INDEX

A

A (address) DNS records, 339

AAA (Authentication, Authorization, and Accounting).

multilayer switches, 420–421

overview, 375–377

AAAA DNS records, 339, 442

absorption issues in Wi-Fi, 533

abstraction in virtualization, 545–547

acceptable use policies (AUPs)

provisions, 630–631

Wi-Fi, 534

access

acceptable use policies, 630–631

administrative, 671–672

data centers, 584

hardware, 681

network policies, 631–632

switches, 397–398

telecommunications room location, 136

access control lists (ACLs)

administrative access, 671–672

authorization models, 372

firewalls, 699–700, 702

MAC filtering, 504

router issues, 769–770

access control vestibules, 682

access-list command for firewalls, 700

access tokens in Kerberos, 379

accounting in AAA, 377

accounts

cloud computing, 569–570

controlling, 685–688

malicious, 670–671

trusted and untrusted, 669–670

user, 685–688

ACK (Acknowledgment) messages

DCF, 493

DHCP, 216

three-way handshakes, 175, 283

acknowledgment number field in TCP, 175

ACLs. See access control lists (ACLs)

Acrylic Wi-Fi, 511

actions for troubleshooting, documenting, 756

activation of viruses, 673

active-active aggregation connections, 766

active-active high availability, 591

Active Directory

DDNS, 343

DNS servers, 333–334

Kerberos authentication, 378–379

LDAP, 391

RADIUS, 501

state data, 646

active FTP, 306

active-passive high availability, 592, 766

activity lights for NICs, 161

actors, threat, 640

actuators

DCS, 620

edge access control, 688–689

SCADA, 624

ad hoc mode in 802.11, 488

ad hoc networks, setting up, 514–515

adapters, loopback, 163

Adaptive Security Appliance (ASA), 699, 771

address (A) DNS records, 339

Address Resolution Protocol (ARP)

arp utility, 741

cache poisoning, 662–666

requests, 179–180

spoofing, 660

TCP/IP, 195–196

addresses

IP. See IP addresses

MAC. See media access control (MAC) addresses

administrative access control, 671–672

administrative distance, 262–263

ADSL (asymmetric DSL), 456

advanced distance vector protocols, 262

Advanced Encryption Standard (AES), 358

advanced networking devices, 410

adware, 674

AES (Advanced Encryption Standard), 358

African Network Information Centre (AFRINIC), 430

agents

network security, 690–691

SNMP, 390, 709

VLANs, 408

aggregation

IPv6, 438–441

multilayer switches, 414

NICs, 160

route, 259

troubleshooting, 765–766

aggregation layers in data centers, 585

AH (Authentication Header) protocol, 387

Aircrack-ng tool, 643

airflow in environment, 593

AirMagnet Survey Pro tool, 509–511

AirPort Utility, 529–530

alerts

cloud, 570

emergency systems, 594

interface errors, 719

SNMP, 712

alignment of antennas, 519

Amazon Echo products, 608–609

American National Standards Institute (ANSI), 451

American Registry for Internet Numbers (ARIN), 197, 430

amplification in denial of service, 667

angled physical contact (APC) connectors, 99

Angry IP Scanner, 747–748

ANSI (American National Standards Institute), 451

ANSI/TIA-606-C naming convention, 124

Ansible tool, 566–568

antennas

infrastructure networks, 515–520

omnidirectional, 516–518

patch, 518–519

placement, 515–516

polarization and alignment, 519–520

satellites, 461

unidirectional, 518

Wi-Fi, 531, 533–534

anti-malware programs

overview, 696–697

rogue, 694

anycast addresses, 432

AnyConnect DTLS VPN, 476

APC (angled physical contact) connectors, 99

APIPA (Automatic Private IP Addressing), 223–224

APIs (Application Programming Interfaces), 34

APNIC (Asia-Pacific Network Information Centre), 430

appliance problems, 771

application-aware firewalls, 698

Application layer

OSI seven-layer model, 33–35

TCP/IP protocols, 176–177

application planes in SDN, 563

Application Programming Interfaces (APIs), 34

applications, TCP/IP. See TCP/IP applications

approval process in change management, 635

areas, OSPF, 261

ARIN (American Registry for Internet Numbers), 197, 430

ARP. See Address Resolution Protocol (ARP)

arp utility, 741

ARPANET, 320

arping utility, 741–742

ASA (Adaptive Security Appliance), 699, 771

Asia-Pacific Network Information Centre (APNIC), 430

ASNs (Autonomous System Numbers), 258

ASs (Authentication Servers) in Kerberos, 379

ASs (Autonomous Systems), 258–259

assessing data centers, 600–602

assets

disposal, 672

monitoring, 684

risk assessment, 640

tags, 683

assigning

IP addresses, 197–198, 209–210

VLANs, 405–406, 760

asymmetric DSL (ADSL), 456

asymmetric-key encryption, 358–360

asymmetric routing, troubleshooting, 771

attacks

network security. See network security

WPS, 497

attenuation

copper cabling, 153

fiber-optic cabling, 155, 157

optical link budget, 768–769

Wi-Fi, 533

attributes, authentication, 371

audits

data centers, 601–602

logs, 725

AUPs (acceptable use policies)

provisions, 630–631

Wi-Fi, 534

authentication

AAA, 377

with encryption, 385–387

remote access, 467

secure applications, 310

TCP/IP security, 354, 370–371

user standards, 373–380

Authentication, Authorization, and Accounting (AAA).

