N
NAC (network access control), 367, 682–683
NAC (Network Admission Control) (Cisco), 682–683
name resolution. See also DNS (Domain Name System)
broadcasts for, 319
NetBIOS/NetBEUI, 304–306
overview of, 303
name server (NS) records, DNS, 327
names, network
Active Directory-integrated zones, 335
DDNS, 338–339
DNS record types, 327–330
DNS servers, 324–327
DNSSEC, 340
forward lookup zones, 330–331
host file, 306–308
how DNS works, 308–309
IPAM (IP Address Management), 340
name resolution, 318–324
name servers, 314–318
name spaces, 309–314
NetBIOS and, 304–306
overview of, 303
placing DNS servers, 335–338
review Q&A, 346–348
troubleshooting DNS, 340–343
Windows use of SMB, 331–334
naming conventions, DNS, 314
nano-SIM, in LTE, 583
nanometer (nm), in measurement of wavelength of light, 61
NAS (Network Access Server), 372–373, 513
NAS (network attached storage), 566, 605
NAT (Network Address Translation)
active FTP and, 299
configuring, 233–234
Dynamic NAT, 232
high availability, 635
moving to IPv6 (NAT64), 443
overview of, 228–229
Port Address Translation, 230–231
port forwarding, 231–233
setting up, 229
Static NAT, 231–232
WAN problems, 754
NAT translation table, 230–231
NAT traversal, 442
National Institute of Standards (NIST)
hash algorithms, 359
time servers, 751
National Security Agency (NSA), 674
NDP (Neighbor Discovery Protocol), 436–437
near-end crosstalk (NEXT), troubleshooting copper cable, 143
near field communication (NFC), 588–589
NEC (National Electrical Code)
cable fire ratings, 64
cable pulling standards, 133
need analysis/definition, in building network, 601–602
Neighbor Discovery Protocol (NDP), 436–437
neighbor solicitation/advertisement, NDP, 436
neighborship, OSPF, 244
Nessus vulnerability scanner, 638, 640
Net Activity Viewer, Linux utility, 275
net view, troubleshooting NetBIOS settings, 344
NetBT (NetBIOS over TCP/IP), 305
NetFlow collectors, 707
NetFlow, packet flow monitoring with, 705–708
netstat utility
checking out NetBIOS, 306
diagnosing TCP/IP networks, 345
rules for determining good or bad communication, 278
software troubleshooting tools, 733
viewing connection status, 275–278
viewing endpoints, 272
viewing open ports, 671–672
network access control (NAC), 367, 682–683
network access policies, 629
Network Access Server (NAS), 372–373, 513
Network Address Translation. See NAT (Network Address Translation)
Network Admission Control (NAC) (Cisco), 682–683
network analyzers
Nagios, 715
packet inspection, 705
performance monitoring, 716
network appliances, WAN problems, 753–754
network attached storage (NAS), 566, 605
network-based anti-malware, 689
network-based firewalls, 690
network-based IDS (NIDS), 413
network controller, controlling traffic to routers and switches, 568
network diagrams, 602
network IDs
configuring routers, 255–256
converting to dotted decimal, 193
interconnecting LANs, 179–181
for LANs, 178–179
in router, 180
troubleshooting routers, 258
network installation. See installing physical network
network interface cards. See NICs (network interface cards)
Network Interface layer (Link layer), TCP/IP, 34–35, 41
network interface unit. See NIU (network interface unit)
network intrusion protection system (NIPS), 415
Network layer (Layer 3), OSI model, 22–24
Network Management Software (NMS), 252–254
network management station (NMS), 701–702
network models
Cisco certifications, 2
OSI. See OSI (Open Systems Interconnection)
overview of, 1–2
TCP/IP. See TCP/IP (Transmission Control Protocol/Internet Protocol)
troubleshooting, 41
working with, 2–4
network monitoring
with distributed control system, 619–620
with industrial control system, 617–619
interface monitors, 708–711
overview of, 699
packet flow using NetFlow, 705–708
packet sniffers, 704
performance monitors, 711–712
with programmable logic controller, 620–621
as protection measure, 678
protocol analyzers, 704–705
review Q&A, 717–719
scenario combining tools and techniques, 712–716
SIEM, 716–717
SNMP, 699–703
tools for, 704
network names. See names, network
network operations center (NOC), 714
network protection
ACLs (access control lists), 692–693
administrative access attacks, 666
ARP cache poisoning, 658–661
brute force attacks, 664
cleartext credentials, 674
controlling user accounts, 679–681
deauthentication (deauth) attacks, 663
device hardening, 685
disabling unneeded services, 671–672
DMZ (demilitarized zone), 693–694
DoS (denial of service) attacks, 661–663
edge devices, 681–682
firewall implementation and configuration, 691–692
firewall troubleshooting, 695, 696–698
firewall types, 690–691
guest and quarantine networks, 684–685
hardening, 675
honeypots and honeynets, 694–695
host security, 686
local attacks (physical), 664–666
malware, 667–668
malware prevention, 686–689
man-in-the-middle attacks, 663–664
monitoring, 678
network security, 679
overview of, 655
packet/protocol abuse, 657–658
persistent and non-persistent agents, 683–684
physical security, 675
posture assessment, 682–683
prevention and control, 675–678
RE emanation, 674
session hijacking, 664
social engineering, 668–670
spoofing attacks, 656–657
threats, 655–656
unencrypted channels, 673–674
unpatched and legacy systems, 673
VLAN hopping attacks, 666
vulnerabilities, 671
zero-day attacks, 658
network protection devices
AAA, 418–419
intrusion detection/intrusion protection, 412–415
overview of, 412
port mirroring, 415
proxy servers, 415–417
network protocols, 21
network security
controlling user accounts, 679–681
device hardening, 685
edge devices, 681–682
guest and quarantine networks, 684–685
overview of, 679
persistent and non-persistent agents, 683–684
posture assessment, 682–683
network segmentation
DMZs using, 693
SCADA, 622–623
VLANs for, 606
Network Time Protocol. See NTP (Network Time Protocol)
network topologies
bus and ring topologies, 46–47
hybrid topology, 48–49
mesh topology, 49–50
overview of, 45
parameters of, 50
review Q&A, 66–68
star topology, 48
network troubleshooting
arp utility, 729–730
cable strippers/snips, 725
cable testers, TDRs, and OTDRs, 722–724
certifiers, 724
documenting findings, 743–744
end-to-end connectivity, 756
escalation, 754–756
establish plan of action, 741
establish theory of probable cause, 739–741
hands-on problems, 745–748
hardware tools, 722
identify the problem, 738–739
implement solution or escalate, 742
ipconfig/ifconfig, 728–729
LAN problems, 748–751
light meters, 724–725
looking glass sites, 735
multimeters, 725–726
My Traceroute (mtr), 732
netstat utility, 733
network models (TCP/IP and OSI), 41
nslookup, 731
overview of, 721
packet sniffers/protocol analyzers, 733–734
ping/pathping, and arping, 730–731
port scanners, 734–735
process for, 736–737
punchdown tools, 726
resolving common issues, 744
review Q&A, 757–759
route utility, 732
software tools, 727
test theory of probable cause, 741
throughput testers, 735–736
tone probes/tone generators, 726
tools for, 722
tracert and traceroute, 727–728
unable to access remote Web server, 744–745
verifying functionality of system and implement preventative measures, 742–743
voltage quality recorder and temperature monitor, 725
WAN problems, 751–754
wireless issues, 540–543
Network utility, macOS
displaying MAC and IP addresses, 174–176
troubleshooting no DHCP server message, 210–211
networking devices (advanced). See advanced networking devices
networks, building
categories to consider in, 601
compatibility issues, 606–607
DCS (distributed control system), 619–620
design process, 603
documentation, 602–603
equipment room, 605
external connections, 610–611
ICS (industrial control system), 617–618
internal connections, 607–610
need analysis/definition, 601–602
overview of, 599–600
peripherals, 605–606
PLC (programmable logic controller), 620–621
review Q&A, 623–625
SCADA (supervisory control and data acquisition), 621–623
servers, 604
UC (unified communication), 612–615
VoIP, 611–612
VTC and medianets, 615–617
workstations, 604
networks, wireless. See wireless networking
Next-Generation Firewalls (NGFW), 691
