Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

100Base-TX
- FLP functions, 37
- hub support, 82
- PoE, 98
10Base-T, PoE, 98
10GBase-T networks, cabling, 33
110 punchdown block, European alternative, 28
2.4 GHz (wireless networks), 101
- design considerations, 274
5 GHz (wireless networks), 101
- compatibility, 103
- connection issues, 233
- design considerations, 274
5G cellular networks
- characteristics, 110
- download speed, 109
802.11
- frequency compatibility, 103
- maximum channel width, 102
- number of antenna supported, 103
- security protocols, TKIP and, 257
- wireless networks ad hoc topology, 99
802.11a, connection issues, 233
802.11ac, standards, 102
802.11b, connection speeds, 231
802.11b/g, connection issues, 234
802.11b/g/n, network design considerations, 102
802.11g, connection issues, 234, 235
802.11n
- connection issues, 236–237
- network design considerations, 274
- performance issues, 237
- security, 237
802.1q tagging, VLANs, 97
802.1X
- authenticators, 156
- RADIUS implementation, 156
- security and, 169
- supplicants, 156
- transactions, 156

A
AAA (Authentication, Authorization, and Accounting) services
- dial-up network connections, 157
- standards, 156, 157
Acceptable Use Policy (AUP), 132
Access Control Lists (ACLs). See ACLs (Access Control Lists)
access control, security devices, 188
Access Points (APs). See APs (Access Points)
account databases
- authenticating users, 158
- authentication services, 284
account lockouts
- password cracking and, 130
- policies, 129–130, 133
ACLs (Access Control Lists)
- devices, 87, 296
- services, 172
- technologies, 176
Active Directory Domain Services (ADDS). See ADDS (Active Directory Domain Services)
AD (Active Directory), authentication protocols, 261
adapters
- connection indicators, 213
- Ethernet, OSI model and, 15
Address Resolution Protocol (ARP). See ARP (Address Resolution Protocol)
address resolution, protocols, 49
addressing
- network hosts, IPv4, 40
- OSI and, 10
ADDS (Active Directory Domain Services), authentication protocols, 152
administrative user accounts, 172
administrative websites, accessing, 295
administrator agreements, 128
ADSL (Asymmetric Digital Subscriber Line), troubleshooting errors, 251
algorithms, file hashing, 269
analog signaling, 20
- WANs, 21
analog telecommunications, 28
analog telephone devices, 84
Angled Physical Contact (APC). See APC (Angled Physical Contact)
antimalware, accessing networks and, 154
APC (Angled Physical Contact) connectors, 28
APIPA (Automatic Private IP Addressing)
- IPv4 addresses, 41, 44
- IPv6 equivalent, 45
application layer (OSI)
- executing commands remotely, 215
- NAS protocols, 62
- protocols, 15, 285
- web browsers, 49
application servers
- connection issues, 249
- troubleshooting, 221
applications
- design, security and, 165
- protocol stack, OSI and, 11
APs (Access Points)
- antennas, 101
- communication protocols, 85
- connection issues, 231–232
- coverage issues, 232
- management devices, 85
- performance issues, 235
- power measurements, 237
- rogue, 168
- wireless network topologies and, 257
archive bits (backups), 141
ARP (Address Resolution Protocol)
- cache
  - creating new entries, 225
  - deleting, 219
- poisoning, 166, 173, 272
- table, viewing, 219
Asymmetric Digital Subscriber Line (ADSL). See ADSL (Asymmetric Digital Subscriber Line)
attacks
- email, 166
- MAC filtering and, 164
- man-in-the-middle, preventing, 173
- prevention techniques, 186
- software modification, 309
- troubleshooting, 266
- types, 161–162, 163, 166, 167, 281, 299
- VLAN hopping, 298
- war driving, 261
auditing, authentication, 153
AUP (Acceptable Use Policy), 132
authentication
- account databases, 158
- ADDS, 152
- auditing, 153
- biometrics, false positives, 187
- data, IPSec and, 263
- EAP tunneling, 169
- factors, 154, 155
- fingerprint scanners, 184
- key fobs, 187
- local, 158
- multifactor, 152, 291
  - categories, 258
- open and shared key, 108
- PPP, 184
- protocols
  - Active Directory, 261
  - remote access, 179
- remote Windows users, 152
- signal strength and, 169, 294
- smart lockers and, 185
- smartcards, 107
- standards, 168
- users and, 153
Authentication, Authorization, and Accounting (AAA) services. See AAA (Authentication, Authorization, and Accounting) services
Auto-MDI-X ports, 97
- connecting to MDI ports, 94, 98
autochangers (backups), 142
Automatic Private IP Addressing (APIPA). See APIPA (Automatic Private IP Addressing)

B
backbone, wiring nexus, terminology, 127
backups
- archive bits, 141
- autochangers, 142
- data set names, 142
- disaster recovery and, 142
- filtering files for, 139
- firewalls, 143
- Grandfather-Father-Son, 141
- hard drive-based compared to tape based, 287
- incremental, hard drives compared to tape drives, 143
- restoring servers, 138
- types of sites, 140
- version skew, 142
- Windows Server Backup, 141
bandwidth
- monitoring, 225
- performance considerations, 137
- terminology, 267
- troubleshooting, 117
- WANs, 21, 266
baselines, creating, 281
BGP (Border Gateway Protocol), characteristics, 91
binary masks, converting to decimal, 44
biometrics, 154
- false positives, 187
Bluetooth, attacks, 162
boot image files, downloading, 54
Border Gateway Protocol (BGP). See BGP (Border Gateway Protocol)
bridges, 81
- LANs, 77
- multiport, 78
- OSI model and, 14
bridging types, Ethernet LANs, 75
Bring Your Own Device (BYOD), 132
broadband
- routers, 74
- signaling, 20
broadcast
- domains, 73, 79, 284
- messages, forwarding, 60
- packets, RIP routes, 90
brute force attacks, 133, 167
bus topology, Ethernet cabling, 38
BYOD (Bring Your Own Device), 132

C
cable
- certifiers, 205
- crimpers, 205
- modems, 264
cabling
- 10GBase-T networks, 33
- coaxial, 28
- collision detection and, 95
- connector tools, 204
- connector types, 280, 307
- copper, 27
  - testing tools, 205
- creating, twisted pair patch cables, 206
- Ethernet, 292
  - troubleshooting performance issues, 211
- Ethernet topologies, 18
  - bus, 38
- fault type detection, 276
- faults, 209–210
- fluorescent lighting and, 213
- Gigabit Ethernet, 32, 277
  - copper, 37
  - topology and, 34
- identifying unlabeled, 204, 206
- installation considerations, 32, 39
- installation tools, 206
- internal installation characteristics, 35
- LANs, 13, 34
  - design considerations, 38
  - installation considerations, 36
- long segment problems, 213
- MDI ports
  - connecting to Auto-MDI-X ports, 94
  - connecting to MDI-X ports, 98
- multimode fiber-optic networks, connecting, 78
- network design considerations, 37
- patch
  - creating, 244
  - pinouts, 39
- plenum cable, 205, 267
- PoE and, 98
- router and switch connections, 203
- routing documentation, 126
- split pairs, 210
- standards, 27
- star topology, 29
- telecommunications, 31
- terminology, 266
- testing devices, 203
- testing tools, 205
- thick Ethernet, 28
- thin Ethernet, 28, 30, 263
- tools, 209, 258, 262
- topologies, 17
  - redundant paths, 19
- tracing for labeling, 211
- troubleshooting, 32–33, 244
- twisted pair, 29
- UTP installations, 31
- vampire taps, 30
cameras, types, 185
captive portals, 176, 297
Carrier-Sense Multiple Access with Collision Detection (CSMA/CD). See CSMA/CD (Carrier-Sense Multiple Access with Collision Detection)
CAT8 UTP, specifications, 36
CATV (cable television network), 27
CCMP-AES encryption protocol, 105, 106
- encryption standards, 107
- security protocols, 107
cellular communication technologies, 100
Central Processing Units (CPUs). See CPUs (Central Processing Units)
change management plans, 131
- software, 125
change management teams, responsibilities, 125, 286
channel overlap, 231
- network design considerations, 259
channels, T-3 leased line, 22
CIA (Confidentiality-Integrity- Availability), 158
CIDR (Classless Inter-Domain Routing), 42
Cisco network diagrams, 124, 126, 127, 272, 286
Class A networks, IPv4, subnet masks, 41
Class B networks
- hosts, creating, 43
- subnets, 43
Class C networks, subnets, 43
Classless Inter-Domain Routing (CIDR), 42
cleaning compounds, documentation, 128
client-server networks, 19
clocks, synchronizing with servers, 59
cloud
- architectures, 66, 261
- models, 65, 66, 265, 295
- Outlook.com, 66
- resource controls, 65
- types, 66
- WANs, 25
clusters, 273
- load balancing, 137
- servers, 140
CMR (Concurrent Multipath Routing), benefits, 143
coaxial cabling, 28, 35
- connector types, 32
collision domains, 73, 79, 82, 284
collisions, detection, 95
command-line tools
- ARP table, viewing, 219
- displaying routing tables, 218
- IP configuration, viewing, 219
- ipconfig
  - Internet access failures, 239–241, 260, 302
  - network access failures, 239, 308
- operating systems, 222
- static routes, 91
- traceroute, 217
- Windows output, 215–217, 221, 224, 300
complex passwords, 133
compression, OSI model and, 15
Concurrent Multipath Routing (CMR). See CMR (Concurrent Multipath Routing)
Confidentiality-Integrity- Availability, 158
connection ports, managed switches, 182
connectionless delivery service, protocols, 51
connector types (cabling), 280
console ports, connections, 203
content filtering, firewalls, 84
contracts, 134
control bits, TCP (Transmission Control Protocol), 16
control plane policing (CPP), 177
CoPP, 177
copper cabling, 27
- testing, 205
corporate password policies, 129
CPP (control plane policing), 177
CPUs (Central Processing Units), low-latency connections with storage systems, 62
CRC (Cyclic Redundancy Check), 121, 299
credentials, confirming, 157
crosstalk, cable faults and, 210
cryptographic algorithms, 269
CSMA/CD (Carrier-Sense Multiple Access with Collision Detection), 95
- Ethernet networks and, 95
- IEEE standards, 99, 293
Cyclic Redundancy Check (CRC). See CRC (Cyclic Redundancy Check)