multilayer switches, 420–421

overview, 375–377

Authentication Header (AH) protocol, 387

Authentication Servers (ASs) in Kerberos, 379

authoritative name servers, 322, 326

authorization

AAA, 377

remote access, 467

TCP/IP security, 354, 371–372

auto-medium-dependent interface crossover (MDI-X), 84

Automatic Private IP Addressing (APIPA), 223–224

automation

home, 607–609

IaC, 554–555

virtualization, 566–567

Autonomous System Numbers (ASNs), 258

Autonomous Systems (ASs), 258–259

availability in CIA triad, 657

available leases in DHCP, 216

B

backbones

data centers, 585

Gigabit Ethernet, 105–106

Internet, 450, 452

OSPF areas, 261

backdoor access, 688

backhaul connections in SD-WAN, 455

backoff in CSMA/CA, 492

backups

anti-malware programs, 696

business continuity, 647–648

configuration, 637

data centers, 587

disaster recovery, 646–647

high availability, 592

patches, 637

power, 120, 165, 593

router setup, 273

in troubleshooting, 750

bad ports in NICs, 163

badges, 682

bandwidth

802.11, 491–492

cable category ratings, 56–57

channel, 491

dynamic routing, 252

Ethernet, 81

full-duplex, 96

link aggregation, 765–766

OSPF, 261

QoS, 413–414

VTC, 617

WAPs, 532–533

bandwidth-efficient encoding schemes, 57

bandwidth shaping in multilayer switches, 413–414

bandwidth speed testers, 748

banner grabbing, 670

bare-metal data centers, 589

barrel connectors, 53–54

baseband

10BASE-FL, 77

10BASE-T, 72, 76

100BASE-FX, 95

100BASE-T, 92

baselines

data center configurations, 600

performance, 721

troubleshooting, 760

basic service set identifiers (BSSIDs), 490–491

basic service sets (BSSs) in 802.11, 489

battery backups, 165, 593

BC (business continuity), 647–648

BCPs (business continuity plans), 647–648

beacons in infrastructure networks, 521–522

beam antennas, 518

beamforming in 802.11n, 495

bend radius limitations in fiber-optic cabling, 155

BGP (Border Gateway Protocol), 257–260

bidirectional (BiDi) transceivers, 104–105

bidirectional wavelength division multiplexing (BWDM), 451–452

binary and decimal values, converting, 182–183, 207–209

binary encryption, 356–357

BIND server, 334, 412

biometrics, 371

bitwise operations in encryption, 357

BIX blocks, 126

blacklists, 504

BLE (Bluetooth Low Energy) technology, 612

block ciphers, 358

blocked ports, 769

blocked services, 678

blocking policies, 772

blocks

data centers, 587

network, 197

Bluetooth, 611–612

Bluetooth Low Energy (BLE) technology, 612

BNC connectors, 51–52

bonding

NICs, 160

port, 414

Border Gateway Protocol (BGP), 257–260

botnets, 667

bots, 667

bottlenecks, monitoring, 725

Bottom of Label Stack in MPLS headers, 453

bottom-to-top OSI model troubleshooting approach, 753

bounce in Wi-Fi, 533

BPDU guards, 86

BPDUs (bridge protocol data units), 85–86

branch offices for data centers, 589

breaches, data, 630

bridge protocol data units (BPDUs), 85–86

bridges

DSL, 458

Ethernet, 81

wireless networks, 527

bridging loops, troubleshooting, 767

bring your own device (BYOD) deployment, 632–633

broadband

10BASE-T, 72

vs. baseband, 92

cable, 459–461

broadcast addresses, 16

broadcast domains in switches, 83

broadcast storms, troubleshooting, 766–767

broadcasts

MAC addresses, 16

packets, 198

routing tables, 241–242

broken cable, 733

browsers, HTTP and HTTPS for, 307–311

brute force attacks

Caesar cipher, 355–356

passwords, 669

BSSIDs (basic service set identifiers), 490–491

BSSs (basic service sets) in 802.11, 489

buffers for fiber-optic cabling, 59

bus topologies

Ethernet, 71–72

overview, 44–46

business continuity (BC), 647–648

business continuity plans (BCPs), 647–648

business risk assessments, 644–645

BWDM (bidirectional wavelength division multiplexing), 451–452

BYOD (bring your own device) deployment, 632–633

C

C2 (command and control) protocols, 667

cable drops, 135

cable strippers, 736

cable testers, 733–734

cable trays, 137–138

cabling and connectors, 50

broadband, 459–460

certifiers, 154, 735

coaxial, 50–54

copper, 50–59

fiber-optic, 59–62

fire ratings, 63

IEEE standards, 63–64

overview, 43

Physical layer, 6

review, 65–66

routers, 263, 268

structured. See structured cabling

testing, 164–165, 733–734

toners, 166–168

troubleshooting, 761

twinaxial, 54

twisted pair, 54–59

cache poisoning

ARP, 662–666

DNS, 660

caches

ARP, 180

DNS, 329, 334–335

flow monitoring, 716

Cacti application, 723–725

Caesar cipher, 355–356

cameras, 685

campus area networks (CANs), 449, 605–607

canonical name (CNAME) DNS records, 339–340

capacitance of coaxial cable, 53

captive portals in Wi-Fi, 534

capture files with packet sniffers, 713

capture filters in protocol analyzers, 715

carrier-sense multiple access with collision avoidance (CSMA/CA), 492–493

carrier-sense multiple access with collision detection (CSMA/CD), 79–81, 492–493

CAs (certificate authorities), 368–370

category (Cat) cable ratings, 56–58

CCE (Certified Computer Examiner), 648

CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol), 502

CCMP-AES cipher, 502

CCTVs (closed-circuit televisions), 685

CDMA (code-division multiple access), 463

CDNs (content delivery networks), 432

cellular access, 461–462

5G, 465

GSM and EDGE, 462–463

HSPA+, 464

LTE, 464–465

CENELEC, 113

central boxes

description, 7

frames, 15–16

Cerf, Vinton, 23

certificate authorities (CAs), 368–370

certificates

HTTPS, 387–388

nonrepudiation, 366–370

SSL, 385

troubleshooting, 771

Certified Computer Examiner (CCE), 648

Certified Forensic Computer Examiner (CFCE), 648

certifiers, cable, 154, 735

chain of custody, 650

Challenge Handshake Authentication Protocol (CHAP), 374

change

managing, 634–636

in troubleshooting, 751–752

change requests, 635

channels

802.11, 491–492

802.11g, 495

infrastructure networks, 524–525

overlap issues, 528–529

unencrypted, 679

Wi-Fi issues, 528–529

CHAP (Challenge Handshake Authentication Protocol), 374

chassis sensors, 718

checksums

hashes, 361

TCP, 175

choose your own device (CYOD), 633

CI/CD (continuous integration/continuous deployment), 555

CIA (confidentiality, integrity, and availability) triad, 656–657

CIDR. See Classless Inter-Domain Routing (CIDR)

cipher locks, 683

ciphers and ciphertext, 355

Cisco Configuration Professional, 269

Cisco IOS, 265–267

Cisco Network Assistant, 269

Cisco Prime Infrastructure, 269

cladding for fiber-optic cabling, 59

class of service (CoS) in DSCP, 617–618

classes for IP addresses, 197–199

classless addresses, 207

Classless Inter-Domain Routing (CIDR)