NEXT (near-end crosstalk), troubleshooting copper cable, 143
NFC (near field communication), 588–589
NGFW (Next-Generation Firewalls), 691
NIC teaming (port bonding), 411–412, 751
NICs (network interface cards)
bonding NICs, 151
bridged NICs, 566–567
buying, 149
connecting, 150–151
creating/reading frames, 13
CSMA/CD, 80–81
diagnosing TCP/IP networks, 344
Ethernet frames, 72
FCS and, 16
frame movement, 16–19
half-duplex and full-duplex, 75, 95–96
how they work, 9–10
hubs and switches, 14–15
installing NIC drivers, 151
installing wireless client, 525
LAN problems, 751
Link layer (Network Interface layer), 34
MAC addresses, 11–12
MAC (Media Access Control) and LLC (Logical Link Control), 19–20
multispeed and auto-sensing, 94
network installation and, 148–149
OSI model and, 20
overview of, 8–9
packets in frames, 25–27
setting up ad hoc network, 525
testing, 155
upgrading 10BaseT to 100BaseT, 93–94
wireless networking hardware, 499
NIDS (network-based IDS), 413
NIPS (network intrusion protection system), 415
NIST (National Institute of Standards)
hash algorithms, 359
time servers, 751
NIU (network interface unit)
connecting modem to phone jack, 470
as demarc, 125–127
DSL smart jacks, 476
nm (nanometer), in measurement of wavelength of light, 61
Nmap port scanner, 638–639, 734
NMS (Network Management Software), 252–254
NMS (network management station), 701–702
NOC (network operations center), 714
nodes, protecting critical nodes, 635
non-persistent agents, in network security, 683–684
nondisclosure agreement, 638
nonrepudiation
defined, 350
digital signatures, 361
overview of, 361
PKI (public-key infrastructure), 361–365
notification, of change, 631
NS (name server) records, DNS, 327
NSA (National Security Agency), 674
NTP (Network Time Protocol)
example of protocol abuse, 657–658
multicast addresses and, 428
overview of, 266
securing TCP/IP applications, 385
O
OC (Optical Carrier), 461
OEM tools, 253
OFDM (orthogonal frequency-division multiplexing), 505
off-boarding, mobile networking, 592
Office 365 suite (Microsoft), 573
Ohm ratings, coaxial cabling, 54
omnidirectional antennas, 527–529
on-boarding, mobile networking, 592
one-way satellite service, 479–480
open circuit, testing for, 723
open ports (listening ports), 275
Open Shortest Path First (OSPF), 244–246
Open Systems Interconnection. See OSI (Open Systems Interconnection)
OpenNMS, 253–254
OpenVAS, 638
OpenVPN, 396
operating systems. See OSs (operating systems)
Optical Carrier (OC), 461
optical connection tester, 153
optical power meters, 724
optical time domain reflectometer (OTDR), 147–148, 722–724
Organizationally Unique Identifier (OUI), 10, 665–666
orthogonal frequency-division multiplexing (OFDM), 505
OSI (Open Systems Interconnection)
comparing with TCP/IP, 40
encapsulation/de-encapsulation, 33
encryption using, 357
FCS (frame check sequence), 16
frame movement, 16–19
hardware layers (1 &2), 6–8
hexadecimal numbering system, 10
hubs, 14–15
IP addresses (network layer), 22–24
LLC (Logical Link Control), 19–20
MAC-48 and EUI-48, 11
MAC addresses, 10–14
MAC (Media Access Control), 19–20
MHTechEd and, 5–6
network segmentation and, 622–623
overview of, 4–5
packets, 24–27
review Q&A, 41–44
segmentation and reassembly (transport layer), 27–28
software layers (3-7), 20–22
SONET and, 461
switches, 15
talking on networks (session layer), 28–31
top down or bottom up approaches to troubleshooting, 740–741
translation of data from lower layers (presentation layer), 31–32
troubleshooting networks and, 41
working with applications (application layer), 32–33
OSPF (Open Shortest Path First), 244–246
OSs (operating systems)
Linux/UNIX. See Linux/UNIX OSs
mac. See macOS
rules for determining good or bad communication, 278
updates, 632
Windows. See Windows OSs
OTDR (optical time domain reflectometer), 147–148, 722–724
OUI (Organizationally Unique Identifier), 10, 665–666
out-of-band management
LOM (lights-out-management), 491
managed switches and, 398
outbound traffic, firewalls blocking, 689
overcapacity, troubleshooting wireless networks, 543
overlay tunnels, moving to IPv6, 443
P
PaaS (Platform as a Service)
overview of, 571–573
public cloud, private cloud, community cloud, and hybrid cloud versions, 574–575
packet drop, interface monitors, 709
packet filters, firewall techniques, 690
packet (protocol) analyzers
packet inspection, 704–705
performance monitoring, 716
packet sniffers
overview of, 704
packet inspection, 705
performance monitoring, 716
packet sniffing attacks, 665
packet switching protocols
ATM (Asynchronous Transfer Mode), 463–464
Frame Relay, 463
MPLS (Multiprotocol Label Switching), 464–467
overview of, 462–463
packets
firewall rules (block/allow), 689
in frames, 24–27
Internet layer and, 35
malformed, 658
OSI model and, 22
packet flow monitoring with NetFlow, 705–708
protocol (packet) analyzers, 704–705
segmentation and reassembly, 27–28
threats, 657–658
traffic floods, 685
traffic spike, 663
pad, Ethernet frames, 73
PAgP (Port Aggregation Protocol), 412, 750–751
PANs (personal area networks), 586, 590
PAP (Password Authentication Protocol)
dangers of cleartext credentials, 674
PPP methods for authentication, 368
RADIUS server supporting, 373
parabolic antennas, 530
parallel cable, 63
parameters, of network topologies, 50
partially meshed topology, 50
passive optical network (PON), 480
passphrases
configuring encryption for access points, 533
in local authentication, 366
wrong passphrase, 541
Password Authentication Protocol. See PAP (Password Authentication Protocol)
passwords
brute force attacks, 664
dangers of cleartext credentials, 674
device hardening, 685
in local authentication, 365–366
password protected screensavers, 670
policies, 629
training end users, 634
PAT (Port Address Translation), 230–233
patch antennas, 530
patch cables
accounting for in UTP cable length specification, 125
connecting PCs to RJ-45 jacks, 124
connecting to DSL modem, 477
making, 136–138
overview of, 122–123
patch panels
110 block and 66 block types, 119–120
CAT ratings, 121–122
connecting, 138–140
organizing cables, 121
overview of, 118
vertical cross-connect, 128
patches
change management, 632–634
device hardening, 685
vulnerabilities of unpatched systems, 673
Path MTU Discovery (PMTU), 753
path vector routing protocols, 246
payload, frame structure, 14
PayPal, phishing attacks, 669
PBX systems, VoIP gateway interfacing with, 611
PC (Physical Contact), fiber connectors, 99
PCF (Point Coordination Function), collision avoidance, 506
PCI Express (PCIe), 150, 499–500
PCI (Peripheral Component Interconnect), 150
PCIe (PCI Express), 150, 499–500
PCs
connecting over phone lines, 470
connecting to RJ-45 jacks via patch cable, 124
connectivity components in star-bus topology, 111
password protection, 670
PDUs (protocol data units), SNMP, 701–702
peer-to-peer mode, ad hoc mode as, 501
penetration testing, 639
performance monitors. See also Windows Performance Monitor (PerfMon), 711–712
Peripheral Component Interconnect (PCI), 150
peripherals, network design, 605–606
permissions, controlling user accounts, 679–681
persistent agents, in network security, 683–684
personal area networks (PANs), 586, 590
personal identification numbers (PINs)
Bluetooth and, 586–587
in local authentication, 366
phishing attacks, 669
physical addresses. See MAC addresses
physical attacks, 662
Physical Contact (PC), fiber connectors, 99
physical intrusion, 669–670
Physical layer (Layer 1), OSI model, 7–10
physical security
hardening network, 675
monitoring, 678
physical topology, 49
PID (process ID), tracking running programs, 277–278
pin-out, troubleshooting copper cable, 141
ping
diagnosing TCP/IP networks, 343–344, 346
software troubleshooting tools, 730–731
troubleshooting DNS, 341–342
using with loopback addresses, 213
verifying IP addresses, 200–201
ping of death, 268
PINs (personal identification numbers)
Bluetooth and, 586–587
in local authentication, 366
PKI (public-key infrastructure), 362–365, 376–377
plain old telephone service (POTS). See also PSTN (public switched telephone network), 469
