Network+StudyGuide(N10004)

ThisisourfreestudyguideforCompTIA'sNetwork+certificationexam(N10004).Ifyouwouldliketoreportan
errororcontributeadditionalinformation,pleaseusethecontactlinkatthebottomofthesite,orpostinour
forums.Wehopeyoufindthisguideusefulinyourstudies.

Domain1.0:NetworkTechnologies
Domain1.1:CommonNetworkingProtocols
TCPTCPbreaksdataintomanageablepacketsandtracksinformationsuchassourceanddestinationof
packets.Itisabletoreroutepacketsandisresponsibleforguaranteeddeliveryofthedata.
IPThisisaconnectionlessprotocol,whichmeansthatasessionisnotcreatedbeforesendingdata.IPis
responsibleforaddressingandroutingofpacketsbetweencomputers.Itdoesnotguaranteedeliveryand
doesnotgiveacknowledgementofpacketsthatarelostorsentoutoforderasthisistheresponsibilityof
higherlayerprotocolssuchasTCP.
UDPAconnectionless,datagramservicethatprovidesanunreliable,besteffortdelivery.
ICMPInternetControlMessageProtocolenablessystemsonaTCP/IPnetworktosharestatusanderror
informationsuchaswiththeuseofPINGandTRACERTutilities.
SMTPUsedtoreliablysendandreceivemailovertheInternet.
FTPFiletransferprotocolisusedfortransferringfilesbetweenremotesystems.Mustresolvehostnameto
IPaddresstoestablishcommunication.Itisconnectionoriented(i.e.verifiesthatpacketsreachdestination).
TFTPSameasFTPbutnotconnectionoriented.
ARPprovidesIPaddresstoMACaddressresolutionforIPpackets.AMACaddressisyourcomputer'sunique
hardwarenumberandappearsintheform00A0F12764E1(forexample).EachcomputerstoresanARP
cacheofothercomputersARPIPcombinations.
POP3PostOfficeProtocol.APOP3mailserverholdsmailuntiltheworkstationisreadytoreceiveit.
IMAPLikePOP3,InternetMessageAccessProtocolisastandardprotocolforaccessingemailfromyour
localserver.IMAP(thelatestversionisIMAP4)isaclient/serverprotocolinwhichemailisreceivedandheld
foryoubyyourInternetserver.
TELNETProvidesavirtualterminalorremoteloginacrossthenetworkthatisconnectionbased.The
remoteservermustberunningaTelnetserviceforclientstoconnect.
HTTPTheHypertextTransferProtocolisthesetofrulesforexchangingfiles(text,graphicimages,sound,
video,andothermultimediafiles)ontheWorldWideWeb.Itistheprotocolcontrollingthetransferand
addressingofHTTPrequestsandresponses.
HTTPSSignifiesthatawebpageisusingtheSecureSocketsLayer(SSL)protocolandisprovidingasecure
connection.Thisisusedforsecureinternetbusinesstransactions.
NTPNetworkTimeProtocolisaprotocolthatisusedtosynchronizecomputerclocktimesinanetworkof
computers.
SNMPStandsforSimpleNetworkManagementProtocolandisusedformonitoringandstatusinformation
onanetwork.SNMPcanbeusedtomonitoranydevicethatisSNMPcapableandthiscanincludecomputers,
printers,routers,servers,gatewaysandmanymoreusingagentsonthetargetsystems.Theagentsreport
informationbacktothemanagementsystemsbytheuseoftrapswhichcapturesnapshotdataofthe
system.Thistrapinformationcouldbesystemerrors,resourceinformation,orotherinformation.The
SNMPv2standardincludesenhancementstotheSNMPv1SMIspecificdatatypes,suchasincludingbit
strings,networkaddresses,andcounters.InSNMPv3securitywasaddressed.Becauseallofthetrap
informationsentwasincleartext,anymonitoringinformationbeingsentandcollectedforoperational
purposescouldalsobepulledoffthewirebyamaliciousperson
SIPStandsforSessionInitiationProtocolandisasignalingprotocol,widelyusedforcontrollingmultimedia
communicationsessionssuchasvoiceandvideocallsoverInternetProtocol(IP).Otherfeasibleapplication
examplesincludevideoconferencing,streamingmultimediadistribution,instantmessaging,presence
informationandonlinegames.Theprotocolcanbeusedforcreating,modifyingandterminatingtwoparty
(unicast)ormultiparty(multicast)sessionsconsistingofoneorseveralmediastreams.Themodificationcan
involvechangingaddressesorports,invitingmoreparticipants,addingordeletingmediastreams,etc.
RTPRealtimeTransportProtocolistheaudioandvideoprotocolstandardusedtodelivercontentoverthe
Internet.RTPisusedinconjunctionwithotherprotocolssuchasH.323andRTSP.
IGMPInternetGroupManagementProtocolisusedtomanageInternetProtocolmulticastgroups.IP
hostsandadjacentmulticastroutersuseIGMPtoestablishmulticastgroupmemberships.IGMPisonly
neededforIPv4networks,asmulticastishandleddifferentlyinIPv6networks.
TLSTransportLayerSecurityisacryptographicprotocolthatprovidessecurityforcommunicationsover
networkssuchastheInternet.TLSandSSLencryptthesegmentsofnetworkconnectionsattheTransport
Layerendtoend.Severalversionsoftheprotocolsareinwidespreaduseinapplicationslikewebbrowsing,
electronicmail,Internetfaxing,instantmessagingandvoiceoverIP(VoIP).

