-
- 100Base-TX
- FLP functions, 37
- hub support, 82
- PoE, 98
- 10Base-T, PoE, 98
- 10GBase-T networks, cabling, 33
- 110 punchdown block, European alternative, 28
- 2.4 GHz (wireless networks), 101
- design considerations, 274
- 5 GHz (wireless networks), 101
- compatibility, 103
- connection issues, 233
- design considerations, 274
- 5G cellular networks
- characteristics, 110
- download speed, 109
- 802.11
- frequency compatibility, 103
- maximum channel width, 102
- number of antenna supported, 103
- security protocols, TKIP and, 257
- wireless networks ad hoc topology, 99
- 802.11a, connection issues, 233
- 802.11ac, standards, 102
- 802.11b, connection speeds, 231
- 802.11b/g, connection issues, 234
- 802.11b/g/n, network design considerations, 102
- 802.11g, connection issues, 234, 235
- 802.11n
- connection issues, 236–237
- network design considerations, 274
- performance issues, 237
- security, 237
- 802.1q tagging, VLANs, 97
- 802.1X
- authenticators, 156
- RADIUS implementation, 156
- security and, 169
- supplicants, 156
- transactions, 156
- A
- AAA (Authentication, Authorization, and Accounting) services
- dial-up network connections, 157
- standards, 156, 157
- Acceptable Use Policy (AUP), 132
- Access Control Lists (ACLs). See ACLs (Access Control Lists)
- access control, security devices, 188
- Access Points (APs). See APs (Access Points)
- account databases
- authenticating users, 158
- authentication services, 284
- account lockouts
- password cracking and, 130
- policies, 129–130, 133
- ACLs (Access Control Lists)
- Active Directory Domain Services (ADDS). See ADDS (Active Directory Domain Services)
- AD (Active Directory), authentication protocols, 261
- adapters
- connection indicators, 213
- Ethernet, OSI model and, 15
- Address Resolution Protocol (ARP). See ARP (Address Resolution Protocol)
- address resolution, protocols, 49
- addressing
- network hosts, IPv4, 40
- OSI and, 10
- ADDS (Active Directory Domain Services), authentication protocols, 152
- administrative user accounts, 172
- administrative websites, accessing, 295
- administrator agreements, 128
- ADSL (Asymmetric Digital Subscriber Line), troubleshooting errors, 251
- algorithms, file hashing, 269
- analog signaling, 20
- analog telecommunications, 28
- analog telephone devices, 84
- Angled Physical Contact (APC). See APC (Angled Physical Contact)
- antimalware, accessing networks and, 154
- APC (Angled Physical Contact) connectors, 28
- APIPA (Automatic Private IP Addressing)
- IPv4 addresses, 41, 44
- IPv6 equivalent, 45
- application layer (OSI)
- executing commands remotely, 215
- NAS protocols, 62
- protocols, 15, 285
- web browsers, 49
- application servers
- connection issues, 249
- troubleshooting, 221
- applications
- design, security and, 165
- protocol stack, OSI and, 11
- APs (Access Points)
- antennas, 101
- communication protocols, 85
- connection issues, 231–232
- coverage issues, 232
- management devices, 85
- performance issues, 235
- power measurements, 237
- rogue, 168
- wireless network topologies and, 257
- archive bits (backups), 141
- ARP (Address Resolution Protocol)
- cache
- creating new entries, 225
- deleting, 219
- poisoning, 166, 173, 272
- table, viewing, 219
- Asymmetric Digital Subscriber Line (ADSL). See ADSL (Asymmetric Digital Subscriber Line)
- attacks
- email, 166
- MAC filtering and, 164
- man-in-the-middle, preventing, 173
- prevention techniques, 186
- software modification, 309
- troubleshooting, 266
- types, 161–162, 163, 166, 167, 281, 299
- VLAN hopping, 298
- war driving, 261
- auditing, authentication, 153
- AUP (Acceptable Use Policy), 132
- authentication
- account databases, 158
- ADDS, 152
- auditing, 153
- biometrics, false positives, 187
- data, IPSec and, 263
- EAP tunneling, 169
- factors, 154, 155
- fingerprint scanners, 184
- key fobs, 187
- local, 158
- multifactor, 152, 291
- open and shared key, 108
- PPP, 184
- protocols
- Active Directory, 261
- remote access, 179
- remote Windows users, 152
- signal strength and, 169, 294
- smart lockers and, 185
- smartcards, 107
- standards, 168
- users and, 153
- Authentication, Authorization, and Accounting (AAA) services. See AAA (Authentication, Authorization, and Accounting) services
- Auto-MDI-X ports, 97
- connecting to MDI ports, 94, 98
- autochangers (backups), 142
- Automatic Private IP Addressing (APIPA). See APIPA (Automatic Private IP Addressing)
- B
- backbone, wiring nexus, terminology, 127
- backups
- archive bits, 141
- autochangers, 142
- data set names, 142
- disaster recovery and, 142
- filtering files for, 139
- firewalls, 143
- Grandfather-Father-Son, 141
- hard drive-based compared to tape based, 287
- incremental, hard drives compared to tape drives, 143
- restoring servers, 138
- types of sites, 140
- version skew, 142
- Windows Server Backup, 141
- bandwidth
- monitoring, 225
- performance considerations, 137
- terminology, 267
- troubleshooting, 117
- WANs, 21, 266
- baselines, creating, 281
- BGP (Border Gateway Protocol), characteristics, 91
- binary masks, converting to decimal, 44
- biometrics, 154
- Bluetooth, attacks, 162
- boot image files, downloading, 54
- Border Gateway Protocol (BGP). See BGP (Border Gateway Protocol)
- bridges, 81
- LANs, 77
- multiport, 78
- OSI model and, 14
- bridging types, Ethernet LANs, 75
- Bring Your Own Device (BYOD), 132
- broadband
- routers, 74
- signaling, 20
- broadcast
- domains, 73, 79, 284
- messages, forwarding, 60
- packets, RIP routes, 90
- brute force attacks, 133, 167
- bus topology, Ethernet cabling, 38
- BYOD (Bring Your Own Device), 132
- C
- cable
- cabling
- 10GBase-T networks, 33
- coaxial, 28
- collision detection and, 95
- connector tools, 204
- connector types, 280, 307
- copper, 27
- creating, twisted pair patch cables, 206
- Ethernet, 292
- troubleshooting performance issues, 211
- Ethernet topologies, 18
- fault type detection, 276
- faults, 209–210
- fluorescent lighting and, 213
- Gigabit Ethernet, 32, 277
- copper, 37
- topology and, 34
- identifying unlabeled, 204, 206
- installation considerations, 32, 39
- installation tools, 206
- internal installation characteristics, 35
- LANs, 13, 34
- design considerations, 38
- installation considerations, 36
- long segment problems, 213
- MDI ports
- connecting to Auto-MDI-X ports, 94
- connecting to MDI-X ports, 98
- multimode fiber-optic networks, connecting, 78
- network design considerations, 37
- patch
- creating, 244
- pinouts, 39
- plenum cable, 205, 267
- PoE and, 98
- router and switch connections, 203
- routing documentation, 126
- split pairs, 210
- standards, 27
- star topology, 29
- telecommunications, 31
- terminology, 266
- testing devices, 203
- testing tools, 205
- thick Ethernet, 28
- thin Ethernet, 28, 30, 263
- tools, 209, 258, 262
- topologies, 17
- tracing for labeling, 211
- troubleshooting, 32–33, 244
- twisted pair, 29
- UTP installations, 31
- vampire taps, 30
- cameras, types, 185
- captive portals, 176, 297
- Carrier-Sense Multiple Access with Collision Detection (CSMA/CD). See CSMA/CD (Carrier-Sense Multiple Access with Collision Detection)
- CAT8 UTP, specifications, 36
- CATV (cable television network), 27
- CCMP-AES encryption protocol, 105, 106
- encryption standards, 107
- security protocols, 107
- cellular communication technologies, 100
- Central Processing Units (CPUs). See CPUs (Central Processing Units)
- change management plans, 131
- change management teams, responsibilities, 125, 286
- channel overlap, 231
- network design considerations, 259
- channels, T-3 leased line, 22
- CIA (Confidentiality-Integrity- Availability), 158