plaintext, 350
plan of action, in troubleshooting, 741–742
Platform as a Service (PaaS)
overview of, 571–573
public cloud, private cloud, community cloud, and hybrid cloud versions, 574–575
PLC (programmable logic controller), 620–621
plenum-rated cable, cable fire ratings, 64
PMTU black hole, 753
PMTU (Path MTU Discovery), 753
PoE (Power over Ethernet), 521
Point Coordination Function (PCF), collision avoidance, 506
Point-to-Point Protocol. See PPP (Point-to-Point Protocol)
Point-to-Point Protocol over Ethernet (PPPoE), 477–478
Point-to-Point Tunneling Protocol (PPTP), 392–394
pointer (PTR) record, reverse lookup zones, 331
points of failure, 635
policies
security. See security policies
system life cycle, 673
polyvinyl chloride (PVC), cable fire ratings, 64
PON (passive optical network), 480
POP3 (Post Office Protocol version 3)
alternatives to, 291–293
e-mail clients, 295
Microsoft Exchange Server, 294
overview of, 291
reviewing Internet applications, 300
Port Address Translation (PAT), 230–233
port aggregation (port bonding), 411–412
Port Aggregation Protocol (PAgP), 412, 750–751
port bonding (NIC teaming), 411–412, 751
port filtering, firewall rules for, 693
port forwarding, 231–233
port mirroring, 415
port scanners
Nmap, 638–639
software troubleshooting tools, 734–735
PortFast, STP switch settings, 86
ports
authentication, 418
blocked, 672
disabling unused, 685
Internet applications and, 300
managed switches and, 397–398
mirrored, 704
in patch panels, 121
registered, 271–275
replacing bad port, 155
rules for determining good or bad communication, 278
switchports and router ports, 407
TCP/IP port numbers, 269–271
trunk port, 400
viewing open ports, 671–672
VLAN assignment, 401–403
WAN problems, 752
well-known ports (TCP/IP), 269, 334
Post Office Protocol version 3. See POP3 (Post Office Protocol version 3)
Postfix, e-mail servers, 293
posture assessment, network security, 682–683
POTS (plain old telephone service). See also PSTN (public switched telephone network), 469
power
monitoring with UPS, 157
rack-mounted equipment and, 650
troubleshooting wireless networks, 541
virtualization, 559
power converters, 605
power failure, hands-on problems, 746
power generators, 605
power management, network design, 605
Power over Ethernet (PoE), 521
power supplies, network design, 605
PPP (Point-to-Point Protocol)
CHAP, 369
MS-CHAP, 369–370
overview of, 368–370
PAP, 368
PPPoE (Point-to-Point Protocol over Ethernet), 477–478
PPTP (Point-to-Point Tunneling Protocol), 392–394
pre-shared keys. See PSK (pre-shared keys)
preamble, Ethernet frames, 72
prefix delegation, in transition from IPv4 to IPv6, 431
prefix lengths, IPv6, 426–427
presence information, UC features, 612–613
Presentation layer (Layer 6), OSI model, 31–32
prevention measures, hardening network, 675–678
PRI (Primary Rate Interface), ISDN, 474
primary (master) DNS server, 315
primary zones, forward lookup zones, 330–331
principle of least privilege, 679
printers, peripherals in network design, 605–606
privacy, acceptable use policy, 628–629
private cloud, 574
private dial-up, remote access connections, 482–484
private IP addresses, 213
private keys, in asymmetric-key encryption, 355–356
privileges
network access policies, 629
principle of least privilege, 679
probable cause, theory of probable cause in troubleshooting, 739–741
Process Explorer, 277–278
process ID (PID), tracking running programs, 277–278
profiles, security issues on smartphones, 585
programmable logic controller (PLC), 620–621
promiscuous mode, packet sniffers, 704
protocol data units (PDUs), SNMP, 701–702
protocol (packet) analyzers
packet inspection, 704–705
performance monitoring, 716
protocol suite. See also TCP/IP (Transmission Control Protocol/Internet Protocol)
Application layer protocols, 169–170
history of TCP/IP, 164
Internet layer protocols, 166–167
overview of, 164–166
Transport layer protocols, 167–169
protocols. See also by individual types
defined, 4
extensible, 701
history of TCP/IP, 164
network protocols, 21
protocol abuse as threat, 657–658
UC (unified communication), 614–615
proximity readers, for RFID chips in badges, 676–677
Proxy ARP, 755–756
proxy servers, 415–417
PSK (pre-shared keys)
EAP-PSK, 514
hardening devices, 594
PSTN (public switched telephone network)
bit rates vs. baud rate, 471–472
coexisting with DSL, 476–477
last mile connection options, 469–471
V standards, 472–473
VoIP as alternative to, 489–490
PTR (pointer) record, reverse lookup zones, 331
public cloud, 574
public-key cryptography, 355–356
public-key infrastructure (PKI), 362–365, 376–377
public keys
in asymmetric-key encryption, 355–356
CA (certificate authority) and, 365
SSH using, 377
public switched telephone network. See PSTN (public switched telephone network)
punchdown tool
for connecting UTP cable, 119
hardware troubleshooting tools, 726
PuTTY
accessing router with, 227
connecting to routers, 248–249
generating key pair, 377
getting RSA key, 376
switch management, 396–397
terminal emulation, 254
as third-party Telnet/SSH client, 288–289
PVC (polyvinyl chloride), cable fire ratings, 64
Q
QA (quality assurance), 609
QoS (quality of service)
assessing security posture, 683
medianets providing, 615–616
for traffic shaping, 410–411
QSFP (quad small form-factor pluggable) optics, 104
quarantine networks, 684–685
quartet, IPv6 notation, 425
query tools, Border Gateway Protocol, 735
R
raceways, mapping cable runs, 130
racks. See equipment racks
radio-frequency identification (RFID), 589–590, 676–677
radio frequency interference (RFI), 544–545, 746
radio frequency (RF), measuring RF output of antenna, 528
RADIUS (Remote Authentication Dial-In User Service)
authentication standards, 372–373
configuring encryption for access points, 536
router/switch configuration for, 418–419
wireless authentication using RADIUS server, 512
RAID (redundant array of inexpensive disks)
hardware consolidation, 559
spreading data across multiple drives, 664
range
extenders, 538
wireless networking, 504
ransomware, 667
Rapid Spanning Tree Protocol (RSTP), 87
RAS (remote access server), 482–484
RBAC (role-based access control), 367
RC4 (Rivest Cipher 4)
examples of symmetric-key encryption, 354
WEP using, 516
WPA using, 517
RDC (Remote Desktop Connection), 488
RDP (Remote Desktop Protocol), 488–489
RE emanation, vulnerabilities, 674
Ready to Send/Clear to Send (RTS/CTS), collision avoidance methods, 507
real-time services (RTS), UC features, 612–613
Real-Time Streaming Protocol (RTSP), for streaming media, 491
Real-time Transport Protocol. See RTP (Real-time Transport Protocol)
reassembly, of packets, 27–28
records, DNS
load balancing and, 408–409
name servers and, 314
overview of, 327–330
recovery, benefits of virtualization, 559
recovery point objective (RPO), 644
recovery time objective (RTO), 644
Reddit hug of death, 663
redundancy
risk management, 636
single point of failure and, 635
redundant array of inexpensive disks. See RAID (redundant array of inexpensive disks)
reflection, physical issues in wireless networks, 543
reflective DDoS attacks, 663
refraction, physical issues in wireless networks, 543
Regional Internet Registries. See RIRs (Regional Internet Registries)
registered ports, 271–275
regulations, policies imposed by, 629–630
relay agent. See DHCP relays (DHCP relay agent)
remote access
in-band management, 491
dedicated connections, 484–485
dial-up connection to Internet, 482
DSL and cable connections for remote access, 485–487
network access policies, 629
overview of, 481–482
private dial-up, 482–484
remote terminal, 488–489
RTSP, 491
Skype, 490–491
VoIP, 489–490
VPN connections for remote access, 484
remote access server (RAS), 482–484
Remote Authentication Dial-In User Service. See RADIUS (Remote Authentication Dial-In User Service)
remote connectivity
alternatives to WAN telephony, 468
ATM, 463–464
in-band management, 491
bit rates vs. baud rate, 471–472
broadband cable, 479
choosing among connection options, 481
converting from analog to digital phone systems, 453–455