Domain1.2:IdentifyCommonlyUsedTCP/UDPPorts
Portsarewhatanapplicationuseswhencommunicatingbetweenaclientandservercomputer.Somecommon

portsare:
Protocol Type

Number

FTP

TCP

20,21

SSH

TCP

22

TELNET

TCP

23

SMTP

TCP

25

DNS

TCP/UDP 53

DHCP

UDP

67

TFTP

UDP

69

HTTP

TCP

80

POP3

TCP

110

NTP

TCP

123

IMAP4

TCP

143

SNMP

UDP

161

HTTPS

TCP

443

Domain1.3:IdentifytheFollowingAddressFormats
IPv4EveryIPaddresscanbebrokendowninto2parts,theNetworkID(netid)andtheHostID(hostid).Allhosts
onthesamenetworkmusthavethesamenetid.Eachofthesehostsmusthaveahostidthatisuniqueinrelation
tothenetid.IPaddressesaredividedinto4octetswitheachhavingamaximumvalueof255.WeviewIPv4
addressesindecimalnotationsuchas124.35.62.181,butitisactuallyutilizedasbinarydata.
IPaddressesaredividedinto3classesasshownbelow:
Class Range
A

1126

<128191

192223

NOTE:127.x.x.xisreservedforloopbacktestingonthelocalsystemandisnotusedonlivesystems.Thefollowing
addressrangesarereservedforprivatenetworks:
10.0.0.010.254.254.254
172.16.0.0172.31.254.254
192.168.0.0192.168.254.254
IPv6ThepreviousinformationonTCP/IPhasreferredtoIPv4,however,thisaddressingschemehasrunoutof
availableIPaddressesduetothelargeinfluxofinternetusersandexpandingnetworks.Asaresult,thepowersthat
behadtocreateanewaddressingschemetodealwiththissituationanddevelopedIPv6.Thisnewaddressing
schemeutilizesa128bitaddress(insteadof32)andutilizesahexnumberingmethodinordertoavoidlong
addressessuchas132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5.Thehexaddressformatwillappearin
theformof3FFE:B00:800:2::Cforexample.
MACAddressingAlsoknownashardwareaddressorethernetaddress,AMACaddressisauniquecodeassigned
tomostnetworkinghardware.Thehardwareisassignedauniquenumberbythemanufacturerandtheaddressis
permanentlyassignedtothedevice.MACAddressesareina48bithexidecimalformatsuchas00:2f:21:c1:11:0a.
Theyareusedtouniquelyidentifyadeviceonanetwork,andforotherfunctionssuchasforbeingauthenticated
byaDHCPserver.Formoreinformation,readMACAddressingFormatsAndBroadcasts.