host calculations, 201

subnet masks, 196

subnets, 199–209

summary, 209

cleartext credentials, 679–680

cleartext data, 355

client-server networks, 38

client-to-site VPN connections, 475

clientless VPNs, 475

clients

DHCP, 214–216

disassociation issues, 537

DNS, troubleshooting, 343–347

e-mail, 302–303

infrastructure networks, 526

troubleshooting, 764

WAPs, 508

Wi-Fi installation, 513–514

Wi-Fi isolation, 504–505

CLIs (command-line interfaces), 739

clock strata in NTP, 286

close-ended questions in troubleshooting, 751

closed-circuit televisions (CCTVs), 685

cloud-based anti-malware, 697

cloud bursting, 553

cloud computing

DaaS, 574–576

deployment methods, 553

IaaS, 550–551, 571–573

IaC, 554–556

overview, 548–549

PaaS, 551–552

resource interconnections, 576–578

resource management, 569–570

review, 578–580

Rocket.Chat platform, 564–568

SaaS, 552–553

service-layer cake, 549

virtualization. See virtualization

cloud sites, 647

clusters

load balancing, 591

multilayer switches, 411

CNAME (canonical name) DNS records, 339–340

co-resident switches, 584

coarse wavelength division multiplexing (CWDM), 452

coaxial cable, 50–54

COBO (corporate-owned, business only) deployment model, 633

code-division multiple access (CDMA), 463

cold sites, 647

collisions

CSMA/CA, 492–493

CSMA/CD, 79–81

troubleshooting, 768

colons (:) in IPv6 addresses, 427–428

Combs, Gerald, 713

command and control (C2) protocols, 667

command-line interfaces (CLIs), 739

common agreements, 639–640

common polarization in antennas, 519

Common Vulnerabilities and Exposures (CVE) database, 659

communications technologies for Internet of Things, 610–612

community clouds, 553

company security policies, troubleshooting, 772

complexity of passwords, 638

component relocation in virtualization, 548

compromised system symptoms, 695

computer telephony integration (CTI), 614

concentrators for VPNs, 474

confidentiality, integrity, and availability (CIA) triad, 656–657

conflicting permissions, 688

connection-oriented communication

vs. connectionless, 28–29

description, 282–284

connectionless communication

vs. connection-oriented, 28–29

description, 282

connections

10 gigabit Ethernet, 103

cable, 141–146

demarcs, 133–134

NICs, 158–159

patch panels, 146–148

port status, 294–296

routers, 263–267, 271

Wi-Fi issues, 528–537

connectivity

local and cloud resources, 576–578

WAN. See wide area network (WAN) connectivity

connectors. See cabling and connectors

console ports

routers, 264

switches, 396–397

containerization, 547

content delivery networks (CDNs), 432

content filtering, 700

content switches, 412

context-aware firewalls, 698

contingency planning

business continuity, 647–648

disaster recovery, 646–647

forensics, 648–651

incident response, 645

overview, 645

continuity testers

cable, 733

copper cabling, 149

continuous integration/continuous deployment (CI/CD), 555

Control Plane Policing, 693

control planes

routers, 561

switches, 396

controllers

DCS, 620–621

domain, 334, 378

enterprise wireless, 507

SDN, 562

convergence for routers, 256

converting decimal and binary values, 182–183, 207–209

cooling factors in telecommunications room location, 136

COPE (corporate-owned, personally enabled) deployment model, 633

copper-based 10 GbE, 103

copper cabling

coaxial, 50–54

testing, 148–154

twinaxial, 54

twisted pair, 54–59

core for fiber-optic cabling, 59

core layers in data centers, 585

corporate-owned, business only (COBO) deployment model, 633

corporate-owned, personally enabled (COPE) deployment model, 633

CoS (class of service) in DSCP, 617–618

costs

dynamic routing, 252

OSPF, 261

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), 502

counters, performance, 721

couplers, cable, 164–165

CPE (customer premises equipment), 133, 477–478

CRC (cyclic redundancy check), 14, 71

credentials

cleartext, 679–680

default, 692

crimpers

description, 736

patch cables, 142–145

UTP cable, 74

cross-polarization in antennas, 519

crossover cable

inadvertent, 123

routers, 268

switches, 84–85

troubleshooting, 761

crosstalk

cable, 733

copper cabling, 152–153

patch panels, 125

punchdown blocks, 124

twisted pair cable, 54

crypto-malware, 672–673

CSMA/CA (carrier-sense multiple access with collision avoidance), 492–493

CSMA/CD (carrier-sense multiple access with collision detection), 79–81

CTI (computer telephony integration), 614

customer premises equipment (CPE), 133, 477–478

CVE (Common Vulnerabilities and Exposures) database, 659

CWDM (coarse wavelength division multiplexing), 452

cyclic redundancy check (CRC), 14, 71

cyclical log files, 721

CYOD (choose your own device), 633

D

DaaS (desktop as a service), 574–576

DAC (direct attached cable), 54

DAC (discretionary access control) model, 372

DAI (Dynamic ARP Inspection), 665–666

damaged fiber-optic cables, 154

DARPA (Defense Advanced Research Projects Agency), 23

data breaches, 630

data centers

architecture and design, 582–585

assessments, 600–602

audit reports, 601–602

baseline configurations, 600

documentation, 594–602

emergency procedures, 594

environment, 593

high availability, 591–594

locating, 589

network diagrams, 595–597

overview, 581–582

power, 593

review, 602–604

SDN, 590

site surveys, 600–601

spine-and-leaf architecture, 590–591

storage, 587–588

tiers, 583–584

traffic flows, 585–586

virtualization, 589

Data field for frames, 14

Data Link layer, 18–19

data loss prevention (DLP), 631

Data Over Cable Service Interface Specification (DOCSIS), 460

data parts in Ethernet frames, 71

data planes

routers, 561

switches, 396

data storage for data centers, 587–588

data transport in forensics, 650

data virtual local area networks, 400

databases, 304–305

Datagram TLS (DTLS) VPNs, 476

datagrams

description, 27

UDP, 30, 176

dB (decibel) loss in cable, 154

DCF (Distributed Coordination Function), 493

DCSs (distributed control systems), 620–622

DDNS (Dynamic DNS), 342–343

DDoS (distributed denial of service) attacks, 667

dead spots in 802.11n, 495

deauthentication (deauth) attacks, 537, 668

decapsulation in OSI seven-layer model, 35

decibel (dB) loss in cable, 154

decimal and binary values, converting, 182–183, 207–209

dedicated instances in cloud computing, 570

dedicated switches in data centers, 584

default credentials, 692

default-free zones (DFZs), 438

default gateways

LANs, 190, 193

switches, 397

default routes in routing tables, 238, 241

default subnet masks (DSMs), 202

default user accounts, 688

default VLANs, 400

Defense Advanced Research Projects Agency (DARPA), 23

defense in depth, 657–658

definition files in intrusion detection systems, 416

degradation in fiber-optic cabling, 154–155

delay in dynamic routing, 252

demarcation points (demarcs)

connections, 133–134

DSL, 457

overview, 131–133

WANs, 478–479

demilitarized zones (DMZs) in firewalls, 700–701

denial of service (DoS) attacks, 666–667

dense wavelength division multiplexing (DWDM), 451–452

deployment

cloud computing, 553

mobile models, 632–633

desktop as a service (DaaS), 574–576

destination addresses in Ethernet, 69

Destination entry in routing tables, 236–238

destination host unreachable messages in ICMP, 287

development environments in IaC, 555

device IDs in MAC addresses, 10

devices

configuration troubleshooting, 759

logs, 721

network. See network devices

sensors, 718

unused, 672

WAP saturation, 532

DFZs (default-free zones), 438

dhclient command, 225

DHCP. See Dynamic Host Configuration Protocol (DHCP)

DHCPv6, 435–437

DHCPv6 Prefix Delegation (DHCPv6-PD), 436–437

diagnostics. See also troubleshooting

cabling, 164–165

lights, 162–163

NICs, 163

physical problems, 162

TCP/IP network issues, 347–349

telecommunications rooms, 165–166

toners, 166–168

dictionary password attacks, 669

differentiated services code point (DSCP), 617–618

differentiated services (DiffServ), 617

dig (domain information groper) tool, 346, 742–743

Digital/Intel/Xerox (DIX) standard, 68

Digital Signature Algorithm (DSA), 360

digital signatures in nonrepudiation, 365–366

digital subscriber line (DSL), 456–459

dipole antennas, 516–517

direct attached cable (DAC), 54

direct-sequence spread-spectrum (DSSS), 491

directed broadcasts in routing tables, 241

dirty optical cables, 154–155

disabling

ports, 693

SSID broadcasts, 504

unnecessary services, 677–678, 693

user accounts, 686

disassociation issues in Wi-Fi, 537

disaster recovery, 646–647

Discover messages in DHCP, 215

discovery, Bluetooth, 611

discretionary access control (DAC) model, 372

dispersion in fiber-optic cabling, 155

display filters in protocol analyzers, 715–716

disposal of assets, 672

distance factors in telecommunications room location, 136

distance limitations

couplers, 165

Wi-Fi, 529

distance vector routing protocols, 253–257

distributed control systems (DCSs), 620–622

Distributed Coordination Function (DCF), 493

distributed denial of service (DDoS) attacks, 667

distributed switches, 558

distribution layers in data centers, 585

diverse paths for high availability, 592

divide and conquer troubleshooting approach, 754

DIX (Digital/Intel/Xerox) standard, 68

DKIM (DomainKeys Identified Mail), 342

DMARC (Domain-based Message Authentication, Reporting, and Conformance), 342

DMZs (demilitarized zones) in firewalls, 700–701

DNS. See Domain Name System (DNS)