dedicated connections, 484–485
dial-up connection to Internet, 482
dial-up lines, 469
digital telephony, 455–456
DS0 (digital signal rate), 456–457
DSL and cable connections for remote access, 485–487
DSL (digital subscriber line), 475–478
FDM, 453
fiber carriers, 460–462
fiber-to-the-home technologies, 480
ISDN, 473–475
last mile solutions, 468
long distance phone calls, 449–450
MPLS, 464–467
multiplexers and local exchanges, 451–453
overview of, 447–448
packet switching, 462–463
private dial-up, 482–484
PSTN, 469–471
remote access, 481–482
remote terminal, 488–489
reverse lookup zones, 494–496
RTSP, 491
satellite access, 479–480
Skype, 490–491
T1 and T3 copper carriers, 457–460
telephony and beyond, 448–449
troubleshooting, 491–494
V standards, 472–473
VoIP, 489–490
VPN connections for remote access, 484
WAN telephony connections, 467–468
Remote Desktop Connection (RDC), 488
Remote Desktop Protocol (RDP), 488–489
remote terminal, 488–489
remote terminal units (RTUs), SCADA, 621–622
repeaters
bus Ethernet and, 73
in telephone systems, 453–454
request timed out, ICMP, 268
requirements list, in building networks, 601
research, benefits of virtualization, 560
Response, SNMP manager, 702–703
reverse lookup zones, 325, 331
reverse proxy servers, 417
RF (radio frequency), measuring RF output of antenna, 528
RFI (radio frequency interference), 544–545, 746
RFID (radio-frequency identification), 589–590, 676–677
RG-58 coaxial cable, 55
ring topology, 46–47
RIP (Routing Information Protocol)
comparing dynamic routing protocols, 246
improvements in OSPF, 244
RIPv1, 241
RIPv2, 241–242
RIPE NCC (RIPE Network Coordination Centre), 435
RIRs (Regional Internet Registries)
aggregation and, 433–434
IANA overseeing, 186
IPv6, 435–436
IPv6 prefix lengths, 427
risk management, 635–636
acceptable use policy, 628–629
backup techniques, 643–644
business continuity plans, 644–645
change management, 630–632
contingency planning, 641–642
disaster recovery, 642–643
emergency procedures, 652
forensics, 645–648
incident response, 642
network access policies, 629
overview of, 627–628
patches and updates, 632–634
points of failure, 635
policies imposed by government laws and regulations, 629–630
rack installation and maintenance, 649–651
redundancy, 636
review Q&A, 652–654
safety, 648–649
security policies, 628
security preparedness, 638–641
standard business documents, 636–638
training, 634
Rivest Cipher 4. See RC4 (Rivest Cipher 4)
Rivest, Shamir, and Adleman (RSA) algorithm, 357, 376–377
RJ-11 connectors/jacks
RJ-45 connectors/jacks
10BaseT requirements, 74–75
8P8C connectors and, 59
cable modems, 479
crimping, 75–76
crossover cables, 85
DSL modems, 479
ISDN, 474
for NICs, 148
patch cables and, 124
RJ-45 crimper, 136–138
RJ-48C, for T1 connections, 457
rogue access points, 546–547
rogue anti-malware programs, 687
role-based access control (RBAC), 367
role separation, network access policies, 629
rollback
change management and, 631
patches, 633
rollover (Yost) cable, connecting to routers, 247
root guard, STP switch settings, 86–87
root hints file, 429
root, of DNS tree, 312
rootkit, types of malware, 668
route
route print command, 224
software troubleshooting tools, 732
route
establishing, 256
redistribution, 246–247
troubleshooting routers, 258
route aggregation, Border Gateway Protocol, 244
router-on-a-stick, interVLAN routing, 404
router solicitation/advertisement, IPv6, 437
routers
adding interfaces to, 228
aggregation in IPv6, 433–435
broadcasts for name resolution, 319
configuring, 255–257
data planes and control planes, 568
how they work, 217–219
interconnecting LANs using, 179–181
in logical addressing, 22–23
managed devices, 248
monitoring, 709–710
multicast to, 428
Network Management Software for, 252–254
no-default routers, 431–433
QoS configuration on, 411
TACACS+ and, 373
troubleshooting, 257–259
virtual routers, 568
WAN problems, 752
Web interface in, 251–252
routing
adding interfaces to routers, 228
BGP (Border Gateway Protocol), 242–244
comparing dynamic routing protocols, 246
configuring routers, 255–257
connecting to routers, 247–251, 254
distance vector protocols, 237–241
DNAT (dynamic NAT), 233–234
dynamic routing, 234–235
EIGRP (Enhanced Interior Gateway Routing Protocol), 246
how routers work, 217–219
interconnecting LANs using routers, 179–181
interVLAN routing, 404–406
IS-IS (Intermediate State to Intermediate State), 245–246
link state protocols, 244
logical addressing and, 22–23
metrics, 235–237
NAT (Network Address Translation), 228–229
NMS (Network Management Software), 252–254
OSPF (Open Shortest Path First), 244–245
overview of, 217
PAT (Port Address Translation), 230–231
port forwarding, 231–233
review Q&A, 259–261
RIPv1 and RIPv2, 241–242
route redistribution, 246–247
routing tables, 219–227
troubleshooting routers, 257–259
Web interface in routers, 251–252
Routing and Remote Access Service (RRAS), 392–393, 482–484
Routing Information Protocol. See RIP (Routing Information Protocol)
routing tables
Border Gateway Protocol, 243
checking for router problems, 257
distance vector protocol and, 239
managing packets, 219–221
in router, 180
simple example, 221–223
Windows example, 223–227
RPO (recovery point objective), 644
RRAS (Routing and Remote Access Service), 392–393, 482–484
RS-232 serial cable, 63
RSA (Rivest, Shamir, and Adleman) algorithm, 357, 376–377
RSTP (Rapid Spanning Tree Protocol), 87
RTO (recovery time objective), 644
RTP (Real-time Transport Protocol)
UC protocols, 614–615
VoIP standards, 490–491
VoIP systems using, 612
RTS/CTS (Ready to Send/Clear to Send), collision avoidance methods, 507
RTS (real-time services), UC features, 612–613
RTSP (Real-Time Streaming Protocol), for streaming media, 491
RTUs (remote terminal units), SCADA, 621–622
rules, firewall (block/allow), 689
runs, of cable, 113
S
SaaS (Software as a Service), 573–575
safety, risk management, 648–649
SANs (storage area networks), 565–566
SAT (source address table), MAC addresses, 82
SATA, writing blocks to disk, 565
satellites, remote connectivity and, 479–480
SC connectors
in 1000BaseSX and 1000BaseLX, 97
for fiber optic cable, 61–62
issues with, 98
SCADA (supervisory control and data acquisition)
network segmentation and, 622–623
overview of, 621
RTUs (remote terminal units), 621–622
scalability
factors in choosing location of telecommunications room, 132
virtualization, 563–564
scanners
peripherals in network design, 605–606
port scanners, 638–639, 734–735
vulnerability scanners, 638, 640
SCP (Secure Copy Protocol), 383
screensavers, password protected, 670
SCSI (Small Computer System Interface), 565
SDH (Synchronous Digital Hierarchy), 461–462
SDN (software defined networking), 568–569
SDSL (symmetric DSL). See also DSL (digital subscriber line), 475
secondary (slave) DNS server, 315
secondary zones, forward lookup zones, 330–331
Secure Copy Protocol (SCP), 383
Secure Hash Algorithm (SHA), 358–360
Secure Shell. See SSH (Secure Shell)
Secure Sockets Layer/Transport Layer Security. See SSL/TLS (Secure Sockets Layer/Transport Layer Security)
securing TCP/IP. See also application security, TCP/IP
AAA, 370–372
application security, 381
asymmetric-key encryption, 355–357
authentication, 365–366
authorization, 366–367
combining authentication and encryption, 379
encryption, 350–351
encryption standards, 375–376
encryption using OSI model, 357
HTTPS, 382–383
integrity of data, 357–360
IPSec (Internet Protocol Security), 380–381
Kerberos, 373–375
LDAP, 385
nonrepudiation, 361–365
NTP, 385
overview of, 349–350
PPP, 368–370
RADIUS, 372–373
review Q&A, 385–387
SCP, 383
SFTP, 383
SNMP, 384
SSH, 376–378
SSL/TLS, 379–380
standards, 367–368
substitution ciphers, 351–352
symmetric-key encryption, 353–355
TACACS+, 373
tunneling, 378–379
user authentication standards, 368
XOR encryption, 352–353
security
categories to consider in building network, 601
network protection. See network protection
network security. See network security
TCP/IP applications. See application security, TCP/IP