- CIDR (Classless Inter-Domain Routing), 42
- Cisco network diagrams, 124, 126, 127, 272, 286
- Class A networks, IPv4, subnet masks, 41
- Class B networks
- hosts, creating, 43
- subnets, 43
- Class C networks, subnets, 43
- Classless Inter-Domain Routing (CIDR), 42
- cleaning compounds, documentation, 128
- client-server networks, 19
- clocks, synchronizing with servers, 59
- cloud
- architectures, 66, 261
- models, 65, 66, 265, 295
- Outlook.com, 66
- resource controls, 65
- types, 66
- WANs, 25
- clusters, 273
- load balancing, 137
- servers, 140
- CMR (Concurrent Multipath Routing), benefits, 143
- coaxial cabling, 28, 35
- collision domains, 73, 79, 82, 284
- collisions, detection, 95
- command-line tools
- ARP table, viewing, 219
- displaying routing tables, 218
- IP configuration, viewing, 219
- ipconfig
- Internet access failures, 239–241, 260, 302
- network access failures, 239, 308
- operating systems, 222
- static routes, 91
- traceroute, 217
- Windows output, 215–217, 221, 224, 300
- complex passwords, 133
- compression, OSI model and, 15
- Concurrent Multipath Routing (CMR). See CMR (Concurrent Multipath Routing)
- Confidentiality-Integrity- Availability, 158
- connection ports, managed switches, 182
- connectionless delivery service, protocols, 51
- connector types (cabling), 280
- console ports, connections, 203
- content filtering, firewalls, 84
- contracts, 134
- control bits, TCP (Transmission Control Protocol), 16
- control plane policing (CPP), 177
- CoPP, 177
- copper cabling, 27
- corporate password policies, 129
- CPP (control plane policing), 177
- CPUs (Central Processing Units), low-latency connections with storage systems, 62
- CRC (Cyclic Redundancy Check), 121, 299
- credentials, confirming, 157
- crosstalk, cable faults and, 210
- cryptographic algorithms, 269
- CSMA/CD (Carrier-Sense Multiple Access with Collision Detection), 95
- Ethernet networks and, 95
- IEEE standards, 99, 293
- Cyclic Redundancy Check (CRC). See CRC (Cyclic Redundancy Check)
- D
- DAI (Dynamic ARP Inspection), 173
- data loss prevention, 130
- data sets (backups), 142
- databases, SNMP, 121
- datacenters
- alternative sites, 280
- design considerations, 65
- disaster recovery mechanisms, 138
- documentation
- fire suppression systems, 143
- public cloud, 67
- security mechanisms, 290
- topology layers, 64
- traffic, 64, 309
- Datagram Transport Layer Security (DTLS). See DTLS (Datagram Transport Layer Security)
- datagrams, 287
- IP, 59
- IPv4 networks, 48
- protocols, 49
- routing, 10
- DDoS (Distributed Denial-of-Service)
- compared to reflective DoS, 163
- types, 163, 164
- Deep Packet Inspection (DPI), 86
- default credentials, 170
- defense in depth, 161
- demarcation points, 21
- Denial-of-Service (DoS). See DoS (Denial-of-Service)
- Dense Wave Division Multiplexing (DWDM), 19. See also wavelength division multiplexing
- deployment, hardware, 185
- devices
- ACLs, 87, 296
- administrative access, 290
- analog telephone, 84
- AP management, 85
- attack deterrence and, 165
- authorized, identifying, 110
- autochangers, 142
- communication, protocols and, 78
- creating multiple collision domains, 303
- default credentials, 170
- DHCP (Dynamic Host Configuration Protocol), 55
- disaster recovery, 138
- dumb, 80
- endpoint, VPN connections, 181, 182
- equipment racks, height of, 123
- external Internet access, 86
- firewalls, 86
- hardening, 170
- honeypots, 158
- implementing hardware as software, 75
- interface, 23
- Internet access, 84
- IoT, 81, 307
- LANs (local area networks), interface devices, 23
- load balancers, 86
- location documentation, 127
- MAC address filtering, 176
- multifunction, 74
- multiple VLANs, 85
- network layer (OSI) and, 11
- network monitoring, 87
- OSI network layer, 10
- patch types, 175
- physical layer (OSI), 13, 74
- ports, disabling unused, 171
- rack mounted, height of, 126
- similarities, 76
- star topology cabling nexus, 18
- switched networks, 78
- UTM appliances, 87
- VLANs, 74, 78
- connecting, 95
- creating, 285
- identifying, 96
- VoIP, 82
- VPN headends, 84
- WANs, 23
- wireless networks
- security, 104
- transmission speeds, 101
- DHCP (Dynamic Host Configuration Protocol)
- address allocation methods, 57
- default gateway addresses, 58
- devices, 55
- DHCP-DISCOVER messages, 289
- forwarding broadcast messages, 60
- integrating with DNS, 58
- IP address assignment, 58
- IP address scope, 60
- IP datagrams, 59
- message types, 56
- rogue, 309
- snooping, 173, 297
- transmission types, 58
- troubleshooting, 247
- dial-up network connections, standards, 157
- dialogue control, OSI model, 11
- digital signatures, 174
- Digital Subscriber Line (DSL). See DSL (Digital Subscriber Line)
- Direct Sequence Spread Spectrum (DSSS), 100
- directory service information, protocols, 48
- disaster recovery, 138
- disk duplexing, 141
- disk mirroring, 141
- distributed control systems, SCADA, 76
- Distributed Denial-of-Service (DDoS). See DDoS (Distributed Denial-of-Service)
- DNS (Domain Name System)
- accessing, troubleshooting, 299
- hierarchy, 59, 287
- integrating with DHCP, 58
- iterative queries, 55
- name resolution
- namespace, adding IP addresses, 58
- poisoning, 165
- recursive queries, 54
- request messages, generating, 219
- resource record information, 305
- resource records, 57, 264
- reverse name resolution, 55
- TCP/IP parameters, 57
- troubleshooting, 215
- failures, 247
- unreachable condition, 214
- DOCSIS, 24
- documentation. See also policies
- account lockout policies, 129–130
- administrator agreements, 128
- AUP, 132
- chemicals in datacenters, 131, 306
- cleaning compounds, 128
- contract language and, 134
- contracts, 134
- corporate password policies, 129
- device locations, 127
- employee confidentiality, 129
- internal cable runs, 126
- IT asset management, 126
- MDFs and IDFs, 124
- networks, 122
- new hires, 128
- password policies, 129
- personal devices, 129
- personal software, installing, 256
- provider agreements, 303
- remote access terms, 128
- domain controllers, troubleshooting, 249
- Domain Name System (DNS). See DNS (Domain Name System)
- door locks, authentication factors, 155
- DoS (Denial-of-Service), 162
- DPI (Deep Packet Inspection), 86
- DSL (Digital Subscriber Line), 19
- data traffic, 21
- transmission speed, 20, 21
- DSSS (Direct Sequence Spread Spectrum), 100
- DTLS (Datagram Transport Layer Security), security protocols and, 54
- dual power supplies, modes, 287
- dual stacks, 40
- dumb devices, 80
- duplex mismatches (Ethernet), 212
- Duplicate IP Address error, troubleshooting, 250
- DWDM (Dense Wave Division Multiplexing), 19. See also wavelength division multiplexing
- Dynamic ARP Inspection (DAI), 173
- Dynamic Host Configuration Protocol (DHCP). See DHCP (Dynamic Host Configuration Protocol)
- dynamic routing protocols, 90
- E
- EAP (Extended Authentication Protocol), 169
- east-west datacenter traffic, 309
- compared to north-south, 64
- EIGRP (Enhanced Interior Gateway Routing Protocol), 88
- Electrical and Electronics Engineers (IEEE). See IEEE (Electrical and Electronics Engineers)
- electrical interference, twisted pair cables, 244
- electromagnetic interference (EMI). See EMI (electromagnetic interference)
- electrostatic shock, 120
- email clients
- POP3, ports, 262
- SMTP connection, securing, 48
- email servers, network traffic analysis, 51
- email services
- models, 65
- Outlook.com, 66
- types, 288
- embedded chips, 73
- EMI (electromagnetic interference)
- cabling and, 32
- Gigabit Ethernet cabling, 277
- preventing, 289
- troubleshooting, 248, 304
- encapsulated data, protocols, 16
