N10-006

Objectives

And

Notes
By Taona Ralph
This page has been intentionally left blank. There is absolutely no reason why I skipped this page. I have
tried, long and hard, to think of a reason why I should write on this page. Even I am surprised I didn’t get
one… Oh well…
Section 1: Network Architecture
1.1 Explain the functions and applications of various network devices
 Router

o Layer 3 device
o Routes traffic between 2 IP subnets
o Often connects diverse network types
o Routers inside switches are sometimes called L3 switches or multilayer switches

 Switch

o Layer 2 device
o Bridging is done by ASIC chips (which are very fast)- hardware based switching
o Makes forwarding decisions based on hardware/MAC/Physical address
o Core of an enterprise network
o High bandwidth to handle simultaneous packets

 Multilayer Switch

o Network device that operates at layers 2-7

o Performs both routing and switching functions
o Can get higher layer information from within network frames (L2 frames)
 Firewall

o Layer 4 device (TCP/UDP)- some firewalls can filter up to Layer 7

o Filters traffic by port number
o Can encrypt traffic into/out of the network and between sites
o Can proxy traffic- sending request to and from the Internet on behalf LAN devices
o Most firewalls are L3 devices (routers)

 Host-based Intrusion Detection System (HIDS)

o Security device that monitors and analyzes the internals of a computing system
o An agent (installed on the host OS) that monitors whether anything or anyone,
whether internal or external, has circumvented the system’s security policy
o HIDS detects, but does not stop the attack
o Typically is a piece of software installed on the system and can only monitor activity
on the system it was installed on.
o Used to monitor systems, enforce system policy, gather statistics, log anomalies, etc
 Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)

o IDS- monitor hosts or networks detect suspicious behavior and can alert
administrators of attacks. Attacks are only detected, not blocked. Normally
complements other devices (like firewalls)
o Can be passive or active
 Passive IDS does not take any corrective action when suspicions activity has
been identified
 Active IDS will monitor, and log, any suspicious activity, and then take some
corrective action.
o NB: An active IDS is now known as an Intrusion Prevention System (IPS)
o IPS- like an IDS, they monitor Hosts or Networks, but have additional capabilities to
block attacks, or other corrective measure.

 Access Point (wireless/wired)

o Wireless Access Points (WAPs) are network devices that can be connected to the
wired network to allow a wireless client to pass through and access the wired
network and its resources
o aka cell, which is a device that transmits and receives radio frequencies between the
PCs and network devices with wireless transmitters connected to them.
o Layer 2 device
o NB: A WAP is a wireless bridge (not a wireless router), and therefore makes
forwarding decisions based on MAC address.

 Content Filter

o Controls traffic based on network data

o Responsible for filtering what type of content the user is allowed to access on the
Internet
o Filters typically filter websites (URLs) and email traffic
 Load Balancer

o A network appliance that allows you to split the workload (the request) for an
application across many servers
o Distributes the request across many physical servers
o Adds fault tolerance
o Can cache and prioritize traffic (QoS)
o Very common in large environments (especially on websites- webservers are
typically connected to a load balancer.
o Goal is to improve performance (and availability), as no single system is handling all
the requests.

 Hub

o Layer 1 device
o Multi-port repeater
o Half duplex operation- you can either send or receive at a time
o Less efficient as speed and bandwidth requirements increase
o A passive hub has no power source or electrical components, there is no signal
processing, and there is no signal regeneration.
o An active hub provides the same functionality as a passive hub, with the ability to
amplify the signal before sending it to all destination ports. It has a power source
and built in repeaters to boost the signal. Also known as a multiport repeater.
o NB: a passive hub does not regenerate the signal as the active hub does; therefore,
the cable distance between two PCs is the total cable length and not PC-to-hub
length, as with active hubs.
 Analog modem

o MOdulator/DEModulator
o Used on Public Switched Telephone Network (PSTN)
o Converts digital signals from PC to analog transmission for sending on phone lines.
o Post Office Telephone System (POTS) modems are now used for backup and utility
functions.