wireless network security. See wireless network security
security alerts, Windows OSs, 687
security event management (SEM), 716
security guards, preventing tailgaiting, 676
security identifiers (SIDs), Kerberos, 374–375
security information and event management (SIEM), 716–717
security information management (SIM), 716
security policies
AUP (acceptable use policy), 628–629
incident response policy, 642
network access policies, 629
overview of, 628
policies imposed by government laws and regulations, 629–630
training end users, 634
WAN problems, 754
security preparedness, 638–641
security type mismatch, 540–541
segmentation
DMZs using network segmentation, 693
of packets, 27–28
SCADA, 622–623
VLANs for network segmentation, 606
segments
connecting Ethernet segments, 84
Ethernet frames, 71
SEM (security event management), 716
send/receive (movement), frames, 16–19
sensors, distributed control system, 618
serial cable, 63
server-based anti-malware, 689
server clusters. See also clustering, 408
Server Message Block. See SMB (Server Message Block)
server rail racks, 118
servers
authentication using CRAM-MD5, 360
DHCP. See DHCP servers
DNS. See DNS servers
e-mail, 293–294
FTP, 296–297
LAN problems, 749
network design, 604
proxy servers, 415–417
SSH, 287–289
telnetd, 288
temper detection features, 675
time servers, 751
UC servers, 613
Web servers. See Web servers
Windows Server. See Windows Server
service layers, cloud, 570
service level agreements (SLAs), 637
Service Profile ID (SPID), ISDN, 475
Service Set Identifier. See SSID (Service Set Identifier)
services
disabling unneeded, 671–672, 685
Web services, 292
session hijacking, 664
Session Initiation Protocol. See SIP (Session Initiation Protocol)
Session layer (Layer 5), OSI model, 28–31
session software, 29
sessions
OSI model, 28–31
SFF (small form factor) connectors, Gigabit Ethernet, 98
SFP+ (enhanced small form factor pluggable), 10GbE connections, 103
SFP (small form-factor pluggable)
BiDi (Bidirectional) transceivers using, 104
media converters, 100
troubleshooting fiber-optic cable, 146
SFTP (SSH File Transfer Protocol), 383
SHA (Secure Hash Algorithm), 358–360
shielded twisted pair. See STP (shielded twisted pair)
short (electric)
testing for, 723
troubleshooting copper cable, 140
Short Message Service (SMS), 703
SIDs (security identifiers), Kerberos, 374–375
SIEM (security information and event management), 716–717
signal loss/degradation
measuring, 144–145
troubleshooting copper cable, 144–145
troubleshooting fiber-optic cable, 146
signal mismatch, troubleshooting fiber-optic cable, 146
signal strength, wireless networking software, 501
signal-to-noise ratio (SNR), 544–545
signal, troubleshooting wireless networks, 541
signature patterns, in network traffic, 413
signatures, virus, 689
SIM (security information management), 716
SIM (subscriber identity module), 581–583
Simple Mail Transfer Protocol. See SMTP (Simple Mail Transfer Protocol)
Simple Network Management Protocol. See SNMP (Simple Network Management Protocol)
Simple Network Time Protocol (SNTP), 266
single-mode fiber (SMF), 61
single sign-on, Kerberos, 375
SIP (Session Initiation Protocol)
UC protocols, 614–615
VoIP standards, 490
VoIP systems using, 612
site survey, wireless networking, 521–524
site-to-site connection, L2TP VPNs, 394
Skype, 490–491
SLAs (service level agreements), 637
slashdotting, 663
Small Computer System Interface (SCSI), 565
small form-factor pluggable. See SFP (small form-factor pluggable)
small form factor (SFF) connectors, Gigabit Ethernet, 98
small office, home office. See SOHO (small office, home office)
smart jacks, DSL, 476
smartphones. See also mobile devices
802.11-capability, 583–585
Bluetooth and, 586
installing wireless client, 524–525
LTE support, 583
SMB (Server Message Block)
DNS names in folder and printer sharing, 332
for file sharing, 305
overview of, 332–334
SMF (single-mode fiber), 61
SMS (Short Message Service), 703
SMTP (Simple Mail Transfer Protocol)
alternatives to, 291–293
e-mail clients, 295
Microsoft Exchange Server, 294
overview of, 291
reviewing Internet applications, 300
snapshots
disaster recovery and, 642
VMs (virtual machines), 559
SNAT (Static NAT), 231–232
sniffers. See packet sniffers
SNMP manager, 700–702
SNMP (Simple Network Management Protocol)
protocol underlying network monitoring tools, 699–703
securing TCP/IP applications, 384
snmpwalk utility, 703
SNR (signal-to-noise ratio), 544–545
SNTP (Simple Network Time Protocol), 266
SOA (Start of Authority) record, DNS, 327
social engineering
threats, 668–670
training end users in recognizing, 634
socket pairs, TCP/IP, 272
sockets (endpoints)
open ports (listening ports), 275
PPTP, 392
TCP/IP, 271–272
VPN, 390–391
software
firewalls, 690
OSI layers (3-7), 20–22
wireless networking, 501
Software as a Service (SaaS), 573–575
software defined networking (SDN), 568–569
software troubleshooting tools
arp utility, 729–730
ipconfig/ifconfig, 728–729
looking glass sites, 735
My Traceroute (mtr), 732
netstat utility, 733
nslookup, 731
overview of, 727
packet sniffers/protocol analyzers, 733–734
ping/pathping, and arping, 730–731
port scanners, 734–735
route utility, 732
throughput testers, 735–736
tracert/traceroute, 727–728
SOHO (small office, home office)
DHCP servers with SOHO router, 202, 206
DNS servers not needed in small networks, 336
download speed requirements, 476
enabling delegation on SOHO router, 432
external network connections, 610–611
firewalls, 690–691
increasing signal/power levels, 541
PPPoE routers, 478
setting up network addressing scheme, 610
video surveillance, 678
WAPs and wireless routers, 518
SONET (Synchronous Optical Network)
fiber-based 10 GbE, 100–101
fiber-optic carrier in U.S., 461–462
long distance connections and, 449
source address table (SAT), MAC addresses, 82
source field, in Ethernet frame, 71–72
SOW (statement of work), 637
Spanning Tree Protocol (STP), 85–87, 755
spectrum analyzers, 544–545
speed-test sites, 735–736
SPID (Service Profile ID), ISDN, 475
split cable problem, cable connection issues, 487
spoofing attacks
MAC addresses and, 512
threats, 656–657
spyware, 668
Squid proxy server, 417
SRV records, DNS, 329–330
SSH (Secure Shell)
alternative VPNs, 396
in-band management and, 491
configuring clients, 290
connecting to routers, 254
death of Telnet, 290
encryption standards, 376–378
overview of, 286–287
reviewing Internet applications, 300
servers and clients, 287–289
tunneling and, 378–379
using secure protocols, 674
VNC and, 489
SSID broadcasts, 504
SSID (Service Set Identifier)
accessing guest networks, 684
configuring WAPs, 531–533
configuring wireless client, 538
device saturation, 543
frequency mismatch, 540
hardening IoT devices, 594
identifying wireless networks, 504–505
open network issues, 545
rogue access points, 546–547
security type mismatch, 540–541
setting up ad hoc network, 525–526
VLAN pooling and, 520
war driving and war chalking, 547
wrong SSID, 546
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
combining authentication and encryption, 379–381
HTTPS and, 283–285
SSL VPNs, 395
WAN problems, 754
working at Session layer, 32
ST connectors
for fiber optic cable, 61–62
issues with, 98
standard business documents, 636–638
standard operating procedures, 603
standards, 57–58
cable pulling, 133
cabling, 64–65
encryption, 354–355
Ethernet (802.3), 70
Ethernet cable (568A and 568B), 76–77
hash algorithms, 359
IPv4 to IPv6 tunneling standards, 441–443
modem (V standards), 472–473
remote terminal, 488–489
RSTP (802.1w), 87
STP, 55
structured cabling, 110–112
switches (802.1Q), 400
TEMPEST standards, 674
VoIP, 490–491
Wi-Fi/mobile networking (802.11), 498–499, 507–510, 583–586
wireless networking, 498–499
standards (802.11), 507–510
standards, TCP/IP security
AAA (Authentication, Authorization, and Accounting), 370–372
combining authentication and encryption, 379
encryption standards, 375–376
IPSec (Internet Protocol Security), 380–381
Kerberos, 373–375
overview of, 367–368
PPP (Point-to-Point Protocol), 368–370