D
DAI (Dynamic ARP Inspection), 173
data loss prevention, 130
- terminology, 257
data sets (backups), 142
databases, SNMP, 121
datacenters
- alternative sites, 280
- design considerations, 65
- disaster recovery mechanisms, 138
- documentation
  - chemicals, 128, 131, 306
  - device location, 127
- fire suppression systems, 143
- public cloud, 67
- security mechanisms, 290
- topology layers, 64
- traffic, 64, 309
Datagram Transport Layer Security (DTLS). See DTLS (Datagram Transport Layer Security)
datagrams, 287
- IP, 59
- IPv4 networks, 48
- protocols, 49
- routing, 10
DDoS (Distributed Denial-of-Service)
- compared to reflective DoS, 163
- types, 163, 164
Deep Packet Inspection (DPI), 86
default credentials, 170
defense in depth, 161
demarcation points, 21
Denial-of-Service (DoS). See DoS (Denial-of-Service)
Dense Wave Division Multiplexing (DWDM), 19. See also wavelength division multiplexing
deployment, hardware, 185
devices
- ACLs, 87, 296
- administrative access, 290
- analog telephone, 84
- AP management, 85
- attack deterrence and, 165
- authorized, identifying, 110
- autochangers, 142
- communication, protocols and, 78
- creating multiple collision domains, 303
- default credentials, 170
- DHCP (Dynamic Host Configuration Protocol), 55
- disaster recovery, 138
- dumb, 80
- endpoint, VPN connections, 181, 182
- equipment racks, height of, 123
- external Internet access, 86
- firewalls, 86
- hardening, 170
- honeypots, 158
- implementing hardware as software, 75
- interface, 23
- Internet access, 84
- IoT, 81, 307
- LANs (local area networks), interface devices, 23
- load balancers, 86
- location documentation, 127
- MAC address filtering, 176
- multifunction, 74
  - SOHO, 77
- multiple VLANs, 85
- network layer (OSI) and, 11
- network monitoring, 87
- OSI network layer, 10
- patch types, 175
- physical layer (OSI), 13, 74
- ports, disabling unused, 171
- rack mounted, height of, 126
- similarities, 76
- star topology cabling nexus, 18
- switched networks, 78
- UTM appliances, 87
- VLANs, 74, 78
  - connecting, 95
  - creating, 285
  - identifying, 96
- VoIP, 82
- VPN headends, 84
- WANs, 23
- wireless networks
  - security, 104
  - transmission speeds, 101
DHCP (Dynamic Host Configuration Protocol)
- address allocation methods, 57
- default gateway addresses, 58
- devices, 55
- DHCP-DISCOVER messages, 289
- forwarding broadcast messages, 60
- integrating with DNS, 58
- IP address assignment, 58
- IP address scope, 60
- IP datagrams, 59
- message types, 56
- rogue, 309
- snooping, 173, 297
- transmission types, 58
- troubleshooting, 247
  - rogues, 227
dial-up network connections, standards, 157
dialogue control, OSI model, 11
digital signatures, 174
Digital Subscriber Line (DSL). See DSL (Digital Subscriber Line)
Direct Sequence Spread Spectrum (DSSS), 100
directory service information, protocols, 48
disaster recovery, 138
- backups, 142
- datacenters, 280
- devices, 138
- expense, 139
- UPSs and, 139
disk duplexing, 141
disk mirroring, 141
distributed control systems, SCADA, 76
Distributed Denial-of-Service (DDoS). See DDoS (Distributed Denial-of-Service)
DNS (Domain Name System)
- accessing, troubleshooting, 299
- hierarchy, 59, 287
- integrating with DHCP, 58
- iterative queries, 55
  - generation, 279
- name resolution
  - IPv6, 57
  - queries, 55
- namespace, adding IP addresses, 58
- poisoning, 165
- recursive queries, 54
- request messages, generating, 219
- resource record information, 305
  - viewing, 215
- resource records, 57, 264
  - types, 58
- reverse name resolution, 55
- TCP/IP parameters, 57
- troubleshooting, 215
  - failures, 247
  - unreachable condition, 214
DOCSIS, 24
documentation. See also policies
- account lockout policies, 129–130
- administrator agreements, 128
- AUP, 132
- chemicals in datacenters, 131, 306
- cleaning compounds, 128
- contract language and, 134
- contracts, 134
- corporate password policies, 129
- device locations, 127
- employee confidentiality, 129
- internal cable runs, 126
- IT asset management, 126
- MDFs and IDFs, 124
- networks, 122
  - problems, 201
- new hires, 128
- password policies, 129
- personal devices, 129
- personal software, installing, 256
- provider agreements, 303
- remote access terms, 128
domain controllers, troubleshooting, 249
Domain Name System (DNS). See DNS (Domain Name System)
door locks, authentication factors, 155
DoS (Denial-of-Service), 162
- attack types, 167
- CPP, 177
- types, 165, 281
- zombies, 165
DPI (Deep Packet Inspection), 86
DSL (Digital Subscriber Line), 19
- data traffic, 21
- transmission speed, 20, 21
DSSS (Direct Sequence Spread Spectrum), 100
DTLS (Datagram Transport Layer Security), security protocols and, 54
dual power supplies, modes, 287
dual stacks, 40
dumb devices, 80
duplex mismatches (Ethernet), 212
Duplicate IP Address error, troubleshooting, 250
DWDM (Dense Wave Division Multiplexing), 19. See also wavelength division multiplexing
Dynamic ARP Inspection (DAI), 173
Dynamic Host Configuration Protocol (DHCP). See DHCP (Dynamic Host Configuration Protocol)
dynamic routing protocols, 90

