N
NAC (network access control), 372, 689–690
name resolution. See Domain Name System (DNS)
name server (NS) DNS records, 337–338
name servers in DNS, 326–327
name spaces in DNS, 322–326
nano prefix, 61
nano-SIMs, 464
NAS (network attached storage), 587
NASs (Network Access Servers), 377–378, 501–502
NAT. See network address translation (NAT)
National Electrical Code (NEC) cabling fire ratings, 63
National Institute of Standards (NIST)
baseline configurations, 660
hash algorithms, 365
passwords, 638
time servers, 767
zero trust, 657
native mode in 802.11g, 494
native VLANs, 406
NDAs (nondisclosure agreements), 640
NDP (Neighbor Discovery Protocol), 433
near-end crosstalk (NEXT), 152–153
NEC (National Electrical Code) cabling fire ratings, 63
neighbor advertisements, 433
neighbor discovery caches, 433
neighbor discovery in IPv6, 432–434
Neighbor Discovery Protocol (NDP), 433
neighbor solicitation messages, 433
neighborship in OSPF, 260
Nessus vulnerability scanner, 642
Net-SNMP package, 710–711
NetBEUI system, 318–319
NetBIOS protocol, 318–319
NetBIOS over TCP/IP (NetBT) protocol, 319
NetFlow analyzers, 713, 716–717
Netscape Navigator browser, 385
netstat command
connection information, 291–296
open ports, 677–678
overview, 746
sessions, 32
TCP/IP network issues, 348–349
network access control (NAC), 372, 689–690
Network Access Servers (NASs), 377–378, 501–502
network address translation (NAT)
configuring, 249–250
example, 244–245
NAT64, 446
overview, 244
PAT, 245–247
port forwarding, 247–249
traversal, 445
network analyzers, 713
network attached storage (NAS), 587
network-based anti-malware, 697
network-based IDSs (NIDSs) for multilayer switches, 415
Network Configuration utility, 213, 330–331
network devices
Internet of Things, 607–613
multifunction, 410
overview, 605–607
review, 625–627
unified communication. See unified communication (UC)
VoIP, 613–614
network diagrams, 595–597
network function virtualization (NFV), 560–563
network function virtualization infrastructure (NFVI), 560
network IDs
distance vector routing protocols, 253–256
IP addresses, 188–192
subnets, 202–205
VPNs, 471
network interface cards (NICs)
100BASE-T, 93–94
802.11, 485–486
aspects, 20
buying, 158–160
diagnosing, 163
frames, 16–19
full-duplex Ethernet, 95–96
Gigabit Ethernet, 97
link lights, 160–163
MAC addresses, 9–21
TCP/IP network issues, 347
virtual, 557–558
network interface units (NIUs), 132
Network layer
IP, 22–24
OSI seven-layer model, 6–21
protocols, 173–174
TCP/IP applications, 282–283
Network Management Software (NMS)
routers, 269–270
SNMP, 709
Network Mapper (Nmap) tool, 641, 747–748
network models
biography of, 2–3
functions, 3–4
OSI seven-layer model. See OSI seven-layer model
overview, 1–2
review, 39–41
working with, 2
network monitoring
interfaces, 719–720
overview, 707
packet flow, 716–717
packet sniffers, 713
performance, 720–721
protocol analyzers, 713–716
review, 727–729
scenarios, 722–726
sensors, 718
SIEM, 726–727
SNMP, 708–712
tools overview, 712–713
network names in SSIDs, 490
network naming
DNS. See Domain Name System (DNS)
history, 318–321
hosts file, 320–321
NetBIOS protocol, 318–319
overview, 317–318
network operations
change management, 634–636
common agreements, 639–640
contingency planning, 645–651
patches, 637–638
review, 651–653
risk management, 629–630
security policies, 630–634
security preparedness, 640–645
training, 638
updates, 636–637
vulnerability assessments, 640–643
network operations centers (NOCs), 596, 723
network prefixes in IPv6 addresses, 427–428
network protection, 414
ID/IP, 415–417
port mirroring, 417–420
network security
agents, 690–691
ARP cache poisoning, 662–666
CIA goals, 656–657
deauthentication attacks, 668
defense in depth, 657–658
denial of service, 666–667
device hardening, 692–697
edge, 688–689
firewalls, 697–703
hosts, 693–697
malware, 672–674
on-path attacks, 668
overview, 655
packet and protocol abuse, 660–661
password attacks, 669
physical and local access, 669–672
physical security, 680–685
posture assessment, 689–690
review, 703–705
rogue devices, 662
segmentation, 691–692
separation of duties, 658
session hijacking, 669
social engineering, 674–676
spoofing, 660
threats overview, 658–659
threats terminology, 659–660
user accounts, 685–688
vulnerabilities, 677–680
zero-day attacks, 661–662
zero trust, 657
network segmentation
enforcement, 691
Ethernet, 69
Network Time Protocol (NTP)
attacks, 661
operation, 285–286
purpose, 391
troubleshooting, 767–768
Network utility, 184–185, 212, 224
networks
names. See Domain Name System (DNS)
performance troubleshooting, 772–773
protocols, 21
TCP/IP issues, 347–349
virtualization. See virtualization
next-generation firewalls (NGFWs), 698
next hops in routing tables, 236
NEXT (near-end crosstalk), 152–153
NFV (network function virtualization), 560–563
NFVI (network function virtualization infrastructure), 560
NGFWs (next-generation firewalls), 698
NIC teaming
multilayer switches, 414
troubleshooting, 765–766
NICs. See network interface cards (NICs)
NIDSs (network-based IDSs) for multilayer switches, 415
NIST. See National Institute of Standards (NIST)
NIUs (network interface units), 132
Nmap (Network Mapper) tool, 641, 747–748
NMS (Network Management Software)
routers, 269–270
SNMP, 709
NOCs (network operations centers), 596, 723
non-persistent agents in network security, 690–691
nondisclosure agreements (NDAs), 640
nonrepudiation
digital signatures, 365–366
overview, 365
PKI, 366–370
secure applications, 310
TCP/IP security, 354
north-south traffic in data centers, 585–586
notifications
change management, 635
computer crimes, 648
ECN, 617
