Network+ Study Guide (N10-005)

Network Technologies
Common Networking Protocols

• TCP - TCP breaks data into manageable packets and tracks information such as source and destination of
packets. It is able to reroute packets and is responsible for guaranteed delivery of the data.
• IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is
responsible for addressing and routing of packets between computers. It does not guarantee delivery and
does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of
higher layer protocols such as TCP.
• UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery.
• ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error
information such as with the use of PING and TRACERT utilities.
• SMTP - Used to reliably send and receive mail over the Internet.
• FTP - File transfer protocol is used for transferring files between remote systems. Must resolve host name
to IP address to establish communication. It is connection oriented (i.e. verifies that packets reach
destination).
• TFTP - Same as FTP but not connection oriented.
• ARP - provides IP-address to MAC address resolution for IP packets. A MAC address is your computer's
unique hardware number and appears in the form 00-A0-F1-27-64-E1 (for example). Each computer stores
an ARP cache of other computers ARP-IP combinations.
• POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation is ready to receive it.
• IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for accessing e-mail from your
local server. IMAP (the latest version is IMAP4) is a client/server protocol in which e-mail is received and
held for you by your Internet server.
• TELNET - Provides a virtual terminal or remote login across the network that is connection-based. The
remote server must be running a Telnet service for clients to connect.
• HTTP - The Hypertext Transfer Protocol is the set of rules for exchanging files (text, graphic images,
sound, video, and other multimedia files) on the World Wide Web. It is the protocol controlling the transfer
and addressing of HTTP requests and responses.
• HTTPS - Signifies that a web page is using the Secure Sockets Layer (SSL) protocol and is providing a
secure connection. This is used for secure internet business transactions.
• NTP - Network Time Protocol is a protocol that is used to synchronize computer clock times in a network of
computers.
• SNMP - Stands for Simple Network Management Protocol and is used for monitoring and status information
on a network. SNMP can be used to monitor any device that is SNMP capable and this can include
computers, printers, routers, servers, gateways and many more using agents on the target systems. The
agents report information back to the management systems by the use of “traps” which capture snapshot
data of the system. This trap information could be system errors, resource information, or other
information. The SNMPv2 standard includes enhancements to the SNMPv1 SMI-specific data types, such as
including bit strings, network addresses, and counters. In SNMPv3 security was addressed. Because all of
the trap information sent was in clear text, any monitoring information being sent and collected for
operational purposes could also be pulled off the wire by a malicious person
• SIP – Stands for Session Initiation Protocol and is a signaling protocol, widely used for controlling
multimedia communication sessions such as voice and video calls over Internet Protocol (IP). Other feasible
application examples include video conferencing, streaming multimedia distribution, instant messaging,
presence information and online games. The protocol can be used for creating, modifying and terminating
two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams. The
modification can involve changing addresses or ports, inviting more participants, adding or deleting media
streams, etc.
• RTP – Real-time Transport Protocol is the audio and video protocol standard used to deliver content over
the Internet. RTP is used in conjunction with other protocols such as H.323 and RTSP.
• IGMP – Internet Group Management Protocol is used to manage Internet Protocol multicast groups. IP
hosts and adjacent multicast routers use IGMP to establish multicast group memberships. IGMP is only
needed for IPv4 networks, as multicast is handled differently in IPv6 networks.
• TLS - Transport Layer Security is a cryptographic protocol that provides security for communications over
networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport
 Layer end-to-end. Several versions of the protocols are in wide-spread use in applications like web
browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).

Identify Commonly Used TCP/UDP Ports

Ports are what an application uses when communicating between a client and server computer. Some common
ports are:

Protocol Type Number

FTP TCP 20,21

SSH TCP 22

TELNET TCP 23

SMTP TCP 25

DNS TCP/UDP 53

DHCP UDP 67

TFTP UDP 69

HTTP TCP 80

POP3 TCP 110

NTP TCP 123

IMAP4 TCP 143

SNMP UDP 161

HTTPS TCP 443

Identify the Following Address Formats

IPv4 - Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts
on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation
to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IPv4
addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data.

IP addresses are divided into 3 classes as shown below:

Class Range

A 1-126

B <128-191

C 192-223

NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The following
address ranges are reserved for private networks:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

IPv6 - The previous information on TCP/IP has referred to IPv4, however, this addressing scheme has run out of
available IP addresses due to the large influx of internet users and expanding networks. As a result, the powers
that be had to create a new addressing scheme to deal with this situation and developed IPv6. This new addressing
scheme utilizes a 128 bit address (instead of 32) and utilizes a hex numbering method in order to avoid long
addresses such as 132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address format will appear in the
form of 3FFE:B00:800:2::C for example.

MAC Addressing - Also known as hardware address or ethernet address, A MAC address is a unique code
assigned to most networking hardware. The hardware is assigned a unique number by the manufacturer and the
address is permanently assigned to the device. MAC Addresses are in a 48-bit hexidecimal format such as
00:2f:21:c1:11:0a. They are used to uniquely identify a device on a network, and for other functions such as for
being authenticated by a DHCP server. For more information, read MAC Addressing Formats And Broadcasts.

Proper Use of Addressing Technologies

Subnetting - IP addresses can be class A, B or C. Class A addresses are for networks with a large number of
hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium
to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. Class C is for
smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid. The Network
ID and the Host ID are determined by a subnet mask. The default subnet masks are as follows:

Class Default Subnet Subnets Hosts Per Subnet

Class A 255.0.0.0 126 16,777,214

Class B 255.255.0.0 16,384 65,534

Class C 255.255.255.0 2,097,152 254

What if you wanted more than 1 subnet? Subnetting allows you to create multiple logical networks that exist within
a single Class A, B, or C network. If you don't subnet, you will only be able to use one network from your Class A,
B, or C network. When subnetting is employed, the multiple networks are connected with a router which enables
data to find its way between networks. On the client side, a default gateway is assigned in the TCP/IP properties.
The default gateway tells the client the IP address of the router that will allow their computer to communicate with
clients on other networks.

Classful versus Classless addressing – the original TCP/IP addressing method described above was called
classful addressing which worked by dividing the IP address space into chunks of different sizes called classes.
Classless addressing is referred to as Classless Inter-Domain Routing (CIDR) and is done by allocating address
space to Internet service providers and end users on any address bit boundary, instead of on 8-bit segments. So
172.16.50.0 does not have to use the standard subnet mask of 255.255.0.0 which makes a Class B address space
and which also puts it on the same network as 172.16.51.0 using the subnet mask of 255.255.0.0. (With classful
addressing, our example has 172.16 as the network name and the 50.0 and 51.0 ranges are both part of the same
host naming convention). Instead, by using classless addressing 172.16.50.0/24 puts these systems on a different
network than 172.16.51.0/24 because the network names here are 172.16.50 and 172.16.51 which are different.

NAT - NAT stands for Network Address Translation and is a commonly used IP translation and mapping technology.
Using a device (such as a router) or piece of software that implements NAT allows an entire home or office network
to share a single internet connection over a single IP address. A single cable modem, DSL modem, or even 56k
modem could connect all the computers to the internet simultaneously. Additionally, NAT keeps your home network
fairly secure from hackers. NAT is built in to the most common Internet Connection Sharing technologies.

PAT – Port Address Translation is a feature of a network device that translates TCP or UDP communications made
between hosts on a private network and hosts on a public network. It allows a single public IP address to be used
by many hosts on a private network.

SNAT – Secure Network Address Translation an extension of the standard Network Address Translation (NAT)
service. SNAT is done through one to one IP address translation of one internal IP address to one external IP
address where NAT is effectively one external address to many internal IP addresses.

DHCP - Dynamic Host Configuration Protocol provides a solution that automatically assigns IP addresses to
computers on a network. When a client is configured to receive an IP address automatically, It will send out a
broadcast to the DHCP server requesting an address. The server will then issue a "lease" and assign it to that
client. Some of the benefits of DHCP include the following:
 • Prevents users from making up their own IP addresses.
• Prevents incorrect gateway or subnet masks from being entered.
• Decreases amount of time spent configuring computers especially in environments where computers get
moved around all the time.

APIPA – Stands for Automatic Private Internet Protocol Addressing. Client systems that are configured for
automatic IP address assignment / dynamic IP assignment will attempt to use DHCP to make a request for an IP
address lease for a given network. When the DHCP server is unavailable the service on the client will automatically
configure the system with an APIPA IP address in the 169.254.0.1 through 169.254.255.254 address range with a
subnet mask of 255.255.255.0.

Unicast - the sending of information packets to a single network node. This type of network transmission is used
where a private or unique resource such as media servers are being requested for two way connections that are
needed to complete the network communication. So in the media server example, a client system may make the
request for streaming content from the single source and the responding system may leverage unicast as part of
the response to the session request to deliver the content.

Multicast – a single source address responding to multiple destination addresses with information to be sent. In a
media server example, the single source address may need to send the data to multiple clients; it does this by
sending the data with multiple destination IP addresses. All the clients that “see” this network traffic will check to
see if it is meant for them with the supplied information. If it is not the client does not receive the data. If a
network node does see that the data is intended for them the device will respond by receiving the packet.