E
EAP (Extended Authentication Protocol), 169
- tunneling, 169
- variants, 170
east-west datacenter traffic, 309
- compared to north-south, 64
EIGRP (Enhanced Interior Gateway Routing Protocol), 88
Electrical and Electronics Engineers (IEEE). See IEEE (Electrical and Electronics Engineers)
electrical interference, twisted pair cables, 244
electromagnetic interference (EMI). See EMI (electromagnetic interference)
electrostatic shock, 120
email clients
- POP3, ports, 262
- SMTP connection, securing, 48
email servers, network traffic analysis, 51
email services
- models, 65
- Outlook.com, 66
- types, 288
embedded chips, 73
EMI (electromagnetic interference)
- cabling and, 32
- Gigabit Ethernet cabling, 277
- preventing, 289
- troubleshooting, 248, 304
encapsulated data, protocols, 16
encoded text files, converting, OSI layers, 16
encryption
- CCMP-AES, 105
- ciphers, 109
- digital signatures, 174
- IPSec
  - protocols, 53
  - tools for verifying, 227
- OSI model and, 15
- protocols, wireless networks, 104
- standards, CCMP, 107
- stream ciphers, 107
- tunneling and, 178
- VPN tunneling, 289
endpoint devices, VPN connections, 181, 182
Enhanced Interior Gateway Routing Protocol (EIGRP), 88
enterprise networks
- security, 152
- wiring nexus terminology, 294
equipment racks
- height of, 123
- width, 127
Ethernet. See also Gigabit Ethernet
- abnormal occurrences, 96
- adapters, OSI model and, 15
- bridging types, 75
- cables, 292
- cabling
  - connector types, 280
  - topologies, 18
    - bus, 38
- CAT8 UTP specifications, 36
- connection
  - failures, 243
    - ipconfig /all command, 239–241
  - issues, 238
- connector types, 30
- CRC errors, 121
- CSMA/CD and, 95
- design considerations, 36–37, 307
- duplex mismatches, 212
- frames, 121
  - MTUs, 16
  - OSI model and, 12
- hubs, connection issues, 243
- IEEE standards, 38
- malfunctions, 269
- multimode fiber-optic, connecting, 78
- port security, 98
- thick Ethernet, 28
- thin, cabling, 263
- topologies, 18
- troubleshooting, poor performance, 211
- upgrading to Gigabit Ethernet, 37
event monitoring, 159
Event Viewer (Windows), 115
exploits, compared to vulnerabilities, 159
export controls, software, 131
Extended Authentication Protocol (EAP). See EAP (Extended Authentication Protocol)

F
facial recognition, 188
fail closed
- mechanisms, 185, 188, 290
- policies, 132
fail open mechanisms, 185, 186, 290
failover clusters, topologies, 18
Fast Link Pulse (FLP). See FLP (Fast Link Pulse)
fault tolerance, 135, 136
- generators and, 136
- hard disk data storage, 141
- mechanisms, 143
- parity data, 259
- RAID, 137, 140
- redundant Internet connections, 144
FCoE (Fibre Channel over Ethernet)
- compared to Fibre Channel, 62
- protocols, 63
FHRP (First Hop Redundancy Protocol), 144
Fibre Channel over Ethernet (FCoE). See FCoE (Fibre Channel over Ethernet)
fiber-optic cables, 31, 35
- connectors, 29, 30, 33, 307
- decibel loss, 212
- multiplexing, 270
- testing tools, 211
- tools, 204
- troubleshooting, 253
Fibre Channel network
- compared to FCoE, 62
- compared to iSCSI, 62, 278
- protocols, 63
- topologies, 18
file hashing, algorithms, 269
file sharing protocol, Windows, 49
File Transfer Protocol (FTP). See FTP (File Transfer Protocol)
fingerprint scanners, 153, 184, 290
fire suppression systems, 143
firewalls, 74
- backing up, state compared to configuration, 143
- configuration, 173
- content filtering, 84
- devices and, 86
- FTP and, 83
- installation considerations, 83
- port numbers, 74, 286
- redundant, design considerations, 144
- service-dependent filtering, 75
- stateful packet inspection, 77
- traditional compared to Next-Generation, 83
- virtual, 26
First Hop Redundancy Protocol (FHRP), 144
flags, TCP session establishment messages, 16
flood guards, 174
flow control
- sliding window, 98
- TCP/IP networks, 14
FLP (Fast Link Pulse), 100Base-TX, 37
fluorescent lighting, 213
FQDNs (fully qualified domain names), 59
frame relay, 24
frames
- creating, OSI model and, 12
- Ethernet, 12
  - MTUs, 16
- forwarding, 76
  - VLANs, 97
- giant, 121
- jumbo, 63, 267
  - OSI layers, 97
- runt and giant, 121
FTP (File Transfer Protocol)
- authentication passwords, 53
- firewalls and, 83
- port numbers, 51
- PXE startup, 54
- security considerations, 230
- shortcomings, 53
full backups, 142
full-duplex Ethernet, malfunctions, 269
fully qualified domain names (FQDNs), 59

G
geofencing, 169, 175
giant frames, 121
Gigabit Ethernet
- cabling, 32, 277
- copper cabling, 37
- installation considerations, 34
- performance problems, troubleshooting, 214
- troubleshooting, 213, 242, 248
- twisted pair cabling, 35
- upgrading from Ethernet, 37
- UTP (Unshielded Twisted Pair), 25
Grandfather-Father-Son backups, 141
group membership, accessing network resources, 157

H
half-duplex Ethernet, malfunctions, 269
hardware
- deployment, 185
- disposal, 189
- implementing as software, 75
- leased-line components, 21
- OSI model, 12, 14
- patch types, 175
- replacing to find faulty, 200
- troubleshooting, 200, 269
- virtual environment, 26
help calls, prioritizing, 201
high availability systems, 137
honeynets, 158
honeypots, 158
host addresses, IPv4, 44
host identifier, IPv4, 40
HTTP (Hypertext Transfer Protocol)
- compared to HTTPS, 52
- ports, 298
HTTPS (Hypertext Transfer Protocol Secure)
- compared to HTTP, 52
- port numbers, 47
- ports, 298
hubs, 76
- 100Base-TX support, 82
- characteristics, 82
- compared to switches, 81
- connection indicators, 213
- connection issues, 243
- installing, 80
- troubleshooting, 249
HVAC systems
- design considerations, 122
- IoT monitoring and, 84
hybrid network deployments, design considerations, 67
hybrid topologies, 17
Hypertext Transfer Protocol (HTTP). See HTTP (Hypertext Transfer Protocol)
Hypertext Transfer Protocol Secure (HTTPS). See HTTPS (Hypertext Transfer Protocol Secure)
hypervisors, 26

I
IaC (Infrastructure as Code), cloud-based virtual machines, 67
ICMPv6 Router Solicitation, 46
IDFs (Intermediate Distribution Frames), 124
IDSs (Intrusion Detection Systems), 80
- network traffic, analyzing, 78
- traffic monitoring features, 87
IEEE (Electrical and Electronics Engineers)
- DSSS signal modulation, 100
- Ethernet standards, 38
- maximum aggregate channel width, 104
- standards
  - CSMA/CD, 293
  - CSMA/CD with MAC, 99
  - port-based access control, 110
implementations, review question answers, 346–371
in-band management, 180
incident response
- plans, 132, 133
- policies, 131–132
incremental backups, 142
- hard drives compared to tape drives, 143
infrastructure, network design considerations, 38
insider threats, 185, 269
- monitoring for, 291
interface devices, 23
- MAC addresses, 94
- WANs (Wide Area Networks), 23
interface monitors
- metrics, 118
- packet drops, 118
interior gateway protocols, 122
Intermediate Distribution Frames (IDFs). See IDFs (Intermediate Distribution Frames)
Internet access
- connection failures, ipconfig /all command, 239
- design considerations, 85, 265
- devices, 86
- proxy servers, 86
- routing tables, troubleshooting, 252
- security issues, 165
- speed considerations, 22
- troubleshooting, 199, 226, 238, 246, 256, 271, 273, 279, 291, 303, 309
  - ipconfig command, 260, 302
- VLAN mismatches, 261
Internet connections, DOCSIS, 24
Internet of Things (IoT). See IoT (Internet of Things)
Internet Protocol (IP). See IP (Internet Protocol)
Internet Protocol Security (IPSec). See IPSec (Internet Protocol Security)
Internet Service Providers (ISPs). See ISPs (Internet Service Providers)
intrusion detection, 188
Intrusion Detection Systems (IDSs). see IDSs (Intrusion Detection Systems)
Intrusion Prevention Systems (IPSs), 86
IoT (Internet of Things)
- devices, 81, 307
- examples, 261
- HVAC systems, 84
- security considerations, 177
- technologies, 73
IP (Internet Protocol)
- addresses
  - adding to DNS namespace, 58
  - allocation methods, 57
  - assignment issues, 238, 250
  - configuration, 277
  - lease renewal, 55
  - scope, 60
  - substitution, 276
  - troubleshooting, 247
- configuration properties, troubleshooting, 199
- configuration, viewing, 219
- datagrams, 59
- header classification identifier, 89
- high availability, 138
- host addresses, 55
- OSI model and, 15
- rogue DHCP servers, 309
- settings, verifying, 224
- subnet masks, 271
ipconfig command
- Internet access failures, 239–241
- network access failures, 239
IPSec (Internet Protocol Security)
- data authentication, 263
- encryption protocols, 53
- encryption, verifying, 227
- signing packets, 54
IPSs (Intrusion Prevention Systems), 86
IPv4 networks
- addresses, compared to IPv6, 45
- classes, 41–42
- datagrams, 48
- host addresses, 40, 44
- host identifier, 40, 285
- host system destination address, 91
- Internet access, 39
- multicast addresses, 44
- network device addresses, 45
- port numbers, 48
- RFC 1918, 40
- subnet masks, 41, 45, 294
- subnets, creating, 40, 42
- TCP/IP clients, 45
- transmitting IPv6 networks on, 46
IPv6 network
- address formatting, 290
- address resolution, 57
- protocols, 94
IPv6 networks
- addresses, 41
  - compared to IPv4, 45
- APIPA equivalent, 45
- link local addresses, 43
- transmitting on IPv4 networks, 46
iSCSI, 61
- clients, 62
- compared to Fibre Channel, 62, 278
- locating targets, 306
- protocols, 63
ISO (Organization for Standardization), SWIDs, 123
ISPs (Internet Service Providers), SLAs, 134
IT asset disposal policies, 134
IT asset management documents, 126
iterative name resolution queries, 55, 279