malware, 695
SNMP, 712
TCN, 86
NS (name server) DNS records, 337–338
nslookup command
DNS, 345–346
overview, 742–743
NTP. See Network Time Protocol (NTP)
ntpdc command, 661
O
object identifiers (OIDs) in SNMP, 709
OC (Optical Carrier) standards in SONET, 451
octets in IP addresses, 193
OEMs (original equipment manufacturers) for NMS, 269
OFDM (orthogonal frequency-division multiplexing), 491
offboarding policies, 633–634
Offer messages in DHCP, 215
Office 365, 553
Ohm rating for coaxial cable, 52–53
OIDs (object identifiers) in SNMP, 709
OM (optical multimode) fiber in 100BASE-FX, 94
omnidirectional antennas, 516–518
on-link entry in routing tables, 236
on-path attacks
ARP cache poisoning, 665
description, 668
on-premises data centers, 589
onboarding policies, 633–634
100-megabit Ethernet, 91
100BASE-FX, 94–95
100BASE-SX, 95
100BASE-T, 92–94
full-duplex, 95–96
110 blocks, 122–123
one-way satellite access, 460–461
open cable circuits, 733
open-ended questions in troubleshooting, 751
open networks in Wi-Fi, 535
Open Shortest Path First (OSPF) protocol, 260–261
OpenNMS tool, 270
OpenVAS vulnerability scanner, 642
optic modules in Gigabit Ethernet, 100
Optical Carrier (OC) standards in SONET, 451
optical link budgets, troubleshooting, 768–769
optical multimode (OM) fiber in 100BASE-FX, 94
optical power meters, 735–736
optical time domain reflectometers (OTDRs), 156, 733–734
orchestration, 555–556
Organizationally Unique Identifiers (OUIs), 10, 671
original equipment manufacturers (OEMs) for NMS, 269
orthogonal frequency-division multiplexing (OFDM), 491
OSI seven-layer model
encryption, 360–361
firewalls, 698
layer 1 and layer 2, 6–21
layer 3, 22–24
layer 3 through layer 7 overview, 21–22
layer 4, 27–30
layer 5, 30–32
layer 6, 33
layer 7, 33–35
layer overview, 4–5
network segmentation, 625
packets within frames, 24–26
remote work, 35–38
troubleshooting, 753–754
OSPF (Open Shortest Path First) protocol, 260–261
OTDRs (optical time domain reflectometers), 156, 733–734
OUIs (Organizationally Unique Identifiers), 10, 671
out-of-band management
switches, 398
VNCs, 469
outbound firewall traffic, 700
outcomes documentation in troubleshooting, 756
outlets in work areas, 128–129
Outlook, 302–303
outputs, virtualization, 547–548
overcapacity issues in WAPs, 532
overlap, channel, 528–529
overlay tunnels in IP addresses, 446
overutilization of hardware, 543
ownership factor in acceptable use policies, 630
P
PaaS (platform as a service), 551–552
packet abuse, 660–661
packets
firewall filters, 698
flow monitoring, 716–717
frames, 24–26
layer 3, 22
routing. See routing
segmentation and reassembly, 27–30
segments, 29–30
sniffing, 670
pads in Ethernet frames, 70–71
PAgP (Port Aggregation Protocol)
multilayer switches, 414
troubleshooting, 765–766
PANs (personal area networks), 611
PAP (Password Authentication Protocol), 373
parabolic antennas, 518
parameters of topologies, 49–50
partially meshed topology networks, 49
passive FTP, 306
passive optical networks (PONs), 461
Password Authentication Protocol (PAP), 373
passwords
AAA, 376
attacks, 669
authentication, 370–371
default, 692
hashes, 362
network access policies, 631
routers, 268
screensavers, 676
SSH, 382
training, 638
Wi-Fi issues, 529
PAT (port address translation), 245–247
patch antennas, 518–519
patch bays, 127
patch cables
making, 142–145
purpose, 126
patch panels
connecting, 146–148
overview, 122–126
Patch Tuesday, 637
patches
malware prevention, 696
steps, 637–638
unpatched systems, 679
path diversity in high availability, 592
Path MTU, 275
Path MTU Discovery, 275
path vector routing protocols, 257–260
pathping utility
overview, 741–742
routers, 276
PAUSE frames for switches, 399
payloads
frames, 14
IP, 173
Payment Card Industry Data Security Standard (PCI DSS), 601
PBX systems in VoIP, 614
PC (physical contact) connectors, 99
PCF (Point Coordination Function), 493
PCI DSS (Payment Card Industry Data Security Standard), 601
PCI (Peripheral Component Interconnect) NICs, 159
PCI Express (PCIe) expansion slots in NICs, 159
PDUs (power distribution units)
data centers, 593
equipment racks, 120–121
PDUs (protocol data units)
description, 13
routers, 274–275
SNMP, 710
PEAP (Protected EAP), 499
peer-to-peer mode in 802.11, 488
peer-to-peer networks, 38
peers in NTP, 661
penetration testing, 643–644
Perf3 tool, 725
performance
monitors, 720–721
SANs, 588
troubleshooting, 772–773
performance baselines, network, 760
performance metrics
sensors, 718
wireless, 533
Performance Monitor, 720–721
Peripheral Component Interconnect (PCI) NICs, 159
permissions for user accounts, 686–688
persistent agents in network security, 690–691
persistent MAC addresses in switches, 399
personal area networks (PANs), 611
phishing attacks, 675
physical access
control devices, 609
network security, 669–672
physical addresses, 21
physical connections for NICs, 158–159
physical contact (PC) connectors, 99
physical denial of service attacks, 666–667
physical intrusion, 675–676
physical issues in Wi-Fi, 533–535
Physical layer in OSI seven-layer model, 7–8
physical network diagrams, 594–600
physical network installation, 111–112
diagnostics, 162–168
NICs, 157–161
review, 168–170
structured cabling. See structured cabling
physical security
access prevention methods, 122
monitoring, 684–685
overview, 680–681
prevention and control, 681–683
smart lockers, 683–684
physical topologies, 48
PIDs (process IDs), 296
piggybacking, 681
ping command
DNS, 344–345
ICMP, 287
overview, 741–742
ping of death in ICMP, 287
pinouts for copper cabling, 149
PKI (public-key infrastructure), 366–370
placeable NICs, 485–486
placement of antennas, 520