Broadcast – traffic sent out from a network node that will reach every other node on the subnet / broadcast
domain because the message is sent with the intent of reaching all nodes. The network node that is sending the
traffic will use the broadcast address for that subnet and every device in that broadcast domain will receive the
broadcast information. Generally the broadcast address is the last IP address of that segment. As an example, in
the IP address range of 192.168.0.0 this broadcast address would be 192.168.255.255 and the traffic would reach
all available nodes on the subnet. Additionally 255.255.255.255 could be used which is the broadcast address of
the zero network (0.0.0.0). Internet Protocol standards outline that the zero network stands for the local network
so only those node on the local network would hear the broadcast traffic across the 255.255.255.255 address.

Common IPv4 and IPv6 Routing Protocols

Link State routing protocols – are one of the two main classes of routing protocols used in packet switching
networks and includes protocols such as Open Shortest Path First (OSPF) and Intermediate System to Intermediate
System (IS-IS). The link-state protocol is performed on every router on the network, where every routing node
constructs a map of the connectivity to the network by showing which nodes are connected to each other. Each
router calculates the next best logical hop from it to every possible known destination which forms the node's
routing table.

• Open Shortest Path First (OSPF) – is a dynamic routing protocol and is used on Internet Protocol (IP)
based networks of all sizes – large to small. OSPF is an interior gateway protocol (IGP) that routes IP
packets within a single routing domain and was designed to support variable-length subnet masking
(VLSM) and Classless Inter-Domain Routing (CIDR) addressing.
• Intermediate System to Intermediate System (IS-IS) – a link state protocol that operates by
forwarding network topology information throughout a network of routers. Each router then independently
builds a picture of the network's topology based on the data received and the best topological path through
the network to the destination. IS-IS is an Interior Gateway Protocol (IGP) typically used on larger
networks.

Distance-vector routing protocols – are one of the two main classes of routing protocols used in packet
switching networks and includes Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP).
uses distance as one factor and the vector as the other to determine against the known routing tables to deliver
data to source and destination locations. Routers using the distance-vector routing protocol will update other
routers of topology changes periodically when a change is detected in the topology of a network.

• Routing Information Protocol (RIPv1) – RIP is a distance-vector routing protocol using “hop count” as
a routing metric. The maximum number of hops allowed for RIP is 15 which effectively limits the size of
 networks that RIP can support.
• Routing Information Protocol (RIPv2) – improved upon RIPv1 by having the ability to include subnet
information with its updates which allows for Classless Inter-Domain Routing (CIDR) support. The 30
second proactive broadcast has been eliminated in favor of multicast advertisements for its updates. The
15 hop count limit remains so that the devices are backwards compatible with RIPv1 devices.
• Border Gateway Protocol (BGP) – is the core routing protocol of the Internet. It maintains a table of IP
networks and the data that designates where and how to reach each network through autonomous systems
(AS). BGP makes routing decisions based on path, network policies and / or rule sets.
• Enhanced Interior Gateway Routing Protocol (EIGRP) – a proprietary hybrid protocol from Cisco that
is a distance vector routing protocol that functions like a link state routing protocol. EIGRP collects
information and stores it in three tables; the Neighbor Table which stores the information about
neighboring routers, the Topology Table which contains only the information and data regarding the routing
tables from directly connected neighbors and the Routing table which stores the actual routes to all
destinations.

The Purpose and Properties of Routing

Interior Gateway Protocol (IGP) – routing protocol that is used within an autonomous system which is
sometimes referred to as an administrative domain. One type of Interior Gateway Protocol are the Distance-vector
routing protocols such as Routing Information Protocol (RIP), Interior Gateway Routing Protocol (IGRP) and
Enhanced Interior Gateway Routing Protocol (EIGRP). Another type are the Link-state routing protocols such as
Open Shortest Path First (OSPF) and Intermediate system to intermediate system (IS-IS)

Exterior Gateway Protocol (EGP) – routing protocol that is used across different autonomous systems /
administrative domains. It was the routing protocol leveraged for Internet connected devices in the early 1980s.
Border Gateway Protocol (BGP) is the replacement standard for Internet routing over EGP.

Static Router Updates – a router with manually configured routing tables. For these types of devices, a network
administrator will manually build and make updates to the routing table for all routes in the administrative domain.
Static routers are best suited for small internetworks; due to the need of the manual administration, they do not
scale well to large networks where routing information is often changed, updated and appended. Static routers are
not fault tolerant because when another network device goes down the manually input information may not
necessarily provide alternate pathing to a destination which makes it unreachable (unless quick, manual
administrative updates are made.)

Dynamic Router Updates – A router with dynamically configured routing tables. This type of automatic
configuration is made up of routing tables that are built and maintained by ongoing communication between the
routers only (by default – this does not include initial setup and configuration or administrative needs for a
persistent route configuration). Dynamic routing is fault tolerant; if a router or link goes down, the routers sense
the change in the network topology when the “learned route” expires in the routing table and cannot be renewed
due to the outage. This change is then disseminated to other routers so that all the routers “learn” of the network
changes. Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) routing protocols for IP and RIP
for IPX are some of examples of protocols that can be used for these dynamic updates.

Next Hop – defined as the next place that a data packet needs to go. In most cases, routers do not need all of the
information regarding where the originating source of the data transmission was. In most cases routers just need
to know where there data needs to go next and the “next” referred to as the “next hop” because all they are trying
to do is deliver it to the specified destination IP address that is included in the header information of the data being
sent. If that router is the last hop and can deliver it to the specified IP address it does otherwise it refers to its
routing tables to figure out which router to hand it off to in the effort to get the data packet where it needs to go.

Routing Tables – sometimes referred to as a Routing Information Base (RIB), is the database information that
stores all the rout information for the routing network devices. The routing table holds the route information
regarding the topology of the network immediately around the device to other network destinations and it will often
include the metric / cost associated for the route. There are three main route entries that are generally found in
the routing tables - Network Route, Host Route and the Default Route. The Network Route is route to a specific
Network ID on the network. The Host Route is a route to a specific network address. A Default route is the path
used if a physical router or other network routing device cannot find a route for the specified destination.

Convergence – achieved when all of the available topology information from routing devices have been passed
along to all of the other deceives in totality and all when the information gathered is not in a contradiction state to
any other router's informed topology information. When all of the network routing devices "agree" on what the
network topology looks like it is said to have full convergence.

Characteristics of Wireless Standards

Wireless networks allow computers to comunicate without the use of cables using IEEE 802.11 standards, also
known as Wi-Fi. A connection is made from a device, which is usually a PC or a Laptop with a wireless network
interface card (NIC), and an Access Point (AP), which acts as a bridge between the wireless stations and
Distribution System (DS) or wired networks. An 802.11 wireless network adapter can operate in two modes, Ad-
Hoc and Infrastructure. In infrastructure mode, all your traffic passes through a wireless ‘access point’. In Ad-hoc
mode your computers talk directly to each other and do not need an access point. The table below shows the
various standards.

Standard Speed Distance Frequency

802.11a 54 mbps 100 ft 5 GHz

802.11b 11 mbps 300 ft 2.4 GHz

802.11g 54 mbps 300 ft 2.4 GHz

802.11n 540 mbps 600 ft 5 GHz and/or 2.4 GHz

Authentication and Encryption:

• WEP - Wired Equivalent Privacy is a security encryption algorithm that is easily cracked. For this reason, it
has been replaced by other technologies.
• WPA - The original WPA standard used TKIP, but was later replaced by WPA2 which uses a more secure
AES-based algorithm. WPA uses a 256 bit key to encrypt data. This key may be entered either as a string
of 64 hexadecimal digits, or as a passphrase of 8 to 63 characters. It is susceptible to brute force attacks
when a weak passphrase is used.
• RADIUS - Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides
centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and
use a network service. RADIUS is often used by ISPs and enterprises to manage access to the Internet or
internal networks, and wireless networks. Microsoft's answer to corporate wireless security is the use of
RADIUS authentication through its Internet Authentication Services (IAS) product.
• TKIP - Temporal Key Integrity Protocol was designed as a solution to replace WEP without requiring the
replacement of legacy hardware. TKIP suffered from similar flaws as WEP and has been replaced by more
secure encryption schemes.

Network Media and Topologies

BNC - This connector has found uses with both broadcast television equipment
and computer networks. With regards to networking, this connector was used on
early 10Base-2 (Thinnet) Ethernet networks. It has a center pin connected to the
center coaxial cable conductor and a metal tube connected to the outer cable
shield. A rotating ring outside the tube locks the cable to the female connector.  
 
RJ-11 - Short for Registered Jack-11, a four or six-wire connector used primarily
to connect telephone equipment in the United States (POTS). The cable itself is
called category 1 (Cat 1) and is used for dial-up connections. Modems have rj-11
jacks that connect them to the wall outlet.  

 
 RJ-45 - Short for Registered Jack-45, it is an eight-wire connector used
commonly to connect devices on Ethernet LANs. RJ-45 connectors look similar to
RJ-11 connectors used for connecting telephone equipment, but they are larger.  

 
ST - The ST connector is a fiber optic connector which uses a plug, and socket  
which is locked in place with a half-twist bayonet lock. The ST connector was the
first standard for fiber optic cabling. ST Connectors are half-duplex.  

SC - The SC connector is a fiber optic connector with a push-pull latching  

mechanism, which provides quick insertion and removal while also ensuring a
positive connection. SC Connectors are half-duplex.
 
LC - The LC connector is just like a SC connector only it is half the size. Like SC    
connectors, LC connectors are half-duplex.  