DNSSEC (DNS Security Extensions), 343, 660

DOCSIS (Data Over Cable Service Interface Specification), 460

documentation

changes, 636

data centers, 594–602

forensics, 649

router setup, 273

troubleshooting, 755–757

Domain-based Message Authentication, Reporting, and Conformance (DMARC), 342

domain controllers, 378

domain information groper (dig) tool, 346, 742–743

Domain Name System (DNS)

cache poisoning, 660

caching, 334–335

client troubleshooting, 343–347

DDNS, 342–343

description, 284, 317–318

DNSSEC, 343

forward lookup zones, 336

IPv6, 441–442

load balancing, 411–412

name resolution, 329–333

name servers, 326–327

name spaces, 322–326

overview, 321–322

primary and secondary servers, 327

public servers, 342

records, 336–342

reverse zones, 328

review, 350–352

server administration, 333–343

TCP/IP network issues, 347–349

troubleshooting, 761, 764

UDP, 176

WANs, 478

Domain Name System Security Extensions (DNSSEC), 343, 660

DomainKeys Identified Mail (DKIM), 342

domains in Active Directory, 333–334

dongles for NICs, 8

doorbells, 609–610

doors

access controls, 682–683

emergency procedures, 594

smart lockers, 683–684

DoS (denial of service) attacks, 666–667

dots (.)

DNS, 324

IP addresses, 181

dotted decimal notation for IP addresses, 22, 181–182, 207–209

double-tagging VLAN attacks, 406

drivers for NICs, 159–160

drops in Gigabit Ethernet, 97

DSA (Digital Signature Algorithm), 360

DSCP (differentiated services code point), 617–618

DSL (digital subscriber line), 456–459

DSL Access Multiplexer (DSLAM), 457

DSMs (default subnet masks), 202

DSSS (direct-sequence spread-spectrum), 491

DTLS (Datagram TLS) VPNs, 476

dual stacks for IP addresses, 442–444

dumb terminals, 297

duplex

full-duplex Ethernet, 95–96

Gigabit Ethernet, 104

interface monitors, 719

NICs, 74

switches, 399

troubleshooting, 768

duplex fiber-optic cabling, 60

duplicate addresses, troubleshooting, 763

DWDM (dense wavelength division multiplexing), 451–452

Dynamic ARP Inspection (DAI), 665–666

Dynamic DNS (DDNS), 342–343

Dynamic Host Configuration Protocol (DHCP)

configuring, 216–219

description, 285

failures, 223–225

IP addresses, 214–215

IPv6, 435–437

multiple servers, 225–226

operation, 215–216

relay, 219

reservations, 219–222

rogue servers, 226–227

router setup, 271–272

snooping, 662

starvation attacks, 668

troubleshooting, 764

UDP, 176

VLANs, 408–409

dynamic multipoint VPN (DMVPN), 476

dynamic NAT (DNAT), 247

dynamic ports, 290

dynamic protocols in router setup, 273

dynamic routing

benefits, 262

distance vector, 253–257

EIGRP, 261–262

link state, 260–261

metrics, 251–253

overview, 250–251

path vector, 257–260

route redistribution and administrative distance, 262–263

dynamic VLANs, 405

E

e-mail

clients, 302–303

protocols, 299

secure, 388–389

servers, 300–301

SNMP alerts, 712

spoofing, 660

web, 303–304

EAP (Extensible Authentication Protocol), 498–500

east-west traffic in data centers, 586

ECDSA (Elliptic Curve DSA), 360

echo requests and replies in ICMP, 286–287

ECN (explicit congestion notification), 617–618

ECPM (Equal-Cost Multipath) protocol, 590

EDGE (Enhanced Data rates for GSM Evolution), 463

edge layers in data centers, 584

edge routers, 259

edge security, 688–689

Edit IP Settings dialog, 211

EDNS (Extension Mechanisms for DNS), 343

effective isotropic radiated power (EIRP), 531

effective permissions, 687

effective radiated power (ERP), 531

EGP (Exterior Gateway Protocol), 258–259

EIA (Electronic Industries Alliance), 113–114

8 position 8 contact (8P8C) connectors, 58–59

802.1Q trunk standard, 402

802.1x standard, 500–502

802.11 standard, 485

BSSID, SSID, and ESSID, 490–491

channels, 491–492

CSMA/CA, 492–493

hardware, 485–486

range, 490

software, 487–488

transmission frequencies, 491

transmission methods, 491

802.11a standard, 494

802.11ac standard, 496

802.11ax standard, 496–497

802.11b standard, 493–494

802.11g standard, 494–495

802.11n standard, 495–496

802.3 working group standards, 68–69

802.3a standard, 509

EIGRP (Enhanced Interior Gateway Routing Protocol), 261–262

EIRP (effective isotropic radiated power), 531

elasticity in cloud computing, 569

electromagnetic interference (EMI)

100BASE-FX, 94

coaxial cable, 51

copper cabling, 149

troubleshooting, 761

twisted pair cable, 55

WANs, 478–479

Electronic Industries Alliance (EIA), 113–114

Elliptic Curve DSA (ECDSA), 360

emergency procedures in data centers, 594

EMI. See electromagnetic interference (EMI)