plain old telephone service (POTS), 457
plaintext, 355
planes
routers, 561
SDN, 563
plans
business continuity, 647
contingency, 645–651
emergency procedures, 594
floor, 595–596
plans of action, troubleshooting, 754–755
platform as a service (PaaS), 551–552
PLCs (programmable logic controllers), 623
plenum-rated cable, 63
plugs, loopback, 163
pods in data centers, 585
PoE (Power over Ethernet), 508–509
Point Coordination Function (PCF), 493
Point-to-Point Protocol (PPP), 373–375
Point-to-Point Protocol over Ethernet (PPPoE), 458–459
Point-to-Point Tunneling Protocol (PPTP), 472–474
pointer (PTR) DNS records, 340
polarization of antennas, 519
policies
incident response, 645
network security, 630–634
system life cycles, 672
troubleshooting, 772
polyvinyl chloride (PVC) rating for cabling, 63
PONs (passive optical networks), 461
pools
IP addresses, 217
mass storage devices, 587
VLANs, 508
POP3 (Post Office Protocol version 3), 299
POP3S (Post Office Protocol version 3 over SSL), 389
port address translation (PAT), 245–247
port aggregation in NICs, 160
Port Aggregation Protocol (PAgP)
multilayer switches, 414
troubleshooting, 765–766
port bonding for multilayer switches, 414
port forwarding, 247–249
port mirroring
multilayer switches, 417
packet sniffers, 713
port protection for switches, 666
PortFast setting in STP, 86
ports
authentication, 420
blocked, 769
connection status, 294–296
disabling, 693
DNS, 321
filtering, 700
multilayer switches, 409–410
NICs, 163
registered, 291–294
routers, 264
rules, 296–297
SNMP, 712
syslog, 725
TCP/IP, 288–290
trunk, 402
unnecessary, 677–678
VLANs, 405–406
Zoom, 313
Post Office Protocol version 3 (POP3), 299
Post Office Protocol version 3 over SSL (POP3S), 389
Postfix e-mail server, 300
posture assessment, 644, 689–690
potential attacks, 658
potential effects factor in troubleshooting, 754–755
POTS (plain old telephone service), 457
power distribution units (PDUs)
data centers, 593
equipment racks, 120–121
power failures, troubleshooting, 761
power for data centers
converters, 593
monitoring tools, 165
requirements, 593
telecommunications room location factor, 136
power level Wi-Fi issues, 529–530
power meters, optical, 735–736
Power over Ethernet (PoE), 508–509
PPP (Point-to-Point Protocol), 373–375
PPPoE (Point-to-Point Protocol over Ethernet), 458–459
PPTP (Point-to-Point Tunneling Protocol), 472–474
pre-shared keys (PSKs)
EAP, 499
infrastructure networks, 523
WPA2, 503
preambles in Ethernet frames, 70
prefix delegation in DHCPv6, 436–437
prefixes in IPv6 addresses, 427–428, 439–441
presence information services, 615
Presentation layer in OSI seven-layer model, 33
prevention
malware, 693–695
physical security, 681–683
preventive measures implementation, 756
primary name servers in DNS, 327
principle of least privilege
cloud computing, 569
network access policies, 631
printers, 609
privacy
acceptable use policies, 630
cloud computing, 570
private clouds, 553
private direct connections for resources, 578
private IP addresses, 227
private ports, 290
private VLANs, 409
private WANs, 452–455
problems in troubleshooting
duplication, 752
identification, 751
probable causes, 753–754
process assessments, 644
Process Explorer tool, 296
process IDs (PIDs), 296
programmable controllers in SDN, 562
programmable logic controllers (PLCs), 623
promiscuous mode in packet sniffers, 713
Protected EAP (PEAP), 499
protocol abuse in network security, 660–661
protocol analyzers, 713, 746–747
protocol data units (PDUs)
description, 13
routers, 274–275
SNMP, 710
Protocol field in IP headers, 174
proximity readers, 682
proxy servers for multilayer switches, 417–420
PSKs (pre-shared keys)
EAP, 499
infrastructure networks, 523
WPA2, 503
PSTN (Public Switched Telephone Network) connections, 456
PTIs (Public Technical Identifiers), 198
PTR (pointer) DNS records, 340
public clouds, 553
public DNS servers, 342
public-key cryptography, 359–360
public-key infrastructure (PKI), 366–370
Public Switched Telephone Network (PSTN) connections, 456
Public Technical Identifiers (PTIs), 198
pulling cable, 137–141
punchdown blocks, 122–124
punchdown tools, 122–124, 737–738
PuTTY program
routers, 264–265
SSH, 381–382
PVC (polyvinyl chloride) rating for cabling, 63
Q
QAM (quadruple-amplitude modulated), 496
QoS (quality of service)
medianets, 617–618
MPLS, 453
multilayer switches, 413–414
quad small form-factor pluggable (QSFP) optics, 105
quad small form-factor pluggable (QSFP+) connectors, 106–107
Quad9 severs, 478
quadruple-amplitude modulated (QAM), 496
quality of service (QoS)
medianets, 617–618
MPLS, 453
multilayer switches, 413–414
quarantine networks, 692
quartets in IPv6 addresses, 427
query languages for databases, 305
questions in troubleshooting, 751
R
R.U.D.Y (R U Dead Yet) attacks, 667
RA-Guard (Router Advertisement Guard), 662
raceways, 135–136
rack diagrams, 597
radio frequency ID (RFID) chips, 682
radio frequency interference (RFI)
troubleshooting, 761
Wi-Fi, 534
Radio Guide (RG) rating for coaxial cable, 52
RADIUS (Remote Authentication Dial-In User Service), 377–378, 501
range of 802.11, 490
ransomware, 672–673
Rapid Spanning Tree Protocol (RSTP), 86
RBAC (role-based access control), 372
RDC (Remote Desktop Connection), 467–468
RDG (Remote Desktop Gateway), 468
RDP (Remote Desktop Protocol), 467–468
real-time services (RTS), 615
Real-time Transport Protocol (RTP), 614
real-time video technologies, 615
reassembly of packets, 27–30
received signal strength indication (RSSI) in Wi-Fi, 529
records, DNS, 321, 326, 336–342
recovery from malware, 693–695
recovery point objectives (RPOs), 646