RS-232 - A standard for serial binary data interconnection between a DTE (Data  
terminal equipment) and a DCE (Data communication equipment). Commonly
found in use with bar code scanners, measuring tools, and laboratory instruments
are designed to interface to a computer using a standard RS232 serial cable
connection. Many of these uses are being replaced with USB enabled devices. The
connector is a DB-9 or DB-25 connector.

Standard Cable Types and Their Properties

Cable Types:
Type Description

Unshielded twisted pair capable of speeds up to 10Mbit/s. Used with 10Base-T, 100Base-T4, and
CAT3
100Base-T2 Ethernet.

Unshielded twisted pair capable of speeds up to 20Mbit/s. Not widely used. Used with 10Base-T,
CAT4
100Base-T4, and 100Base-T2 Ethernet.

Unshielded twisted pair capable of speeds up to 100Mbit/s. May be used with 10Base-T, 100Base-
CAT5
T4, 100Base-T2, and 100Base-TX Ethernet.

Enhanced Cat 5 is similar to CAT5, but exceeds its performance. Improved distance over previous
CAT5e categories from 100m to 350m. May be used for 10Base-T, 100Base-T4, 100Base-T2, 100BaseTX
and 1000Base-T Ethernet.

Can transmit data up to 220m at gigabit speeds. It has improved specifications for NEXT (Near
End Cross Talk), PSELFEXT (Power Sum Equal Level Far End Cross Talk), and Attenuation. Cat 6 is
CAT6
backward compatible with lower Category grades and supports the same Ethernet standards as
Cat 5e.

Multimode Multimode fibers have large cores. They are able to carry more data than single mode fibers
Fiber though they are best for shorter distances because of their higher attenuation levels.

Single Mode Single Mode fibers have a small glass core. Single Mode fibers are used for high speed data
Fiber transmission over long distances. They are less susceptible to attenuation than multimode fibers.

RG59 and These are both shielded coaxial cables used for broadband networking, cable television, and other
RG6 uses.

A serial cable is a cable that can be used to transfer information between two devices using serial
Serial communication, often using the RS-232 standard. Typically use D-subminiature connectors with 9
or 25 pins. Cables are often unshielded, although shielding cables may reduce electrical noise
 radiated by the cable.

Shielded twisted pair (STP) - differs from UTP in that it has a foil jacket that helps prevent cross talk. Cross talk
is signal overflow from an adjacent wire.

EMI - Electrical devices such as printers, air conditioning units, and television monitors can be sources of
electromagnetic interference, or EMI. Some types of network media have more resistance to EMI than others.
Standard UTP cable has minimal resistance to EMI, while fiber optic cable is highly resistant.

Plenum grade cabling - is required if the cabling will be run between the ceiling and the next floor (this is called
the plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses when burned.

Simplex - Signals can be passed in one direction only.

Half Duplex - Half duplex means that signals can be passed in either direction, but not in both simultaneously.
Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.

Common Connector Types Domain

Common Physical Network Topologies

Star - The star topology uses twisted pair (10baseT or 100baseT) cabling and requires that all
devices are connected to a hub. Advantages are centralized monitoring, and failures do not affect
others unless it is the hub, easy to modify. The disadvantage is that the hub is a single point of
failure. If it goes down, there are no communications possible.

Mesh - In a true mesh topology every node has a connection to every other node in the network.
A full mesh provides redundancy in case of a failure between links, but is impractical due the
complexity and the expensive amount of cabling required.

Bus - This topology is an old one and essentially has each of the computers on the network daisy-
chained to each other. Packets must pass through all computers on the bus. This type is cheap,
and simple to set up, but causes excess network traffic, a failure may affect many users, and
problems are difficult to troubleshoot.

Ring - A ring topology has a physical and logical ring and is used on SONET and FDDI networks
(note that Token Ring networks are actually a hybrid star ring topology). Any station can send a
packet around the ring but only the station with the token can do so. The token is passed
around the ring giving all stations an opportunity to communicate. This is a very fast and simple
network. However if any part of the ring goes down, the entire LAN goes down. If there is
a problem at a station, it may be difficult to locate it. Ring networks are not very common.

Point-to-point - This topology generally refers to a connection restricted to two endpoints. Point-
to-point is sometimes referred to as P2P (not the same as peer-to-peer file sharing networks), or
Pt2Pt, or variations of this. Examples of this topology include RS-232 serial connections as well as
laser network connections between buildings.

Point-to-Multipoint - Also known as P2MP, this is a method of communication between a series

of receivers and transmitters to a central location. The most common example of this is the use of
a wireless access point that provides a connection to multiple devices.

Hybrid - Hybrid topologies are combinations of the above and are common on very large networks. For example, a
star bus network has hubs connected in a row (like a bus network) and has computers connected to each hub as in
the star topology.

Wiring Standards
568A and 568B - The number 568 refers to the order in which the individual wires inside a CAT 5 cable are
terminated. The only difference between the two standards is that the green and orange pins are terminated to
different pins. There is no difference in signal and both the 568A and 568B are used as patch cords for Ethernet
connections.

Straight through vs Crossover - A straight through cable uses either the 568A or 568B wiring standard and is
used for connecting devices to routers, hubs, switches, etc. An crossover cable is used to connect computing
devices together directly (i.e. connecting 2 computers directly together). A crossover cable uses the 568A standard
on one end and 568B on the other end.

Rollover - Rollover cable (also known as Cisco console cable) is a type of null-modem cable that is most commonly
used to connect a computer terminal to a router's console port. This cable is typically flat and has a light blue color.
It gets the name rollover because the pinouts on one end are reversed from the other, as if the wire had been
rolled over and you were viewing it from the other side.

Loopback - A loopback cable redirects the output back into itself and is used for troubleshooting purposes
(loopback test). This effectively gives the NIC the impression that it is communicating on a network, since its able
to transmit and receive communications.

WAN Technology Types and Properties

• Frame Relay - Frame relay is a secure, private network that utilizes a logical path or “virtual circuit” to allocate
bandwidth for high performance transmissions. Frame relay is the premier high-speed packet-switching protocol
communicating data, imaging, and voice between multiple locations. Frame relay is available in a range of
bandwidths from 56 Kbps to full T1 (1.54 Mbps).
• T-1/T-3 - A T-1 is a dedicated phone connection supporting data rates of 1.544Mbps. A T-1 line actually
consists of 24 individual channels, each of which supports 64Kbits per second. Each 64Kbit/second channel can be
configured to carry voice or data traffic. Most telephone companies allow you to buy just some of these individual
channels, known as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to
the Internet and for Internet Service Providers (ISPs) connecting to the Internet backbone. The Internet backbone
itself consists of faster T-3 connections. T-1 comes in either copper or fiber optics.
• ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses
short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and WAN
connections at speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting a wide range
of traffic types such as voice, video, image and data.
• SONET - SONET and SDH are a set of related standards for synchronous data transmission over fiber optic
networks. SONET is short for Synchronous Optical NETwork and SDH is an acronym for Synchronous Digital
Hierarchy. SONET is the United States version of the standard and SDH is the international version. SONET defines
a base rate of 51.84 Mbps and a set of multiples of the base rate known as "Optical Carrier levels." (OCx). Speeds
approaching 40 gigabits per second are possible.
• ISDN - Integrated Services Digital Network (ISDN) is comprised of digital telephony and data-transport services
offered by regional telephone carriers. ISDN involves the digitalization of the telephone network, which permits
voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone
wires. There are 2 types of ISDN channels:

• B (bearer) - Transfers data at 64Kbps. An ISDN usually contains 2 B channels for a total of 128kbps.
• D (data) - Handles signalling at either 16Kbps or 64Kbps(sometimes limited to 56Kbps) which enables the
B channel to strictly pass data

Connection Speed Medium

ISDN BRI 64kbps/channel Twisted-pair

ISDN PRI 1,544kbps Twisted-pair

POTS Up to 56 Kbps Twisted pair

PSTN 64kbps/channel Twisted-pair

 Frame Relay 56kbps-45mbps Varies

T-1 1.544 Mbps Twisted-pair, coaxial, or optical fiber

ADSL 256Kbps to 24Mbps (ADSL 2+) Twisted-pair

SDSL 1.544mbps Twisted-pair

VDSL 100mbps Twisted-pair

Cable modem 512 Kbps to 52 Mbps Coaxial

Satellite 1gbps (avg 1-5mbps) Air

T-3 44.736 Mbps Twisted-pair, coaxial, or optical fiber

OC-1 51.84 Mbps Optical fiber

OC-3 155.52 Mbps Optical fiber

Wireless 1gbps Air

ATM 10gbps Optical fiber

SONET 10gbps Optical fiber

Packet and Circuit Switching - Packet switching refers to protocols in which messages are divided into packets
before they are sent. Each packet is then transmitted individually and can even follow different routes to its
destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original
message. Most modern Wide Area Network (WAN) protocols, including TCP/IP and Frame Relay are based on
packet-switching technologies. In contrast, normal telephone service is based on a circuit-switching technology, in
which a dedicated line is allocated for transmission between two parties. Circuit-switching is ideal when data must
be transmitted quickly and must arrive in the same order in which it is sent. This is the case with most real-time
data, such as live audio and video. Packet switching is more efficient and robust for data that can withstand some
delays in transmission, such as e-mail messages and Web pages.