employee training, 638

EN (Europe Norm), 113

Encapsulating Security Payload (ESP), 387

encapsulation

frames, 13

IP packets, 178–179, 274

OSI seven-layer model, 35

VPNs, 476

encryption

asymmetric-key, 358–360

with authentication, 385–387

infrastructure networks, 523–524

OSI model, 360–361

overview, 354–355

secure applications, 310

SSH, 381–384

standards, 380–384

substitution ciphers, 355–356

symmetric-key, 357–359

tunneling, 383–384

Wi-Fi, 498

Wi-Fi mismatches, 529

WPA2, 503

XOR operation, 356–357

endpoints

ports, 291

PPTP, 472

tunnel brokers, 445

VPNs, 470–471

Enhanced Data rates for GSM Evolution (EDGE), 463

Enhanced Interior Gateway Routing Protocol (EIGRP), 261–262

enhanced quad small form-factor pluggable connectors, 106–107

enhanced small form-factor pluggable Gigabit Ethernet, 104

enterprise wireless

administration, 506–508

construction, 506

overview, 505–506

PoE, 508–509

VLAN pooling, 508

environment

data centers, 593

monitors, 166

sensors, 718

ephemeral ports, 290

Equal-Cost Multipath (ECPM) protocol, 590

equipment in service-level agreements, 639

equipment racks, 118–122

ERP (effective radiated power), 531

escalating problems, troubleshooting, 754–755, 772

ESP (Encapsulating Security Payload), 387

ESSIDs (extended service set identifiers), 490–491

ESSs (extended service sets), 489

ESX hypervisor, 544

Ethernet

10 gigabit, 100–106

10BASE-FL, 76–78

10BASE-T, 72–76

40 GbE, 106–107

100 GbE, 106–107

100-megabit, 91–96

100BASE-FX, 94–95

100BASE-SX, 95

100BASE-T, 92–94

802.3 working group standards, 68–69

1000BASE-LX, 98–99

1000BASE-SX, 97

bus, 71–72

CSMA/CD, 79–81

evolutions, 100–107

frames, 14–15, 69–71

full-duplex, 95–96

Gigabit, 97–100

history, 68

hubs, 81

IP, 177–181

overview, 67

review, 87–89, 107–109

segment connections, 84–86

switches, 81–87

Ethernet frames in IP packets, 178–179

EUI-64 (Extended Unique Identifier, 64-bit), 429

EUIs (Extended Unique Identifiers), 10–15

Europe Norm (EN), 113

event management in SNMP, 712

everything-as-a-service, 574

evidence collection in forensics, 650–651

evil twins APs, 536

Evolved High-Speed Packet Access, 464

Exchange Server, 301

exclusion ranges in DHCP, 220

exclusive OR (XOR) operation in encryption, 356–357

Exim e-mail server, 300

exit plans in emergency procedures, 594

Experimental Bits (Exp) in MPLS headers, 453

explicit congestion notification (ECN), 617–618

explicit denies, 700

extended service set identifiers (ESSIDs), 490–491

extended service sets (ESSs), 489

Extended Unique Identifier, 64-bit (EUI-64), 429

Extended Unique Identifiers (EUIs), 10–15

extending wireless networks, 527

Extensible Authentication Protocol (EAP), 498–500

extensible protocols in SNMP, 709

Extension Mechanisms for DNS (EDNS), 343

extensions for demarcs, 133

Exterior Gateway Protocol (EGP), 258–259

external DNS servers, 333

external firewalls, 701

external threats, 658

externally imposed policies, 634

extranets, 466

F

F connectors, 52

facilities and infrastructure support

data centers, 593–594

telecommunications rooms, 165

facilities performance, 721

factory reset/wipe configuration, 672

fail safe locks in emergency procedures, 594

failover

DHCP, 226

high availability, 592

fair access policies, 772

far-end crosstalk (FEXT), 153

Fast Ethernet, 92

fault tolerance in star topologies, 46

FC (Fibre Channel), 588

FCoE (Fibre Channel over Ethernet), 588

FCS (frame check sequence)

frames, 14, 70–71

overview, 16–17

FEC (Forwarding Equivalence Class) in MPLS, 454–455

FHRPs (first hop redundancy protocols), 592

FHSS (frequency-hopping spread-spectrum), 491

fiber distribution panels, 133

fiber-optic cabling and connectors

10 GbE, 101–102

10BASE-FL, 76–78

100BASE-FX, 94–95

light meters, 735

network interface units, 132

NICs, 158

overview, 59–62

SFF, 98–99

testing, 154–157

transceivers, 103–105

WANs, 451–452, 461

Fibre Channel (FC), 588

Fibre Channel over Ethernet (FCoE), 588

fifth generation (5G) cellular, 465

file hashing, 361–362

file integrity monitoring (FIM), 726–727

File Transfer Protocol (FTP), 305–306

filters

firewalls. See firewalls

MAC addresses, 504, 522

ports, 700

protocol analyzers, 715–716

FIM (file integrity monitoring), 726–727

FIN (final) segments, 283

fire ratings for cable, 63

fire suppression systems, 593

firewalls

ACLs, 699–700, 702

advanced techniques and features, 698

DMZs, 700–701

honeypots and honeynets, 701–702

ICMP, 287

implementing and configuring, 699–702

multilayer switches, 415

software vs. hardware, 697–698

troubleshooting, 702–703

virtualization, 558–559

first hop redundancy protocols (FHRPs), 592

Flags entry in routing tables, 236

flags field in TCP, 175

flat-surface connectors, 99

flexibility in virtualization, 547–548

flood guards, 693

flooding, multicast, 767

floor plans

data centers, 595–596

structured cabling, 134–135

flow control with switches, 399

flow monitoring for packets, 716–717

forensics

documentation, 649

evidence collection, 650–651

overview, 648–649

securing areas, 649

forward lookups in DNS, 328, 336

forward proxy servers for multilayer switches, 419

forwarding

port, 247–249

UDP, 219

Forwarding Equivalence Class (FEC) in MPLS, 454–455

forwarding planes

routers, 561

switches, 396

four-post racks, 120

four-way handshakes in DHCP, 216

4to6 tunneling standard, 444–445

Fox and Hound tone generators, 167

FQDNs (fully qualified domain names), 324–326, 332–333

fragmentation with routers, 274

frame check sequence (FCS)

frames, 14, 70–71

overview, 16–17

frames

central boxes, 15–16

description, 13

Ethernet, 14–15, 69–71

frame check sequence, 16–17

movement, 16–19

packets, 24–26

FreeRADIUS, 378

frequencies

802.11, 491

infrastructure networks, 524–525

frequency analysis in code breaking, 356

frequency-hopping spread-spectrum (FHSS), 491

friendly DoS attacks, 668

FTP (File Transfer Protocol), 305–306

full duplex

10BASE-T, 74

Ethernet, 95–96

switches, 399

full tunnel VPNs, 475

fully meshed topology networks, 49

fully qualified domain names (FQDNs), 324–326, 332–333

fusion splicers, 157

G

gain, antenna, 518

garage door openers, 609

Gateway Load Balancing Protocol (GLBP), 592, 770

gateways

LANs, 190, 193

routing tables, 236

switches, 397

troubleshooting, 761, 764

unified communication, 616

voice, 614

GBICs (gigabit interface converters), 100

GCFA (GIAC Certified Forensic Analyst), 648

generations, cellular, 462

generators

power, 593

telecommunications rooms, 165

Generic Routing Encapsulation (GRE) protocol, 476

Genmask entry in routing tables, 236

geofencing, 505

GET requests

HTTP, 289

SNMP, 710–711

GIAC (Global Information Assurance Certification), 648

GIAC Certified Forensic Analyst (GCFA), 648

Gigabit Ethernet, 97

1000BASE-LX, 98

1000BASE-SX, 97

mechanical connection variations, 99

multiple types, 99–100

SFF fiber connectors, 98–99

gigabit interface converters (GBICs), 100

GLBP (Gateway Load Balancing Protocol), 592, 770

Global Cyber Alliance, 478

global hierarchy in DNS, 321

Global Information Assurance Certification (GIAC), 648

Global System for Mobile Communications (GSM), 462–463

global unicast addresses, 429–430

Gmail, 304

government laws and regulations, 634

Grafana program, 723

graphing programs, 723–724

GRE (Generic Routing Encapsulation) protocol, 476

Greenfield mode in 802.11n, 495

groups in IGMP, 288

GSM (Global System for Mobile Communications), 462–463

guards, security, 681

guest networks, 504–505, 692

guest virtual environments, 543

H

H.323 protocol, 616

HA. See high availability (HA)