Domain1.4:ProperUseofAddressingTechnologies
SubnettingIPaddressescanbeclassA,BorC.ClassAaddressesarefornetworkswithalargenumberofhosts.
Thefirstoctetisthenetidandthe3remainingoctetsarethehostid.ClassBaddressesareusedinmediumtolarge
networkswiththefirst2octetsmakingupthenetidandtheremaining2arethehostid.ClassCisforsmaller
networkswiththefirst3octetsmakingupthenetidandthelastoctetcomprisingthehostid.TheNetworkIDand

theHostIDaredeterminedbyasubnetmask.Thedefaultsubnetmasksareasfollows:
Class

DefaultSubnet Subnets

HostsPerSubnet

ClassA 255.0.0.0

126

16,777,214

ClassB 255.255.0.0

16,384

65,534

ClassC 255.255.255.0

2,097,152 254

Whatifyouwantedmorethan1subnet?Subnettingallowsyoutocreatemultiplelogicalnetworksthatexist
withinasingleClassA,B,orCnetwork.Ifyoudon'tsubnet,youwillonlybeabletouseonenetworkfromyour
ClassA,B,orCnetwork.Whensubnettingisemployed,themultiplenetworksareconnectedwitharouterwhich
enablesdatatofinditswaybetweennetworks.Ontheclientside,adefaultgatewayisassignedintheTCP/IP
properties.ThedefaultgatewaytellstheclienttheIPaddressoftherouterthatwillallowtheircomputerto
communicatewithclientsonothernetworks.
ClassfulversusClasslessaddressingtheoriginalTCP/IPaddressingmethoddescribedabovewascalled
classfuladdressingwhichworkedbydividingtheIPaddressspaceintochunksofdifferentsizescalledclasses.
ClasslessaddressingisreferredtoasClasslessInterDomainRouting(CIDR)andisdonebyallocatingaddressspace
toInternetserviceprovidersandendusersonanyaddressbitboundary,insteadofon8bitsegments.So
172.16.50.0doesnothavetousethestandardsubnetmaskof255.255.0.0whichmakesaClassBaddressspace
andwhichalsoputsitonthesamenetworkas172.16.51.0usingthesubnetmaskof255.255.0.0.(Withclassful
addressing,ourexamplehas172.16asthenetworknameandthe50.0and51.0rangesarebothpartofthesame
hostnamingconvention).Instead,byusingclasslessaddressing172.16.50.0/24putsthesesystemsonadifferent
networkthan172.16.51.0/24becausethenetworknameshereare172.16.50and172.16.51whichare
different.
NATNATstandsforNetworkAddressTranslationandisacommonlyusedIPtranslationandmappingtechnology.
Usingadevice(suchasarouter)orpieceofsoftwarethatimplementsNATallowsanentirehomeorofficenetwork
toshareasingleinternetconnectionoverasingleIPaddress.Asinglecablemodem,DSLmodem,oreven56k
modemcouldconnectallthecomputerstotheinternetsimultaneously.Additionally,NATkeepsyourhomenetwork
fairlysecurefromhackers.NATisbuiltintothemostcommonInternetConnectionSharingtechnologies.
PATPortAddressTranslationisafeatureofanetworkdevicethattranslatesTCPorUDPcommunicationsmade
betweenhostsonaprivatenetworkandhostsonapublicnetwork.ItallowsasinglepublicIPaddresstobeusedby
manyhostsonaprivatenetwork.
SNATSecureNetworkAddressTranslationanextensionofthestandardNetworkAddressTranslation(NAT)
service.SNATisdonethroughonetooneIPaddresstranslationofoneinternalIPaddresstooneexternalIP
addresswhereNATiseffectivelyoneexternaladdresstomanyinternalIPaddresses.
DHCPDynamicHostConfigurationProtocolprovidesasolutionthatautomaticallyassignsIPaddressesto
computersonanetwork.WhenaclientisconfiguredtoreceiveanIPaddressautomatically,Itwillsendouta
broadcasttotheDHCPserverrequestinganaddress.Theserverwillthenissuea"lease"andassignittothatclient.
SomeofthebenefitsofDHCPincludethefollowing:
PreventsusersfrommakinguptheirownIPaddresses.
Preventsincorrectgatewayorsubnetmasksfrombeingentered.
Decreasesamountoftimespentconfiguringcomputersespeciallyinenvironmentswherecomputersget
movedaroundallthetime.
APIPAStandsforAutomaticPrivateInternetProtocolAddressing.Clientsystemsthatareconfiguredfor
automaticIPaddressassignment/dynamicIPassignmentwillattempttouseDHCPtomakearequestforanIP
addressleaseforagivennetwork.WhentheDHCPserverisunavailabletheserviceontheclientwillautomatically
configurethesystemwithanAPIPAIPaddressinthe169.254.0.1through169.254.255.254addressrangewitha
subnetmaskof255.255.0.0.
Unicastthesendingofinformationpacketstoasinglenetworknode.Thistypeofnetworktransmissionisused
whereaprivateoruniqueresourcesuchasmediaserversarebeingrequestedfortwowayconnectionsthatare
neededtocompletethenetworkcommunication.Sointhemediaserverexample,aclientsystemmaymakethe
requestforstreamingcontentfromthesinglesourceandtherespondingsystemmayleverageunicastaspartof
theresponsetothesessionrequesttodeliverthecontent.
Multicastasinglesourceaddressrespondingtomultipledestinationaddresseswithinformationtobesent.Ina
mediaserverexample,thesinglesourceaddressmayneedtosendthedatatomultipleclientsitdoesthisby
sendingthedatawithmultipledestinationIPaddresses.Alltheclientsthatseethisnetworktrafficwillcheckto
seeifitismeantforthemwiththesuppliedinformation.Ifitisnottheclientdoesnotreceivethedata.Ifa
networknodedoesseethatthedataisintendedforthemthedevicewillrespondbyreceivingthepacket.