LAN Technology Types and Properties

Ethernet - Ethernet is the most widely-installed local area network ( LAN) technology. Specified in a standard,
IEEE 802.3, Ethernet was originally developed by Xerox from an earlier specification called Alohanet (for the Palo
Alto Research Center Aloha network) and then developed further by Xerox, DEC, and Intel. Early ethernet networks
uses coaxial connections. The most common types currently use twisted pair cabling, however, fiber optic cabling is
becoming much more common as standards and speeds increase. Below are some of the ethernet standards:

Connection Maximum
Cable Type Connector Speed
Type Length

Category 3 or better 100 meters 10

10Base-T RJ-45
UTP cable (328 ft) mbps

100 meters 100

100Base-TX Cat 5 twisted pair RJ-45
(328 ft) mbps

100
100Base-FX Fiber Optic ST, SC 2000 meters
mbps

100 meters
1000Base-T CAT5e or higher RJ-45 1 gbps
(328 ft)

Up to 5000
1000Base-LX Laser over fiber SC 1 gbps
meters

1000Base-SX Short wavelength laser SC Up to 550 1 gbps

 over fiber meters

9-Pin shielded D-subminiature connector, or

Twinax or short haul
1000Base-CX 8-pin ANSI fiber channel type 2 (HSSC) 25 meters 1 gbps
copper
connector.

Shortwave laser over 10

10GBASE-SR LC, SC 300 meters
multi-mode fiber optics Gbps

Laser over single-mode 10

10GBASE-LR LC, SC 2000 meters
fiber optics Gbps

Laser over either single 10

10GBASE-ER LC, SC 40 kilometers
or multi-mode fiber Gbps

Shortwave laser over 10

10GBASE-SW LC, SC 300 meters
multi-mode fiber optics Gbps

Laser over single-mode 10

10GBASE-LW LC, SC 2000 meters
fiber optics Gbps

Laser over either single 10

10GBASE-EW LC, SC 40 kilometers
or multi-mode fiber Gbps

Cat 5e (or higher) 100 meters 10

10GBASE-T RJ-45
twisted pair (328 ft) Gbps

CSMA/CD (Carrier Sense Multiple Access with Collision Detection) - In the early days of ethernet, when two
hosts would send packets at the same time, a collision would occur. A standard had to be created that would have
the hosts follow rules relating to when they could send data and when they could not. This standard is Carrier
Sense Multiple Access with Collision Detection, referred to as CSMA/CD. CSMA/CD forces computers to “listen” to
the wire before sending in order to make sure that no other host on the wire is sending. If a collision is detected,
both of the senders will send a jam signal over the Ethernet. This jam signal indicates to all other devices on the
Ethernet segment that there has been a collision, and they should not send data onto the wire.
How Ethernet CSMA/CD Works

Bonding (AKA Link Aggregation, Port Trunking, EtherChannel, etc.) - Uses multiple network cables/ports in
parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy
for higher availability.

Common Logical Network Topologies

Peer to Peer - A peer to peer network is one in which lacks a dedicated server and every computer acts as both a
client and a server. This is a good networking solution when there are 10 or less users that are in close proximity
to each other. A peer to peer network can be a security nightmare, because the people setting permissions for
shared resources will be users rather than administrators and the right people may not have access to the right
resources. More importantly the wrong people may have access to the wrong resources, thus, this is only
recommended in situations where security is not an issue. P2P file sharing networks work under a similar
architecture, however, there are differences between them and the LAN networking architecture.

Client/Server - This type of network is designed to support a large number of users and uses dedicated server/s
to accomplish this. Clients log in to the server/s in order to run applications or obtain files. Security and
permissions can be managed by 1 or more administrators which who set permissions to the servers' resources.
This type of network also allows for convenient backup services, reduces network traffic and provides a host of
other services that come with the network operating system.

VPN - A virtual private network is one that uses a public network (usually the Internet) to connect remote sites or
users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's private network to the remote site or employee.

VLAN - A virtual LAN is a local area network with a definition that maps workstations on a basis other than
geographic location (for example, by department, type of user, or primary application). The virtual LAN controller
can change or add workstations and manage load-balancing and bandwidth allocation more easily than with a
physical picture of the LAN. Network management software keeps track of relating the virtual picture of the local
area network with the actual physical picture.

Install components of Wiring Distribution

Vertical Cross Connect – is a location within a building where cables originate and / or are terminated,
reconnected using jumpers or pass throughs or are connected to patch panels or other similar devices where the
locations are from upper or lower floors in the building. These cables could be of multiple different types and
mediums such as phone networks, data lines, copper based, fiber channel, etc.

Horizontal Cross Connect – similar to Vertical Cross Connect locations; these are within a building where cables
originate and / or are terminated but these locations are all on the same floor or building level. As with Vertical
Cross Connect configurations, these locations can be of multiple different network types and mediums.

Patch Panel – wall or rack mounted collection of data connections where all of the network media converges.
These rooms are generally some form of telecommunications closet in a facility and it is used to connect all of the
different types of incoming and outgoing media types on the LAN. When they all span the same floor of a building
they are sometimes referred to as Horizontal Cross Connect locations and when they span different levels of a
location / different floors of a building they are sometimes referred to as Vertical Cross Connect locations. The main
Patch Panel room will often be the connection point for the LAN to be connected to the WAN and / or the internet.

66 Block – is a legacy type of punch down block used to connect sets of 22 through 26 American Wire Gauge
(AWG) solid copper wire in a telephone system. They have a 25-pair standard non-split capacity and generally are
unsuited for traffic and data network communications above 10 megabits per second (Mbps).

Main Distribution Frame (MDF) – is a wire distribution frame for connecting equipment inside a facility to cables
and subscriber carrier equipment outside of the facility. One example of this is where all of the phone cabling inside
a facility is run to planned phone locations (e.g. offices) back to the MDF. When the local telephone company
makes the external connections then all circuits are completed.

Intermediate Distribution Frame (IDF) – is another place much like a Horizontal Cross Connect location or a
Vertical Cross Connect location where network administrators can physically change the network media around and
where they can house other needed network equipment such as routers, switches, repeaters and so forth.

25 Pair – is a grouping of 25 pairs of wires all inside a single covering / housing or outer insulation casing. It is
best suited for telephone / voice cable runs rather than data cable runs and is generally used as a feeder cable.

100 Pair – is a larger cabling segment to its 25 pair cousin but used in the same manner; all of the 100 pairs of
wires are inside a single covering / housing or outer insulation casing. It is best suited for telephone / voice cable
runs rather than data cable runs and is generally used as a feeder cable.

110 Block – is the more modern replacement of the legacy 66 Block and is used as a wiring distribution point for
wired telephone systems (voice) and other types of wired networking (data). On one side of the block wires are
punched down into RJ-11 connectors for voice and RJ-45 connectors for data communications.

Demarc – is the point of operational and administrative control change in a network. One example of this is the
Main Distribution Frame (MDF) point in a facility. This is where the wire distribution frame for connecting
equipment inside a facility to cables and subscriber carrier equipment outside of the facility occurs and this is
considered a demarcation point of the operational control of the internal systems where it changes over to the
control of the external presence.

Demarc Extension – where the end of the line of the external administrative control is extended beyond that
actual endpoint. Example – you are one business inside of a large high rise building on the 15th floor only and the
Main Distribution Frame (MDF) point is on the ground floor. Your responsibility probably ends at the Intermediate
Distribution Frame (IDF) on your floor and the external administration (example – Phone Company) ends at the
Main Distribution Frame (MDF) on the ground floor. The building administration owns all the cabling responsibility
between the Main Distribution Frame (MDF) on the ground floor and your Intermediate Distribution Frame (IDF) on
your floor. That cabling is effectively the Demarc Extension

Smart Jack – is a network connection device that is used to connect your internal network to an external service
provider network. The device handles all of the code and protocol differences between the two networks and is
often the actual demarcation point between the two service entities.

Wiring Installation – is the physical installation of internal wiring in a facility. This may be the pulls of copper
phone and data lines to the running of fiber optic medium from the different cross connect locations.

Wiring Termination – is the end point of networked cable runs that will generally end either in a patch panel or a
jack location in an office. This has historically been the copper wire runs associated with phone lines to the RJ-11
jacks / blocks to the data lines on the RJ-45 connections. Wire termination is also a consideration on fiber optic
pulls as well which requires a higher set of skill level.

Network Devices

Common Network Devices

Hub - A physical layer network device used to connect multiple Ethernet devices together.
Active hubs act as a repeater and boost the signal in order to allow for it to travel farther, while
passive hubs simply pass the signal through. Most hubs have an uplink port that allows them
to connect to other hubs, a router, or other network devices.

Repeater: - A physical layer device that boosts signals in

order to allow a signal to travel farther and prevent
attenuation. Attentuation is the degradation of a signal as it travels farther from
its origination. Repeaters do not filter packets and will forward broadcasts. Both
segments must use the same access method, which means that you can't connect
a token ring segment to an Ethernet segment. Repeaters can connect different cable types as
shown in the image.

Modem - The modem is a device that converts digital information to analog by MODulating it on
the sending end and DEModulating the analog information into digital information at the
receiving end. Most modern modems are internal, however, they can be internal or external.
External modems are connected to the back of the system board via a RS-232 serial connection. Internal modems
are installed in one of the motherboard's PCI or ISA expansion slots depending on the modem. The modem
contains an RJ-11 connection that is used to plug in the telephone line. Modems have different transmission modes
as follows:

• Simplex - Signals can be passed in one direction only.