 Packet shaper/ Traffic shaper

o Responsible for delaying certain types of packets in order to make bandwidth

available for other types of packets
o Control by bandwidth usage or data rates
o Manages Quality of service by prioritizing certain packets (eg, voice) over others (eg,
torrents)
o Prevents latency and optimizes performance

 VPN Concentrator

o A network appliance that allows multiple clients to establish a secure, encrypted

VPN connection to the office network.
o Establishes the encrypted tunnel and enforces policies to connect to the VPN
o Connection point for remote users
o Traffic is encrypted across the Internet and decrypted on the internal private
network.
1.2 Compare and contrast the use of networking services and applications
 VPN

-A Virtual Private Network (VPN) extends a private network across a public network, enabling
users to send and receive data across shared or public networks as if their computing devices
were directly connected to the private network.
-It provides tunneling through a public network with a secure communications channel.
-Uses PPTP, L2TP or SSTP for secure connections to a remote network- you are able to tunnel
through an Internet or LAN connection without compromising security.
-Purpose is to ensure that no one can intercept the data and read it because it is transmitted in
an encrypted format.
-Major benefits include:
a. Secure communication across an unsecure medium
b. lack of long distance costs incurred to communicate between the two locations

o Site to site/host to site/host to host

 Site to Site

Each site/location has a VPN appliance (VPN Router) to create the encrypted
tunnel from one location to another.
Clients are not directly establishing the VPN tunnel, but instead go through the
VPN router that will create a VPN connection to the other location.
The tunnel is established once by the VPN appliance and all users send
information securely through the one tunnel.

 Host to site

The client (host) creates the secure VPN tunnel to the remote location. If
multiple users wanted to transmit data to the remote site securely, each client
would create its own VPN tunnel.

 Host to host
Creates an encrypted tunnel between two computers in a host-to-host
topology.
A client computer is creating a VPN connection to another client computer and
all communications between the two are encrypted.
 o VPN Protocols
 IPSec
-The IP Security protocol is used to encrypt All IP traffic once IPSec has been
enabled on the system/device
-L3 security- confidentiality and integrity/anti-replay
-IPSec uses Encapsulation Security Payload (ESP) to encrypt traffic,
Authentication Header (AH) protocol for message integrity and authentication,
and Internet Key Exchange (IKE) to exchange encryption keys between systems.
 GRE
-Generic Routing Encapsulation provides a private, secure path for transporting
packets through an otherwise public network by encapsulating (tunneling) the
packets, ie, it is the tunnel itself.
 SSL VPN
-Secures communication over SSL traffic (port 443); based on common Internet
protocols (SSL).
-Newer approach to encrypting VPN traffic (preferred over PPTP and L2TP).
 PTP/PPTP
-Point-to-Point Tunneling Protocol
-Older VPN protocol used to encrypt PPP traffic
-Common in Microsoft environments
-Uses GRE to transport PPP packets
-Uses TCP port 1723 (control port) and protocol ID 47 (carries the data) on the
firewall.
-Controls the tunnel

 TACACS/RADIUS
o Remote Authentication Dial-In User Service (RADIUS)
-is a central authentication service that you can use to control who can connect to the
network via VPN solutions, wireless and wired network connections.
-RADIUS is an authentication and accounting system used to provide remote access.
Usernames and passwords are passed to Remote Access Servers (RAS) and then
authenticated against a central database.
o Terminal Access Control Access Control System (TACACS)
-TACACS is similar to RADIUS, but is an older authentication service that was common
with UNIX environments. It has been replaced by RADIUS and TACACS+.

 Remote Access Service (RAS)

o -Allows remote clients to connect to the server over a modem using a RAS-based
protocol, eg, Serial Line Internet Protocol (SLIP) or PPP.
-Generally refers to VPN technologies built into the Microsoft Windows OS since
Windows NT.
 Web Services
o -Simply put, these are services that are made available from a business’ Web Server, for
Web Users or other Web-connected programs. They are designed to deliver webpages
from the web server to your client machine’s browser.
-A service offered by an electronic device to another electronic device; a function that
can be accessed by other programs/users/devices over the web.
-A standardized way of creating communications using SOAP, XML, WSDL, and UDDI.
-XML tags the data, SOAP transfers the data, WSDL describes the available services and
UDDI lists the available services.