Broadcasttrafficsentoutfromanetworknodethatwillreacheveryothernodeonthesubnet/broadcast
domainbecausethemessageissentwiththeintentofreachingallnodes.Thenetworknodethatissendingthe
trafficwillusethebroadcastaddressforthatsubnetandeverydeviceinthatbroadcastdomainwillreceivethe
broadcastinformation.GenerallythebroadcastaddressisthelastIPaddressofthatsegment.Asanexample,in
theIPaddressrangeof192.168.0.0thisbroadcastaddresswouldbe192.168.255.255andthetrafficwouldreach
allavailablenodesonthesubnet.Additionally255.255.255.255couldbeusedwhichisthebroadcastaddressof
thezeronetwork(0.0.0.0).InternetProtocolstandardsoutlinethatthezeronetworkstandsforthelocalnetwork
soonlythosenodeonthelocalnetworkwouldhearthebroadcasttrafficacrossthe255.255.255.255address.

Domain1.5:CommonIPv4andIPv6RoutingProtocols
LinkStateroutingprotocolsareoneofthetwomainclassesofroutingprotocolsusedinpacketswitching
networksandincludesprotocolssuchasOpenShortestPathFirst(OSPF)andIntermediateSystemtoIntermediate
System(ISIS).Thelinkstateprotocolisperformedoneveryrouteronthenetwork,whereeveryroutingnode
constructsamapoftheconnectivitytothenetworkbyshowingwhichnodesareconnectedtoeachother.Each
routercalculatesthenextbestlogicalhopfromittoeverypossibleknowndestinationwhichformsthenode's
routingtable.
OpenShortestPathFirst(OSPF)isadynamicroutingprotocolandisusedonInternetProtocol(IP)
basednetworksofallsizeslargetosmall.OSPFisaninteriorgatewayprotocol(IGP)thatroutesIPpackets
withinasingleroutingdomainandwasdesignedtosupportvariablelengthsubnetmasking(VLSM)and
ClasslessInterDomainRouting(CIDR)addressing.
IntermediateSystemtoIntermediateSystem(ISIS)alinkstateprotocolthatoperatesby
forwardingnetworktopologyinformationthroughoutanetworkofrouters.Eachrouterthenindependently
buildsapictureofthenetwork'stopologybasedonthedatareceivedandthebesttopologicalpaththrough
thenetworktothedestination.ISISisanInteriorGatewayProtocol(IGP)typicallyusedonlargernetworks.
Distancevectorroutingprotocolsareoneofthetwomainclassesofroutingprotocolsusedinpacket
switchingnetworksandincludesRoutingInformationProtocol(RIP)andInteriorGatewayRoutingProtocol(IGRP).
usesdistanceasonefactorandthevectorastheothertodetermineagainsttheknownroutingtablestodeliver
datatosourceanddestinationlocations.Routersusingthedistancevectorroutingprotocolwillupdateother
routersoftopologychangesperiodicallywhenachangeisdetectedinthetopologyofanetwork.
RoutingInformationProtocol(RIPv1)RIPisadistancevectorroutingprotocolusinghopcountasa