• Half Duplex - Half duplex means that signals can be passed in either direction, but not in both
simultaneously. Half-duplex modems can work in full-duplex mode.
• Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.
Modems can also be classified by their speed which is measured by the BAUD rate. One baud is one electronic state
change per second. Since a single state change can involve more than a single bit of data, the Bits Per
Second(BPS) unit of measurement has replaced it as a better expression of data transmission speed. Common
modem speeds are V.34 at 28.8 kbps, V.34+ at 33.6 kbps and V.90 at 56 Kbps.

Network Interface Card - A Network Interface Card, often abbreviated as NIC, is an

expansion board you insert into a computer so the computer can be connected to a
network. Most NICs are designed for a particular type of network, protocol and media,
although some can serve multiple networks.

Media Converters - simple networking devices that make it

possible to connect two dissimilar media types such as twisted
pair with fiber optic cabling. They were introduced to the industry nearly two decades ago,
and are important in interconnecting fiber optic cabling-based systems with existing
copper-based, structured cabling systems. They are also used in MAN access and data
transport services to enterprise customers. Fiber media converters support many different
data communication protocols including Ethernet, Fast Ethernet, Gigabit Ethernet,
T1/E1/J1, DS3/E3, as well as multiple cabling types such as coax, twisted pair, multi-mode and single-mode fiber
optics. Media converter types range from small standalone devices and PC card
converters to high port-density chassis systems that offer many advanced features
for network management.

Switch - A switch is a network device that filters and forwards packets between
LAN segments and ensures that data goes straight from its origin to its proper destination.
Switches remember the address of every node on the network, and anticipate where data
needs to go. A switch only operates with the computers on the same LAN. This reduces
competition for bandwidth between devices on the network. It isn't smart enough to send
data out to the internet, or across a WAN. These functions require a router.

Bridge - Functions the same as a repeater, but can also divide a network in order to reduce traffic problems. A
bridge can also connect unlike network segments (ie. token ring and ethernet). Bridges create routing tables based
on the source address. If the bridge can't find the source address it will forward the packets to all segments.
Bridging methods:

• Transparent - Only one bridge is used.

• Source-Route - Bridging address tables are stored on each PC on the network
• Spanning Tree - Prevents looping where there exists more than one path between segments

Wireless Access Point - A Wireless Access Point is a radio frequency transceiver which allows your
wireless devices to connect to a network. The WAP usually connects to a wired network, and can
relay data between the wireless devices (such as computers or printers) and wired devices on the
network. A wireless access point will support up to 32 wireless devices. The range of the wireless
signal depends greatly on obstructions such as walls. For more information about wireless
standards.

Router - Functioning at the network later of the OSI model, a router is

similar to a switch, but it can also connect different logical networks or
subnets and enable traffic that is destined for the networks on the other
side of the router to pass through. Routers create or maintain a table of the available routes and can be configured
to use various routing protocols to determine the best route for a given data
packet. Routers can connect networks that use disimilar protocols. Routers also
typically provide improved security functions over a switch.

Firewall - Either a hardware or software entity (or a combination of both) that

protects a network by stopping network traffic from passing through it. In most
cases, a firewall is placed on the network to allow all internal traffic to leave the
network (email to the outside world, web access, etc.), but stop unwanted traffic
from the outside world from entering the internal network. This is achieved by
granting and denying access to resources based on a set of configurable rules.

DHCP Server - A server that is responsible for assiging unique IP address to the computers on a network. A DHCP
server prevents the assignment of duplicate IP addresses to clients and reduces administrative effort in network
configuration. A DHCP server is actually more of a service that is found on network operating systems such as
Windows 2002/2008 server, or on network devices such as routers.

Specialized Network Devices

Multilayer Switch - A multilayer switch (MLS) is a computer networking device that switches on OSI layer 2 like
an ordinary network switch and provides extra functions on higher OSI layers. Some MLSs are also able to route
between VLAN and/or ports like a common router. The routing is normally as quick as switching (at wirespeed).
Some switches can use up to OSI layer 7 packet information; they are called layer 4-7 switches, content-switches,
web-switches or application-switches.

Content Switch - The main function of a content switch is to inspect the network data that it receives so that it
can decide where on the network that data (or request) needs to be forwarded to. Once this is determined the data
is sent to the appropriate server which can handle the data. In most cases the switch looks to see what type of
application or software the request is targeted at. It does this by looking to see what port the requests is directed
at. For example if the data is targeted at an ftp port then the request will be sent to an ftp sever. The main benefit
of this approach is that the switch acts as a load balancer as it can balance data or requests across the different
type of application servers used by the business. A second major function that this type of switch can perform is to
look at the incoming requests and see which websites are targeted. This is important for large enterprises or
hosting companies. If for example a web hosting company was hosting several thousand websites the switch could
direct requests to the specific servers that the websites are running on. These devices tend to be very expensive.

IDS/IPS - These terms stand for Intrusion Detection System and Intrusion Prevention System respectively. IDS is
a device (or application) that monitors network and/or system activities for malicious activities or policy violations.
IDS is a passive system that gives alerts when something suspicious is detected and logs the events into a
database for reporting. IPS, on the other hand, sits inline with traffic flows on a network, actively shutting down
attempted attacks as they’re sent over the wire. It can stop the attack by terminating the network connection or
user session originating the attack, by blocking access to the target from the user account, IP address, or other
attribute associated with that attacker, or by blocking all access to the targeted host, service, or application.
Vendors are increasingly combining the two technologies into a single box, now referred to as IDPS. These devices
are used with, not instead of, a firewall.

Load Balancer - A load balancer is a hardware and/or software solution that provides load balancing services.
Load balancing is used to distribute workloads evenly across two or more computers, network links, CPUs, hard
drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response
time, and avoid overload. Using multiple components with load balancing, instead of a single component, may
increase reliability through redundancy. As an example, Google receives many, many more search requests than a
single server could handle, so they distribute the requests across a massive array of servers.

Mutlifunction Network Devices - As you might guess, multifunction network devices combine the function of
individual devices into a single unit. An example is wireless access points which often include one or more of the
following: firewall, DHCP server, wireless access point, switch, gateway, and router.

DNS Server - DNS is an Internet and networking service that translates domain names into IP addresses. The
internet is based on numerical IP addresses, but we use domain names because they are easier to remember. DNS
is the service that looks up the IP address for a domain name allowing a connection to be made. This process is
very similar to calling information. You call them with a name, they check their database and give you the phone
number. The DNS service is included with server operating systems (Windows 2003/2008, Linux, etc.) and network
devices such as routers.

Bandwidth Shaper - Describes the mechanisms used to control bandwidth usage on the network. Bandwidth
shaping is typically done using software installed on a network server. From this server, administrators can control
who uses bandwidth, for what, and when. Bandwidth shaping establishes priorities to data traveling to and from
the Internet and within the network. A bandwidth shaper essentially performs two key functions: monitoring and
shaping. Monitoring includes identifying where bandwidth usage is high and at what time of day. After that
information is obtained, administrators can customize or shape bandwidth usage for the best needs of the network.
I am unaware why CompTIA listed this in the "network devices" section of their objectives, but bandwidth shapers
are typically software.

Proxy Server - A proxy server acts as a middle-man between clients and the Internet providing security,
administrative control, and caching services. When a user makes a request for an internet service and it passes
filtering requirements, the proxy server looks in its local cache of previously downloaded web pages. If the item is
found in cache, the proxy server forwards it to the client. This reduces bandwidth through the gateway. If the page
is not in the cache, the proxy server will request the page from the appropriate server. Nowadays, the functions of
proxy servers are often built into firewalls.

CSU/DSU - A Channel Service Unit/Data Service Unit (CSU/DSU) acts as a translator between the LAN data format
and the WAN data format. Such a conversion is necessary because the technologies used on WAN links are
different from those used on LANs. Although CSU/DSU's look similar to modems, they are not modems, and they
don't modulate or demodulate between analog and digital. All they really do is interface between a 56K, T1, or T3
line and serial interface (typically a V.35 connector) that connects to the router. Many newer routers have
CSU/DSUs built into them.

Advanced Features of a Switch

PoE - Generally speaking, Power over Ethernet technology describes a system to safely pass electrical power,
along with data, on Ethernet cabling. Standard versions of PoE specify category 5 cable or higher. Power can come
from a power supply within a PoE-enabled networking device such as an Ethernet switch or from a device built for
"injecting" power onto the Ethernet cabling. IP Phones, LAN access points, and WiFi switches to RFID readers and
network security cameras. All of these require more power than USB offers and very often must be powered over
longer runs of cable than USB permits. In addition, PoE uses only one type of connector, an 8P8C (RJ45), whereas
there are four different types of USB connectors.

Spanning Tree Protocol - Spanning Tree is one of three bridging methods a network administrator can use.
Which method you use usually will be determined by the network’s size. The simplest method is transparent
bridging, where only one bridge or switch exists on the network. The next is Source-Route, in which bridging
address tables are stored on each PC on the network. Then there’s what you came for, spanning tree, which
prevents loops where there exists more than one path between segments. STP was upgraded to Rapid Spanning
Tree Protocol (RSTP).

VLAN - A broadcast domain is normally created by the router. With VLAN’s, a switch can create the broadcast
domain. This allows a virtual network, independent of physical location to be created.
Trunking - VLANs are local to each switch's database, and VLAN information is not passed between switches.
Trunk links provide VLAN identification for frames traveling between switches. The VLAN trunking protocol (VTP) is
the protocol that switches use to communicate among themselves about VLAN configuration.