half duplex

collisions, 768

description, 95

NICs, 74

switches, 399

hands-on problems, troubleshooting, 760–763

handshakes

DHCP, 216, 285

SSH, 381

TCP, 174–175, 283

hard drives in data centers, 587

hardening networks

agents, 690–691

devices, 692–697

edge, 688–689

Internet of Things, 612–613

physical security, 680–685

posture assessment, 689–690

security policies, 630–634

segmentation, 691–692

user accounts, 685–688

hardware

802.11, 485–486

redundancy, 592

troubleshooting tools, 732–738

underutilization, 542–543

hardware firewalls, 697–698

hashes for integrity, 361–365

headends

cable modems, 460

VPNs, 474

headers

Ethernet, 179

frames, 14

HTTP, 176–177

IP, 173–174

MPLS, 452–454

TCP, 175

UDP, 176

Health Insurance Portability and Accountability Act (HIPAA), 601

heat maps, 511

heating, ventilation, and air conditioning (HVAC) systems, 593

Hello packets in OSPF, 260

helpers in DHCP, 219

hexadecimal numbering system

description, 10

IPv6 addresses, 427

MAC addresses, 9

hextets in IPv6 addresses, 427

HIDSs (host-based IDSs), 416

hierarchical name space in DNS, 321–323

high availability (HA)

data centers, 591–594

disaster recovery, 646–647

environment, 593

facilities and infrastructure support, 593–594

load balancing, 591

redundancy, 592

high fidelity (Hi-Fi), 484

High-Speed Packet Access (HSPA+), 464

high-throughput in 802.11n, 495

HIPAA (Health Insurance Portability and Accountability Act), 601

HIPSs (host-based intrusion prevention systems), 417

HMIs (human–machine interfaces), 622

home automation, IoT, 607–609

home security, IoT, 609–610

honeypots and honeynets, 701–702

hopping, VLAN, 671

hops and hop counts

distance vector routing protocols, 253

dynamic routing, 252

OSPF, 261

routers, 276

routing, 251

horizontal cabling, 115–118

host-based anti-malware, 697

host-based firewalls

description, 698

incorrect settings, 703

multilayer switches, 415

host-based IDSs (HIDSs), 416

host-based intrusion prevention systems (HIPSs), 417

host IDs in IP addresses, 189

host names in DNS, 323–324

host-to-host VPNs, 475

host-to-site VPN connections, 474

hostname utility, 739

hosts

network security, 693–695

subnets, 201

virtual machines, 556–557, 559–560

hosts file, 320–321

hot sites, 647

Hot Standby Router Protocol (HSRP), 592

HSPA+ (High-Speed Packet Access), 464

HSRP (Hot Standby Router Protocol), 592

HTML (Hypertext Markup Language), 307–308

HTTP (Hypertext Transfer Protocol)

browsers, 307–311

GET requests, 289

headers, 176–177

HTTPS (Hypertext Transfer Protocol Secure), 309–311, 387–388

HTTPS/management URLs for switches, 397

hub-and-spoke topologies, 46–47

hubs

Ethernet, 71–72, 81

frames, 15

human–machine interfaces (HMIs), 622

humidity factors in telecommunications room location, 136, 166

Hurricane Electric tunnel brokers, 445

HVAC (heating, ventilation, and air conditioning) systems, 593

hybrid clouds, 553

hybrid routing protocols, 259

hybrid topologies, 47–48

HyperTerminal program, 264

Hypertext Markup Language (HTML), 307–308

Hypertext Transfer Protocol (HTTP)

browsers, 307–311

GET requests, 289

headers, 176–177

Hypertext Transfer Protocol Secure (HTTPS), 309–311, 387–388

hypervisors

Rocket.Chat platform setup, 564–568

virtualization, 543–546

I

IaaS (infrastructure as a service)

overview, 550–551

Rocket.Chat setup, 571–573

IaC (Infrastructure as code), 554–556

IACIS (International Association of Computer Investigative Specialists), 648

IANA (Internet Assigned Numbers Authority), 258

IP addresses, 197

port recommendations, 290

IAS (Internet Authentication Service), 378

IBSSs (independent basic service sets), 488

ICA (Independent Computing Architecture), 467

ICANN (Internet Corporation for Assigned Names and Numbers), 198, 322

ICMP (Internet Control Message Protocol), 173, 286–287

ICSs (industrial control systems), 619–620, 625

IDFs (intermediate distribution frames)

data centers, 596–598

demarcs, 133–134

description, 118

IEEE (Institute of Electrical and Electronics Engineers) cabling standards, 63–64

IEFT. See Internet Engineering Task Force (IETF)

Iface entry in routing tables, 236

ifconfig command

DHCP, 225

IP and MAC addresses, 186–187

IPv6, 437

MAC addresses, 10

overview, 740

IFG (interframe gap) in CSMA/CA, 492–493

IGMP (Internet Group Management Protocol)

overview, 288

snooping, 766–767

IGPs (Interior Gateway Protocols), 258–259

illegal use in acceptable use policies, 630

IMAP4 (Internet Message Access Protocol version 4), 299

IMAPS (Internet Message Access Protocol over SSL), 389

impact factor in change management, 635

impedance of cable

description, 53

mismatch, 733

implicit denies, 700

improper access, 686, 688

in-band management

switches, 397–398

VNCs, 469

inbound firewall traffic, 700

incident response, 645

incompatibilities in Wi-Fi, 536

independent basic service sets (IBSSs), 488

Independent Computing Architecture (ICA), 467

industrial control systems (ICSs), 619–620, 625

information gathering in troubleshooting, 751

infrastructure as a service (IaaS)

overview, 550–551

Rocket.Chat setup, 571–573

Infrastructure as code (IaC), 554–556

infrastructure layer in SDN, 561

infrastructure mode in 802.11, 489

infrastructure networks

antennas, 515–520

channels and frequency, 524–525

client configuration, 526

encryption, 523–524

MAC address filtering, 522

SSIDs, 521–522

WAPs, 520–522

inputs in virtualization, 547–548

insider threats, 669–671

installation of physical networks. See physical network installation

Institute of Electrical and Electronics Engineers (IEEE) cabling standards, 63–64

insufficient wireless coverage, 529

insulating jackets for fiber-optic cabling, 59

integrity

CIA triad, 656

TCP/IP security, 354, 361–365

inter-VLAN routing, 407–408

interconnecting LANs, 190–192

interface errors

troubleshooting, 761

WANs, 477–478

interface IDs in IPv6 addresses, 427

interfaces

DCS, 622

monitoring, 719–720

switch configuration, 397–398

troubleshooting, 759–760

interference

100BASE-FX, 94

cabling, 148–149

coaxial cable, 51

troubleshooting, 761

twisted pair cable, 55

WANs, 478–479

Wi-Fi, 512–513, 530, 534–535

interframe gap (IFG) in CSMA/CA, 492–493

Interior Gateway Protocols (IGPs), 258–259

intermediate distribution frames (IDFs)