- encoded text files, converting, OSI layers, 16
- encryption
- CCMP-AES, 105
- ciphers, 109
- digital signatures, 174
- IPSec
- protocols, 53
- tools for verifying, 227
- OSI model and, 15
- protocols, wireless networks, 104
- standards, CCMP, 107
- stream ciphers, 107
- tunneling and, 178
- VPN tunneling, 289
- endpoint devices, VPN connections, 181, 182
- Enhanced Interior Gateway Routing Protocol (EIGRP), 88
- enterprise networks
- security, 152
- wiring nexus terminology, 294
- equipment racks
- Ethernet. See also Gigabit Ethernet
- abnormal occurrences, 96
- adapters, OSI model and, 15
- bridging types, 75
- cables, 292
- cabling
- connector types, 280
- topologies, 18
- CAT8 UTP specifications, 36
- connection
- failures, 243
- ipconfig /all command, 239–241
- issues, 238
- connector types, 30
- CRC errors, 121
- CSMA/CD and, 95
- design considerations, 36–37, 307
- duplex mismatches, 212
- frames, 121
- MTUs, 16
- OSI model and, 12
- hubs, connection issues, 243
- IEEE standards, 38
- malfunctions, 269
- multimode fiber-optic, connecting, 78
- port security, 98
- thick Ethernet, 28
- thin, cabling, 263
- topologies, 18
- troubleshooting, poor performance, 211
- upgrading to Gigabit Ethernet, 37
- event monitoring, 159
- Event Viewer (Windows), 115
- exploits, compared to vulnerabilities, 159
- export controls, software, 131
- Extended Authentication Protocol (EAP). See EAP (Extended Authentication Protocol)
- F
- facial recognition, 188
- fail closed
- fail open mechanisms, 185, 186, 290
- failover clusters, topologies, 18
- Fast Link Pulse (FLP). See FLP (Fast Link Pulse)
- fault tolerance, 135, 136
- generators and, 136
- hard disk data storage, 141
- mechanisms, 143
- parity data, 259
- RAID, 137, 140
- redundant Internet connections, 144
- FCoE (Fibre Channel over Ethernet)
- compared to Fibre Channel, 62
- protocols, 63
- FHRP (First Hop Redundancy Protocol), 144
- Fibre Channel over Ethernet (FCoE). See FCoE (Fibre Channel over Ethernet)
- fiber-optic cables, 31, 35
- Fibre Channel network
- compared to FCoE, 62
- compared to iSCSI, 62, 278
- protocols, 63
- topologies, 18
- file hashing, algorithms, 269
- file sharing protocol, Windows, 49
- File Transfer Protocol (FTP). See FTP (File Transfer Protocol)
- fingerprint scanners, 153, 184, 290
- fire suppression systems, 143
- firewalls, 74
- backing up, state compared to configuration, 143
- configuration, 173
- content filtering, 84
- devices and, 86
- FTP and, 83
- installation considerations, 83
- port numbers, 74, 286
- redundant, design considerations, 144
- service-dependent filtering, 75
- stateful packet inspection, 77
- traditional compared to Next-Generation, 83
- virtual, 26
- First Hop Redundancy Protocol (FHRP), 144
- flags, TCP session establishment messages, 16
- flood guards, 174
- flow control
- sliding window, 98
- TCP/IP networks, 14
- FLP (Fast Link Pulse), 100Base-TX, 37
- fluorescent lighting, 213
- FQDNs (fully qualified domain names), 59
- frame relay, 24
- frames
- creating, OSI model and, 12
- Ethernet, 12
- forwarding, 76
- giant, 121
- jumbo, 63, 267
- runt and giant, 121
- FTP (File Transfer Protocol)
- authentication passwords, 53
- firewalls and, 83
- port numbers, 51
- PXE startup, 54
- security considerations, 230
- shortcomings, 53
- full backups, 142
- full-duplex Ethernet, malfunctions, 269
- fully qualified domain names (FQDNs), 59
- G
- geofencing, 169, 175
- giant frames, 121
- Gigabit Ethernet
- cabling, 32, 277
- copper cabling, 37
- installation considerations, 34
- performance problems, troubleshooting, 214
- troubleshooting, 213, 242, 248
- twisted pair cabling, 35
- upgrading from Ethernet, 37
- UTP (Unshielded Twisted Pair), 25
- Grandfather-Father-Son backups, 141
- group membership, accessing network resources, 157
- H
- half-duplex Ethernet, malfunctions, 269
- hardware
- deployment, 185
- disposal, 189
- implementing as software, 75
- leased-line components, 21
- OSI model, 12, 14
- patch types, 175
- replacing to find faulty, 200
- troubleshooting, 200, 269
- virtual environment, 26
- help calls, prioritizing, 201
- high availability systems, 137
- honeynets, 158
- honeypots, 158
- host addresses, IPv4, 44
- host identifier, IPv4, 40
- HTTP (Hypertext Transfer Protocol)
- compared to HTTPS, 52
- ports, 298
- HTTPS (Hypertext Transfer Protocol Secure)
- compared to HTTP, 52
- port numbers, 47
- ports, 298
- hubs, 76
- 100Base-TX support, 82
- characteristics, 82
- compared to switches, 81
- connection indicators, 213
- connection issues, 243
- installing, 80
- troubleshooting, 249
- HVAC systems
- design considerations, 122
- IoT monitoring and, 84
- hybrid network deployments, design considerations, 67
- hybrid topologies, 17
- Hypertext Transfer Protocol (HTTP). See HTTP (Hypertext Transfer Protocol)
- Hypertext Transfer Protocol Secure (HTTPS). See HTTPS (Hypertext Transfer Protocol Secure)
- hypervisors, 26
- I
- IaC (Infrastructure as Code), cloud-based virtual machines, 67
- ICMPv6 Router Solicitation, 46
- IDFs (Intermediate Distribution Frames), 124
- IDSs (Intrusion Detection Systems), 80
- network traffic, analyzing, 78
- traffic monitoring features, 87
- IEEE (Electrical and Electronics Engineers)
- DSSS signal modulation, 100
- Ethernet standards, 38
- maximum aggregate channel width, 104
- standards
- CSMA/CD, 293
- CSMA/CD with MAC, 99
- port-based access control, 110
- implementations, review question answers, 346–371
- in-band management, 180
- incident response
- incremental backups, 142
- hard drives compared to tape drives, 143
- infrastructure, network design considerations, 38
- insider threats, 185, 269
- interface devices, 23
- MAC addresses, 94
- WANs (Wide Area Networks), 23
- interface monitors
- metrics, 118
- packet drops, 118
- interior gateway protocols, 122
- Intermediate Distribution Frames (IDFs). See IDFs (Intermediate Distribution Frames)
- Internet access
- connection failures, ipconfig /all command, 239
- design considerations, 85, 265
- devices, 86
- proxy servers, 86
- routing tables, troubleshooting, 252
- security issues, 165
- speed considerations, 22
- troubleshooting, 199, 226, 238, 246, 256, 271, 273, 279, 291, 303, 309
- VLAN mismatches, 261
- Internet connections, DOCSIS, 24
- Internet of Things (IoT). See IoT (Internet of Things)
- Internet Protocol (IP). See IP (Internet Protocol)
- Internet Protocol Security (IPSec). See IPSec (Internet Protocol Security)
- Internet Service Providers (ISPs). See ISPs (Internet Service Providers)
- intrusion detection, 188
- Intrusion Detection Systems (IDSs). see IDSs (Intrusion Detection Systems)
- Intrusion Prevention Systems (IPSs), 86
- IoT (Internet of Things)
- devices, 81, 307
- examples, 261
- HVAC systems, 84
- security considerations, 177
- technologies, 73
- IP (Internet Protocol)
- addresses
- adding to DNS namespace, 58
- allocation methods, 57
- assignment issues, 238, 250
- configuration, 277
- lease renewal, 55
- scope, 60
- substitution, 276
- troubleshooting, 247
- configuration properties, troubleshooting, 199
- configuration, viewing, 219
- datagrams, 59
- header classification identifier, 89
- high availability, 138
- host addresses, 55
- OSI model and, 15
- rogue DHCP servers, 309
- settings, verifying, 224
- subnet masks, 271
- ipconfig command
- Internet access failures, 239–241
- network access failures, 239
- IPSec (Internet Protocol Security)
- data authentication, 263
- encryption protocols, 53
- encryption, verifying, 227
- signing packets, 54
- IPSs (Intrusion Prevention Systems), 86
- IPv4 networks
- addresses, compared to IPv6, 45
- classes, 41–42