Port Mirroring - Used on a network switch to send a copy of network packets seen on one switch port (or an
entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network
appliances that require monitoring of network traffic, such as an intrusion-detection system.

Port Authentication - The IEEE 802.1x standard defines 802.1x port-based authentication as a client-server
based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN
through publicly accessible ports. The authentication server validates each client connected to a switch port before
making available any services offered by the switch or the LAN.

Implement a Basic Wireless Network

Install Client – the actual steps taken to set up a computer, laptop or other network connected device to the
network. This may be in the form of just getting it correctly configured to use TCP/IP or more involved such as
installing a software suite so that specific network parameters can be leveraged for proper connectivity to network
resources or resources on the domain.

Network Connections Dialog Box – used to configure different aspects of the network connections by way of a
graphical user interface (GUI) within the Microsoft Windows operating systems (Windows XP, Windows Vista,
Server 2003, etc). With respect to peer to peer networks, you can use the Network Tasks pane to Create a New
Connection, Set up a Home or small office network as well as change the Windows Firewall settings and view
available wireless networks.

Wireless Network Connection Dialog Box – the graphical user interface (GUI) within the Microsoft Windows
operating systems used to configure the wireless devices and their settings. On the General tab you can configure
the specific hardware settings (parameters, drivers, etc) as well as the protocols (e.g. TCP/IP) and the network
client that the device will use (e.g. Client for Microsoft Networks). Additionally, you can install services from this
screen as well (e.g. Virtual Machine Network Service). The Wireless Networks tab will show you the available
networks and allow you to configure preference for each of the networks encountered.

Access Point Placement – correctly positioning your Wireless Access Points will allow for the seamless use of
wireless devices on your network. By correctly placing the devices, users will not generally experience signal loss of
their connection to the network. It is important to understand that there are many things that affect the wireless
access point signal with respect to broadcast and receiving strength that include the construction and architecture
of the building where the devices are distributed as well as general disruption of the frequency range that the
access points operate on by other devices (e.g. microwave ovens, cordless phones, etc).

Physical Locations of Wireless Access Points (WAPs) – device placement best practices include planning for
more than just nominal half distances between devices. Consideration needs to be given to what type of
obstructions may be currently in the way (physical fire breaks in between walls; metal superstructure, etc) as well
as future plans to subdivide offices. Electrical motors and other higher current carrying lines need to be considered
as well to keep interference to a minimum.

Wired or Wireless Connectivity – planning for WAP to WAP connections only or a mix of wired and wireless
connections. It’s easier to connect WAP to WAP in a daisy chain signal relay configuration but when you do this you
need to realize that a physical failure in one WAP device may take out all the devices. It is more work and it costs
more in time money and effort to connect the WAPs using wired connections back to a switch or a router but it
greatly reduces the potential connectively loss on the network; the loss of a single WAP where the WAPs are wired
back results in only impacting the users of that one WAP instead of all WAPs up and downstream.

Install Access Point – another term for the Wireless Access Point(s) that will allow you to correctly gain access to
the network with your device. This point onto the network will allow the client device to configure itself with the
necessary encryption (if required) and any other network required settings or else risk being defaulted off the
network.

Configuring Encryption – with respect to wireless clients these are the settings most commonly used. Disabled
simply means that everything is passed as clear text. Wired Equivalent Privacy (WEP) is the lowest form of the
types of encryption available and is generally only used today to allow legacy devices that cannot handle more
robust encryption protocols to gain somewhat secured access to the network. WEP has been challenged and
defeated for a number of years mainly due to the increase in computing power and the fact that the keys are
alphanumeric or hexadecimal characters that are configured in 40 bit, 64 bit, 128 bit, 153 bit and 256 bit strength.
Wi Fi Protected Access (WPA) was created by the Wi-Fi Alliance to better secure wireless networks and was created
in response to the weaknesses researchers found in Wired Equivalent Privacy (WEP). Temporal Key Integrity
Protocol (TKIP) is used in WPA to encrypt the authentication and encryption information that was initially passed on
the wire in clear text before a network node could secure its communications on the network. Wi Fi Protected
Access version 2 (WPA2) offers additional protection because it uses the strongest authentication and encryption
algorithms available in the Advanced Encryption Standard (AES).

Configuring Channels and Frequencies – most wireless routers work in the 2.4GHz frequency range and require
network administrators to set up the channels for the devices to use. 1, 6 and 11 are the main channels used
because they generally will not be interfered with from other devices such as cordless phones and Bluetooth
devices that also work at this frequency range.

Setting ESSID and Beacon – Extended Service Set identifier (ESSID) is the “advertisement” from the Wireless
Access Point that basically announces its availability for network devices to make a connection. The announcement
signal that is sent out is called the beacon.

Verifying Installation - the process that is outlined for making sure that all the settings needed to connect a
network node to the wireless device. The best practice steps generally include on initial installation of the Wireless
Access Point (WAP) to do so without any security to verify that a client can get on the network. Once that is
successful you would then incorporate the security protocol that you wanted to use and to make sure the client can
operate on the network again. Once this is successfully done it is assumed all other network nodes would be able
to successfully repeat the same steps to access the network securely and with the traffic encrypted.
Network Management

OSI Model

The OSI networking model is divided into 7 layers. Each layer has a different responsibility, and all the layers work
together to provide network data communication.

Layer Description

Represents user applications, such as software for file transfers, database access, and e-mail. It
handles general network access, flow control, and error recovery. Provides a consistent neutral
Application
interface for software to access the network and advertises the computers resources to the
network.

Determines data exchange formats and translates specific files from the Application layer format
Presentation into a commonly recognized data format. It provides protocol conversion, data translation,
encryption, character-set conversion, and graphics-command expansion.

Handles security and name recognition to enable two applications on different computers to
communicate over the network. Manages dialogs between computers by using simplex(rare), half-
Session
duplex or full-duplex. The phases involved in a session dialog are as follows: establishment, data-
transfer and termination.

Provides flow control, error handling, and is involved in correction of transmission/reception

Transport problems. It also breaks up large data files into smaller packets, combines small packets into
larger ones for transmission, and reassembles incoming packets into the original sequence.

Addresses messages and translates logical addresses and names into physical addresses. It also
manages data traffic and congestion involved in packet switching and routing. It enables the
Network
option of specifying a service address (sockets, ports) to point the data to the correct program on
the destination computer.

The interface between the upper "software" layers and the lower "hardware" Physical layer. One of
its main tasks is to create and interpret different frame types based on the network type in use.
The Data Link layer is divided into two sub-layers: the Media Access Control (MAC) sub-layer and
the Logical Link Control (LLC) sub-layer.

Data Link
• LLC sub-layer starts maintains connections between devices (e.g. server - workstation).
• MAC sub-layer enables multiple devices to share the same medium. MAC sub-layer
maintains physical device (MAC) addresses for communicating locally (the MAC address of
the nearest router is used to send information onto a WAN).

The specification for the hardware connection, the electronics, logic circuitry, and wiring that
Physical transmit the actual signal. It is only concerned with moving bits of data on and off the network
medium. Most network problems occur at the Physical layer.

Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence: All People Seem To
Need Data Processing. The first letter of each word corresponds to the first letter of the layers starting with
Application and ending with the physical layer.

Network Tools

Command Line Interface Tools

• Traceroute - A command-line troubleshooting tool that enables you to view the route to a specified host. This
will show how many hops the packets have to travel and how long it takes. In Windows operating systems, the
command used is "tracert".
• IPCONFIG - This command is used to view network settings from a Windows computer command line. Below
are the ipconfig switches that can be used at a command prompt.

• ipconfig /all will display all of your IP settings.

• ipconfig /renew forces the DHCP server, if available to renew a lease.
• ipconfig /release forces the release of a lease.

• IFCONFIG - IFCONFIG is a Linux/Unix command line tool that is similar to IPCONFIG in Windows. Common uses
for ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface. At
boot time, many UNIX-like operating systems initialize their network interfaces with shell-scripts that call ifconfig.
As an interactive tool, system administrators routinely use the utility to display and analyze network interface
parameters.

• PING - PING (Packet InterNet Groper) is a command-line utility used to verify connections between networked
devices. PING uses ICMP echo requests that behave similarly to SONAR pings. The standard format for the
command is ping ip_address/hostname. If successful, the ping command will return replies from the remote host
with the time it took to receive the reply. If unsuccessful, you will likely recieve and error message. This is one of
the most important tools for determining network connectivity between hosts.

• ARP (Address Resolution Protocol) - A host PC must have the MAC and IP addresses of a remote host in
order to send data to that remote host, and it's ARP that allows the local host to request the remost host to send
the local host its MAC address through an ARP Request. Guide To ARP, IARP, RARP, and Proxy ARP

• ARP PING (ARPING) - ARPING is a computer software tool that is used to discover hosts on a computer
network. The program tests whether a given IP address is in use on the local network, and can get additional
information about the device using that address. The arping tool is similar in function to ping, which probes hosts
using the Internet Control Message Protocol at the Internet Layer (OSI Layer 3). Arping operates at the Link Layer
(OSI Layer 2) using the Address Resolution Protocol (ARP) for probing hosts on the local network (link) only, as
ARP cannot be routed across gateways (routers). However, in networks employing repeaters that use proxy ARP,
the arping response may be coming from such proxy hosts and not from the probed target.