 Unified Voice Services

o -aka Unified Communications
-allows the integration of all communication into a single system, eg, VoIP for
conversations over an IP network, and the ability to integrate instant messages into the
communication offerings.
-Unified voice services is the integration of all real-time communication employees will
use. That real-time communication involves:
 Instant messaging- makes use of an IM client to quickly send an IM to another
employee.
 Presence information- before sending a message or making a call, you can see if
the employee is available because their presence information is displayed
(available/busy/etc).
 Video conferencing- you can quickly set up a video conference allowing you to
have an online meeting with other employees.
 Desktop sharing- in video conferences, you can share your desktop in order to
display things like presentations or spreadsheets.
 Voice mail and email- allows the employee to access their voice mail and email
from a single client system.

 Network Controllers
o -These are network interfaces, or network cards, in a system or device.
-responsible for sending and receiving data to and from the network.
-you can increase bandwidth of a network device by installing multiple network
controllers and teaming the network controller(s) together (bonding). The device can
then use both network controllers at the same time to increase performance.
1.3 Install and configure the following networking services/applications
 DHCP
-Dynamic Host Configuration Protocol, responsible for assigning IP address information
automatically to systems on the network. The network administrator configures the DHCP
server by configuring a scope (range of addresses) that the server can assign addresses
from. The DHCP service may configure a client with all the TCP/IP settings, including the
subnet mask, default gateway, and the addresses of both the DNS server and WINS server.
-DHCP runs on UDP ports 67 and 68.
o Static vs Dynamic IP addressing
-Static IP addresses are manually configured on a network device by a network
administrator, while Dynamic addresses are automatically assigned by a DHCP server.
o Reservations
-This refers to the process of excluding certain IP addresses from the DHCP pool, for
hosts as defined by their MAC addresses.
o Scopes
-an administrative grouping of IP addresses that are leased by a DHCP server.
o Leases
-DHCP servers lease IP addresses to hosts for a specified period of time.
o Options
-Administrators can specify options that allow additional information to be configured
by the DHCP server.
-Typically consists of DNS servers, WINS Servers, Router Address and Domain Names
o IP Helper/DHCP Relay
-DHCP requests are in the form of broadcasts. By default, routers do not forward
broadcasts. If a network administrator wants to pass DHCP requests across networks,
they use a relay agent to send the request to a DHCP server on a separate logical
network.

 DNS
o Domain Name System- a solution for converting FQDN to IP addresses.
o DNS Servers
 Top-Level Domains (TLD)
-This is the last segment of the domain name, immediately following the (.), eg,
.com
-Identifies something about the website associated with it, eg, purpose,
organization that owns it, or the geographical area where it originates.
-The root servers are responsible for ensuring that any requests for an Internet
resource are forwarded to the correct TLD.
-Popular TLDs include:
.com- commercial organizations (www.yahoo.com),
.org- for nonprofit organizations (www.savethechildren.org),
.net- for networking organizations or ISPs (www.zimbiz.net),
.mil- military organizations (www.marines.mil)
.gov- This is for US government offices only (www.usa.gov),
.edu- educational organizations (www.universityofcalifornia.edu)

 Country Domain Names

 If you reside in a certain country, you can register a domain that shows which
country you are base in, eg:
.zw- Zimbabwe
.us- United States
.za- South Africa
.ke- Kenya

o DNS Files
Most DNS servers maintain their DNS data in a number of files that exist on the hard
disk on the server. In the old days, you’d manage the records by updating these text
files- today, most DNS server environments support GUI tools to create and manage the
records for your DNS server.
When you create the records graphically, the DNS files are updated.
o DNS Records
 Hosts (A)- resolves FQDN to an IPv4 address
 Hosts (AAAA)- resolves FQDN to an IPv6 address
 Alias (CNAME)- a way to create a record that has a name and points to another
host record. Allows you to create many records with different names, with all
the names referencing the one IP address.
 Mail Exchange (MX)- points to your inbound email server.
 Name Server (NS)- specifies who the DNS servers are for the zone.
 Start Of Authority (SOA)- stores settings for the DNS zone (eg,
increment/version number, which increments any time the zone changes. If the
secondary DNS server has a different increment number, then the secondary
DNS knows that it needs to copy the zone from the primary DNS server to be up
to date.
 Pointer (PTR)- created in a reverse lookup zone and associates the IP address
with a DNS name for reverse lookups.