- datagrams, 48
- host addresses, 40, 44
- host identifier, 40, 285
- host system destination address, 91
- Internet access, 39
- multicast addresses, 44
- network device addresses, 45
- port numbers, 48
- RFC 1918, 40
- subnet masks, 41, 45, 294
- subnets, creating, 40, 42
- TCP/IP clients, 45
- transmitting IPv6 networks on, 46
- IPv6 network
- address formatting, 290
- address resolution, 57
- protocols, 94
- IPv6 networks
- addresses, 41
- APIPA equivalent, 45
- link local addresses, 43
- transmitting on IPv4 networks, 46
- iSCSI, 61
- clients, 62
- compared to Fibre Channel, 62, 278
- locating targets, 306
- protocols, 63
- ISO (Organization for Standardization), SWIDs, 123
- ISPs (Internet Service Providers), SLAs, 134
- IT asset disposal policies, 134
- IT asset management documents, 126
- iterative name resolution queries, 55, 279
- J-K
- jam signals, collision detection, 95
- jitter, 119
- jumbo frames, 265
- key fobs, 187
- L
- labels, assigning to packets, 23
- LANs (local area networks)
- bridges, 77
- bridging types, 75
- cabling, 34
- connecting, 17
- connection issues, 199, 245
- design considerations, 36–37, 73, 75, 79
- antennas and, 101
- cabling, 38
- installation considerations, 36
- interface devices, 23
- MAC addresses, 10
- performance considerations, 80
- splitting into multiple domains, 81
- wiring, 17
- layers. See OSI (Open Systems Interconnection)
- leaf and spine datacenter architecture, compared to three-tier, 62, 280
- leased lines
- hardware components, 21
- replacing, 26
- subscriptions, 23
- link pulse LEDs, troubleshooting, 271
- Linux
- administrative user accounts, 172
- commands, output, 225, 226
- displaying processes, 288
- packet analyzers, 225
- performance monitoring tools, 229
- protocol analyzers, 270
- static routes, command-line tools, 91
- tools, 221
- load balancers, 84, 298
- local area networks (LANs). See LANs (local area networks)
- local authentication, 158
- logging on
- passwords, 153
- smartcards, 153
- logical addressing, OSI and, 10, 278
- logical network diagrams, 126
- logs
- management tasks, 119
- server activities, 120
- tools, 120
- Windows event logs, 120
- M
- MAC (media access control)
- address filtering, 175
- addresses, 94
- attack types, 164
- control method, 12
- CSMA/CD IEEE standards, 99
- Ethernet frames, 12
- IPv6 link local addresses, 43
- OSI layers, 10, 272
- unmanaged networks, 26
- Main Distribution Frames (MDFs), 124
- man-in-the-middle attacks, preventing, 173
- managed switches, connection ports, 182
- Maximum Transmission Unit (MTU). See MTU (Maximum Transmission Unit)
- MDFs (Main Distribution Frames), 124
- MDI ports, connecting to Auto-MDI-X ports, 94, 98
- media access control (MAC). See MAC (media access control)
- message logging, 120
- MIMO (Multiple Input Multiple Output) antennae, 100
- modems, 74
- monitoring tools, operating systems, 117
- MPLS (Multiprotocol Label Switching), OSI layers and, 23
- MTU (Maximum Transmission Unit), Ethernet frames, 16
- mulitplexing, types, 270
- multicast addresses, IPv4 networks, 44
- multifactor authentication, 152, 291
- multifunction devices, 74
- multilatency, 268
- multilayer switches, OSI, 77, 87
- multimode fiber-optic cabling, 31
- multimode fiber-optic Ethernet networks, connecting, 78
- Multiple Input Multiple Output (MIMO), 100
- multiplexing signals, 26
- multiport bridges, 78
- multiport repeaters, 75, 273
- Multiprotocol Label Switching (MPLS). See MPLS (Multiprotocol Label Switching)
- multiprotocol switches, 293
- multitiered technical support organizations, 201
- N
- NACs (Network Access Controls), 156
- name resolution queries, DNS, 55
- namespace hierarchy, 59
- NAS (Network Attached Storage), 61
- application layer protocols, 62
- compared to SANs, 61, 270
- NAT (Network Address Translation)
- OSI model, 40
- server characteristics, 86
- netstat
- information displayed by, 224
- IPv6 packets, 223
- network access
- Network Access Controls (NACs), 156
- network activity, tracking, 157
- network adapters
- Network Address Translation (NAT). See NAT (Network Address Translation)
- network addresses, subnet masks, 42
- network analysis, 116
- Network Attached Storage (NAS). See NAS (Network Attached Storage)
- network congestion, preventing, 89
- network connectivity
- network device administration procedures, 267
- network diagrams, 126, 284
- Network Function Virtualization (NFV), 27
- network interface adapters, MAC addresses, 94
- Network Interface Cards (NICs). See NICs (Network Interface Cards)
- network interfaces
- network layer (OSI)
- devices and, 11
- encapsulated data, 16
- protocols, 13
- IPv6 networks, 94
- TTL field, 92
- testing characteristics, 220
- network layers. See OSI (Open Systems Interconnection)
- network maps, 127
- network medium, 27
- network printers, troubleshooting, 202
- network resources, limiting access, 176
- network segmentation methods, 172
- network switching, OSI model, 11
- Network Time Servers (NTPs). See NTPs (Network Time Servers)
- network topology, cabling, 13
- network traffic analysis, email servers, 51
- network traffic, distributing among multiple servers, 86
- network wiring locations, 123
- networking fundamentals, review question answers, 312–346
- networks, size, 17
- networkwide errors, 197
- Next-Generation Firewall (NGFW). See NGFWs (Next-Generation Firewalls)
- NFV (Network Function Virtualization), 27
- NGFWs (Next-Generation Firewalls), features compared to traditional firewalls, 83
- NICs (Network Interface Cards), teaming, 140
- north-south datacenter traffic, 309
- compared to east-west, 64
- NTPs (Network Time Servers), 58
- O
- off-boarding policies, 130–131, 295
- omnidirectional antennas, 101
- on-boarding policies, 130, 295
- security considerations, 160
- Open Shortest Path First (OSPF). See OSPF (Open Shortest Path First)
- Open Systems Interconnection (OSI). See OSI (Open Systems Interconnection)
- operating systems
- cloud service models, 65
- command-line tools, 222
- security considerations, 168
- operations, review question answers, 371–391
- Organization for Standardization (ISO). See ISO (Organization for Standardization)
- OSI (Open Systems Interconnection)
- bridges, 14
- communication devices, 78
- connectionless delivery service protocols, 51
- data delivery, 13
- data packet protocols, 285
- dedicated hardware, 12
- development of, 10
- DHCP snooping, 173
- dialogue control, end systems, 11
- Ethernet adapters, 15
- Ethernet frames, 12
- flow control, 14
- frame creation, 12
- guaranteed delivery protocol, 13
- jumbo frames, 97
- layers, 10
- logical addressing, 278
- MAC addresses, 10, 272
- multilayer switches, 77, 87
- NAT, 40
- network cabling, 13
- network layer, devices and, 10
- network switching, 11, 293
- port numbers, 14
- port scanners and, 230
- protocol stack, 11
- proxy servers, 83
- session layer, 276
- switches, 14
- TCP/IP protocols, 13
- text files, converting encoded, 16
- translating/formatting information, 11
- transmitting signals, 15
- wireless range extenders, 104
- OSPF (Open Shortest Path First), 90
- out-of-band management, 180–181
- Outlook.com, 66
- P
- packet analyzers, 225
- packet sniffers, compared to protocol analyzers, 227
- packets
- control bits, 49
- displaying sent, 121
- dropped, interface monitors and, 118
- format, 92
- forwarding, 76
- IPv6, netstat command, 223
- labels, assigning to, 23
- multiplexing signals, 26
- route tracing, 215
- routing protocols, 88
- signing, IPSec, 54
- stateful inspection, 77
- transmission delays, 214
- transmitting, 91
- troubleshooting, 221
- voice traffic, 98
- PANs (personal area networks), technologies for, 18, 284