• NSLOOKUP - This is a command that queries a DNS server for machine name and address information.
Originally written for Unix operating systems, this command is now available on Windows and other operating
systems. To use nslookup, type "nslookup" followed by an IP address, a computer name, or a domain name.
NSLOOKUP will return the name, all known IP addresses and all known aliases (which are just alternate names) for
the identified machine. NSLOOKUP is a useful tool for troubleshooting DNS problems.

• Hostname - The hostname command is used to show or set a computer's host name and domain name. It is
one of the most basic of the network administrative utilities. A host name is a name that is assigned to a host (i.e.,
a computer connected to the network) that uniquely identifies it on a network and thus allows it to be addressed
without using its full IP address. Domain names are user-friendly substitutes for numeric IP addresses.

• Dig (domain information groper) - Dig is a Linux/Unix tool for interrogating DNS name servers. It performs
DNS lookups and displays the answers that are returned from the name server(s) that were queried.

• Mtr - Mtr is a Linux command line tool that combines the functionality of the traceroute and ping programs in a
single network diagnostic tool.

• Route - The route command is used to display and manipulate a local routing table. Examples of its use include
adding and deleting a static route. This tool is available in Unix, Linux and Windows.

• NBTSTAT - Is a Windows utility used to troubleshoot connectivity problems between 2 computers

communicating via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the
contents of the NetBIOS name cache and gives MAC address.

• NETSTAT - Is a Windows, Linux, and Unix command-line tool that displays network connections (both incoming
and outgoing), routing tables, and a number of network interface statistics. NBTSTAT examines the contents of the
NetBIOS name cache and gives MAC address. It is used for finding problems in the network and to determine the
amount of traffic on the network as a performance measurement.

Network Scanners

• Packet Sniffers - A packet sniffer is a device or software used to capture packets traveling over a network
connection. The packets are logged and can be decoded in order to provide information and statistics about the
traffic on the network or network segment. These tools are used for troubleshooting difficult network problems,
monitoring network traffic, and detecting intrusion attempts. Also known as Packet Analyzers.
• Intrusion Detection Software - This was covered earlier in domain 3.1.

• Intrusion Prevention Software - This was covered earlier in domain 3.1.

• Port Scanners - A port scanner is a program designed to probe network hosts for open ports. This is often used
by administrators to verify security policies of their networks and by attackers to identify running services on a
host that can be exploited to gain access.

Hardware Tools

• Cable Testers - Cable testers are electronic devices used to test a cable's integrity by checking for opens and
shorts which can cause connectivity problems.

• Protocol Analyzers - This tool is used to monitor network traffic and display packet and protocol statistics and
information. As far as we're concerned, it is pretty much the same thing as a packet sniffer. Most tools sold today
combine the functions of the listening device (packet sniffer) and the analytical device (packet analyzer).

• Certifiers - Certifiers are a tool that tests cables in order to ensure that they will perform the job intended. This
includes checking the speed loads that it can handle.

• TDR (Time Domain Reflectometer) - Sends a signal down a cable and measures the distance that the signal
travelled before bouncing back (like sonar). Used to find opens and shorts in cables.

• OTDR (Optical Time Domain Reflectometer) - Similar to the TDR above, however, this is used to test fiber
optic cables with light.

• Multimeter - A multimeter, also known as a volt/ohm meter, is an electronic measuring instrument used to
measure voltage, current and resistance.

• Toner Probe - Most will detect opens and shorts like a cable tester, but this tool is mainly used to locate the
termination points of cables.

• Butt Set - A portable telephone that connects to a line using alligator clips and is used to test telephone circuits.

• Punch Down Tool - A punch down tool is used to connect cabling such as telephone and ethernet to wall jacks.

• Cable Stripper - Fairly self explanatory. A tool used to strip the jackets off of cables in order to expose the wire
that can be connected to connectors or wall jacks.

• Snips - Special scissors used for cutting cable.

• Voltage Event Recorder - Captures and logs electrical current information for devices which can then be
accessed on a PC. Mostly used for mission critical devices such as those found in a hospital.

• Temperature Monitor - We aren't entirely sure what CompTIA is referring to with this. There are all kinds of
temperature monitors from CPU temperature monitoring software to devices that monitor the temperature of a
server room.

Network Security

Hardware and Software Security Devices

The topics covered in this section are already covered elsewhere in this guide.

Firewalls

• Application Layer vs. Network Layer – An application layer firewall works at the application layer of a
protocol stack. (This is true for both the OSI model and the Internet Protocol Suite (TCP/IP)) Sometimes referred
to as a proxy-based firewall or proxy server, it can be software running on a computer or server or as a stand-
alone piece of hardware. The main function of the application layer firewall is to analyze traffic before passing it to
a gateway point. A network layer firewall is sometimes referred to as a packet filter and these will operate at the
network layer. The devices will not allow packets to pass the firewall unless they match the rule set as configured
by the firewall administrator. Network layer firewalls can be either stateful or stateless.

• Stateful vs. Stateless – Stateful firewalls maintain pertinent information about any active sessions they have
will speed packet processing using this information. This might include source and destination IP address, UDP or
TCP ports, and other details about the connection such as the session initiation, type of data transfer and so forth.
With Stateful processing if a packet does not match a currently established connection, it will be evaluated
according to the rule set for new connections. If it does match it will be allowed to pass without needing to be
compared to the rule sets in use. Stateless firewalls treat all of the packets on the network in isolation and
independently from all of the other traffic on the wire. They have no way to know if any given packet is part of an
existing connection, is trying to establish a new connection, or is just a rogue packet.

• Scanning Services – the process that is used by all firewalls to review the packets that are passing through
them. Sometimes they will just review the header information or they may be configured to look at the data as
well. More advanced firewalls might also combine virus detection and / or other forms of malware detection as part
of their scanning process to halt the transmission of suspect packets through the device.

• Content Filtering – generally used at the application level to restrict or prevent access to websites that are not
approved for work use, to block sites with objectionable material, or on a corporate black list for one reason or
another. Content could be filtered in many different ways from suspect keywords, images on the site,
downloadable files present, or site content labeling as defined by the website host itself (e.g. an adult site that
defines itself as such – the content filter would review the site content level and apply the filter).

• Signature Identification – a method of indentifying certain types of traffic based on a known behavior of that
traffic. A firewall would know based on the signature definition comparison whether the traffic should be allowed to
pass as permitted (e.g. http traffic or DNS traffic) or whether to deny traffic (e.g. repeated attempts to connect to
multiple systems from multiple sessions, appearing as a possible Distributed Denial of Service (DDoS) attack.

• Zones – demarcation points from one network type to another. Networks internal to a company are considered
internal zones or intranets. A network external to the internal network is generally considered “the internet” or
external zones. If there is a network that the company manages that is not a part of the internal intranet but is in
place between the intranet and the internet this is called the demilitarized zone or the DMZ. The main purpose of
this zone is to act as an additional layer of security buffer between the intranet and the internet.

Network Access Security

• ACL (Access Control List) - An ACL is a table in an operating system or network device (such as a router) that
denies or allows access to resources.
 • MAC Filtering - This method controls access based on the unique MAC address assigned to all network
devices.
• IP Filtering - This method controls access based on the IP addresses (or a range of addresses) of network
devices.

• SSL VPN (Secure Sockets Layer virtual private network) - This is a VPN that runs on SSL and is accessible
via https over a web browser. It allows users to establish secure remote access sessions from virtually any Internet
connected browser. Unlike a traditional VPN, this method does not require the use of IPSec. The benefit of this
solution is that it allows clients to access a corporate network from nearly anywhere which is not practical with a
typical VPN.

• VPN (Virtual Private Network) - A VPN is a network that uses

a public telecommunication infrastructure, such as the Internet, to
provide remote offices or individual users with secure access to
their organization's network. A VPN works by using the shared
public infrastructure while maintaining privacy through security
procedures and tunneling protocols such as the Layer Two
Tunneling Protocol (L2TP) or IPSec. In effect, the protocols, by
encrypting data at the sending end and decrypting it at the
receiving end, send the data through a "tunnel" that cannot be
"entered" by data that is not properly encrypted.

• L2TP (Layer 2 Tunneling Protocol) - L2TP is an extension of the Point-to-Point Tunneling Protocol (PPTP)
used on VPNs. L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from
Cisco Systems. As a tunnelling protocol, L2TP does not include encryption, but is often used with IPsec provide VPN
connections from remote users to a remote network.

• IPSec (Internet Protocol Security) - IPsec is a protocol suite that ensures confidentiality, integrity, and
authenticity of data communications across a public network by authenticating and encrypting each IP packet of a
data stream. IPSEC is made of two different protocols: AH and ESP. AH (Authentication header) is responsible for
authenticity and integrity, while ESP (Encapsulating Security payload) encrypts the payload. IPSec is often used in
conjunction with L2TP on VPNs.

• RAS (Remote Access Service) - RAS refers to any combination of hardware and software to enable remote
access to a network. A RAS server is a specialized computer which aggregates multiple communication channels
together. An example of this would be a server that dial-up users dial into. The term was originally coined by
Microsoft during the Windows NT era and is now called Routing and Remote Access Service (RRAS).

• RDP (Remote Desktop Protocol) - Originally released with Windows NT 4.0 Terminal Services, RDP 4.0
allowed users to connect to a computer and remotely control (AKA Shadow) it. With the release of Windows Vista
and upcoming Windows Longhorn, version 6.0 will allow one to connect to specific applications rather than the
entire desktop of the remote computer. Remote Desktop allows systems administrators to remotely connect to a
user's computer for technical support purposes, or connect to a server for maintenance and administration
purposes. By default, RDP uses TCP port 3389.