RADIUS (Remote Authentication Dial-In User Service), 372–373
SSH (Secure Shell), 376–378
SSL/TLS (Secure Sockets Layer/Transport Layer Security), 379–380
TACACS+ (Terminal Access Controller Access Control System Plus), 373
tunneling, 378–379
user authentication standards, 368
star-bus topology, 49, 111–112
star-ring topology, 49
Start of Authority (SOA) record, DNS, 327
stateful DHCPv6 servers, 437
stateful inspection, firewall techniques, 690
stateless DHCPv6 servers, 437
stateless inspection, firewall techniques, 691
statement of work (SOW), 637
static IP addressing, 198–201
Static NAT (SNAT), 231–232
static routes, 234–235
static VLANs, 401
steady state routers, 240
storage area networks (SANs), 565–566
STP (shielded twisted pair)
1000BaseT and, 97
overview of, 55–56
standards, 55
STP (Spanning Tree Protocol), 85–87, 755
straight-through cable
connecting switches with, 84–85
hands-on problems, 746
stream ciphers, in symmetric-key encryption, 354
streaming media, 491
structured cabling. See also cabling
beyond star topology, 125
components of, 113
connecting patch panels, 138–140
connecting work areas, 135–136
connections inside demarc, 127–129
creating floor plan, 129
defined, 110
demarc (demarcation point), 125–127
equipment racks, 116–118
horizontal cabling, 114–116
installing, 129
for internal network connections, 607–608
making cable connections, 135
making patch cables, 136–138
mapping cable runs, 129–130
measuring signal loss, 144–145
overview of, 110–111
patch cables, 122–123
patch panels, 118–122
pulling cable, 132–135
selecting location for telecommunications room, 131–132
telecommunications room, 113–114
testing cable runs, 140
troubleshooting copper-related issues, 140–144
troubleshooting fiber-related issues, 145–148
work area, 123–125
STS (Synchronous Transport Signal), 462
subnet masks
classless and classful, 188
diagnosing TCP/IP networks, 345
LAN problems, 749
overview of, 181–186
routing table example, 221–223
subnets/subnetting
calculating subnets, 191–195
creating subnets, 190–191
determining number of hosts in network, 189–190
logical addressing, 21
overview of, 188–189
subscriber identity module (SIM), 581–583
supervisory control and data acquisition. See SCADA (supervisory control and data acquisition)
switch port protection
device hardening, 685
in network hardening, 661
switchboard, in telephone systems, 450
switches
bridging loops for, 85–86
configuring VLAN-capable switches, 400–402
connecting using uplink ports, 84–85
connectivity components in star-bus topology, 111–112
content switches, 409–410
crossover cables, 85
data planes and control planes, 568
distributed switches, 567–568
Ethernet, 82–84
flood guards, 685
interVLAN routing, 405–406
Link layer (Network Interface layer), 34
MLS (multilayer switches), 219
monitoring, 709–710
overview of, 15
port mirroring in managed switches, 415
shopping for, 106
standard for Ethernet switches (802.1Q), 400
TACACS+, 373
telephone circuit switches, 450
troubleshooting Ethernet issues, 87
trunking, 399–400
virtual switches, 566–568
wireless controllers, 520
switching loops, WAN problems, 755
symmetric DSL (SDSL). See also DSL (digital subscriber line), 475
symmetric-key encryption
block ciphers, 353–354
defined, 353
examples of, 354–355
stream ciphers, 354
symptoms, gathering information in troubleshooting, 738
SYN
TCP segments, 167–168
TCP three-way handshake, 265
SYN-ACK
TCP segments, 167–168
TCP three-way handshake, 265
Synchronous Digital Hierarchy (SDH), 461–462
Synchronous Optical Network. See SONET (Synchronous Optical Network)
Synchronous Transport Signal (STS), 462
syslog (macOS and Linux), 711
system
compromised system, 664
symptoms of compromise, 688
system duplication, benefits of virtualization, 560
system life cycle policies, 673
system recovery, 559
T
T carriers (T1/T3)
dedicated private connections, 485
demarc (demarcation point), 467
DS1 (digital signal 1), 458–459
fractional T1 access, 460
history of remote connections, 448–449
packet switching protocols, 462–463
T3 carriers, 460
termination, 457
trunk lines, 474
TA (terminal adapter), ISDN, 474–475
tablet computers, 524–525
TACACS+ (Terminal Access Controller Access Control System Plus)
authentication standards, 373
router/switch configuration for, 418–419
tagging
double-tagging attacks, 403
VLANs, 402–403
tailgaiting, 676
tamper detection features, servers, 675
Tap to Pay services, NFC and, 589
TCN (topology change notification), Spanning Tree Protocol, 86
TCP/IP (Transmission Control Protocol/Internet Protocol). See also applications, TCP/IP
Application layer, 39, 169–170
applying IP addresses, 176–178
calculating subnets, 191–195
class IDs, 186–187
comparing with OSI model, 40
configuring DHCP, 203–204
connection-oriented vs. connectionless communication, 36–37
converting dotted decimal to binary, 195–196
creating subnets, 190–191
data structures corresponding to layers of, 41
determining number of hosts in network, 189–190
DHCP relays, 205–206
DHCP reservations, 206
diagnosing TCP/IP networks, 343–346
dynamic IP addressing, 201–202
encapsulation/de-encapsulation, 40
how DHCP works, 202–203
interconnecting LANs using routers, 179–181
Internet layer, 35
Internet layer protocols, 166–167
IP address assignments, 197
IP addresses, 172–176
IP and Ethernet and, 170–172
Link layer (Network Interface layer), 34–35
MAC addresses and IP addresses, 23
MAC reservations, 206–208
network IDs, 178–179
packets in frames, 24–27
protocol suite, 22, 164–166, 264
routing and, 217
securing. See securing TCP/IP
sessions, 38
special IP addresses, 212–213
static IP addressing, 198–201
subnet masks, 181–186
subnetting, 188–189
TCP segments, 37–38
troubleshooting DHCP, 208–212
troubleshooting networks and, 41
UDP datagrams, 38
TCP three-way handshake, 167–168, 265
TCP (Transmission Control Protocol)
connection-oriented, 37
HTTP running on TCP port 80, 281
HTTPS running on port 443, 285
Internet applications port numbers, 300
overview of, 265
in TCP/IP suite, 22
Transport layer protocols, 167–168
tcpdump, LAN problems, 734
TCPView utility, viewing connection status, 274–275
TDM (time division multiplexing), 458
TDMA (time-division multiple access), 581
TDR (time domain reflectometer)
hardware troubleshooting tools, 722–724
testing cabling, 155–156
troubleshooting copper cable, 142
Telecommunications Industry Association/Electronics Industries Alliance (TIA/EIA). See TIA/EIA (Telecommunications Industry Association/Electronics Industries Alliance)
Telecommunications Industry Association (TIA), 57
telecommunications room
equipment racks, 116–118
overview of, 113–114
patch panels and cable, 118–123
selecting location for, 131–132
in star-bus topology, 116
troubleshooting, 156–158
telephony
analog. See analog telephony
digital. See digital telephony
Telnet
configuring clients, 290
connecting to routers, 254
overview of, 285–286
remote terminal and, 488
reviewing Internet applications, 300
servers and clients, 287–289
telnetd server, Linux/UNIX OSs, 288
temperature monitor, hardware troubleshooting tools, 725
TEMPEST standards, protecting against RF emanation, 674
Temporal Key Integrity Protocol (TKIP), 517
Teredo, NAT traversal, 442
Terminal Access Controller Access Control System Plus (TACACS+)
authentication standards, 373
router/switch configuration for, 418–419
terminal adapter (TA), ISDN, 474–475
terminal emulation
PuTTY utility, 254
remote terminals, 488–489
SSH, 287
termination
hands-on problems, 746
of T1 lines, 457–458
terminators, of bus topology, 46
TFTP (Trivial File Transfer Protocol)
compared with FTP, 299
overview of, 267
reviewing Internet applications, 300
TGT (Ticket-Granting Ticket), Kerberos, 374
theory of probable cause in troubleshooting, 739–741
thick clients, WAPs, 520
thin clients, WAPs, 520
third-party tools, managing routers, 253
threats
administrative access attacks, 666
ARP cache poisoning, 658–661
brute force attacks, 664
deauthentication (deauth) attacks, 663
DoS (denial of service) attacks, 661–663
local attacks (physical), 664–666