- parity data, RAID, 141, 259
- password cracking, account lockouts and, 130
- password policies, 129, 290, 296
- account lockouts and, 130
- passwords
- attack types, 168
- authentication, FTP and, 53
- brute force attacks, 133
- complex, 133
- history requirements and, 133
- logging on, 153
- policies, 129–130, 170, 172
- Windows policies, 171
- PAT (Port Address Translation), 45
- patch cables
- creating, 244
- wall plates and, 203
- patch panels
- patches
- evaluation process, 175
- uninstalling, 175
- PBX services, technologies, 85
- PDUs (Power Distribution Units), compared to power strips, 143
- peer-to-peer networks, 19
- penetration testing, 159, 270
- performance
- 802.11n, 237
- bandwidth considerations, 137
- baselines, 117
- disaster recovery, 138
- fault tolerance, 135, 136
- Gigabit Ethernet, troubleshooting, 214
- hubs compared to switches, 81
- interface monitors, 118
- jitter, 119
- network adapters, troubleshooting, 256–257
- network cabling problems, 211
- network interface malfunctions, 119
- network speed, 248
- operating systems, monitoring tools, 117
- SANs, jumbo frames, 63
- server baselines, 118
- server clusters, 140
- server load balancing, 136
- switched Ethernet LANs, 80
- switching loops, preventing, 303
- traffic shaping, 292
- troubleshooting
- bandwidth issues, 117
- Ethernet, 211
- network traffic, 245
- networks, 256
- slowdowns, 252
- virtual IP addresses, 138
- wireless networks, 103, 306
- 5 GHz compared to 2.4 GHz, 101
- performance monitoring tools, Unix/Linux, 229
- perimeter networks, accessing, 246
- personal area networks (PANs). See PANs (personal area networks)
- physical layer (OSI)
- 100Base-TX hub support, 82
- devices, 13, 74
- star topology, 19
- transceiver module standards, 29
- physical network diagrams, 126
- physical security. See also sec urity
- devices, 187
- entryways, 188
- insider threats, 185, 269
- key fobs, authentication, 187
- mechanisms, 185
- preventing breaches, 188
- RFIDs, 186
- smart lockers, 185
- types, 187, 270, 294
- PIN authentication factor, 155
- ping
- messages, specifying number of, 222
- network access, troubleshooting, 265
- protocols, 47, 218
- server connection issues and, 249
- transmitting messages, 219
- troubleshooting Windows servers, 223
- TTL values, specifying, 220
- Windows servers, 291
- pinouts
- patch cables, 39
- troubleshooting, 245
- PKI (public key infrastructure), characteristics, 158
- plenum cable, 205, 267
- PoE (Power over Ethernet), 306
- security cameras and, 213
- specifications, 98
- Point-to-Point Protocol (PPP). See PPP (Point-to-Point Protocol)
- Point-to-Point Protocol over Ethernet (PPPoE). See PPPoE (Point-to-Point Protocol over Ethernet)
- poisoning (ARP), 166, 272
- poisoning (DNS), 165
- policies. See also documentation
- account lockout, 129–130
- BYOD (Bring Your Own Device), 132
- corporate password, 129
- fail closed, 132
- firewalls, configuration, 173
- incident response, 131–132
- IT asset disposal, 134
- network device administration procedures, 267
- off-boarding, 130–131, 295
- on-boarding, 130, 295
- passwords, 170, 172, 290, 296
- personal software, installing, 256
- server hardening, 171
- Windows passwords, 171
- POP3 email clients
- configuring, 46
- ports, 262
- Port Address Translation (PAT), 45
- port aggregation, characteristics, 139
- port isolation, 177
- port numbers
- assigning, 47
- configuring workstations, 50
- firewalls, 74, 286
- FTP, 51
- HTTPS, 47
- IPv4 networks, 48
- protocols, 9, 14
- server applications, 275
- SQL, 48, 259
- TCP clients, 50
- UDP clients, 50
- Unix logging services, 49
- web clients, 52
- port scanners
- port-based access control, 110
- ports
- switches, LED colors, 249, 250
- unused, disabling, 171
- wall plates, 123
- Power Distribution Units (PDUs). See PDUs (Power Distribution Units)
- power measurements, APs, 237
- Power over Ethernet (PoE). See PoE (Power over Ethernet)
- power strips, compared to PDUs, 143
- power supplies
- disaster recovery and, 138
- modes, 287
- PPP (Point-to-Point Protocol), authentication protocols, 184
- PPPoE (Point-to-Point Protocol over Ethernet), WAN connections, 24
- practice exam 1, review question answers, 448–462
- practice exam 2, review question answers, 462–475
- Pre-Shared Keys (PSKs), 107
- printers, troubleshooting, 202
- private clouds, configuration considerations, 66
- private internetworks, design considerations, 265
- private keys, 169, 174
- processes (operating systems), tools for displaying, 288
- protocol analyzers, 220, 270
- characteristics, 228
- compared to packet sniffers, 227
- host communication issues, 231
- interpreting results, 229
- security, 230
- tasks, 264
- protocol stack, OSI model, 11
- protocols
- address resolution, 49
- ADDS, 152
- AP communications and, 85
- application layer (OSI), 15, 285
- authenticating users, 153
- authentication, PPP, 184
- connectionless delivery service, 51
- data packet delivery, OSI layers, 285
- datagrams, 49, 287
- device hardening, 170
- directory service information, 48
- dynamic routing, 90
- FCoE packets, 63
- Fibre Channel, 63
- file sharing, 49
- host IP addresses, 55
- interior gateway, 122
- IPSec encryption, 53
- iSCSI packets, 63
- local subnets, 52
- NAS application layer, 62
- network layer, 13
- network layer (OSI), IPv6 networks, 94
- obsolete wireless, 108
- OSI model, guaranteed delivery, 13
- OSPF, 90
- ping, 47, 218
- port numbers, 9, 14
- RDP, 179
- remote authentication, 179
- remote control, 178
- routing, 88, 277
- datagrams, 91
- hop counts and, 90
- interior/exterior designations, 92
- packet formatting, 92
- SANs (Storage Area Networks), 61, 285
- secure communications, 178, 268
- security, 54
- smartcard authentication, 107
- standards, 63
- STP, 76, 77
- switching loops, 303
- synchronizing clocks, 59
- TCP/IP
- flow control, 14
- hop counts and, 90
- OSI model and, 12, 13
- routing, 89
- TCP/IP routing efficiency, 90
- TKIP-RC4, 104
- transport layer
- guaranteed delivery, 52
- port numbers and, 47
- tunneling, 271
- VLAN identification, 94
- VPN tunneling, 289
- VPNs, obsolete, 178
- wireless controllers, 85
- wireless encryption, 105
- wireless network security, 106
- proxy servers
- characteristics, 86
- Internet access, 86
- OSI layers, 83
- PSKs (Pre-Shared Keys), 107
- PSTN (Public Switched Telephone Network), 19
- remote access connection technologies, 22
- public cloud datacenter, multilatency, 67, 268
- public key infrastructure (PKI). See PKI (public key infrastructure)
- public keys, 169, 174
- Public Switched Telephone Network (PSTN). See PSTN (Public Switched Telephone Network)
- PXE (Preboot Execution Environment), downloading boot image files, 54
- R
- rack diagrams, 123
- standard vertical height, 125
- RADIUS servers, 107, 264
- 802.1X transactions and, 156
- characteristics, 157
- RAID (Redundant Array of Independent Disks), 135
- fault tolerance, 137, 140
- parity data, 141, 259
- specifications, 140
- striping with distributed parity, 136
- Windows servers, 141
- ransomware attacks, 167
- RDP (Remote Desktop Protocol), 179
- terminal emulation, 184
- traffic types, 180, 268
- recursive queries, 54
- redundant firewalls, design considerations, 144
- redundant servers
- active-active compared to active-passive, 304
- design considerations, 144
- redundant switches, design considerations, 144
- reflective Denial-of-Service, compared to DDoS, 163
- remote access
- authentication
- protocols, 179
- services, 284
- Windows users, 152
- policies, 128
- remote access connection technologies, PSTN, 22
- remote control, protocols, 178