recovery time objectives (RTOs), 646
recursive lookups, 332
redirect packets in IPv6, 434
redundancy
disaster recovery, 646–647
high availability, 592
Ref entry in routing tables, 236
reflection in denial of service, 667
reflection issues in Wi-Fi, 533
refraction issues in Wi-Fi, 533
Regional Internet Registries (RIRs), 197, 430
registered jack (RJ) connectors, 58–59
registered ports, 291–294
relational databases, 304–305
relay, DHCP, 219
relay agents in VLANs, 408
remarks in hosts file, 320–321
remote access, 466
network access policies, 631
remote terminal, 466–469
VPNs, 470–476
Remote Authentication Dial-In User Service (RADIUS), 377–378, 501
Remote Desktop Connection (RDC), 467–468
Remote Desktop Gateway (RDG), 468
Remote Desktop Protocol (RDP), 467–468
remote port mirroring, 417
remote terminal units (RTUs) in SCADA, 624
remote work in OSI seven-layer model, 35–38
repeaters in bus Ethernet, 71–72
reports in forensics, 650
Request messages in DHCP, 216
request timed out messages in ICMP, 287
Requests for Comments (RFCs), 227
research for patches, 637
reservations
DHCP, 219–222
MAC, 221
resolving network names. See Domain Name System (DNS)
resources
cloud computing, 569–570
cloud computing interconnected to local, 576–578
virtualization, 548
Responses in SNMP, 710–711
restores in disaster recovery, 646
reverse DNS lookups, 328
reverse proxy servers for multilayer switches, 419
reverse zones in DNS, 328
RF emanation, 680
RFCs (Requests for Comments), 227
RFI (radio frequency interference)
troubleshooting, 761
Wi-Fi, 534
RFID (radio frequency ID) chips, 682
RG-59 connectors, 52
RG (Radio Guide) rating for coaxial cable, 52
Ring system, 609–610
ring topologies, 44–46
RIP (Routing Information Protocol), 257
RIPE Network Coordination Centre (RIPE NCC), 430
RIRs (Regional Internet Registries), 197, 430
riser-rated cable, 63
risk management
assessments, 640–645
network operations. See network operations
overview, 629–630
risk posture, 644
Rivest, Shamir, and Adleman (RSA) algorithm, 360
RJ (registered jack) connectors, 58–59
RJ-45 connectors
10BASE-T, 73–75
Cat ratings, 129
crimping, 142–145
crossover cable, 84
DSL modems, 460
figure, 58–59
NICs, 157
roaming in 802.11, 490
Rocket.Chat platform, 564–568, 571–573
rogue access points, 536
rogue anti-malware programs, 694
rogue devices, 662
rogue servers in DHCP, 226–227
role-based access, 631
role-based access control (RBAC), 372
rollback process in change management, 635
rollovers for routers, 263
root guards in STP, 86
root servers in DNS, 321–322, 332
rootkits, 674
roots, DNS, 323–324
round robin DNS, 412
route print command, 239
route utility, 744–745
Router Advertisement Guard (RA-Guard), 662
router advertisements in IPv6, 434
router ports for multilayer switches, 410
router solicitation in IPv6, 433
routers
configuring, 271–273
control planes and data planes, 561
DHCP, 218
frames, 26
IP addresses, 23
IPv6 addresses, 439–440
LANs, 190–191
MPLS, 453
multicasts, 431
network management software, 269–270
operation, 232–233
overview, 263
problems, 273–277
troubleshooting, 769–770
virtualization, 558–559
web access, 267–269
routes
redistribution, 262–263
router setup, 273
routing
asymmetric, 771
dynamic. See dynamic routing
inter-VLAN, 407–408
Layer 2 data, 235–243
network address translation, 244–250
overview, 231
review, 277–279
router operation, 232–233
routers. See routers
routing tables, 234–243
Routing and Remote Access Service (RRAS), 472
Routing Information Protocol (RIP), 257
routing loops, troubleshooting, 771
routing prefixes in IPv6 addresses, 427
routing tables
distance vector routing protocols, 254
problems, 274
troubleshooting, 760
working with, 234–243
RPOs (recovery point objectives), 646
RRAS (Routing and Remote Access Service), 472
RSA (Rivest, Shamir, and Adleman) algorithm, 360
RSSI (received signal strength indication) in Wi-Fi, 529
RSTP (Rapid Spanning Tree Protocol), 86
RTOs (recovery time objectives), 646
RTP (Real-time Transport Protocol), 614
RTS (real-time services), 615
RTUs (remote terminal units) in SCADA, 624
rules
firewalls, 699–700
ports, 296–297
runs
horizontal cabling, 116
mapping, 135–136
testing, 148–157
S
SaaS (software as a service), 552–553
SAE (Simultaneous Authentication of Equals), 503
sanitizing devices, 672
SANs (storage area networks), 587–588
satellite access, 460–461
SC (subscriber connector), 61–62, 94
SCADA (supervisory control and data acquisition) systems, 623–625
scalability of structured cabling, 137
scaling
cloud computing, 569
IaC, 554
virtualization, 548
scanners
port, 747–748
vulnerability, 641
schemas in databases, 305
scope exhaustion
DHCP, 668
troubleshooting, 763–764
SCP (Secure Copy Protocol), 389
screened subnets, 701
screensavers, 676
SD-WAN (software-defined wide area networking), 455
SDH (Synchronous Digital Hierarchy), 451
SDN (software-defined networking)
data centers, 590
vs. virtualization, 561–563
SDSL (symmetric DSL), 456
secondary name servers in DNS, 327
Secure Copy Protocol (SCP), 389
Secure Hash Algorithm (SHA), 363–365
secure protocols, 381
Secure Shell (SSH) protocol
overview, 381–383
Telnet replacement, 298–299
tunneling, 383–384
Secure Sockets Layer (SSL)
certificate issues, 771
e-mail, 389
VPNs, 475–476
security
cloud computing, 569–570
home, 609–610
network. See network security
policies, 630–634
Wi-Fi, 497–505
Security and Maintenance tool, 694–695
security event management (SEM), 726–727
security guards, 681
security identifiers (SIDs) in Kerberos, 380
security information and event management (SIEM), 726–727
security information management (SIM), 726–727
security through obscurity concept, 504
