off
PMTU Black Hole = when FW blocks ICMP and PMTU is worthless

NETWORK TROUBLESHOOTING
HARDWARE
Cable Tester = open circuit, short, lack of continuity, wire map problem, crosstalk, noise
impedance mismatch, echo
TDR = if break of the cable (copper)
OTDR = where break on the cable (fiber-optics)
Cable Certifier = (underperformance) crosstalk, attenuation, interference, impedance misma
Voltage Event Recorder = temperature issues
Protocol Analyzer = Wireshark
Cable Stripper = to make UTP cables
Multimeter = test voltage, resistance, continuity (if no cable tester)
Tone Probe & Tone Generator = locates the cable
Butt Set = check if line is working on 66 or 110 block
Punchdown tool = puts UTP cable into 66 or 110 block

SOFTWARE
tracert/traceroute, ipconfig/ifconfig, ping/arping, nslookup/dig, hostname, mtr, route, nmap,
nbtstat , netstat, wireshark, speedtest
TROUBLESHOOTING
1.Identify the problem = gather info, identify symptoms, question users, anything changed?
2.Establish a theory = question the obvious
3.Test the theory = next step or re-establish
4.Establish a plan of action
5.Implement the plan
6.Verify system functionality
7.Document findings