- Remote Desktop Gateways, 180
- Remote Desktop Protocol (RDP). See RDP (Remote Desktop Protocol)
- replay attacks, 166
- request messages, DNS, generating, 219
- resource record information, 264, 305
- retinal scans, 186
- reverse name resolution, DNS, 55
- review question answers
- RFC 1918, IPv4 networks, 40
- RIPv1 (Routing Information Protocol version 1), 89
- RJ-45 connectors, 29
- rogue access points, 168
- role separation, 173
- root guards, 174
- route command, IPv6 routing table, displaying, 224
- route update messages, 89
- Router Advertisement, 46
- Router Solicitation, 46
- router tables, troubleshooting, 251
- routers, 79
- cable connections, 203
- characteristics, 82, 83
- interior gateway protocols, 122
- LANs, performance considerations, 80
- network traffic data, 121
- protocols, 91
- TCP/IP parameters, 88
- troubleshooting, 221
- routes, RIP broadcast packets, 90
- routing
- datagrams, 10
- protocols, 89, 277
- datagrams, 91
- hop counts and, 90
- interior/exterior designations, 92
- OSPF, 90
- packet format, 92
- static characteristics, 89
- TCP/IP routing efficiency, 90
- Routing Information Protocol version 1 (RIPv1). See RIPv1 (Routing Information Protocol version 1)
- routing tables
- displaying, 218
- dynamic routing protocols, 90
- Internet access, troubleshooting, 252
- screened subnets, accessing, 228
- Redundant Array of Independent Disks (RAID). See RAID (Redundant Array of Independent Disks)
- runt frames, 121
- S
- same sign-on, compared to SSO, 154
- SANs (Storage Area Networks)
- compared to NAS, 61, 270
- data transfer rates, 61
- jumbo frames, 63
- low-latency connections, 62
- protocols, 61, 285
- SCADA (Supervisory Control and Data Acquisition, 76
- screened subnets, 159
- accessing, 228, 304
- servers, accessing, 228
- terminology, 268
- troubleshooting communication issues, 302
- SDNs (Software-Defined Networks)
- Secure Shell. See SSH (Secure Shell)
- secured network resources, accessing, 153
- security. See also physical security
- 802.11n, 237
- account lockout policies, 133
- ARP poisoning, 272
- attack types, 161–162
- authorized devices, identifying, 110
- biometrics, 154
- brute force attacks, 133
- CCMP-AES, 105
- concepts, 269
- cryptographic algorithms, 269
- data authentication, 263
- data loss prevention, terminology, 257
- datacenters, 186
- defense in depth, 161
- enterprise networks, 152
- Ethernet switches, 98
- exploits compared to vulnerabilities, 159
- fingerprint scanners, 153, 290
- FTP, 230
- geofencing, 169, 175
- incident response, 131–132, 133
- insider threats, 185, 291
- Internet access, 165, 271
- IoT, 177
- Linux servers, checking, 220
- MAC address filtering, 175
- monitoring events, 116
- monitoring measures, 186
- multifactor authentication, 152
- network device administration procedures, 267
- obsolete wireless protocols, 108
- on-boarding considerations, 160
- operating system updates and, 168
- password history requirements, 133
- password policies, 290, 296
- penetration testing, 159, 270
- preventing attacks, 272
- preventing unauthorized users, 110
- protocol analyzers, 230, 264
- protocols, 54
- authenticating users, 153
- TKIP and, 257
- wireless, 109
- replay attacks, 166
- review question answers, 391–418
- rogue access points, 168
- secure communication protocols, 268
- server hardening techniques, 260
- social engineering, 163, 168
- SSO (Single Sign-On), 154
- STP attack protection, 99
- TACACS+, 154–155
- techniques, 158
- Telnet, 230
- threat assessments, 161
- threat types, 159
- unauthorized access, 292
- user accounts, 160
- VLAN hopping, 298
- VLAN traffic, 97
- war driving attacks, 261
- WiFi hotspots, 176
- wireless networks, 104, 105
- design considerations, 307
- encryption protocols, 105
- hardening techniques, 170, 295
- protocols, 106
- zero trust architecture, 160
- zero-day vulnerabilities, 160
- security cameras, PoE and, 213
- Security Information and Event Management (SIEM). See SIEM (Security Information and Event Management)
- sendmail
- logging services, 116
- message logging, 120
- servers
- accessing, 238
- baseline performance statistics, 118
- connection issues, 246
- DoS attacks, 164
- event logs, 120
- hardening, 171, 260
- load balancing, 136
- port numbers, 51
- problem types, 198
- redundant, design considerations, 144
- restoring from backup, 138
- screened subnets, 159
- Service Level Agreements (SLAs). See SLAs (Service Level Agreements)
- service models, 288
- Service Set Identifiers (SSIDs). See SSIDs (Service Set Identifiers)
- service-dependent filtering, firewalls, 75
- services, tracking user activities, 152
- session establishment messages, TCP flags, 16
- session layer (OSI), 276
- sessions, terminating, TCP control bits, 16
- short circuits, troubleshooting, 204
- SIEM (Security Information and Event Management), 119, 289
- capabilities, 116
- log management, 119
- Simple Mail Transport Protocol (SMTP). See SMTP (Simple Mail Transport Protocol)
- Simple Network Management Protocol (SNMP). See SNMP (Simple Network Management Protocol)
- Single Sign-On (SSO). See SSO (Single Sign-On)
- single-mode fiber-optic cabling, 31, 292
- 1000Base-SX transceiver modules and, 214
- multimode fiber-optic networks, connecting, 78
- SLAs (Service Level Agreements), 134
- technical support clause, 134
- sliding window flow control, 98
- small business networks, design considerations, 75
- Small Office Home Office (SOHO). See SOHO (Small Office Home Office)
- smart lockers, 185
- smartcards, 292
- authentication, 107
- logging on and, 153
- SMTP (Simple Mail Transport Protocol), securing, 48
- SNMP (Simple Network Management Protocol), 115
- characteristics, 115
- components, 122
- databases, 121
- messages, 118
- security, 115
- terminology, 267
- snooping, 173, 297
- social engineering, 168
- sockets, 264
- software
- change management plans, 125
- implementing hardware devices as, 75
- international export controls, 131
- modification attacks, 309
- personal, installing, 256
- release types, 175, 287
- security issues, 160
- troubleshooting, 200
- zero-day vulnerabilities, 160
- Software Identification Tags (SWIDs), 123
- Software-Defined Networks (SDNs). See SDNs (Software-Defined Networks)
- SOHO (Small Office Home Office)
- multifunction connectivity devices, 77
- technologies, 97
- SONET (Synchronous Optical Networking), standards, 23
- Spanning Tree Protocol (STP). See STP (Spanning Tree Protocol)
- split pairs (cables), 210
- split tunneling, 183, 296
- SQL (Structured Query Language), port numbers, 48, 259
- SSH (Secure Shell), compared to Telnet, 183
- SSIDs (Service Set Identifiers)
- connection problems, 176, 232
- security considerations, 171
- SSO (Single Sign-On), compared to same sign-on, 154
- standards
- 802.11ac, 102
- AAA services, 156, 157
- authentication, 168
- cabling, 27
- compliance with, 174
- dial-up network connections, 157
- encryption, CCMP, 107
- IEEE
- CSMA/CS with MAC, 99
- Ethernet, 38
- port-based access control, 110
- protocols, 63
- SONET, 23
- SWIDs, 123
- synchronous data transmissions, 22
- transceiver module, 29
- wireless networking speeds, 100, 102, 301
- star topology
- cable types, 29
- cabling nexus devices, 18
- physical layer options, 19
- stateful packet inspection, firewalls, 77
- static routing, 278
- characteristics, 89
- command-line tools, 91
- Storage Area Networks (SANs). See SANs (Storage Area Networks)
- STP (Spanning Tree Protocol), 76, 77
- stream ciphers, 107
- streaming video, troubleshooting, 276
- striping with distributed parity (RAID), 136
- Structured Query Language (SQL). See SQL (Structured Query Language)
- subinterfaces, 46