data centers, 596–598

demarcs, 133–134

description, 118

Intermediate System to Intermediate System (IS-IS), 261

internal DNS servers, 333

internal firewalls, 701

internal threats, 658

International Association of Computer Investigative Specialists (IACIS), 648

International Society of Forensic Computer Examiners (ISFCE), 648

International Telecommunication Union (ITU), 451

Internet Assigned Numbers Authority (IANA), 258

IP addresses, 197

port recommendations, 290

Internet Authentication Service (IAS), 378

Internet Control Message Protocol (ICMP), 173, 286–287

Internet Corporation for Assigned Names and Numbers (ICANN), 198, 322

Internet Engineering Task Force (IETF), 258

IPsec, 386–387

IPv6, 425–426

private IP addresses, 227

VoIP, 614

Internet Group Management Protocol (IGMP)

overview, 288

snooping, 766–767

Internet Message Access Protocol over SSL (IMAPS), 389

Internet Message Access Protocol version 4 (IMAP4), 299

Internet of Things (IoT), 607

communications technologies, 610–612

hardening, 612–613

home automation, 607–609

home security, 609–610

Internet Protocol (IP), 22, 282

addresses. See IP addresses

Ethernet, 177–181

Internet Protocol Security (IPsec), 386–387

Internet Protocol version 4 (IPv4) addresses, 173. See also IP addresses

Internet Protocol Version 4 (TCP/IPv4) Properties dialog, 211, 329–330

Internet Protocol version 6 (IPv6)

aggregation, 438–441

anycast addresses, 432

DNS, 441–442

global unicast addresses, 429–430

link-local addresses, 428–429

moving to, 442–446

multicast addresses, 430–432

neighbor discovery, 432–434

notation, 426–428

overview, 425–426

Regional Internet Registries, 430

review, 446–448

SLAAC implementation, 434–438

testing, 437–438

Internet service providers (ISPs), 592

Internet Small Computer System Interface (iSCSI), 588

Internet Society (ISOC), 258

intrusion detection systems (IDSs), 415

intrusion in cloud computing, 570

intrusion prevention systems (IPSs), 416–417

IOS operating system, 265–267

IoT. See Internet of Things (IoT)

ip address command

IP and MAC addresses, 187–188

IPv6, 437

IP addresses

ARP cache poisoning, 663

assigning, 209–210

class IDs, 197–199

dual stacks, 442–444

dynamic. See Dynamic Host Configuration Protocol (DHCP)

example, 181–188

headers, 173–174

IPv6. See Internet Protocol version 6 (IPv6)

LAN interconnections, 190–192

and MAC, 178–180

multilayer switches, 411–412

name resolution. See Domain Name System (DNS)

network address translation, 244–250

network IDs, 188–189

overview, 22–24, 173–174

routing tables, 235

special, 227

spoofing, 660

static, 210–214

subnet masks, 192–197

subnets, 199–209

switches, 397

troubleshooting, 761–764

IP cameras, 685

ip command

IP information, 212–214

MAC addresses, 10–11

overview, 740

routing tables, 760

ip helper-address command, 409

IP packets in Ethernet frames, 178–179

ip route command, 239

ipconfig command

IPv6, 437

overview, 740–741

ipconfig /all command

DNS, 331, 345

IP addresses, 185–186

MAC addresses, 10–12, 185–186

overview, 740

ipconfig /flushdns command, 344

ipconfig /registerdns command, 343

ipconfig /release command, 225

ipconfig /renew command, 225

iPerf tool, 725

IPsec (Internet Protocol Security), 386–387

IS-IS (Intermediate System to Intermediate System), 261

ISFCE (International Society of Forensic Computer Examiners), 648

ISO 27001 standard, 601

ISO 27002 standard, 601

isolation in Wi-Fi, 504–505

iterative DNS lookups, 332–333

ITU (International Telecommunication Union), 451

J

jacks

connections, 141–142

DSL, 458

smart, 132, 457

wall, 8, 129

jitter

copper cabling, 153

WAPs, 532–533

jumbo frames

iSCSI, 588

switches, 399

K

Kahn, Robert E., 23

Kali Linux bootable USB drives, 644

Keks, Anton, 747–748

Kerberos authentication, 378–380

Kerberos Key Distribution Center (KDC) service, 379

keypads, 682

keys

locks, 681–682

public-key cryptography, 359–360

SSH, 382–383

Krone blocks, 127

L

L2F (Layer 2 Forwarding), 474–475

L2TP (Layer 2 Tunneling Protocol), 474–475

Label Distribution Protocol (LDP), 454

label edge routers (LERs), 454–455

label switching routers (LSRs), 454–455

labels

MPLS headers, 453–455

outlets, 129

patch panels, 124–125

LACNIC (Latin American and Caribbean Internet Addresses Registry), 430

LACP (Link Aggregation Control Protocol)

multilayer switches, 414

NICs, 160

troubleshooting, 765–766

LANs. See local area networks (LANs)

last-mile technologies

broadband cable, 459–460

cellular, 461–465

DSL, 456–459

fiber, 461

satellites, 460–461

latency

802.11a, 494

copper cabling, 153

dynamic routing, 252

spine-and-leaf architecture, 590

WAPs, 532–533

Latin American and Caribbean Internet Addresses Registry (LACNIC), 430

laws and regulations, 634

Layer 2 data routing, 235–243

Layer 2 Forwarding (L2F), 474–475

Layer 2 Tunneling Protocol (L2TP), 474–475

Layer 3 capable switches, 233

LCs (local connectors), 61–62, 98–99

LDAP (Lightweight Directory Access Protocol), 391

LDAPS (Lightweight Directory Access Protocol over SLL), 391

LDP (Label Distribution Protocol), 454

LEAP (Lightweight EAP), 499

leased lines in WANs, 452

leases, DHCP, 216

LEDs (light-emitting diodes)

fiber-optic cabling, 60

NICs, 160–163

troubleshooting, 761

legacy mode in 802.11n, 495

legacy systems, 679

legal holds in forensics, 650–651

length of passwords, 638

LERs (label edge routers), 454–455

lessons learned in troubleshooting, 756

licensed feature issues, troubleshooting, 769

light-emitting diodes (LEDs)

fiber-optic cabling, 60

NICs, 160–163

troubleshooting, 761

light leakage in fiber-optic cabling, 155

light meters for fiber, 735–736

lights-out-management (LOM), 469

Lightweight Access Point Protocol (LWAPP), 508

Lightweight Directory Access Protocol (LDAP), 391

Lightweight Directory Access Protocol over SLL (LDAPS), 391

Lightweight EAP (LEAP), 499

Link Aggregation Control Protocol (LACP)

multilayer switches, 414

NICs, 160

troubleshooting, 765–766

link lights in NICs, 160–163

link-local addresses, 225, 428–429

link state

802.11, 487

monitoring, 725

link state advertisement (LSA) packets in OSPF, 260

link state dynamic routing protocols, 260–261

listening ports, 294

LiveAction tool, 717

LLC (Logical Link Control), 20

load balancing

high availability, 591

multilayer switches, 410–412

local access in network security, 669–672

local area networks (LANs)