security type mismatches in Wi-Fi, 529
segments and segmentation
connections, 84–86
DMZs, 701
hybrid topologies, 48
network security, 691–692
packets, 27–30
SCADA, 624–625
TCP, 175
SEM (security event management), 726–727
Sender Policy Framework (SPF), 342
sensors for network monitoring, 718
separation of duties, 658
Sequence number field in TCP, 175
serial field for name servers, 327
server-based anti-malware, 697
server clusters for multilayer switches, 411
server farms in data centers, 596
Server Message Block (SMB), 319
server not found message in DNS, 344–345
servers
DHCP, 214–217
DHCP, multiple, 225–226
DHCP, rogue, 226–227
DNS, 321–322
DNS, administering, 333–343
DNS, name, 326–327
DNS, public, 342–343
DNS, subdomains, 325
e-mail, 300–301
ICS, 622
multilayer switches, 417–420
protecting, 675–676
RADIUS, 501
rail racks, 120
troubleshooting, 764
unified communication, 616
service-layer cake in cloud computing, 549
service-level agreements (SLAs), 639
service-related entry points, 131
service set identifiers (SSIDs)
disabling broadcasts of, 504
infrastructure networks, 521–522, 526
wireless networks, 490–491, 535–536
service (SRV) DNS records, 341
services
cloud computing, 549
unnecessary, 677–678
session hijacking, 669
session IDs in SSH, 381
Session Initiation Protocol (SIP), 614
Session layer in OSI seven-layer model, 30–32
sessions
description, 283
seeing, 32
sockets, 291
severity levels, 725
SFF (small form factor) connectors, 98–99
SFP (small form-factor pluggable) transceivers, 100, 104
SFTP (SSH File Transfer Protocol), 389
SHA (Secure Hash Algorithm), 363–365
shapers for multilayer switches, 413–414
shells, CLI, 739
shielded twisted pair (STP) cable, 55
Short Message Service (SMS) alerts, 712
shorthand notation for IPv6 addresses, 427
shorts in cabling, 149
shoulder surfing, 675
show config commands, 759
show interfaces command, 719
network troubleshooting, 759
switches, 398–399
show route command, 760
show ip route command, 242
SIDs (security identifiers) in Kerberos, 380
SIEM (security information and event management), 726–727
signal level issues in Wi-Fi, 529–530
signal loss
fiber-optic cabling, 154–155
measuring, 154
signal mismatches in fiber-optic cabling, 155
signal strength in 802.11, 487
signal-to-noise ratio (SNR) in Wi-Fi, 534–535
signatures
intrusion detection systems, 416
nonrepudiation, 365–366
viruses, 696
SIM (security information management), 726–727
SIM (subscriber identity module) cards, 463–464
Simple Mail Transfer Protocol (SMTP), 299
Simple Mail Transport Protocol Secure (SMTPS), 389
Simple Network Management Protocol (SNMP), 390–391, 708–712
Simple Network Time Protocol (SNTP), 285–286
Simultaneous Authentication of Equals (SAE), 503
single-mode fiber (SMF) fiber-optic cabling, 61
single sign-on (SSO) in Kerberos, 380
single strand fiber transmission, 104
SIP (Session Initiation Protocol), 614
SIP trunking, 616
site surveys
data centers, 600–601
Wi-Fi, 509–512
site--to-site VPN connections, 475
6in4 tunneling standard, 445
66 blocks, 122–124
SLAAC (stateless address autoconfiguration) process, 434–438
SLAs (service-level agreements), 639
slow Wi-Fi connections, 532–533
small form factor (SFF) connectors, 98–99
small form-factor pluggable (SFP) transceivers, 100, 104
smart cards, 682
smart garage door openers, 609
smart lockers, 683–684
smart printers, 609
Smart Queue Management, 413
smart speakers, 608
SMB (Server Message Block), 319
SMF (single-mode fiber) fiber-optic cabling, 61
SMS (Short Message Service) alerts, 712
SMTP (Simple Mail Transfer Protocol), 299
SMTPS (Simple Mail Transport Protocol Secure), 389
SNAT (static NAT), 247
snips, 736
SNMP (Simple Network Management Protocol), 390–391, 708–712
snooping
DHCP, 662
IGMP, 766–767
SNR (signal-to-noise ratio) in Wi-Fi, 534–535
SNTP (Simple Network Time Protocol), 285–286
SOA (start of authority) DNS records, 336–337
social engineering
training, 638
types, 674–676
sockets, 291
software
802.11, 487–488
troubleshooting tools, 738–749
software as a service (SaaS), 552–553
software-defined networking (SDN)
data centers, 590
vs. virtualization, 561–563
software-defined wide area networking (SD-WAN), 455
software firewalls, 697–698
SOHO firewalls, 697
solid core UTP cable, 117
solution implementation in troubleshooting, 755
something you do factor in authentication, 371
something you have factor in authentication, 371
something you know factor in authentication, 371
somewhere you are factor in authentication, 371
SONET (Synchronous Optical Network), 101–102, 451
SOPs (standard operating procedures), updating, 636
source addresses in Ethernet, 69
SOWs (statements of work), 639
SpaceX Starlink service, 460
Spanning Tree Protocol (STP), 85–86
Speakeasy Speed Test, 748–749
speakers, 608
special IP addresses, 227
spectrum analyzers, 534
speed of switches, 399
speed test sites, 457, 748–749
SPF (Sender Policy Framework), 342
spine-and-leaf architecture, 590–591
splicers for fiber-optic cabling, 157
split pairs in copper cabling, 149
split tunnel VPNs, 475
splitters for coaxial cable, 53
spoofing
MAC addresses, 504
types, 660
spread-spectrum transmission, 491
SPSs (standby power supplies), 165
spyware, 674
SQL (Structured Query Language), 304–305
SRV (service) DNS records, 341
ss utility, 746
SSH (Secure Shell) protocol
overview, 381–383
Telnet replacement, 298–299
tunneling, 383–384
SSH File Transfer Protocol (SFTP), 389
SSIDs (service set identifiers)
disabling broadcasts of, 504
infrastructure networks, 521–522, 526
wireless networks, 490–491, 535–536
SSL. See Secure Sockets Layer (SSL)
SSO (single sign-on) in Kerberos, 380
ST (straight tip) connectors, 61–62, 94