routingmetric.ThemaximumnumberofhopsallowedforRIPis15whicheffectivelylimitsthesizeof
networksthatRIPcansupport.
RoutingInformationProtocol(RIPv2)improveduponRIPv1byhavingtheabilitytoincludesubnet
informationwithitsupdateswhichallowsforClasslessInterDomainRouting(CIDR)support.The30second
proactivebroadcasthasbeeneliminatedinfavorofmulticastadvertisementsforitsupdates.The15hop
countlimitremainssothatthedevicesarebackwardscompatiblewithRIPv1devices.
BorderGatewayProtocol(BGP)isthecoreroutingprotocoloftheInternet.ItmaintainsatableofIP
networksandthedatathatdesignateswhereandhowtoreacheachnetworkthroughautonomoussystems
(AS).BGPmakesroutingdecisionsbasedonpath,networkpoliciesand/orrulesets.
EnhancedInteriorGatewayRoutingProtocol(EIGRP)aproprietaryhybridprotocolfromCiscothat
isadistancevectorroutingprotocolthatfunctionslikealinkstateroutingprotocol.EIGRPcollects
informationandstoresitinthreetablestheNeighborTablewhichstorestheinformationaboutneighboring
routers,theTopologyTablewhichcontainsonlytheinformationanddataregardingtheroutingtablesfrom
directlyconnectedneighborsandtheRoutingtablewhichstorestheactualroutestoalldestinations.

Domain1.6:ThePurposeandPropertiesofRouting
InteriorGatewayProtocol(IGP)routingprotocolthatisusedwithinanautonomoussystemwhichis
sometimesreferredtoasanadministrativedomain.OnetypeofInteriorGatewayProtocolaretheDistancevector
routingprotocolssuchasRoutingInformationProtocol(RIP),InteriorGatewayRoutingProtocol(IGRP)and
EnhancedInteriorGatewayRoutingProtocol(EIGRP).AnothertypearetheLinkstateroutingprotocolssuchas
OpenShortestPathFirst(OSPF)andIntermediatesystemtointermediatesystem(ISIS)
ExteriorGatewayProtocol(EGP)routingprotocolthatisusedacrossdifferentautonomoussystems/
administrativedomains.ItwastheroutingprotocolleveragedforInternetconnecteddevicesintheearly1980s.
BorderGatewayProtocol(BGP)isthereplacementstandardforInternetroutingoverEGP.
StaticRouterUpdatesarouterwithmanuallyconfiguredroutingtables.Forthesetypesofdevices,anetwork
administratorwillmanuallybuildandmakeupdatestotheroutingtableforallroutesintheadministrativedomain.
Staticroutersarebestsuitedforsmallinternetworksduetotheneedofthemanualadministration,theydonot
scalewelltolargenetworkswhereroutinginformationisoftenchanged,updatedandappended.Staticroutersare
notfaulttolerantbecausewhenanothernetworkdevicegoesdownthemanuallyinputinformationmaynot
necessarilyprovidealternatepathingtoadestinationwhichmakesitunreachable(unlessquick,manual
administrativeupdatesaremade.)