J-K
- jam signals, collision detection, 95
- jitter, 119
- jumbo frames, 265
  - OSI layers, 97
  - SANs, 63
key fobs, 187

L
labels, assigning to packets, 23
LANs (local area networks)
- bridges, 77
- bridging types, 75
- cabling, 34
- connecting, 17
- connection issues, 199, 245
- design considerations, 36–37, 73, 75, 79
  - antennas and, 101
  - cabling, 38
- installation considerations, 36
- interface devices, 23
- MAC addresses, 10
- performance considerations, 80
- splitting into multiple domains, 81
- wiring, 17
layers. See OSI (Open Systems Interconnection)
leaf and spine datacenter architecture, compared to three-tier, 62, 280
leased lines
- hardware components, 21
- replacing, 26
- subscriptions, 23
link pulse LEDs, troubleshooting, 271
Linux
- administrative user accounts, 172
- commands, output, 225, 226
- displaying processes, 288
- packet analyzers, 225
- performance monitoring tools, 229
- protocol analyzers, 270
- static routes, command-line tools, 91
- tools, 221
load balancers, 84, 298
- clusters, 137
- devices, 86
- mechanisms, 140
- servers, 136
local area networks (LANs). See LANs (local area networks)
local authentication, 158
logging on
- passwords, 153
- smartcards, 153
logical addressing, OSI and, 10, 278
logical network diagrams, 126
logs
- management tasks, 119
- server activities, 120
- tools, 120
- Windows event logs, 120

M
MAC (media access control)
- address filtering, 175
  - devices and, 176
- addresses, 94
- attack types, 164
- control method, 12
- CSMA/CD IEEE standards, 99
- Ethernet frames, 12
- IPv6 link local addresses, 43
- OSI layers, 10, 272
- unmanaged networks, 26
Main Distribution Frames (MDFs), 124
man-in-the-middle attacks, preventing, 173
managed switches, connection ports, 182
Maximum Transmission Unit (MTU). See MTU (Maximum Transmission Unit)
MDFs (Main Distribution Frames), 124
MDI ports, connecting to Auto-MDI-X ports, 94, 98
media access control (MAC). See MAC (media access control)
message logging, 120
MIMO (Multiple Input Multiple Output) antennae, 100
modems, 74
monitoring tools, operating systems, 117
MPLS (Multiprotocol Label Switching), OSI layers and, 23
MTU (Maximum Transmission Unit), Ethernet frames, 16
mulitplexing, types, 270
multicast addresses, IPv4 networks, 44
multifactor authentication, 152, 291
- categories, 258
multifunction devices, 74
- SOHO, 77
multilatency, 268
multilayer switches, OSI, 77, 87
multimode fiber-optic cabling, 31
multimode fiber-optic Ethernet networks, connecting, 78
Multiple Input Multiple Output (MIMO), 100
multiplexing signals, 26
multiport bridges, 78
multiport repeaters, 75, 273
Multiprotocol Label Switching (MPLS). See MPLS (Multiprotocol Label Switching)
multiprotocol switches, 293
multitiered technical support organizations, 201

N
NACs (Network Access Controls), 156
name resolution queries, DNS, 55
namespace hierarchy, 59
NAS (Network Attached Storage), 61
- application layer protocols, 62
- compared to SANs, 61, 270
NAT (Network Address Translation)
- OSI model, 40
- server characteristics, 86
netstat
- information displayed by, 224
- IPv6 packets, 223
network access
- connectivity issues, 265
- troubleshooting, 274, 277, 278, 297, 298, 308
- VLANs, troubleshooting, 263
Network Access Controls (NACs), 156
network activity, tracking, 157
network adapters
- troubleshooting, 259
  - performance, 256–257
Network Address Translation (NAT). See NAT (Network Address Translation)
network addresses, subnet masks, 42
network analysis, 116
Network Attached Storage (NAS). See NAS (Network Attached Storage)
network congestion, preventing, 89
network connectivity
- intermittent, 247
- troubleshooting, 119, 244, 248, 250
  - performance, 248
network device administration procedures, 267
network diagrams, 126, 284
- Cisco, 124, 272, 286
Network Function Virtualization (NFV), 27
network interface adapters, MAC addresses, 94
Network Interface Cards (NICs). See NICs (Network Interface Cards)
network interfaces
- errors, 121
- malfunctions, 119
network layer (OSI)
- devices and, 11
- encapsulated data, 16
- protocols, 13
  - IPv6 networks, 94
  - TTL field, 92
- testing characteristics, 220
network layers. See OSI (Open Systems Interconnection)
network maps, 127
network medium, 27
network printers, troubleshooting, 202
network resources, limiting access, 176
network segmentation methods, 172
network switching, OSI model, 11
Network Time Servers (NTPs). See NTPs (Network Time Servers)
network topology, cabling, 13
network traffic analysis, email servers, 51
network traffic, distributing among multiple servers, 86
network wiring locations, 123
networking fundamentals, review question answers, 312–346
networks, size, 17
networkwide errors, 197
Next-Generation Firewall (NGFW). See NGFWs (Next-Generation Firewalls)
NFV (Network Function Virtualization), 27
NGFWs (Next-Generation Firewalls), features compared to traditional firewalls, 83
NICs (Network Interface Cards), teaming, 140
north-south datacenter traffic, 309
- compared to east-west, 64
NTPs (Network Time Servers), 58
- troubleshooting, 253

O
off-boarding policies, 130–131, 295
omnidirectional antennas, 101
on-boarding policies, 130, 295
- security considerations, 160
Open Shortest Path First (OSPF). See OSPF (Open Shortest Path First)
Open Systems Interconnection (OSI). See OSI (Open Systems Interconnection)
operating systems
- cloud service models, 65
- command-line tools, 222
- security considerations, 168
operations, review question answers, 371–391
Organization for Standardization (ISO). See ISO (Organization for Standardization)
OSI (Open Systems Interconnection)
- bridges, 14
- communication devices, 78
- connectionless delivery service protocols, 51
- data delivery, 13
- data packet protocols, 285
- dedicated hardware, 12
- development of, 10
- DHCP snooping, 173
- dialogue control, end systems, 11
- Ethernet adapters, 15
- Ethernet frames, 12
- flow control, 14
- frame creation, 12
- guaranteed delivery protocol, 13
- jumbo frames, 97
- layers, 10
- logical addressing, 278
- MAC addresses, 10, 272
- multilayer switches, 77, 87
- NAT, 40
- network cabling, 13
- network layer, devices and, 10
- network switching, 11, 293
- port numbers, 14
- port scanners and, 230
- protocol stack, 11
- proxy servers, 83
- session layer, 276
- switches, 14
- TCP/IP protocols, 13
- text files, converting encoded, 16
- translating/formatting information, 11
- transmitting signals, 15
- wireless range extenders, 104
OSPF (Open Shortest Path First), 90
- routing protocols, 91
out-of-band management, 180–181
- examples, 182
Outlook.com, 66