- subnet masks, 42, 271
- configuring computers, 275
- IPv4 networks, 41, 45, 294
- network design considerations, 42
- subnets
- host addresses, 43
- IPv4 networks, 40
- local, protocols, 52
- routing protocols and, 89
- subscriptions, leased lines, 23
- Supervisory Control and Data Acquisition (SCADA), 76
- SWIDs (Software Identification Tags), 123
- switch ports
- link pulse LEDs, troubleshooting, 271
- troubleshooting, 250
- unused, 296
- switched networks
- characteristics, 93
- devices, 78
- switches, 76, 79, 81
- Auto-MDI-X ports, 97
- cable connections, 203
- communication problems, 80
- compared to hubs, 81
- connection indicators, 213
- connection ports, 182
- CPP, 177
- CRC checks, 299
- default VLANs, 177
- flood guards, 174
- frame forwarding, 76
- functions, 81
- man-in-the-middle attacks, preventing, 173
- multilayer, 77
- multiprotocol, 293
- network switching, OSI model and, 11
- OSI model and, 14
- packet forwarding, 76
- port isolation, 177
- port LED colors, 249, 250
- port states, 77
- redundant, design considerations, 144
- remote management, 115
- splitting LANs into multiple domains, 81
- STP attack protection, 99
- terminology, 289
- troubleshooting, 244
- virtual compared to physical, 26
- switching architectures, 93
- switching loops, 303
- synchronous data transmissions, standards, 22
- Synchronous Optical Networking (SONET). See SONET (Synchronous Optical Networking)
- syntax translation, OSI model and, 15
- syslog, severity levels, 117–118
- system backups, version skew, 142
- systemwide errors, 197
- T
- T-1 leased line, compared to T-3, 22
- T-3 leased line
- channels, 22
- compared to T-1, 22
- T-connectors, 30
- TACACS+, 154–155
- TCP (Transmission Control Protocol)
- client port numbers, 50
- dropped connections, protocol analyzers, 220
- establishing connections, 50
- Option subheader, 47
- port number function, 50
- ports, scanning for, 228
- servers, port numbers and, 51
- session establishment messages, 16
- TCP/IP (Transmission Control Protocol/Internet Protocol)
- connectivity, testing, 226
- identifying malfunctioning routers, 218
- sockets, 264
- troubleshooting, 223
- tunneling protocols, 271
- TCP/IP networks
- domain name resolution, 57
- flow control, 14
- IPv4 addresses, 45
- packet transmission, 10, 91
- packets, control bits, 49
- protocols, OSI model, 12, 13
- remote connections, 181
- router address parameters, 88
- routing efficiency, 90
- routing protocols, 89
- secured links, 27
- terminal emulation, 183
- telecommunications
- 110 punchdown block, 28
- analog, 28
- cabling, 31
- room diagrams, 124
- termination points, 125
- telecommuting
- connection considerations, 184
- WAN technologies, 302
- television, connecting to CATV, 27
- Telnet
- compared to SSH, 183
- security considerations, 230
- traffic types, 180
- Temporal Key Integrity Protocol (TKIP). See TKIP (Temporal Key Integrity Protocol)
- terminal emulation
- terminating resistors, topologies and, 17
- testing
- copper cables, 205
- fiber-optic cables, 204, 211
- network layer characteristics, 220
- TCP/IP connectivity, 226
- twisted pair cables, 209–210
- WANs (Wide Area Networks), 24
- text files, encoded, converting, 16
- thick Ethernet, cabling, 28
- thin Ethernet, cabling, 28, 30, 263
- threat assessments, 161
- threat mitigation techniques, 172–173, 297
- three-tier datacenter architecture, 63
- compared to leaf and spine topology, 64, 280
- layers, 256
- thumbprint scans, 155
- Time to Live (TTL) field. See TTL (Time to Live) field
- TKIP (Temporal Key Integrity Protocol)
- compared to WEP, 105
- stream ciphers, 107
- wireless security protocols, 257
- TKIP-RC4 encryption protocol, 104
- TLS (Transport Layer Security)
- security protocols and, 54
- URL prefixes, 52
- TLS/SSL (Transport Layer Security/Secure Sockets Layer), VPN connections, 181
- tone generators
- cable fault types, 276
- wiring faults, 203
- tools, 206–209, 274, 275, 300. See also command-line tools
- application server troubleshooting, 221
- bandwidth monitoring, 225
- cable crimpers, 205
- cable installation, 206, 209, 262, 301
- cabling, 258
- connectors, 204
- creating cables, 206
- displaying processes (operating systems), 288
- fiber-optic cables, 204
- identifying unlabeled cables, 206
- installing cable, 31
- message logging, 120
- packet analyzers, 225
- packets, troubleshooting, 221
- performance monitoring, Unix/Linux, 229
- router troubleshooting, 221, 251
- telephone cable compared to network cables, 204
- tone generators, 203
- traffic patterns, 225
- twisted pair cabling, 29
- vulnerability scanning, 230
- war driving, 164
- wiremap testers, 203
- topologies
- cabling, 17
- datacenter layers, 64
- Ethernet networks, 18
- failover clusters, 18
- Gigabit Ethernet, cabling and, 34
- hybrid, 17
- LANs, installation considerations, 36
- star
- cabling nexus devices, 18
- physical layer options, 19
- terminating resistors, 17
- WAPs, 73
- wireless networks, 99, 257
- WLANs, 18, 302
- traceroute, 217
- traffic shaping, 88, 292
- transceiver module standards, 29
- Transmission Control Protocol (TCP). See TCP (Transmission Control Protocol)
- Transmission Control Protocol/Internet Protocol (TCP/IP). See TCP/IP (Transmission Control Protocol/Internet Protocol)
- transport layer (OSI)
- firewalls, port numbers, 74
- guaranteed delivery protocols, 52
- port numbers, 47
- Transport Layer Security (TLS). See TLS (Transport Layer Security)
- Transport Layer Security/Secure Sockets Layer (TLS/SSL). See TLS/SSL (Transport Layer Security/Secure Sockets Layer)
- trouble tickets, 266
- creation, 200
- prioritizing, 197
- troubleshooting
- 802.11
- connection speeds, 231
- performance issues, 237
- access issues, 202
- ADSL errors, 251
- application servers, 221
- approaches, 199
- APs
- connection issues, 231–232, 235
- coverage issues, 232
- attack types, 266
- bandwidth issues, 117
- cabling
- collision detection, 95
- communications failures, 302
- connections, 199
- failures, 212
- 5 GHz (wireless networks), 233
- 802.11a, 233
- 802.11ac, 235
- 802.11g, 235
- 802.11n, 236–237
- SSIDs, 232
- WPA2 and, 232
- slowdowns, 212
- DHCP servers, 247
- DNS, 215
- failures, 247
- server unreachable condition, 214, 299
- domain controllers, 249
- Duplicate IP Address error, 250
- duplicating network problems, 198
- email, 202
- EMI issues, 248, 304
- Ethernet
- connection issues, 238, 243
- hubs, 243
- malfunctions, 269
- poor performance, 211
- fiber-optic cables, 253
- Gigabit Ethernet, 213, 242
- host communication issues, 231
- hubs, 249
- intermittent network connections, 247
- Internet connections, 199, 226, 238, 246, 256, 271, 273, 279, 291, 303, 309
- introducing new problems, 202
- IP
- LANs, connection issues, 245
- last step, 199
- malfunctioning routers, 218
- missing cable labels, 211
- network access, 274, 277, 278, 297, 298, 308
- connectivity issues, 265
- VLANs, 263
- network adapters, 256–257, 259
- network connections, 119, 222, 223, 248, 250
- ipconfig command, 239–241
- network interface errors, 121
- network performance, 211, 256
- network speed, 248
- network traffic issues, 245
- NTPs, 253
- packets, 221
- performance slowdowns, 252
- perimeter networks, 246
- pinouts, 245
- printer issues, 202
- problem identification considerations, 197
- questions to ask, 198
- record creation, 202
- review question answers, 418–447
- rogue DHCP servers, 227
- routers, 221
- routing tables, 251
- server access issues, 238, 246, 249
- setting priorities, 298
- short circuits, 204
- split pairs, 210
- SSID connection problems, 176
- steps, 197–198, 200, 269, 297
- streaming video, 276