DynamicRouterUpdatesArouterwithdynamicallyconfiguredroutingtables.Thistypeofautomatic
configurationismadeupofroutingtablesthatarebuiltandmaintainedbyongoingcommunicationbetweenthe
routersonly(bydefaultthisdoesnotincludeinitialsetupandconfigurationoradministrativeneedsfora
persistentrouteconfiguration).Dynamicroutingisfaulttolerantifarouterorlinkgoesdown,therouterssense
thechangeinthenetworktopologywhenthelearnedrouteexpiresintheroutingtableandcannotberenewed
duetotheoutage.Thischangeisthendisseminatedtootherrouterssothatalltherouterslearnofthenetwork
changes.RoutingInformationProtocol(RIP)andOpenShortestPathFirst(OSPF)routingprotocolsforIPandRIP
forIPXaresomeofexamplesofprotocolsthatcanbeusedforthesedynamicupdates.
NextHopdefinedasthenextplacethatadatapacketneedstogo.Inmostcases,routersdonotneedallofthe
informationregardingwheretheoriginatingsourceofthedatatransmissionwas.Inmostcasesroutersjustneed
toknowwheretheredataneedstogonextandthenextreferredtoasthenexthopbecausealltheyaretrying
todoisdeliverittothespecifieddestinationIPaddressthatisincludedintheheaderinformationofthedatabeing
sent.IfthatrouteristhelasthopandcandeliverittothespecifiedIPaddressitdoesotherwiseitreferstoits
routingtablestofigureoutwhichroutertohanditofftointheefforttogetthedatapacketwhereitneedstogo.
RoutingTablessometimesreferredtoasaRoutingInformationBase(RIB),isthedatabaseinformationthat
storesalltheroutinformationfortheroutingnetworkdevices.Theroutingtableholdstherouteinformation
regardingthetopologyofthenetworkimmediatelyaroundthedevicetoothernetworkdestinationsanditwilloften
includethemetric/costassociatedfortheroute.Therearethreemainrouteentriesthataregenerallyfoundin
theroutingtablesNetworkRoute,HostRouteandtheDefaultRoute.TheNetworkRouteisroutetoaspecific
NetworkIDonthenetwork.TheHostRouteisaroutetoaspecificnetworkaddress.ADefaultrouteisthepath
usedifaphysicalrouterorothernetworkroutingdevicecannotfindarouteforthespecifieddestination.
Convergenceachievedwhenalloftheavailabletopologyinformationfromroutingdeviceshavebeenpassed
alongtoalloftheotherdeceivesintotalityandallwhentheinformationgatheredisnotinacontradictionstateto
anyotherrouter'sinformedtopologyinformation.Whenallofthenetworkroutingdevices"agree"onwhatthe
networktopologylookslikeitissaidtohavefullconvergence.

Domain1.7:CharacteristicsofWirelessStandards
WirelessnetworksallowcomputerstocomunicatewithouttheuseofcablesusingIEEE802.11standards,also
knownasWiFi.Aconnectionismadefromadevice,whichisusuallyaPCoraLaptopwithawirelessnetwork
interfacecard(NIC),andanAccessPoint(AP),whichactsasabridgebetweenthewirelessstationsandDistribution
System(DS)orwirednetworks.An802.11wirelessnetworkadaptercanoperateintwomodes,AdHocand
Infrastructure.Ininfrastructuremode,allyourtrafficpassesthroughawirelessaccesspoint.InAdhocmodeyour
computerstalkdirectlytoeachotheranddonotneedanaccesspoint.Thetablebelowshowsthevarious
standards.
Standard Speed