P
packet analyzers, 225
packet sniffers, compared to protocol analyzers, 227
packets
- control bits, 49
- displaying sent, 121
- dropped, interface monitors and, 118
- format, 92
- forwarding, 76
- IPv6, netstat command, 223
- labels, assigning to, 23
- multiplexing signals, 26
- route tracing, 215
- routing protocols, 88
- signing, IPSec, 54
- stateful inspection, 77
- transmission delays, 214
- transmitting, 91
- troubleshooting, 221
- voice traffic, 98
PANs (personal area networks), technologies for, 18, 284
parity data, RAID, 141, 259
password cracking, account lockouts and, 130
password policies, 129, 290, 296
- account lockouts and, 130
passwords
- attack types, 168
- authentication, FTP and, 53
- brute force attacks, 133
- complex, 133
- history requirements and, 133
- logging on, 153
- policies, 129–130, 170, 172
- Windows policies, 171
PAT (Port Address Translation), 45
patch cables
- creating, 244
  - pinouts, 39
- wall plates and, 203
patch panels
- diagrams, 124
- labels, 125
patches
- evaluation process, 175
- uninstalling, 175
PBX services, technologies, 85
PDUs (Power Distribution Units), compared to power strips, 143
peer-to-peer networks, 19
penetration testing, 159, 270
performance
- 802.11n, 237
- bandwidth considerations, 137
- baselines, 117
- disaster recovery, 138
- fault tolerance, 135, 136
- Gigabit Ethernet, troubleshooting, 214
- hubs compared to switches, 81
- interface monitors, 118
- jitter, 119
- network adapters, troubleshooting, 256–257
- network cabling problems, 211
- network interface malfunctions, 119
- network speed, 248
- operating systems, monitoring tools, 117
- SANs, jumbo frames, 63
- server baselines, 118
- server clusters, 140
- server load balancing, 136
- switched Ethernet LANs, 80
- switching loops, preventing, 303
- traffic shaping, 292
- troubleshooting
  - bandwidth issues, 117
  - Ethernet, 211
  - network traffic, 245
  - networks, 256
  - slowdowns, 252
- virtual IP addresses, 138
- wireless networks, 103, 306
  - 5 GHz compared to 2.4 GHz, 101
performance monitoring tools, Unix/Linux, 229
perimeter networks, accessing, 246
personal area networks (PANs). See PANs (personal area networks)
physical layer (OSI)
- 100Base-TX hub support, 82
- devices, 13, 74
- star topology, 19
- transceiver module standards, 29
physical network diagrams, 126
physical security. See also sec urity
- devices, 187
- entryways, 188
- insider threats, 185, 269
- key fobs, authentication, 187
- mechanisms, 185
- preventing breaches, 188
- RFIDs, 186
- smart lockers, 185
- types, 187, 270, 294
PIN authentication factor, 155
ping
- messages, specifying number of, 222
- network access, troubleshooting, 265
- protocols, 47, 218
- server connection issues and, 249
- transmitting messages, 219
- troubleshooting Windows servers, 223
- TTL values, specifying, 220
- Windows servers, 291
pinouts
- patch cables, 39
- troubleshooting, 245
PKI (public key infrastructure), characteristics, 158
plenum cable, 205, 267
PoE (Power over Ethernet), 306
- security cameras and, 213
- specifications, 98
Point-to-Point Protocol (PPP). See PPP (Point-to-Point Protocol)
Point-to-Point Protocol over Ethernet (PPPoE). See PPPoE (Point-to-Point Protocol over Ethernet)
poisoning (ARP), 166, 272
poisoning (DNS), 165
policies. See also documentation
- account lockout, 129–130
- BYOD (Bring Your Own Device), 132
- corporate password, 129
- fail closed, 132
- firewalls, configuration, 173
- incident response, 131–132
- IT asset disposal, 134
- network device administration procedures, 267
- off-boarding, 130–131, 295
- on-boarding, 130, 295
- passwords, 170, 172, 290, 296
- personal software, installing, 256
- server hardening, 171
- Windows passwords, 171
POP3 email clients
- configuring, 46
- ports, 262
Port Address Translation (PAT), 45
port aggregation, characteristics, 139
port isolation, 177
port numbers
- assigning, 47
- configuring workstations, 50
- firewalls, 74, 286
- FTP, 51
- HTTPS, 47
- IPv4 networks, 48
- protocols, 9, 14
- server applications, 275
- SQL, 48, 259
- TCP clients, 50
- UDP clients, 50
- Unix logging services, 49
- web clients, 52
port scanners
- functions, 230
- OSI model and, 230
- results, 229, 273
- types, 229
port-based access control, 110
ports
- switches, LED colors, 249, 250
- unused, disabling, 171
- wall plates, 123
Power Distribution Units (PDUs). See PDUs (Power Distribution Units)
power measurements, APs, 237
Power over Ethernet (PoE). See PoE (Power over Ethernet)
power strips, compared to PDUs, 143
power supplies
- disaster recovery and, 138
- modes, 287
PPP (Point-to-Point Protocol), authentication protocols, 184
PPPoE (Point-to-Point Protocol over Ethernet), WAN connections, 24
practice exam 1, review question answers, 448–462
practice exam 2, review question answers, 462–475
Pre-Shared Keys (PSKs), 107
printers, troubleshooting, 202
private clouds, configuration considerations, 66
private internetworks, design considerations, 265
private keys, 169, 174
processes (operating systems), tools for displaying, 288
protocol analyzers, 220, 270
- characteristics, 228
- compared to packet sniffers, 227
- host communication issues, 231
- interpreting results, 229
- security, 230
- tasks, 264
protocol stack, OSI model, 11
protocols
- address resolution, 49
- ADDS, 152
- AP communications and, 85
- application layer (OSI), 15, 285
- authenticating users, 153
  - Active Directory, 261
- authentication, PPP, 184
- connectionless delivery service, 51
- data packet delivery, OSI layers, 285
- datagrams, 49, 287
- device hardening, 170
- directory service information, 48
- dynamic routing, 90
- FCoE packets, 63
- Fibre Channel, 63
- file sharing, 49
- host IP addresses, 55
- interior gateway, 122
- IPSec encryption, 53
- iSCSI packets, 63
- local subnets, 52
- NAS application layer, 62
- network layer, 13
  - TTL, 92
- network layer (OSI), IPv6 networks, 94
- obsolete wireless, 108
- OSI model, guaranteed delivery, 13
- OSPF, 90
- ping, 47, 218
- port numbers, 9, 14
- RDP, 179
- remote authentication, 179
- remote control, 178
- routing, 88, 277
  - datagrams, 91
  - hop counts and, 90
  - interior/exterior designations, 92
  - packet formatting, 92
- SANs (Storage Area Networks), 61, 285
- secure communications, 178, 268
- security, 54
  - wireless networks, 169
- smartcard authentication, 107
- standards, 63
- STP, 76, 77
- switching loops, 303
  - preventing, 94
- synchronizing clocks, 59
- TCP/IP
  - flow control, 14
  - hop counts and, 90
  - OSI model and, 12, 13
  - routing, 89
- TCP/IP routing efficiency, 90
- TKIP-RC4, 104
- transport layer
  - guaranteed delivery, 52
  - port numbers and, 47
- tunneling, 271
- VLAN identification, 94
- VPN tunneling, 289
- VPNs, obsolete, 178
- wireless controllers, 85
- wireless encryption, 105
- wireless network security, 106
proxy servers
- characteristics, 86
- Internet access, 86
- OSI layers, 83
PSKs (Pre-Shared Keys), 107
PSTN (Public Switched Telephone Network), 19
- remote access connection technologies, 22
public cloud datacenter, multilatency, 67, 268
public key infrastructure (PKI). See PKI (public key infrastructure)
public keys, 169, 174
Public Switched Telephone Network (PSTN). See PSTN (Public Switched Telephone Network)
PXE (Preboot Execution Environment), downloading boot image files, 54