malware, 667–668
man-in-the-middle attacks, 663–664
overview of, 655–656
packet/protocol abuse, 657–658
session hijacking, 664
social engineering, 668–670
spoofing attacks, 656–657
VLAN hopping attacks, 666
zero-day attacks, 658
throughput
interface monitors, 708
software troubleshooting tools, 735–736
TIA/EIA (Telecommunications Industry Association/Electronics Industries Alliance)
cable certifier specifications, 145
cable pulling standards, 133
crossover cables, 85
Ethernet cable standards (568A and 568B), 76–77
structured cabling standards, 110–112
TIA (Telecommunications Industry Association), 57
TIC (Tunnel Information and Control) protocol, 443
Ticket-Granting Ticket (TGT), Kerberos, 374
time-division multiple access (TDMA), 581
time division multiplexing (TDM), 458
time domain reflectometer. See TDR (time domain reflectometer)
time servers, LAN problems, 751
TKIP (Temporal Key Integrity Protocol), 517
TLD (top-level domain) servers, 309
TLS (Transport Layer Security). See SSL/TLS (Secure Sockets Layer/Transport Layer Security)
Token Ring, 49
tone probes/tone generators, 158–160, 726
top-level domain (TLD) servers, 309
top listeners, performance monitoring, 716
top talkers
performance monitoring, 716
symptoms of compromised system, 688
topologies. See network topologies
topology change notification (TCN), Spanning Tree Protocol, 86
trace cables, 158
traceroute/tracert
checking router issues, 752
diagnosing TCP/IP networks, 346
software troubleshooting tools, 727–728
troubleshooting routers, 258
traffic. See also packets
firewall rules (block/allow), 689
protocol (packet) analyzers, 704–705
traffic floods, 685
traffic shaping, 410–411
traffic spike, 663
trailer, frame structure, 14
training end users, 634
transceiver mismatch, 146
transceivers, hot-swappable, 746
Transmission Control Protocol. See TCP (Transmission Control Protocol)
Transmission Control Protocol/Internet Protocol. See TCP/IP (Transmission Control Protocol/Internet Protocol)
transmit beamforming, 509
Transport layer (Layer 4), OSI model, 27–28
Transport Layer Security. See SSL/TLS (Secure Sockets Layer/Transport Layer Security)
Transport layer, TCP/IP
data structure in, 41
overview of, 36
protocols, 167–169
Transport mode, IPSec, 381
Trap PDU, SNMP manager, 702–703
Trivial File Transfer Protocol. See TFTP (Trivial File Transfer Protocol)
Trojan horse, 668
troubleshooting process
documenting findings, 743–744
establish plan of action, 741
establish theory of probable cause, 739–741
identify the problem, 738–739
implement solution or escalate, 742
overview of, 736–737
test theory of probable cause, 741
verifying functionality of system and implement preventative measures, 742–743
trunk lines, 474
trunk port, 400
trunking, VLANs, 399–400
trusted/untrusted users, 664–665
TSP (Tunnel Setup Protocol), 443
tunnel brokers, moving to IPv6, 443
Tunnel Information and Control (TIC) protocol, 443
Tunnel mode, IPSec, 381
Tunnel Setup Protocol (TSP), 443
tunneling
4to6 tunneling, 441
6in4 tunneling, 442
encryption standards, 378–379
SSL/TLS (Secure Sockets Layer/Transport Layer Security), 380
VPNs and, 390–391
twisted pair cable. See also STP (shielded twisted pair); UTP (unshielded twisted pair)
Gigabit Ethernet over, 70
overview of, 55
two-factor authentication, 366
two-post equipment racks, 118
two-way satellite service, 480
TXT records, DNS, 330
Type-1 hypervisors, 561
Type-2 hypervisors, 561
Type field, of frame, 14, 71–72
U
U (unit), height measurement for equipment racks, 118
UART (Universal Asynchronous Receiver/Transmitter), 470
UC (unified communication)
network components, 613–614
overview of, 612–613
protocols, 614–615
VoIP and, 611–612
UDP (User Datagram Protocol)
connectionless communication, 37
data structures corresponding to TCP/IP layers, 41
DHCP and, 203
Internet applications port numbers, 300
overview of, 265–266
Transport layer protocols, 168–169
Ultra Physical Contact (UPC) connectors, 99
unauthorized access, controlling user accounts, 679
unencrypted channels, as vulnerability, 673–674
unicast addressing
frame movement and, 18
global unicast addresses, 430–431
IPv6 link-local addresses, 428
unicast, multicast compared with, 614
unidirectional antennas, 530
unified communication. See UC (unified communication)
Unified Threat Management (UTM), 691
uniform resource locator (URL), 283
uninterruptible power supplies. See UPSs (uninterruptible power supplies)
unit (U), height measurement for equipment racks, 118
Universal Asynchronous Receiver/Transmitter (UART), 470
UNIX. See Linux/UNIX OSs
unshielded twisted. See UTP (unshielded twisted pair)
UPC (Ultra Physical Contact) connectors, 99
updates
anti-malware programs, 688
change management, 632–634
device hardening, 685
uplink ports, connecting two switches with, 84–85
UPSs (uninterruptible power supplies)
backing up equipment racks, 156
equipment racks and, 117–118
monitoring power, 157–158
network design, 605
rack-mounted equipment and, 650
URL (uniform resource locator), 283
USB
connecting to routers via USB port, 254
installing wireless client, 525
NICs with, 150–151
wireless networking hardware, 499–500
user account control, 666
user authentication. See also authentication, 368
User Datagram Protocol. See UDP (User Datagram Protocol)
user names, dangers of cleartext credentials, 674
users/user accounts
asking questions of in troubleshooting, 738
dangers of default accounts, 681
malicious, 665–666
managing, 679–681
spoofing attacks, 656
trusted and untrusted, 664–665
utilization, interface monitors, 708
utilization limits, security policies, 754
UTM (Unified Threat Management), 691
UTP (unshielded twisted pair)
1000BaseT and, 97
connectivity components in star-bus topology, 111–112
connectors, 59
horizontal cabling, 114
limitations of, 94
making patch cables, 136–138
OSI hardware, 6–7
overview of, 56
RJ-45 connectors, 148
solid core vs. stranded, 115
standards, 57–58
V
V standards, for modems, 472–473
vampire taps, on coaxial cable, 52
variable-length subnet masking (VLSM), 241
vendors, 603
vertical cross-connect, patch panels, 128
video conferencing, UC features, 612
video surveillance, for security monitoring, 678
video teleconferencing (VTC)
medianets and, 615–617
UC features, 613
virtual IP, 635
virtual LANs. See VLANs (virtual LANs)
virtual machines. See VMs (virtual machines)
Virtual Network Computing (VNC), 489
virtual networking, 566
virtual private networks. See VPNs (virtual private networks)
virtual reality, 552–553
Virtual Router Redundancy Protocol (VRRP), 636
virtual routers and firewalls, 568
virtual switches, 566–568
VirtualBox (Oracle)
configuring virtual hardware, 554
desktop virtualization, 555–558
guest environment for virtualization, 551–552
virtualization in modern networks, 561
virtualization. See also cloud
administering hypervisor, 563
benefits of, 559–560
choosing hypervisor, 561–562
compared with emulation, 555–556
data storage and, 564–565
desktop virtualization, 555–558
hypervisors, 554–555
in modern networks, 561
NAS (network attached storage), 566
overview of, 551–554
review Q&A, 576–578
SANs (storage area networks), 565–566
scaling, 563–564
SDN (software defined networking), 568–569
virtual networking, 566
virtual routers and firewalls, 568
virtual switches, 566–568
virus shields, 688
viruses
antivirus programs, 688–689
signatures, 689
types of malware, 667
VLAN hopping attacks, 666
VLAN Trunking Protocol (VTP), 404
VLANs (virtual LANs)
assignment, 401
configuring VLAN-capable switches, 400–402
DHCP and, 406
interVLAN routing, 404–406
LAN problems, 749–750
for network segmentation, 606
overview of, 398–399
for segmented network, 609–610
tagging, 402–403
troubleshooting, 407
trunking, 399–400
VLAN pooling in enterprise wireless, 520
VTP (VLAN Trunking Protocol), 404
VLSM (variable-length subnet masking), 241
VMs (virtual machines). See also hypervisors
benefits of virtualization, 559
creating, 557
guest environment for virtualization, 551
scaling, 563–564
virtual switches and, 566–567
VirtualBox (Oracle), 551–552