standard operating procedures (SOPs), updating, 636
standards
audit reports, 601
encryption, 380–384
TCP/IP security, 372–380
Wi-Fi. See Wi-Fi standards
standby power supplies (SPSs), 165
star topologies
802.11, 489
basics, 114
description, 46–47
star-bus topologies, 48
star-ring topologies, 48
start frame delimiters in Ethernet frames, 70
start of authority (SOA) DNS records, 336–337
STARTTLS protocol command, 389
starvation attacks in DHCP, 668
state data, backing up, 646
stateful DHCPv6 servers, 435
stateful inspection firewall model, 698
stateful mapping in NAT64, 446
stateless address autoconfiguration (SLAAC) process, 434–438
stateless DHCPv6 servers, 435
stateless inspection firewall model, 698
stateless mapping in NAT64, 446
statements of work (SOWs), 639
static IP addresses, 210–214
static NAT (SNAT), 247
static VLANs, 405
steady state routers, 256
sticky MAC addresses for switches, 399
storage area networks (SANs), 587–588
storage in data centers, 587–588
STP (shielded twisted pair) cable, 55
STP (Spanning Tree Protocol), 85–86
straight-through cable
switches, 84
troubleshooting, 761
straight tip (ST) connectors, 61–62, 94
stranded core UTP cable, 117
strata in NTP, 286
stream ciphers, 358
structured cabling, 113
basics, 114–115
building-wide, 130–131
connection points, 126–127
connections, 141–148
demarcs, 131–134
equipment racks, 118–122
floor plans, 134–135
horizontal cabling, 115–118
network components, 115–130
patch panels, 122–126
pulling, 137–141
runs, 135–136
telecommunications room location factor, 136–137
telecommunications rooms, 118
testing, 148–157
Structured Query Language (SQL), 304–305
subdomains in DNS, 325
subnet IDs in IPv6 addresses, 427
subnet masks
IP addresses, 192–197
routing tables, 237–238
TCP/IP network issues, 348
troubleshooting, 761
subnets
calculating, 203–207
description, 21
firewalls, 701
host calculations, 201
making, 202–203
overview, 199–201
subscriber connector (SC), 61–62, 94
subscriber identity module (SIM) cards, 463–464
substitution ciphers, 355–356
succession planning, 648
suffixes in DNS, 342–343
supervisory control and data acquisition (SCADA) systems, 623–625
supplicants in RADIUS, 501
surveillance, video, 684–685
surveys, site
data centers, 600–601
Wi-Fi, 509–512
switch port protection, 666
switches
access management, 397–398
data centers, 584
distributed, 558
Ethernet, 81–87
MAC addresses, 16
managing, 396–399
multilayer. See multilayer switches (MLSs)
overview, 395
port configuration, 398–399
review, 421–423
segment connections, 84–86
selecting, 106
STP, 85–86
troubleshooting, 87
virtual, 557–558
VLANs, 400–409
switching loops, troubleshooting, 767
switchports, disabling, 693
symmetric DSL (SDSL), 456
symmetric-key encryption, 357–359
symptoms identification in troubleshooting, 751
SYN (synchronize) segments in three-way handshakes, 175, 283–284
SYN-ACK segments in three-way handshakes, 175
Synchronous Digital Hierarchy (SDH), 451
Synchronous Optical Network (SONET), 101–102, 451
system life cycles, 672
T
tables
port address translation, 246
router, 190–191
routing. See routing tables
TACACS+ (Terminal Access Controller Access Control System Plus), 378
tags
assets, 683
VLANs, 405–406
tailgating, 681
tape backups, 587
tasklist tool, 296
TCN (topology change notification) BPDUs, 86
TCP/IP (Transmission Control Protocol/Internet Protocol), 22
Application layer protocols, 176–177
applications. See TCP/IP applications
history, 172
IP addresses. See IP addresses
IP and Ethernet, 177–181
MAC addresses, 23–24
network issues, 347–349
Network layer protocols, 173–174
overview, 171–172
packets, 24–26
review, 228–230
security. See TCP/IP security
Transport layer protocols, 174–176
TCP/IP applications, 281
chart of, 311
DHCP, 285
DNS, 284
FTP, 305–306
HTTP, 307–311
ICMP, 286–287
IGMP, 288
LDAP, 391
Network layer protocols, 282–283
NTP, 391
NTP/SNTP, 285–286
port numbers. See ports
review, 314–316
SCP, 389
secure, 387–390
SFTP, 389
SNMP, 390–391
SQL, 304–305
SSH, 298–299
TCP, 283–284
Telnet, 297–299
TFTP, 286
Transport layer protocols, 282–283
UDP, 284
Zoom, 312–313
TCP/IP security
AAA, 375–380
applications, 387–390
authentication, 370–371
authentication and encryption combined, 385–387
authorization, 371–372
concepts, 354
encryption, 354–361
encryption standards, 380–384
integrity, 361–365
nonrepudiation, 365–370
overview, 353
PPP, 373–375
review, 391–393
standards overview, 372
tcpdump tool, 748
TCPView tool, 293–294
TDMA (time-division multiple access), 463
TDRs (time domain reflectometers), 151, 733
teams
change management, 635
disaster recovery, 646
incident response, 645
Teams application, 312–313
technical support in service-level agreements, 639
Telecommunications Industry Association (TIA), 113–114
Telecommunications Industry Association/Electronics Industries Alliance (TIA/ EIA), 75
telecommunications rooms
data centers, 596
equipment racks, 118–122
locating, 136–137
patch panels, 122–126
problems, 165–166
work areas, 128–130
teleconferencing, 615
Telnet protocol, 297–299
temperature monitors
purpose, 736
telecommunications rooms, 166
TEMPEST standards, 680
Temporal Key Integrity Protocol (TKIP), 502
10BASE-FL Ethernet, 76–78
10BASE-T Ethernet, 72–76
Terminal Access Controller Access Control System Plus (TACACS+), 378
terminations, cable
troubleshooting, 761
UTP standards, 75
Terraform tool, 571–573
test environments for IaC, 555
testing
IPv6, 437–438
NICs, 163
patches, 637–638
penetration, 643–644
throughput, 748–749
troubleshooting, 755
troubleshooting theories, 754
TFTP (Trivial File Transfer Protocol), 286, 306
TGSs (Ticket-Granting Services) in Kerberos, 379–380