R
rack diagrams, 123
- standard vertical height, 125
RADIUS servers, 107, 264
- 802.1X transactions and, 156
- characteristics, 157
RAID (Redundant Array of Independent Disks), 135
- fault tolerance, 137, 140
- parity data, 141, 259
- specifications, 140
- striping with distributed parity, 136
- Windows servers, 141
ransomware attacks, 167
RDP (Remote Desktop Protocol), 179
- terminal emulation, 184
- traffic types, 180, 268
recursive queries, 54
redundant firewalls, design considerations, 144
redundant servers
- active-active compared to active-passive, 304
- design considerations, 144
redundant switches, design considerations, 144
reflective Denial-of-Service, compared to DDoS, 163
remote access
- authentication
  - protocols, 179
  - services, 284
  - Windows users, 152
- policies, 128
remote access connection technologies, PSTN, 22
remote control, protocols, 178
Remote Desktop Gateways, 180
Remote Desktop Protocol (RDP). See RDP (Remote Desktop Protocol)
replay attacks, 166
request messages, DNS, generating, 219
resource record information, 264, 305
- viewing, 215
retinal scans, 186
reverse name resolution, DNS, 55
review question answers
- fundamentals (Chapter 1), 312–346
- implementations (Chapter 2), 346–371
- operations (Chapter 3), 371–391
- practice exam 1 (Chapter 6), 448–462
- practice exam 2 (Chapter 7), 462–475
- security (Chapter 4), 391–418
- troubleshooting (Chapter 5), 418–447
RFC 1918, IPv4 networks, 40
RIPv1 (Routing Information Protocol version 1), 89
- broadcast packets, 90
RJ-45 connectors, 29
rogue access points, 168
role separation, 173
root guards, 174
route command, IPv6 routing table, displaying, 224
route update messages, 89
Router Advertisement, 46
Router Solicitation, 46
router tables, troubleshooting, 251
routers, 79
- cable connections, 203
- characteristics, 82, 83
- interior gateway protocols, 122
- LANs, performance considerations, 80
- network traffic data, 121
- protocols, 91
- TCP/IP parameters, 88
- troubleshooting, 221
  - malfunctioning, 218
routes, RIP broadcast packets, 90
routing
- datagrams, 10
- protocols, 89, 277
  - datagrams, 91
  - hop counts and, 90
  - interior/exterior designations, 92
  - OSPF, 90
  - packet format, 92
- static characteristics, 89
- TCP/IP routing efficiency, 90
Routing Information Protocol version 1 (RIPv1). See RIPv1 (Routing Information Protocol version 1)
routing tables
- displaying, 218
- dynamic routing protocols, 90
- Internet access, troubleshooting, 252
- screened subnets, accessing, 228
Redundant Array of Independent Disks (RAID). See RAID (Redundant Array of Independent Disks)
runt frames, 121

S
same sign-on, compared to SSO, 154
SANs (Storage Area Networks)
- compared to NAS, 61, 270
- data transfer rates, 61
- jumbo frames, 63
- low-latency connections, 62
- protocols, 61, 285
SCADA (Supervisory Control and Data Acquisition, 76
screened subnets, 159
- accessing, 228, 304
- servers, accessing, 228
- terminology, 268
- troubleshooting communication issues, 302
SDNs (Software-Defined Networks)
- layers, 64
- planes, 64
Secure Shell. See SSH (Secure Shell)
secured network resources, accessing, 153
security. See also physical security
- 802.11n, 237
- account lockout policies, 133
- ARP poisoning, 272
- attack types, 161–162
- authorized devices, identifying, 110
- biometrics, 154
- brute force attacks, 133
- CCMP-AES, 105
- concepts, 269
- cryptographic algorithms, 269
- data authentication, 263
- data loss prevention, terminology, 257
- datacenters, 186
- defense in depth, 161
- enterprise networks, 152
- Ethernet switches, 98
- exploits compared to vulnerabilities, 159
- fingerprint scanners, 153, 290
- FTP, 230
- geofencing, 169, 175
- incident response, 131–132, 133
- insider threats, 185, 291
- Internet access, 165, 271
- IoT, 177
- Linux servers, checking, 220
- MAC address filtering, 175
- monitoring events, 116
- monitoring measures, 186
- multifactor authentication, 152
- network device administration procedures, 267
- obsolete wireless protocols, 108
- on-boarding considerations, 160
- operating system updates and, 168
- password history requirements, 133
- password policies, 290, 296
- penetration testing, 159, 270
- preventing attacks, 272
- preventing unauthorized users, 110
- protocol analyzers, 230, 264
- protocols, 54
  - authenticating users, 153
  - TKIP and, 257
  - wireless, 109
- replay attacks, 166
- review question answers, 391–418
- rogue access points, 168
- secure communication protocols, 268
- server hardening techniques, 260
- social engineering, 163, 168
- SSO (Single Sign-On), 154
- STP attack protection, 99
- TACACS+, 154–155
- techniques, 158
- Telnet, 230
- threat assessments, 161
- threat types, 159
- unauthorized access, 292
  - preventing, 256
- user accounts, 160
- VLAN hopping, 298
- VLAN traffic, 97
- war driving attacks, 261
- WiFi hotspots, 176
- wireless networks, 104, 105
  - design considerations, 307
  - encryption protocols, 105
  - hardening techniques, 170, 295
  - protocols, 106
- zero trust architecture, 160
- zero-day vulnerabilities, 160
security cameras, PoE and, 213
Security Information and Event Management (SIEM). See SIEM (Security Information and Event Management)
sendmail
- logging services, 116
- message logging, 120
servers
- accessing, 238
  - screened subnets, 228
- baseline performance statistics, 118
- connection issues, 246
- DoS attacks, 164
- event logs, 120
- hardening, 171, 260
- load balancing, 136
- port numbers, 51
- problem types, 198
- redundant, design considerations, 144
- restoring from backup, 138
- screened subnets, 159
Service Level Agreements (SLAs). See SLAs (Service Level Agreements)
service models, 288
Service Set Identifiers (SSIDs). See SSIDs (Service Set Identifiers)
service-dependent filtering, firewalls, 75
services, tracking user activities, 152
session establishment messages, TCP flags, 16
session layer (OSI), 276
sessions, terminating, TCP control bits, 16
short circuits, troubleshooting, 204
SIEM (Security Information and Event Management), 119, 289
- capabilities, 116
- log management, 119
Simple Mail Transport Protocol (SMTP). See SMTP (Simple Mail Transport Protocol)
Simple Network Management Protocol (SNMP). See SNMP (Simple Network Management Protocol)
Single Sign-On (SSO). See SSO (Single Sign-On)
single-mode fiber-optic cabling, 31, 292
- 1000Base-SX transceiver modules and, 214
- multimode fiber-optic networks, connecting, 78
SLAs (Service Level Agreements), 134
- technical support clause, 134
sliding window flow control, 98
small business networks, design considerations, 75
Small Office Home Office (SOHO). See SOHO (Small Office Home Office)
smart lockers, 185
smartcards, 292
- authentication, 107
- logging on and, 153
SMTP (Simple Mail Transport Protocol), securing, 48
SNMP (Simple Network Management Protocol), 115
- characteristics, 115
- components, 122
- databases, 121
- messages, 118
- security, 115
- terminology, 267
snooping, 173, 297
social engineering, 168
- preventing, 163, 294
sockets, 264
software
- change management plans, 125
- implementing hardware devices as, 75
- international export controls, 131
- modification attacks, 309
- personal, installing, 256
- release types, 175, 287
- security issues, 160
- troubleshooting, 200
- zero-day vulnerabilities, 160
Software Identification Tags (SWIDs), 123
Software-Defined Networks (SDNs). See SDNs (Software-Defined Networks)
SOHO (Small Office Home Office)
- multifunction connectivity devices, 77
- technologies, 97
SONET (Synchronous Optical Networking), standards, 23
Spanning Tree Protocol (STP). See STP (Spanning Tree Protocol)
split pairs (cables), 210
split tunneling, 183, 296
SQL (Structured Query Language), port numbers, 48, 259
SSH (Secure Shell), compared to Telnet, 183
SSIDs (Service Set Identifiers)
- connection problems, 176, 232
- security considerations, 171
SSO (Single Sign-On), compared to same sign-on, 154
standards
- 802.11ac, 102
- AAA services, 156, 157
- authentication, 168
- cabling, 27
- compliance with, 174
- dial-up network connections, 157
- encryption, CCMP, 107
- IEEE
  - CSMA/CS with MAC, 99
  - Ethernet, 38
- port-based access control, 110
- protocols, 63
- SONET, 23
- SWIDs, 123
- synchronous data transmissions, 22
- transceiver module, 29
- wireless networking speeds, 100, 102, 301
star topology
- cable types, 29
- cabling nexus devices, 18
- physical layer options, 19
stateful packet inspection, firewalls, 77
static routing, 278
- characteristics, 89
- command-line tools, 91
Storage Area Networks (SANs). See SANs (Storage Area Networks)
STP (Spanning Tree Protocol), 76, 77
- attack protection, 99
stream ciphers, 107
streaming video, troubleshooting, 276
striping with distributed parity (RAID), 136
Structured Query Language (SQL). See SQL (Structured Query Language)
subinterfaces, 46
subnet masks, 42, 271
- configuring computers, 275
- IPv4 networks, 41, 45, 294
- network design considerations, 42
subnets
- host addresses, 43
- IPv4 networks, 40
- local, protocols, 52
- routing protocols and, 89
subscriptions, leased lines, 23
Supervisory Control and Data Acquisition (SCADA), 76
SWIDs (Software Identification Tags), 123
switch ports
- link pulse LEDs, troubleshooting, 271
- troubleshooting, 250
- unused, 296
switched networks
- characteristics, 93
- devices, 78
switches, 76, 79, 81
- Auto-MDI-X ports, 97
- cable connections, 203
- communication problems, 80
- compared to hubs, 81
- connection indicators, 213
- connection ports, 182
- CPP, 177
- CRC checks, 299
- default VLANs, 177
- flood guards, 174
- frame forwarding, 76
- functions, 81
- man-in-the-middle attacks, preventing, 173
- multilayer, 77
  - OSI layers, 87
- multiprotocol, 293
- network switching, OSI model and, 11
- OSI model and, 14
- packet forwarding, 76
- port isolation, 177
- port LED colors, 249, 250
- port states, 77
- redundant, design considerations, 144
- remote management, 115
- splitting LANs into multiple domains, 81
- STP attack protection, 99
- terminology, 289
- troubleshooting, 244
- virtual compared to physical, 26
switching architectures, 93
switching loops, 303
- preventing, 94
synchronous data transmissions, standards, 22
Synchronous Optical Networking (SONET). See SONET (Synchronous Optical Networking)
syntax translation, OSI model and, 15
syslog, severity levels, 117–118
system backups, version skew, 142
systemwide errors, 197