VMware
System Setup, 555
virtualization in modern networks, 561
vSphere Client, 563
VNC (Virtual Network Computing), 489
VoIP (Voice over IP)
example of connectionless-orientation, 37
overview of, 489
standards, 490–491
UC (unified communication), 611–612
voltage event recorders, 157–158
voltage quality recorder, 725
VPN concentrators, 394
VPN tunnels, 391
VPNs (virtual private networks)
alternatives, 396
DMVPN, 395–396
DTLS VPNs, 395
L2TP VPNs, 394–395
overview of, 390–392
PPTP VPNs, 392–394
Proxy ARP, 755–756
SSL VPNs, 395
VPN connections for remote access, 484
VRRP (Virtual Router Redundancy Protocol), 636
vSphere Client (VMware), 563
VTC (video teleconferencing)
medianets and, 615–617
UC features, 613
VTP pruning, 404
VTP (VLAN Trunking Protocol), 404
vulnerabilities
attack surface, 658
BlueBorne list of security vulnerabilities on mobile devices, 588
cleartext credentials, 674
disabling unneeded services, 671–672
in HTTP, 283
overview of, 671
RE emanation, 674
scanning/managing, 638
unencrypted channels, 673–674
unpatched and legacy systems, 673
vulnerability patches, 633
W
WANs (wide area networks)
alternatives to WAN telephony, 468
cellular WAN. See cellular WAN
configuring routers, 255–256
distance vector protocols, 237
interconnected LANs in, 178
interconnecting LANs using routers, 179–181
IP addresses in, 176
NAT setup, 229
problems, 751–754
remote access, 481
remote connectivity and, 447
routing table example, 221–223
telephony connections, 467–468
WAPs (wireless access points)
adding to Wi-Fi network, 539
administering enterprise wireless, 519–520
BSS and ESS, 503
channels, 505–506
configuring, 531
configuring channel and frequency of access point, 534, 536–537
configuring encryption, 533, 535–536
configuring MAC address filtering, 533–534
configuring SSID and beacon, 531–533
MAC address filtering support, 511–512
no connection issues, 540–542
physical issues, 543–545
placing, 527–531
robust devices in enterprise wireless, 518–519
rogue access points, 546–547
setting up infrastructure network, 526
setup utilities, 501
weird connection issues, 545–546
wireless networking hardware, 500
wireless security, 512–513
WPS (Wi-Fi Protected Setup), 510
war chalking, 547
war driving, 547
warm sites, business continuity plans, 644–645
wavelength mismatch, troubleshooting fiber-optic cable, 146
WDM (wavelength division multiplexing)
characteristics of fiber transceivers, 104
fiber-optic carriers and, 462
PON (passive optical network), 480
Web applications
developing, 571–573
Web sites as, 570–571
Web browsers
accessing Web, 279
configuring access points, 531
FTP in, 298
popular types, 283
requesting HTML pages, 280–281
securing, 585
working at Application layer, 32
Web clients
ephemeral port numbers, 271
overview of, 282–283
securing with HTTPS, 283–285
Web filtering, 693
Web hosting, by ISPs, 282
Web interface, in routers, 251–252
Web pages
delivered or served by Web server, 282–283
HTTPS securing, 285
publishing Web sites, 281–282
Web browsers requesting HTML pages, 280–281
Web servers
Apache HTTP Server, 283
DNS and, 318–319
Google Web Server, 283
HTTP and, 281
overview of, 282–283
publishing Web sites, 281–282
securing with HTTPS, 283–285
unable to access remote, 744–745
Web services, e-mail as, 292
Web sites
Apache HTTP Server and, 283
DNS and, 318–319
publishing, 281–282
securing with HTTPS, 283–285
as Web applications, 570–571
Webmin, administering Apache, 283–284
well-known ports, TCP/IP, 269, 334
WEP attacks, 516–517
WEP (Wired Equivalent Privacy)
for data encryption, 516–518
weakness of, 533
whitelists, MAC address filtering, 511
Wi-Fi. See wireless networking
Wi-Fi analyzer, conducting site survey, 521
Wi-Fi Protected Access. See WPA (Wi-Fi Protected Access)/WPA2
wide area networks. See WANs (wide area networks)
Window domains, 332
Windows Defender, 690
Windows OSs
Active Directory database management, 385
Active Directory groups, 332, 334
Active Directory-integrated zones, 335
administrative access attacks, 666
compatibility issues, 606
configuring DNS, 320–322
DDNS (dynamic DNS), 338–339
determining MAC addresses, 172
displaying MAC and IP addresses, 174–178
e-mail servers, 293–294
firewalls, 690
forward and reverse lookup zones, 331
FTP servers, 296–297
hashing exercise using SHA-512, 360
host file, 306–307
installing NIC drivers, 151
Kerberos and, 373–374
NetBT (NetBIOS over TCP/IP), 305
netstat utility for viewing endpoints, 272–274
performance monitors, 711
remote terminal standard, 488–489
security alerts, 687
setting up VPN connection in Windows 10, 392–393
SMB, 331–334
static IP addressing, 199
TCPView utility, 274–275
telnet server, 288
troubleshooting no DHCP server message, 210–211
troubleshooting routers, 258–259
Windows Performance Monitor (PerfMon)
baselines, 711
counters, 711
overview of, 711
Windows Server
forward and reverse lookup zones, 331
IAS (Internet Authentication Service) built in, 372–373
remote terminal standard, 488–489
RRAS (Routing and Remote Access Service), 392–393
WinFrame terminal emulation, 488
wire map problem, 723
wired/wireless, categories to consider in building network, 601
wireless access points. See WAPs (wireless access points)
wireless analyzer, 521
wireless bridges, 539
wireless controllers, 520
wireless LANs (WLANs), 503
wireless network security
access control (802.1X), 515–516
authentication, 512–513
EAP (Extensible Authentication Protocol), 514–515
encryption, 516–518
MAC address filtering, 511–512
overview of, 510–511
wireless networking
access control (802.1X), 515–516
ad hoc mode, 501–503
authentication, 512–513
broadcasting frequency and methods, 505
BSSID, SSID, and ESSID, 504–505
channels, 505–506
configuring access points, 531
configuring channel and frequency of access point, 534, 536–537
configuring client, 537–538
configuring encryption, 533, 535–536
configuring MAC address filtering, 533–534
configuring SSID and beacon, 531–533
CSMA/CD, 506–507
dangers of public Wi-Fi, 585
EAP, 514–515
encryption, 516–518
enterprise wireless, 518–521
extending network, 538–539
hardware, 499–501
implementing, 521
infrastructure mode, 503–504
installing client, 524–525
internal network connections, 609
MAC address filtering, 511–512
no connection issues, 540–542
overview of, 497–498
physical issues, 543–545
placing access points/ antennas, 527–531
range, 504
review Q&A, 547–549
security of, 510–511
setting up ad hoc network, 525–526
setting up infrastructure network, 526
site survey, 521–524
slow connection issues, 542–545
software, 501
standards (802.11), 498–499, 507–510
troubleshooting, 539–540
verifying installation, 539
weird connection issues, 545–547
WPS (Wi-Fi Protected Setup), 510
wireless profiles, security issues on smartphones, 585
wiremap, troubleshooting copper cable, 141–142
Wireshark
packet sniffers/protocol analyzers, 733–734
performance monitoring, 716
protocol analyzing with, 705–707
WLANs (wireless LANs), 503
word patterns, cracking Caesar ciphers, 351
work areas
connecting, 135–136
network installation and, 123–125
structured cabling components, 114
workgroups, Windows groups, 332–333
workstations
accessing VLANs, 402–403
network design, 604
World Wide Web
HTML and, 279–281
HTTP and, 281
HTTPS and, 283–285
publishing Web sites, 281–282
Web servers and Web clients, 282–283
worms, 667
WPA (Wi-Fi Protected Access)/WPA2
configuring encryption for access points, 533
for data encryption, 517
hardening IoT devices, 594
WPA2, 517–518
WPS attacks, 510
WPS (Wi-Fi Protected Setup), 510
X
X.25 packet switching protocol, 463
XenApp, 488
XENPAK transceiver, 103
XenServer (Citrix), 562
Xerox, 69–70
XML (Extensible Markup Language), 280
XOR (eXclusive OR) encryption, 352–353
Y
Yagi antennas, 530
Yahoo! 292
Ylonen, Tatu, 376
Yost (rollover) cable, connecting to routers, 247
Z
Z-wave, for home automation, 591
Zennström, Niklas, 491
zero-day attacks, 658
zeroconf (zero-configuration networking), 209
Zigbee, for home automation, 591
zombies, DDoS attacks, 662
zones
name servers, 314
primary and secondary, 330–331