• PPPoE (Point to Point Protocol over Ethernet) - In the past, most internet users were connected to the
internet via a serial modem using PPP, however, current technologies have replaced dial-up internet connections
with DSL and cable, for example. In short, PPPoE is a network protocol for encapsulating PPP frames in Ethernet
frames.

• PPP (Point to Point Protocol) - Provides a standard means of encapsulating data packets sent over a single-
channel WAN link. Specifically, PPP provides a method for connecting a personal computer to the Internet using a
standard phone line and a modem using a serial connection (Dial-up). PPP replaced SLIP as the standard for dial-
up connections as it supports more protocols than just TCP/IP.
• VNC (Virtual Network Computing) - VNC makes it possible to interact with a computer from any computer or
mobile device on the Internet. Unlike Microsoft's RDP, VNC offers cross-platform support allowing remote control
between different types of computers. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.

• ICA (Independent Computing Architecture) - ICA is a proprietary protocol for an application server system,
designed by Citrix Systems. Products conforming to ICA are Citrix's WinFrame, Citrix XenApp (formerly called
MetaFrame/Presentation Server), and Citrix XenDesktop products. These permit ordinary Windows applications to
be run on a Windows server, and for any supported client to gain access to those applications. Besides Windows,
ICA is also supported on a number of Unix server platforms and can be used to deliver access to applications
running on these platforms. There is a wide range of clients supported including Windows, Mac, Unix, Linux, and
various Smartphones.

Methods of User Authentication

Issues That Affect Device Security

• Physical Security – physical security is just as it sounds, locks on the doors, cameras everywhere, and so
forth. Depending on the depth of security needed there may be additional layers of security such as an access
badge that operates a door that is additionally checked by a guard. You might have a dual door entrance such as a
“man trap” where the first door you badge opens and you walk through it and it must completely close before the
next door a few feet in front of you becomes operational to bade through.

• Restricting Local and Remote Access – A lot of local access restriction will come from physical security
measures but you can also set systems to not allow local login at the console except for certain specific account
names in the domain or certain specific account names in the local accounts database. With respect to remote
access you can also mange the same principle of least privilege by only allowing remote access to just the
individuals that absolutely need it as part of their role responsibly and by denying everyone else. Those that are
allowed the access should then still need to provide at least a username and password in order to authenticate to
the remote system.

• Secure Shell (SSH) – Application Layer protocol in the Internet Protocol Suite that allows data to be exchanged
using a secure channel between two networked devices and was designed as a replacement for Telnet and other
insecure remote shells, which send information including account name information and passwords in clear text.

• Hypertext Transfer Protocol Secure (HTTPS) – Application Layer protocol in the Internet Protocol Suite that
functions on port 443 by default and uses the standard Hypertext Transfer Protocol with the SSL/TLS protocol to
provide encryption and secure identification of the server which allows the server / client communications to be
secured. An everyday example of this would be anytime you purchase something online and the shopping website
takes you from the regular store front pages defined as http:// and redirects you to their secured servers at
https://

• Simple Network Management Protocol version 3 (SNMPv3) – Application Layer protocol in the Internet
Protocol Suite that is used mostly in network management systems to monitor network attached devices. Version 3
provides important security features that the prior versions did not including message integrity that ensures
packets were not altered, authentication that verifies that the inbound data is from an expected source system as
well as encryption for the traffic stream itself.

• Secure File Transfer Protocol (SFTP) – sometimes called SSH file transfer protocol is a network protocol that
provides secured, encrypted file transfer capability over TCP port 22 by default.
• Secure Copy Protocol (SCP) – Application Layer protocol in the Internet Protocol Suite that leverages the
Secure Shell (SSH) protocol using TCP port 22 by default to copy files from system to system on the same network
or across different networks.

• Telnet - Application Layer protocol in the Internet Protocol Suite that was traditionally used to connect dumb
terminals to mainframe systems. Today it is sometimes used to connect to headless network equipment such as
switches and routers by using a command window. It is a client server protocol that runs on port 23 by default,
and does not encrypt any data sent over the connection.

• Hypertext Transfer Protocol (HTTP) – Application Layer protocol in the Internet Protocol Suite that is the
standard protocol in use on the World Wide Web. Operating on port 80 by default, internet clients contact a web
server and request pages back from that server to their web browsers which render the returned content from the
connection call.

• File Transfer Protocol (FTP) – Application Layer protocol in the Internet Protocol Suite that uses port 20 for
data connections and listens on port 21. Often FTP is set up for anonymous access for the putting and getting of
files. Even when user name identification is required and password authentication is request to systems using FTP
it is done via clear text.

• Remote Shell (RSH) – a command line program which can execute shell commands as another user and on
another computer across a computer network. All of the commands that are sent are done in clear text and any
authentication is also sent over the wire unencrypted. Secure Shell (SSH) is the secure replacement for this utility.

• Remote Copy Protocol (RCP) – a Unix based command line utility that is used to copy data from one system
to another. The utility sends unencrypted information over the network including any applicable account and
password information. It has been replaced by Secure File Transfer Protocol (SFTP) which is sometimes called SSH
file transfer protocol.

• Simple Network Management Protocol versions 1 or 2 (SNMP) – Application Layer protocol in the Internet
Protocol Suite that is used for system management and configuration. Version 1 was originally introduced in the
late 80s and does not have really any applicable security features available. Authentication is performed using the
“community string", which is effectively nothing more than a password and that was transmitted in clear text.
Version 2 did offer some improvements in performance, security, and confidentiality but it did this through a
“party-based” security system that was considered overly complex and it was not widely accepted as a result.

Common Security Threats

DoS (Denial of Service) - A DoS attack is a common type of attack in which false requests to a server overload it
to the point that it is unable to handle valid requests, cause it to reset, or shut it down completely. There are many
different types of DoS attacks including Syn Flooding and Ping Flooding.

• Viruses - A Computer Virus is a program that can copy itself and infect a computer without the permission or
knowledge of the user. A Computer Virus has 2 major characteristics: the ability to replicate itself, and the ability
to attach itself to another computer file. Every file or program that becomes infected can also act as a Virus itself,
allowing it to spread to other files and computers. The term "computer virus" is often used incorrectly as a catch-all
phrase to include all types of Malware such as Computer Worms, Trojan Horses, Spyware, Adware, and Rootkits.
There are many different anti-virus programs available to prevent and remove viruses. Since new threats are
created almost constantly, it is important to keep the virus definition files updated for your software.

• Worm - Worms are stand alone programs that do not need other programs in order to replicate themselves like
a virus which relies on users to inadvertently spread it. Viruses and Worms can be prevented by installing anti-
virus software which can be run on servers, clients, firewalls and other devices.
• Attackers - We aren't entirely sure what CompTIA is referring to with this term so we will offer a general
definition. The term attackers refers to any person or group of people that cause harm on individual computers,
networks, and the internet. This could include hackers, virus and malware creators, and anyone else who attempts
to interfere with normal computer and network operations.

• Man in the Middle - These attacks can include the interception of email, files, passwords and other types of
data that can be transferred across a network. This is a form of Data Theft attack.

• Smurf - This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping
messages in an attempt to cause massive network traffic. To accomplish this, the attacker sends ICMP echo
packets to broadcast addresses of vulnerable networks with a forged source address pointing to the target (victim)
of the attack. All the systems on these networks reply to the victim with ICMP echo replies which will overload it.
These types of attacks are very easy to prevent, and as a result, are no longer very common.

• Rogue Access Point - This term most often refers to unauthorized access points that are deployed with
malicious intent. But in general, it would refer to any unauthorized device regardless of its intent. Types of Rogue
APs could include one installed by an employee without proper consent, a misconfigured AP that presents a security
risk, AP from neighboring WLANs, or one used by an attacker. To prevent the installation of rogue access points,
organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized
access points.

• Social Engineering (Phishing) - Social engineering describes various types of deception used for the purpose
of information gathering, fraud, or computer system access. Phishing, a form of social engineering, is the
fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card
details by masquerading as a trustworthy entity in an electronic communication such as email, chat, or instant
messaging.

• Mitigation Techniques - For the purposes of this guide, we can't cover all of the various options to prevent
security breaches, so we'll keep it brief with the following:

• Policies and Procedures – an outline in a group, organization or across an enterprise which outlines
different sets of standards and actions. These will often define acceptable use of network systems and
repercussions for violations. Generally they are drafted by system and network administrators as an outline
of service and use and legal will generally tighten up the actual meaning. Management will ultimately need
to follow up with approval authorization and who will actually enforce them.
• User Training – skills that need to be communicated to the end user community that are using the network
resources and connected systems. This training usually consists of rudimentary explanations of expected
and acceptable use and what the procedures are for violations. Additionally, it will include some basic level
of explanation of security threats and how user interaction can help defend the network as well as make it
more at risk when the wrong actions are taken.
• Patches and Updates – operating system updates and application fixes that are released to enhance
security features or to fix known issues with software. Generally, most of the patches and some of the
updates are released in order to correct recently discovered security deficiencies in the code. These
updates are always delivered by the application owner unless a specific agreement is made between the
application owner and another vendor. Users and administrators would generally download these updates
manually to install onto systems or set up some type of automated system for delivery to managed
systems and devices.