full-duplex Ethernet, 96

interconnecting, 190–192

router setup, 272–273

TCP/IP, 177–178

virtual. See virtual LANs (VLANs)

wireless controllers, 507

local authentication in TCP/IP security, 370

local connectors (LCs), 61–62, 98–99

local port mirroring, 417

local resources, cloud computing interconnections with, 576–578

lockers, smart, 683–684

locking racks, 120

locks

emergency procedures, 594

physical security, 681–683

logic bombs, 673

logical addresses, 21–22

Logical Link Control (LLC), 20

logical network diagrams, 598–599

logical topologies, 48

logs

cloud computing, 570

performance, 720–721

syslog, 725

LOM (lights-out-management), 469

Long Term Evolution (LTE) technology, 464–465

looking glass sites, 749

lookup zones in DNS, 327–328

loopback adapters, 735

loopback addresses

description, 227

IPv6 addresses, 428

routing tables, 241

loopback tests for NICs, 163

loops

routing tables, 242

troubleshooting, 767, 771

LSA (link state advertisement) packets in OSPF, 260

LSRs (label switching routers), 454–455

LTE (Long Term Evolution) technology, 464–465

LWAPP (Lightweight Access Point Protocol), 508

Lyon, Gordon, 641

M

MAC addresses. See media access control (MAC) addresses

MAC (mandatory access control) security model, 372

macros, 673

mail exchange (MX) DNS records, 340–341

main distribution frames (MDFs)

data centers, 596–598

demarcs, 133–134

telecommunications rooms, 118

maintenance windows in change management, 636

malformed packets, 661

malicious users, 670–671

malware

anti-malware programs, 696–697

dealing with, 696

prevention and recovery, 693–695

training, 638

types, 672–674

man-in-the-middle attacks

ARP cache poisoning, 665

CHAP for, 374

description, 668

managed devices, 264

managed networks in SNMP, 709

Management Information Bases (MIBs) in SNMP, 390, 709

management planes in SDN, 563

management ports for switches, 397

managers in SNMP, 709

mandatory access control (MAC) security model, 372

MANs (metropolitan area networks), 455

mantraps, 682

maps

runs, 135–136

wire, 150

masks, subnet. See subnet masks

mass storage devices in data centers, 587

maximum transmission units (MTUs) for routers, 274–275

MD5 (Message-Digest Algorithm version 5) algorithm

EAP, 499

hashes, 363

MDFs (main distribution frames)

data centers, 596–598

demarcs, 133–134

telecommunications rooms, 118

MDM (mobile device management) system, 634

mean time between failures (MTBF), 646

mean time to failure (MTTF), 647

mean time to repair (MTTR), 647

Mechanical Transfer Registered Jack (MT-RJ) connectors, 61–62, 98–99

media access control (MAC) addresses

ARP cache poisoning, 662–663

central boxes, 15–16

determining, 12

Ethernet frames, 69–70

filtering, 504, 522

and IP, 178–180, 183–184

MAC-48 and EUI-48, 10–15

NICs, 9–21

reservations, 221

spoofing, 660

switches, 82, 399

TCP/IP, 23–24

troubleshooting, 763

media converters

10BASE-FL, 77–78

Gigabit Ethernet, 100

Media Gateway Control Protocol (MGCP), 616–617

medianets, 617–618

meetings, Zoom, 312–313

megahertz (MHz) category ratings, 56

memoranda of understanding (MOUs), 639

Meraki dashboard, 508

mesh topologies

802.11, 488

wireless technologies, 48–49

Message-Digest Algorithm version 5 (MD5) algorithm

EAP, 499

hashes, 363

message digests, 361–363

Metasploit tool, 643

Metric entry in routing tables, 236

metrics

network, 718–719

OSPF, 261

routing, 251–253

routing tables, 239–240

metro Ethernet networks, 455

metropolitan area networks (MANs), 455

MFA (multifactor authentication), 371, 683

MFDs (multifunction devices), 609

MGCP (Media Gateway Control Protocol), 616–617

mGRE (multipoint GRE) protocol, 476

MHz (megahertz) category ratings, 56

MIBs (Management Information Bases) in SNMP, 390, 709

micro prefix, 60

MicroScanner tool, 150

microsegmentation, 691

Microsoft Exchange Server, 301

Microsoft Outlook, 302–303

Microsoft Teams, 312–313

MIMO (multiple input/multiple output), 495, 531

mirroring, port

overview, 417

packet sniffers, 713

misconfigured firewalls, 702

mismatches

cable impedance, 733

cable termination, 761

fiber-optic cabling, 155

VLAN, 765

Wi-Fi security, 529

missing routes, 274

mitigating vulnerabilities, 659

mixed mode

802.11g, 494

802.11n, 495

MLSs. See multilayer switches (MLSs)

MMF (multimode fiber)

10BASE-FL, 76

fiber-optic cabling, 61

MMSs (multimedia messaging systems), 464

mobile deployment models, 632–633

mobile device management (MDM) system, 634

modal dispersion in fiber-optic cabling, 155

modal distortion in fiber-optic cabling, 61

modems

DSL, 458

WANs, 477–478

modes

802.11g, 494

wireless networks, 487–489

modules in data centers, 584

monitoring

network. See network monitoring

physical security, 684–685

monlist queries, 661

motion detection systems, 685

mounting brackets, 139, 141

MOUs (memoranda of understanding), 639

MPLS (Multiprotocol Label Switching), 452–454

MS-CHAP, 374–375

MSAs (multi-source agreements), 103, 639

MT-RJ (Mechanical Transfer Registered Jack) connectors, 61–62, 98–99

MTBF (mean time between failures), 646

mtr (My Traceroute) utility, 276, 743–744

MTTF (mean time to failure), 647

MTTR (mean time to repair), 647

MTUs (maximum transmission units) for routers, 274–275

MU-MIMO (multiuser MIMO), 496, 531

multi-source agreements (MSAs), 639

multicast class blocks, 198

multicast flooding, troubleshooting, 767

multicasts

IPv6 addresses, 430–432

packets, 198

multifactor authentication (MFA), 371, 683

multifunction devices (MFDs), 609

multifunction network devices, 410

multilayer switches (MLSs)

description, 233

intrusion detection/intrusion prevention, 415–417

load balancing, 410–412

network protection, 414–421

overview, 409–410

port bonding, 414

QoS and traffic shaping, 413–414

multimedia messaging systems (MMSs), 464

multimeters for cable testing, 150–151, 736–737

multimode fiber (MMF)

10BASE-FL, 76

fiber-optic cabling, 61

multipaths, 591

SANs, 588

Wi-Fi, 534

multiple access in CSMA/CD, 79–81

multiple DHCP servers, 225–226

multiple input/multiple output (MIMO), 495, 531

multiple Internet service providers, 592

multiple problems, troubleshooting, 752

multipoint GRE (mGRE) protocol, 476

Multiprotocol Label Switching (MPLS), 452–454

multisource agreements (MSAs), 103

multispeed lights for NICs, 161

multitenancy in cloud computing, 570

multiuser MIMO (MU-MIMO), 496, 531

MX (mail exchange) DNS records, 340–341

My Traceroute (mtr) utility, 276, 743–744

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.143.40