TGTs (Ticket-Granting Tickets) in Kerberos, 379
theories of probable causes in troubleshooting, 753–754
thermostats, 607–608
thick clients in WAPs, 508
thin clients in WAPs, 508
third parties
assessments, 644–645
common agreements, 639–640
data centers, 589
DNS servers, 333
NMS, 269–270
PKI, 366
software tools, 738
terminal emulators, 468
threats
insider, 669–671
network, 658–659
risk assessment, 640
terminology, 659–660
three-tiered architecture in data centers, 584
three-way handshakes in TCP, 174–175, 283
throughput testers, 748–749
TIA (Telecommunications Industry Association), 113–114
TIA/ EIA (Telecommunications Industry Association/Electronics Industries Alliance), 75
TIC (Tunnel Information and Control) protocol, 445
Ticket-Granting Services (TGSs) in Kerberos, 379–380
Ticket-Granting Tickets (TGTs) in Kerberos, 379
tiers in data centers, 583–584
time-division multiple access (TDMA), 463
time domain reflectometers (TDRs), 151, 733
time issues, troubleshooting, 767–768
Time to Live (TTL) field
DNS, 335
IP headers, 174
MPLS headers, 453
routers, 276–277
TKIP (Temporal Key Integrity Protocol), 502
TLD (top-level domain) names in DNS, 322
TLS. See Transport Layer Security (TLS) protocol
tokens in Kerberos, 379
toners for cabling, 166–168
top-level domain (TLD) names in DNS, 322
top listeners, 726
top-of-rack switching in data centers, 584
top-to-bottom OSI model troubleshooting approach, 753
topologies
bus and ring, 44–46
hybrid, 47–48
mesh, 48–49
overview, 43
parameters, 49–50
review, 65–66
star, 46–47
topology change notification (TCN) BPDUs, 86
Total Length field in IP headers, 174
traceroute tool
overview, 739
routers, 275
TCP/IP network issues, 348
tracert command
overview, 739
routers, 275
TCP/IP network issues, 348–349
traffic flows
data centers, 585–586
logs, 725
traffic shaping in multilayer switches, 413–414
trailers in frames, 14
training, 638
transceivers
fiber-optic cabling mismatches, 155
Gigabit Ethernet, 100, 103–105
troubleshooting, 761
translation tables in port address translation, 246
Transmission Control Protocol (TCP). See also TCP/IP (Transmission Control Protocol,/Internet Protocol)
connection-oriented protocols, 29
segments, 29–30
transmission frequencies and methods in 802.11, 491
transmit beamforming in 802.11n, 495
Transport layer
OSI seven-layer model, 27–30
TCP/IP applications, 282–283
TCP/IP protocols, 174–176
Transport Layer Security (TLS) protocol
certificate issues, 771
EAP, 499
SNMP, 712
VPNs, 475–476
Transport mode in IPsec, 386
Traps in SNMP, 710–711
Trivial File Transfer Protocol (TFTP), 286, 306
Trojan horses, 673
troubleshooting
common issues overview, 757
far-flung problems, 769–772
firewalls, 702–703
hands-on problems, 760–763
hardware tools, 732–738
joy of, 773
nearby problems, 763–769
network considerations, 759–760
network performance, 772–773
overview, 731
process, 750–757
review, 773–775
scenario, 757–759
software tools, 738–749
switches, 87
TCP/IP network issues, 347–349
tools overview, 732
VLANs, 409
WANs, 477–479
Wi-Fi, 528–537
trunking
SIP, 616
trusted third parties for certificates, 366
trusted users, 669–670
TSP (Tunnel Setup Protocol), 445
TTL field. See Time to Live (TTL) field
tunnel brokers in IP addresses, 445
Tunnel Information and Control (TIC) protocol, 445
Tunnel mode in IPsec, 386
Tunnel Setup Protocol (TSP), 445
Tunneled TLS, 499
tunnels and tunneling
IPv4-to-IPv6, 444–446
SSH, 383–384
VPNs. See virtual private networks (VPNs)
twinaxial cable, 54
twisted pair cable, 54–59
two-factor authentication, 371
two-post racks, 120
two-way satellite access, 460–461
TXT DNS records, 342
Type 1 hypervisors, 544–545
Type 2 hypervisors, 544–545
Type entry in routing tables, 236
Type field
Ethernet frames, 70–71
Ethernet headers, 179
generic frames, 14
U
UC. See unified communication (UC)
UCaaS (unified communication as a service), 618–619
UDP. See User Datagram Protocol (UDP)
ultra-physical contact (UPC) connectors, 99
unauthorized access, 686
unbounded media, 484
underutilization of hardware, 542–543
Underwriters Laboratories cabling fire ratings, 63
unencrypted channels, 679
unicast addresses
description, 18
link-local, 429
unicast frames, 18
unicasts for packets, 198
unidirectional antennas, 518
unified communication (UC)
DCS, 621–623
features, 614–615
ICS, 619–620
network components, 615–616
PLC, 623
protocols, 616–617
SCADA, 623–625
UCaaS, 618–619
VoIP, 613–614
VTC and medianets, 617–618
unified communication as a service (UCaaS), 618–619
unintentional DoS attacks, 668
uninterruptible power supplies (UPSs)
data centers, 593
telecommunications rooms, 165
units in equipment racks, 120
unmanaged switches, 396
unnecessary running services, 677–678
unpatched systems, 679
unshielded twisted pair (UTP) cable
10BASE-T, 72–73
couplers, 165
crosstalk, 152
description, 6
overview, 55–58
patch panels, 125
solid core vs. stranded, 117
split pairs, 149
untested updates for Wi-Fi, 536
untrusted users, 669–670
unused components and devices, 672
UPC (ultra-physical contact) connectors, 99
updates
purpose, 636–637
standard operating procedures, 636
Wi-Fi, 536
uplink ports for switches, 84
UPSs (uninterruptible power supplies)
data centers, 593
telecommunications rooms, 165
USBs for NICs, 159
Use entry in routing tables, 236
user authentication standards, 373
AAA, 375–380
PPP, 373–375
User Datagram Protocol (UDP)
connection-connectionless protocols, 29
datagrams, 30
description, 284
DHCP, 219
SNMP ports, 712
Zoom, 313
usernames
AAA, 376
routers, 268
spoofing, 660
users and user accounts
controlling, 685–688
malicious, 670–671
trusted and untrusted, 669–670