o Dynamic DNS (DDNS)

 DNS records that dynamically update as IP addresses change.
 Dynamic DNS is a system that addresses the problem of rapid updates. The term
is used in two contexts which, while technically similar, have very different
purposes and user populations.
 End users of Internet access receive an allocation of IP addresses, often only a
single address, by their Internet service provider. The assigned addresses may
either be fixed (or static), or may change from time to time, a situation called
dynamic. Dynamic addresses are generally given only to residential customers
and small businesses, as most enterprises specifically require static addresses.
 Dynamic IP addresses present a problem if the customer wants to provide a
service to other users on the Internet, such as a web service. As the IP address
may change frequently, corresponding domain names must be quickly re-
mapped in the DNS, to maintain accessibility using a well-known URL.

 Many providers offer commercial or free Dynamic DNS service for this scenario.
The automatic reconfiguration is generally implemented in the user's router or
computer, which runs software to update the DDNS service.
o Proxy/Reverse Proxy
 A proxy server is a computer that offers a computer network service to allow clients to
make indirect network connections to other network services. A client connects to the
proxy server, then requests a connection, file, or other resource available on a different
server.
 A proxy server is configured as the default gateway for your clients so that all clients
pass data destined to the Internet through the proxy server.
 Benefits include:
o NAT- proxy servers implement NAT so that all requests coming from clients are
translated to use the public IP address of the NAT device.
o Authentication/Authorization- the proxy server can ensure that the user is
authenticated to the network before being allowed to surf the Internet. Once the
user is authenticated, the proxy server can allow or deny users access to the
Internet.
o Restrict site- the proxy server can be configured to restrict access to certain sites. A
company may not want employees surfing facebook.com from work- the site can be
blocked/disabled by the proxy server.
o Protocol Rules- the proxy server has rules that allow or disallow different Internet
protocols. You may be able to surf the Internet using HTTP, but the proxy server
may block access to FTP as a protocol.
o Content Filters- the proxy server can have content filters that block access to certain
sites based on their content.
o Caching- the proxy server can cache webpages on its disk. This means that when a
2nd employee requests a page; the page is returned from cache instead of being
retrieved from the Internet.
o Reverse Proxy- a feature that allows an Internet user to send a request to one of
your internal web servers, but the request goes to the proxy server, who then
verifies the request and forwards it to the internal web server on behalf of the
Internet user.

 It is important to note that when the client sends the request for a webpage to the
proxy server, the proxy server retrieves the page from the Internet for the user—in this
example, the user is not accessing Internet resources, which helps protect the client
from attack.

o Network Address Translation (NAT)

NAT is a network service that is responsible for translating internal IP addresses from LAN
devices, to a public IP address used by the NAT service- essentially hiding your internal network
addresses.
o Types of NAT
Port Address Translation (PAT)/NAT Overloading
This type of NAT permits multiple devices on a LAN to be mapped to a single public IP
address. Each host is assigned a unique port number that distinguishes the
session/connection from other sessions/connections originating from other LAN
devices. The goal of PAT is to conserve IP addresses.
Static NAT (SNAT)
As an administrator, you would need to manually create one-to-one mappings between
private and public IP addresses- you would need one real or Public IP address for each
host on your LAN.
aka inbound mapping, all IP translations take place within the router’s memory and the
whole process is totally transparent to both internal and external hosts.
Static NAT is useful when you need to allow clients on the Internet to access an internal
server.