- switch communication problems, 80
- switch ports, 250
- TCP dropped connections, protocol analyzers, 220
- TCP/IP, 223
- tools, 205, 206–209
- twisted pair cables, 244, 304
- unlabeled cabling, 204
- VLAN networks, 96
- connection issues, 245
- mismatches, 261
- VoIP, 135, 276
- wireless networks
- connection issues, 232, 233, 236, 305
- connection range issues, 234, 236
- connection speed issues, 234, 299
- performance issues, 306
- signal interference, 234, 235
- wiring faults, 203
- TTL (Time to Live) field
- network layer protocols, 92
- values, specifying for ping messages, 220
- tunneling
- tunnels, secured links, 27
- twisted pair cables, 29, 288
- data rate, 34
- data rate support, 35
- electrical interference, 244
- Gigabit Ethernet, 35
- tools, 206
- troubleshooting, 304
- troubleshooting faults, 209–210, 244
- Type I virtualization, 25
- Type II virtualization, 25
- U
- UDP (User Datagram Protocol), 51
- client port numbers, 50
- port number function, 50
- ports, scanning for, 228
- servers, port numbers and, 51
- Ultra-Physical Contact (UPC), 28
- unidirectional antennas, 101
- unified threat management (UTM) appliances, 87
- Uninterruptable Power Supplies (UPSs). See UPSs (Uninterruptable Power Supplies)
- Universal Resource Locators (URLs). See URLs (Universal Resource Locators)
- Universal Serial Bus (USB). See USB (Universal Serial Bus)
- Unix
- displaying processes, 288
- logging services, port numbers, 49
- packet analyzers, 225
- performance monitoring tools, 229
- protocol analyzers, 270
- sendmail, 116
- static routes, command-line tools, 91
- tools, 221
- unmanaged networks, MAC addresses, 26
- UPC (Ultra-Physical Contact) connectors, 28
- uplink ports, hubs, 80
- UPSs (Uninterruptable Power Supplies), 136, 137
- disaster recovery and, 139
- URLs (Universal Resource Locators)
- accessing administrative websites, 295
- prefixes, 52
- USB (Universal Serial Bus), cabling and, 34
- user accounts, 160
- User Datagram Protocol (UDP). See UDP (User Datagram Protocol)
- utilities
- Linux server security, 220
- network layer characteristics, testing, 220
- packets sent, displaying, 121
- resource record information, 215
- UTM (unified threat management) appliances, 87
- UTP (Unshielded Twisted Pair)
- cabling installations, 31
- Gigabit Ethernet, 25
- punchdown process, 33
- troubleshooting faults, 203
- V
- vampire taps, 30
- version skew (system backups), 142
- video surveillance, 187
- VIP (Virtual IP) addresses, 46
- Virtual Area Networks (VLANs). See VLANs (Virtual Area Networks)
- virtual desktop, 179
- virtual firewalls, 26
- Virtual IP (VIP) addresses, 46
- virtual machines
- cloud architectures, 261
- cloud-based, 67
- Virtual Network Computing (VNC). See VNC (Virtual Network Computing)
- Virtual Private Networks (VPNs). See VPNs (Virtual Private Networks)
- virtual switch. See vSwitch
- virtualization
- hardware environment, 26
- types, 25
- VLANs (Virtual Area Networks)
- 802.1q tagging, 97
- administrative boundaries, 78, 96
- characteristics, 96
- connection issues, 245
- creating, 25, 285
- devices, 74, 78
- connecting computers, 95
- creating multiple networks, 85
- identifying, 96
- frames, forwarding, 97
- hopping as a threat, 164, 298
- identifying, 94
- mismatches, 261
- multiple, design considerations, 257
- network access issues, troubleshooting, 263
- switches, 177
- tagging, 97
- troubleshooting, 96
- voice traffic packets, 98
- VoIP and, 98
- VNC (Virtual Network Computing), 180
- Voice over Internet Protocol (VoIP). See VoIP (Voice over Internet Protocol)
- VoIP (Voice over Internet Protocol)
- devices, 82
- troubleshooting, 135, 276
- VLANs and, 98
- VPNs (Virtual Private Networks)
- access, limiting, 178
- client-to-site connections, 181
- connections
- encryption, tunneling and, 178
- headend devices, 84
- host-to-host connections, 182
- joining distant LANs, 182
- obsolete protocols, 178
- securing data, 183
- site-to-site connections, 181
- split tunneling, 296
- tunneling, 183
- vSwitch, 25
- physical switch, compared, 26
- vulnerabilities
- W
- wall plates
- WANs (Wide Area Networks)
- analog signaling, 20, 21
- bandwidths, 21
- broadband signaling, 20
- cloud, 25
- connections, 178
- implementation technologies, 20
- interface devices, 23
- labels, assigning to packets, 23
- PPPoE, 24
- services, 266
- technologies, 302
- termination points, 125
- testing, 24
- transfer rates, 24
- WAPs (Wireless Access Points)
- channel overlap, avoiding, 259
- connecting to clients, 105
- hardening, 171
- topologies, 73
- war driving, 162, 261
- wavelength division multiplexing, 39, 270
- web browsers
- application layer (OSI), 49
- secure communications, 178, 268
- web clients, port numbers, 52
- web servers
- web sites, accessing encrypted, 53
- WEP (Wired Equivalent Privacy), 105
- whitelisting, wireless networks, 99
- Wide Area Networks (WANs), 20
- WiFi hotspots, EULAs and, 176
- WiFi Protected Access (WPA). See WPA (WiFi Protected Access)
- WiFi Protected Access II (WPA2). See WPA2 (WiFi Protected Access II)
- Windows
- administrative user accounts, 172
- command-line utilities, 300
- creating ARP entries, 225
- deleting ARP cache, 219
- output, 215–217, 221, 224
- creating baselines, 281
- file sharing protocol, 49
- password policies, 171
- ping command and, 291
- remote access protocols, 179
- remote users, authentication, 152
- servers, troubleshooting, 223
- tracing packet routes, 215
- workstations, bytes transmitted, 223
- Windows Backup Server, 135
- Windows Event Viewer, 115
- Windows Server Backup, 141
- Windows servers
- Wired Equivalent Privacy (WEP). See WEP (Wired Equivalent Privacy)
- Wireless Access Points (WAPs). See WAPs (Wireless Access Points)
- wireless controllers, protocols, 85
- wireless local area networks (WLANs). See WLANs (wireless local area networks)
- wireless networks, 19
- 5 GHz compared to 2.4 GHz, 101
- 5 GHz compatibility, 103
- 802.11, frequency compatibility, 103
- 802.11n, design considerations, 274
- AP performance issues, 235
- attack types, 163, 166
- authorized devices, identifying, 110
- captive portals, 176, 297
- channel overlap, 231
- channel width, 102
- configuring clients, 108
- connecting devices, 293
- connecting to WAPs, 105
- connection issues, 233, 236, 305
- connection range issues, 234, 236
- connection speed issues, 234, 299
- connectivity, design considerations, 109
- design considerations, 101, 106, 307
- devices, transmission speeds, 101
- geofencing, 169
- hardening techniques, 170, 295
- interference, 100
- MIMO antennae, 100
- performance considerations, 103, 306
- security, 104, 105
- CCMP-AES, 105
- obsolete protocols, 108
- preventing unauthorized users, 110
- protocols, 106, 109, 169
- signal interference, 234, 235
- speed standards, 100, 101, 276, 301
- standards, design considerations, 102
- topologies, 99
- transmission techniques, 102
- unauthorized users, 292
- war driving attacks, 162
- whitelisting, 99
- wireless range extenders, 104
- wireless telephones, interference with wireless technologies, 100
- wiremap tester, troubleshooting UTP wiring faults, 203
- wiring nexus, terminology, 127
- WLANs (wireless local area networks)
- design considerations, 268, 274
- MAC address filtering, 175
- seed standards, 276
- topologies, 18, 302
- workstations
- bytes transmitted, 223
- configuring, 50
- WPA (WiFi Protected Access), 104, 106
- compared to WEP, 105
- encryption protocol, 108
- WPA2 (WiFi Protected Access II), 106
- connection issues and, 232
- X-Y-Z
- zero trust architecture, 160
- zero-day vulnerabilities, 160
- zombies, 165, 167
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.