utilization limits policies, 772
UTP cable. See unshielded twisted pair (UTP) cable
V
Vagrant tool, 566–568
variable-length subnet masking (VLSM), 207, 257
variables in SNMP, 710
VCSELs (vertical-cavity surface-emitting lasers) for fiber-optic cabling, 61
VDI (virtual desktop infrastructure), 574
VDSL (very-high-bit-rate DSL), 456
vendor assessments, 644–645
verifying
functionality, 756
Wi-Fi installation, 528
Version field in IP headers, 174
vertical-cavity surface-emitting lasers (VCSELs) for fiber-optic cabling, 61
vertical cross-connects in demarcs, 133
very-high-bit-rate DSL (VDSL), 456
video surveillance, 684–685
video teleconferencing (VTC), 615, 617–618
VIP (virtual IP) addresses, 592
virtual desktop infrastructure (VDI), 574
virtual disks in data centers, 588
virtual IP (VIP) addresses, 592
virtual LANs (VLANs)
assigning and tagging, 405–406
assignments troubleshooting, 760
configuring, 402–405
DHCP, 408–409
hopping, 671
inter-VLAN routing, 407–408
overview, 400–401
pooling, 508
private, 409
voice, 409
virtual machines (VMs), 542, 556–557, 559–560
Virtual Network Computing (VNC), 468–469
virtual network interface cards (vNICs), 557–558
virtual private networks (VPNs)
alternative, 476
DMVPN, 476
DTLS, 476
L2TP, 474–475
local and cloud resources, 576–577
overview, 470–471
PPTP, 472–474
SSL, 475–476
Virtual Router Redundancy Protocol (VRRP), 592, 770
virtual switches (vSwitches), 557–558
VirtualBox
Linux, 543–544
Rocket.Chat platform setup, 564–568
virtualization
abstraction, 545–547
cloud computing. See cloud computing
data centers, 589
flexibility, 547–548
network function, 560–563
overview, 541–545
review, 578–580
Rocket.Chat platform, 564–568
routers and firewalls, 558–559
scaling, 548
software-defined networking, 561–563
switches, 557–558
virtualized network functions (VNFs), 560
viruses
overview, 673
signatures, 696
Visual Studio Code editor, 568
VLAN Trunking Protocol (VTP), 406
VLANs. See virtual LANs (VLANs)
VLSM (variable-length subnet masking), 207, 257
VMs (virtual machines), 542, 556–557, 559–560
VNC (Virtual Network Computing), 468–469
VNF components (VNFCs), 560
VNFs (virtualized network functions), 560
vNICs (virtual network interface cards), 557–558
Voice over IP (VoIP), 613–614
voice VLANs, 409
voltage event recorders, 165–166
voltage quality recorders, 736
VPNs. See virtual private networks (VPNs)
VRRP (Virtual Router Redundancy Protocol), 592, 770
vSwitches (virtual switches), 557–558
VTC (video teleconferencing), 615, 617–618
VTP (VLAN Trunking Protocol), 406
VTP pruning tool, 406
vulnerabilities
assessing, 640–643
cleartext credentials, 679–680
network security. See network security
RF emanation, 680
unencrypted channels, 679
unnecessary running services, 677–678
unpatched and legacy systems, 679
W
wall outlets in work areas, 128–129
WANs. See wide area network (WAN) connectivity
WAPs. See wireless access points (WAPs)
warm sites, 647
wave division multiplexing (WDM), 104
wavelength
description, 97
fiber-optic cabling mismatches, 155
wavelength division multiplexing (WDM), 451–452
web access for routers, 267–269
Web filtering, 700
web mail, 303–304
well-known ports, 288–289
WEP (Wired Equivalent Privacy), 498
whitelists, 504
Wi-Fi 6, 496
Wi-Fi Alliance, 503
Wi-Fi analyzers, 510–511
Wi-Fi Protected Access (WPA), 498
Wi-Fi Protected Access 2 (WPA2), 502–503
Wi-Fi Protected Setup (WPS), 497
Wi-Fi standards
802.11, 485–493
802.11a, 494
802.11ac, 496
802.11ax, 496–497
802.11b, 493–494
802.11g, 494–495
802.11n, 495–496
channel problems, 528–529
connection issues, 528–537
enterprise wireless, 505–509
Internet of Things, 610–611
overview, 484
security, 497–505
security type mismatches, 529
signal and power levels, 529–531
WPS, 497
wide area network (WAN) connectivity
broadband cable, 459–460
cellular, 461–465
DSL, 456–459
fiber, 461
fiber improvements, 451–452
last-mile technologies, 456–466
overview, 449–450
private, 452–455
remote access, 466–476
review, 480–482
router setup, 271–272
satellites, 460–461
selecting, 465–466
SONET, 451
TCP/IP, 177–178
technologies, 450–455
troubleshooting, 477–479
Windows Defender Firewall, 698
WinFrame/MetaFrame products, 466–467
wire maps
problems, 733
testers, 150
Wired Equivalent Privacy (WEP), 498
wireless access points (WAPs)
802.11, 486
AAA, 420
adding, 527
enterprise wireless, 506–507
infrastructure networks, 515–517, 520–522
issues, 530–533
rogue, 536
wireless analyzers, 510–511
wireless channel utilization, 529
wireless local area networks (WLANs), 489
wireless networking
ad hoc networks, 514–515
client installation, 513–514
extending, 527
infrastructure networks, 515–526
OSI seven-layer model, 35–38
overview, 483–484
review, 537–539
site surveys, 509–512
verifying installation, 528
Wi-Fi standards. See Wi-Fi standards
Wireshark protocol analyzer, 713–716
wiring diagrams, 599
WLANs (wireless local area networks), 489
word patterns in Caesar cipher, 355–356
work areas
connecting, 142
horizontal cabling, 116
telecommunications rooms, 128–130
worms, 673
WPA (Wi-Fi Protected Access), 498
WPA-Enterprise, 501
WPA2 (Wi-Fi Protected Access 2), 502–503
WPA2-Enterprise, 503
WPA2-Personal, 503
WPA3, 503
WPS (Wi-Fi Protected Setup), 497
X
XOR (exclusive OR) operation in encryption, 356–357
Y
Yagi antennas, 518
Yost cable, 263
Z
Z-Wave protocol, 610
Zabbix tool
sensors, 718
SNMP, 390
Zenmap tool, 641
zero-configuration networking (zeroconf), 223
zero-day attacks, 661–662
zero trust, 657
Zigbee protocol, 610
zombies, 667
zones in DNS, 321–322
description, 326
forward lookup, 336
IPv6, 441–442
primary and secondary servers, 327
reverse, 328
Zoom application, 312–313
3.142.135.190