T
T-1 leased line, compared to T-3, 22
T-3 leased line
- channels, 22
- compared to T-1, 22
T-connectors, 30
TACACS+, 154–155
- characteristics, 157
TCP (Transmission Control Protocol)
- client port numbers, 50
- dropped connections, protocol analyzers, 220
- establishing connections, 50
- Option subheader, 47
- port number function, 50
- ports, scanning for, 228
- servers, port numbers and, 51
- session establishment messages, 16
TCP/IP (Transmission Control Protocol/Internet Protocol)
- connectivity, testing, 226
- identifying malfunctioning routers, 218
- sockets, 264
- troubleshooting, 223
- tunneling protocols, 271
TCP/IP networks
- domain name resolution, 57
- flow control, 14
- IPv4 addresses, 45
- packet transmission, 10, 91
- packets, control bits, 49
- protocols, OSI model, 12, 13
- remote connections, 181
- router address parameters, 88
- routing efficiency, 90
- routing protocols, 89
  - hop counts and, 90
- secured links, 27
- terminal emulation, 183
telecommunications
- 110 punchdown block, 28
- analog, 28
- cabling, 31
- room diagrams, 124
- termination points, 125
telecommuting
- connection considerations, 184
- WAN technologies, 302
television, connecting to CATV, 27
Telnet
- compared to SSH, 183
- security considerations, 230
- traffic types, 180
Temporal Key Integrity Protocol (TKIP). See TKIP (Temporal Key Integrity Protocol)
terminal emulation
- RDP, 184
- TCP/IP, 183
- VNC, 183
terminating resistors, topologies and, 17
testing
- copper cables, 205
- fiber-optic cables, 204, 211
- network layer characteristics, 220
- TCP/IP connectivity, 226
- twisted pair cables, 209–210
- WANs (Wide Area Networks), 24
text files, encoded, converting, 16
thick Ethernet, cabling, 28
thin Ethernet, cabling, 28, 30, 263
threat assessments, 161
threat mitigation techniques, 172–173, 297
three-tier datacenter architecture, 63
- compared to leaf and spine topology, 64, 280
- layers, 256
thumbprint scans, 155
Time to Live (TTL) field. See TTL (Time to Live) field
TKIP (Temporal Key Integrity Protocol)
- compared to WEP, 105
- stream ciphers, 107
- wireless security protocols, 257
TKIP-RC4 encryption protocol, 104
TLS (Transport Layer Security)
- security protocols and, 54
- URL prefixes, 52
TLS/SSL (Transport Layer Security/Secure Sockets Layer), VPN connections, 181
tone generators
- cable fault types, 276
- wiring faults, 203
tools, 206–209, 274, 275, 300. See also command-line tools
- application server troubleshooting, 221
- bandwidth monitoring, 225
- cable crimpers, 205
- cable installation, 206, 209, 262, 301
- cabling, 258
  - connectors, 204
  - creating cables, 206
  - displaying processes (operating systems), 288
  - fiber-optic cables, 204
    - testing, 211
  - identifying unlabeled cables, 206
  - installing cable, 31
  - message logging, 120
  - packet analyzers, 225
  - packets, troubleshooting, 221
  - performance monitoring, Unix/Linux, 229
  - router troubleshooting, 221, 251
  - telephone cable compared to network cables, 204
  - tone generators, 203
  - traffic patterns, 225
  - twisted pair cabling, 29
  - vulnerability scanning, 230
  - war driving, 164
  - wiremap testers, 203
topologies
- cabling, 17
  - redundant paths, 19
- datacenter layers, 64
- Ethernet networks, 18
  - cabling and, 18
- failover clusters, 18
- Gigabit Ethernet, cabling and, 34
- hybrid, 17
- LANs, installation considerations, 36
- star
  - cabling nexus devices, 18
  - physical layer options, 19
- terminating resistors, 17
- WAPs, 73
- wireless networks, 99, 257
- WLANs, 18, 302
traceroute, 217
traffic shaping, 88, 292
- methods, 92
transceiver module standards, 29
Transmission Control Protocol (TCP). See TCP (Transmission Control Protocol)
Transmission Control Protocol/Internet Protocol (TCP/IP). See TCP/IP (Transmission Control Protocol/Internet Protocol)
transport layer (OSI)
- firewalls, port numbers, 74
- guaranteed delivery protocols, 52
- port numbers, 47
Transport Layer Security (TLS). See TLS (Transport Layer Security)
Transport Layer Security/Secure Sockets Layer (TLS/SSL). See TLS/SSL (Transport Layer Security/Secure Sockets Layer)
trouble tickets, 266
- creation, 200
- prioritizing, 197
troubleshooting
- 802.11
  - connection speeds, 231
  - performance issues, 237
- access issues, 202
- ADSL errors, 251
- application servers, 221
- approaches, 199
- APs
  - connection issues, 231–232, 235
  - coverage issues, 232
- attack types, 266
- bandwidth issues, 117
- cabling
  - breaks, 210
  - damage, 244
  - faults, 209–210, 276
- collision detection, 95
- communications failures, 302
- connections, 199
  - failures, 212
    - 5 GHz (wireless networks), 233
    - 802.11a, 233
    - 802.11ac, 235
    - 802.11g, 235
    - 802.11n, 236–237
    - SSIDs, 232
    - WPA2 and, 232
  - slowdowns, 212
- DHCP servers, 247
- DNS, 215
  - failures, 247
  - server unreachable condition, 214, 299
- domain controllers, 249
- Duplicate IP Address error, 250
- duplicating network problems, 198
- email, 202
- EMI issues, 248, 304
- Ethernet
  - connection issues, 238, 243
  - hubs, 243
  - malfunctions, 269
  - poor performance, 211
- fiber-optic cables, 253
- Gigabit Ethernet, 213, 242
  - performance, 214, 248
- host communication issues, 231
- hubs, 249
- intermittent network connections, 247
- Internet connections, 199, 226, 238, 246, 256, 271, 273, 279, 291, 303, 309
  - ipconfig command, 239, 260, 302
- introducing new problems, 202
- IP
  - address assignment issues, 238, 247, 250
  - configuration, 199
- LANs, connection issues, 245
- last step, 199
- malfunctioning routers, 218
- missing cable labels, 211
- network access, 274, 277, 278, 297, 298, 308
  - connectivity issues, 265
  - VLANs, 263
- network adapters, 256–257, 259
- network connections, 119, 222, 223, 248, 250
  - ipconfig command, 239–241
- network interface errors, 121
- network performance, 211, 256
- network speed, 248
- network traffic issues, 245
- NTPs, 253
- packets, 221
- performance slowdowns, 252
- perimeter networks, 246
- pinouts, 245
- printer issues, 202
- problem identification considerations, 197
- questions to ask, 198
- record creation, 202
- review question answers, 418–447
- rogue DHCP servers, 227
- routers, 221
- routing tables, 251
- server access issues, 238, 246, 249
- setting priorities, 298
- short circuits, 204
- split pairs, 210
- SSID connection problems, 176
- steps, 197–198, 200, 269, 297
- streaming video, 276
- switch communication problems, 80
- switch ports, 250
  - link port LEDs, 271
- TCP dropped connections, protocol analyzers, 220
- TCP/IP, 223
- tools, 205, 206–209
- twisted pair cables, 244, 304
- unlabeled cabling, 204
- VLAN networks, 96
  - connection issues, 245
  - mismatches, 261
- VoIP, 135, 276
- wireless networks
  - connection issues, 232, 233, 236, 305
  - connection range issues, 234, 236
  - connection speed issues, 234, 299
  - performance issues, 306
  - signal interference, 234, 235
- wiring faults, 203
TTL (Time to Live) field
- network layer protocols, 92
- values, specifying for ping messages, 220
tunneling
- EAP and, 169
- encryption, 178
- protocols, 271
- VPNs, 183
  - encryption, 289
tunnels, secured links, 27
twisted pair cables, 29, 288
- data rate, 34
- data rate support, 35
- electrical interference, 244
- Gigabit Ethernet, 35
- tools, 206
- troubleshooting, 304
- troubleshooting faults, 209–210, 244
Type I virtualization, 25
Type II virtualization, 25