Dynamic NAT (DNAT)

Translates a private IP into a public IP from a pool of addresses. NB: The mapping is not
static and is only valid for the duration of the session.
Like SNAT, it’s not that common in smaller networks- suitable for larger corporations
with complex networks.
Where SNAT provides a 1-to-1 internal to public static IP mapping, DNAT does the same
but without making the mapping to the public IP static and usually uses a pool of Public
IPs.
With DNAT (and unlike SNAT), translations DO NOT exist iin the NAT table until the
router receives traffic that requires translation. Dynamic translations have a timeout
period after which they are purged from the translation table, thus making them
available for other internal hosts.
 o Port Forwarding
Port forwarding is the concept of configuring your router/firewall to forward specific packets to
systems on the Demilitarized Zone (DMZ) or the internal network. The benefit of port
forwarding is that you typically block packets from the Internet from entering into your network,
but when you wish to host your own server (eg, web server or FTP server) that you can access
from the Internet, then you need to configure the router/firewall to forward those specific
packets to a specific system on your network while still blocking other traffic.
It normally involves opening ports on a firewall and assigning that port to a specific internal IP. If
you forward port 80 to the internal address of 192.168.1.10 all traffic that hits the WAN
interface on the router on port 80 will be forwarded to 192.168.1.10.

1.4 Explain the characteristics and benefits of various WAN technologies

o Fiber
 Synchronous Optical NETwork (SONET)
-A North American ANSI fiber optic WAN technology that allows the uniting of unlike
transmissions into one data stream, to deliver voice, data and video at speeds starting at
51.84Mbps.
-Multiple companies can transmit the packets on their networks onto a SONET
backbone to be transmitted to a remote location using fiber-optic cabling.
-A standardized access method for all carriers- guarantees interoperability between
equipment from different manufacturers.
-Multiple digital signals are multiplexed over a fiber optic cable.
-All circuits use the same clock (synchronous).
-Exam Tip: Synchronous Digital Hierarchy (SDH) is the European counterpart to SONET.
For the exam, equate SDH with SONET.

 Dense Wavelength-Division Multiplexing (DWDM)

-A technology used to increase the bandwidth over existing fiber optic cabling.
-Multiple signals are delivered at different frequencies in the fiber, which allows you to
send more data through the fiber cable.
-Each signal is carried at the same time on its own light wavelength
-Can be used with ATM, SONET/SDH, and Ethernet networks.
 Coarse Wavelength Division Multiplexing (CWDM)
-Same concept as DWDM
-A multiplexing approach to carrying data across fiber optic cables
-Up to 16 wavelengths (channels) in a single fiber pair that are spaced apart (allowing
the use of cost effective lasers) enabling data to reach 120KM.
-Lower cost, lower speeds.
 Frame Relay
-A scalable WAN solution often used as an alternative to leased lines.
-Operates at the L1 and L2 of the OSI model.
-Customers purchase leased lines to frame relay nodes, and data is sent over Virtual
Circuits between the nodes.
 Satellite
-Broadband Internet utilizing satellite communications.
-A viable Internet access solution for those who cannot get other methods of
broadband.
-Always on, with speeds considerably faster than dialup connections.
-High setup cost, high latency (the time it takes the signal to travel back and forth from
the satellite.
 Broadband Cable
-Broadband Internet using existing Cable TV lines- similar to ADSL. A cable splitter is
fitted to split between TV and Internet services.
-Bandwidth is shared and may result in slower speeds when others are using it.
 DSL/ADSL
-DSL- Digital Subscriber Line- an Internet access method that uses a standard phone line
to provide high-speed and inexpensive Internet access.
-A different frequency can be used for digital and analog signals, which means you can
talk on the phone and still use the Internet. One frequency/channel is used for POTS and
is responsible for analog traffic while the second channel provides upload access, and
the third channel is used for downloads.
-ADSL- Asymmetric Digital Subscriber Line- provides a high data rate in only one
direction, enabling fast download speeds with lower upload speeds.
-Designed to work with existing analog telephone service (POTS).
NB: With ADSL, downloads are faster than uploads, which is why it is called asymmetric
DSL.
 Integrated Services Digital Network (ISDN)
-A communication standard for sending data over normal telephone lines or digital
telephone lines
-Similar to DSL, except that specific lines need to be installed.