U
UDP (User Datagram Protocol), 51
- client port numbers, 50
- port number function, 50
- ports, scanning for, 228
- servers, port numbers and, 51
Ultra-Physical Contact (UPC), 28
unidirectional antennas, 101
unified threat management (UTM) appliances, 87
Uninterruptable Power Supplies (UPSs). See UPSs (Uninterruptable Power Supplies)
Universal Resource Locators (URLs). See URLs (Universal Resource Locators)
Universal Serial Bus (USB). See USB (Universal Serial Bus)
Unix
- displaying processes, 288
- logging services, port numbers, 49
- packet analyzers, 225
- performance monitoring tools, 229
- protocol analyzers, 270
- sendmail, 116
- static routes, command-line tools, 91
- tools, 221
unmanaged networks, MAC addresses, 26
UPC (Ultra-Physical Contact) connectors, 28
uplink ports, hubs, 80
UPSs (Uninterruptable Power Supplies), 136, 137
- disaster recovery and, 139
URLs (Universal Resource Locators)
- accessing administrative websites, 295
- prefixes, 52
USB (Universal Serial Bus), cabling and, 34
user accounts, 160
- administrative, 172
User Datagram Protocol (UDP). See UDP (User Datagram Protocol)
utilities
- Linux server security, 220
- network layer characteristics, testing, 220
- packets sent, displaying, 121
- resource record information, 215
UTM (unified threat management) appliances, 87
UTP (Unshielded Twisted Pair)
- cabling installations, 31
- Gigabit Ethernet, 25
- punchdown process, 33
- troubleshooting faults, 203

V
vampire taps, 30
version skew (system backups), 142
video surveillance, 187
- cameras, 185
VIP (Virtual IP) addresses, 46
Virtual Area Networks (VLANs). See VLANs (Virtual Area Networks)
virtual desktop, 179
virtual firewalls, 26
Virtual IP (VIP) addresses, 46
virtual machines
- cloud architectures, 261
- cloud-based, 67
Virtual Network Computing (VNC). See VNC (Virtual Network Computing)
Virtual Private Networks (VPNs). See VPNs (Virtual Private Networks)
virtual switch. See vSwitch
virtualization
- hardware environment, 26
- types, 25
VLANs (Virtual Area Networks)
- 802.1q tagging, 97
- administrative boundaries, 78, 96
- characteristics, 96
- connection issues, 245
- creating, 25, 285
- devices, 74, 78
  - connecting computers, 95
  - creating multiple networks, 85
  - identifying, 96
- frames, forwarding, 97
- hopping as a threat, 164, 298
- identifying, 94
- mismatches, 261
- multiple, design considerations, 257
- network access issues, troubleshooting, 263
- switches, 177
- tagging, 97
- troubleshooting, 96
- voice traffic packets, 98
- VoIP and, 98
VNC (Virtual Network Computing), 180
- terminal emulation, 183
Voice over Internet Protocol (VoIP). See VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
- devices, 82
- troubleshooting, 135, 276
- VLANs and, 98
VPNs (Virtual Private Networks)
- access, limiting, 178
- client-to-site connections, 181
- connections
  - speed, 181
  - technologies, 177
  - TLS/SSL, 182
  - types, 179
- encryption, tunneling and, 178
- headend devices, 84
- host-to-host connections, 182
- joining distant LANs, 182
- obsolete protocols, 178
- securing data, 183
- site-to-site connections, 181
- split tunneling, 296
- tunneling, 183
  - encryption, 289
vSwitch, 25
- physical switch, compared, 26
vulnerabilities
- compared to exploits, 159
- scanning, 230, 231
- zero-day, 160

W
wall plates
- cables and, 203
- labels, 125
- ports and, 123
WANs (Wide Area Networks)
- analog signaling, 20, 21
- bandwidths, 21
- broadband signaling, 20
- cloud, 25
- connections, 178
- implementation technologies, 20
- interface devices, 23
- labels, assigning to packets, 23
- PPPoE, 24
- services, 266
- technologies, 302
- termination points, 125
- testing, 24
- transfer rates, 24
WAPs (Wireless Access Points)
- channel overlap, avoiding, 259
- connecting to clients, 105
- hardening, 171
- topologies, 73
war driving, 162, 261
- tools, 164
wavelength division multiplexing, 39, 270
web browsers
- application layer (OSI), 49
- secure communications, 178, 268
web clients, port numbers, 52
web servers
- logs, 116
- secure communications, 178, 268
web sites, accessing encrypted, 53
WEP (Wired Equivalent Privacy), 105
- IEEE 802.11, 109
whitelisting, wireless networks, 99
Wide Area Networks (WANs), 20
WiFi hotspots, EULAs and, 176
WiFi Protected Access (WPA). See WPA (WiFi Protected Access)
WiFi Protected Access II (WPA2). See WPA2 (WiFi Protected Access II)
Windows
- administrative user accounts, 172
- command-line utilities, 300
  - creating ARP entries, 225
  - deleting ARP cache, 219
  - output, 215–217, 221, 224
- creating baselines, 281
- file sharing protocol, 49
- password policies, 171
- ping command and, 291
- remote access protocols, 179
- remote users, authentication, 152
- servers, troubleshooting, 223
- tracing packet routes, 215
- workstations, bytes transmitted, 223
Windows Backup Server, 135
Windows Event Viewer, 115
Windows Server Backup, 141
Windows servers
- event logs, 120
- RAID and, 141
Wired Equivalent Privacy (WEP). See WEP (Wired Equivalent Privacy)
Wireless Access Points (WAPs). See WAPs (Wireless Access Points)
wireless controllers, protocols, 85
wireless local area networks (WLANs). See WLANs (wireless local area networks)
wireless networks, 19
- 5 GHz compared to 2.4 GHz, 101
- 5 GHz compatibility, 103
- 802.11, frequency compatibility, 103
- 802.11n, design considerations, 274
- AP performance issues, 235
- attack types, 163, 166
- authorized devices, identifying, 110
- captive portals, 176, 297
- channel overlap, 231
- channel width, 102
- configuring clients, 108
- connecting devices, 293
- connecting to WAPs, 105
- connection issues, 233, 236, 305
  - troubleshooting, 232
- connection range issues, 234, 236
- connection speed issues, 234, 299
- connectivity, design considerations, 109
- design considerations, 101, 106, 307
- devices, transmission speeds, 101
- geofencing, 169
- hardening techniques, 170, 295
- interference, 100
- MIMO antennae, 100
- performance considerations, 103, 306
- security, 104, 105
  - CCMP-AES, 105
  - obsolete protocols, 108
  - preventing unauthorized users, 110
  - protocols, 106, 109, 169
- signal interference, 234, 235
- speed standards, 100, 101, 276, 301
- standards, design considerations, 102
- topologies, 99
- transmission techniques, 102
- unauthorized users, 292
- war driving attacks, 162
- whitelisting, 99
wireless range extenders, 104
wireless telephones, interference with wireless technologies, 100
wiremap tester, troubleshooting UTP wiring faults, 203
wiring nexus, terminology, 127
WLANs (wireless local area networks)
- design considerations, 268, 274
- MAC address filtering, 175
- seed standards, 276
- topologies, 18, 302
workstations
- bytes transmitted, 223
- configuring, 50
WPA (WiFi Protected Access), 104, 106
- compared to WEP, 105
- encryption protocol, 108
WPA2 (WiFi Protected Access II), 106
- connection issues and, 232

X-Y-Z
zero trust architecture, 160
zero-day vulnerabilities, 160
zombies, 165, 167

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index