Distance Frequency

802.11a

54mbps

100ft

5GHz

802.11b

11mbps

300ft

2.4GHz

802.11g

54mbps

300ft

2.4GHz

802.11n

540mbps 600ft

5GHzand/or2.4GHz

AuthenticationandEncryption:
WEPWiredEquivalentPrivacyisasecurityencryptionalgorithmthatiseasilycracked.Forthisreason,it
hasbeenreplacedbyothertechnologies.
WPATheoriginalWPAstandardusedTKIP,butwaslaterreplacedbyWPA2whichusesamoresecureAES
basedalgorithm.WPAusesa256bitkeytoencryptdata.Thiskeymaybeenteredeitherasastringof64
hexadecimaldigits,orasapassphraseof8to63characters.Itissusceptibletobruteforceattackswhena
weakpassphraseisused.
RADIUSRemoteAuthenticationDialInUserService(RADIUS)isanetworkingprotocolthatprovides
centralizedAuthentication,Authorization,andAccounting(AAA)managementforcomputerstoconnectand
useanetworkservice.RADIUSisoftenusedbyISPsandenterprisestomanageaccesstotheInternetor
internalnetworks,andwirelessnetworks.Microsoft'sanswertocorporatewirelesssecurityistheuseof
RADIUSauthenticationthroughitsInternetAuthenticationServices(IAS)product.
TKIPTemporalKeyIntegrityProtocolwasdesignedasasolutiontoreplaceWEPwithoutrequiringthe
replacementoflegacyhardware.TKIPsufferedfromsimilarflawsasWEPandhasbeenreplacedbymore
secureencryptionschemes.

Domain2.0:NetworkMediaandTopologies
Domain2.1:StandardCableTypesandTheirProperties
CableTypes:
Type

Description

CAT3

Unshieldedtwistedpaircapableofspeedsupto10Mbit/s.Usedwith10BaseT,100BaseT4,and
100BaseT2Ethernet.

CAT4

Unshieldedtwistedpaircapableofspeedsupto20Mbit/s.Notwidelyused.Usedwith10BaseT,
100BaseT4,and100BaseT2Ethernet.

CAT5

Unshieldedtwistedpaircapableofspeedsupto100Mbit/s.Maybeusedwith10BaseT,100BaseT4,
100BaseT2,and100BaseTXEthernet.

CAT5e

EnhancedCat5issimilartoCAT5,butexceedsitsperformance.Improveddistanceoverprevious
categoriesfrom100mto350m.Maybeusedfor10BaseT,100BaseT4,100BaseT2,100BaseTXand
1000BaseTEthernet.

CAT6

Cantransmitdataupto220matgigabitspeeds.IthasimprovedspecificationsforNEXT(NearEnd
CrossTalk),PSELFEXT(PowerSumEqualLevelFarEndCrossTalk),andAttenuation.Cat6is
backwardcompatiblewithlowerCategorygradesandsupportsthesameEthernetstandardsasCat
5e.

Multimode Multimodefibershavelargecores.Theyareabletocarrymoredatathansinglemodefibersthough
Fiber
theyarebestforshorterdistancesbecauseoftheirhigherattenuationlevels.
Single
Mode
Fiber

SingleModefibershaveasmallglasscore.SingleModefibersareusedforhighspeeddata
transmissionoverlongdistances.Theyarelesssusceptibletoattenuationthanmultimodefibers.

RG59and Thesearebothshieldedcoaxialcablesusedforbroadbandnetworking,cabletelevision,andother
RG6
uses.

Serial

Aserialcableisacablethatcanbeusedtotransferinformationbetweentwodevicesusingserial
communication,oftenusingtheRS232standard.TypicallyuseDsubminiatureconnectorswith9or
25pins.Cablesareoftenunshielded,althoughshieldingcablesmayreduceelectricalnoiseradiatedby
thecable.

Shieldedtwistedpair(STP)differsfromUTPinthatithasafoiljacketthathelpspreventcrosstalk.Crosstalk
issignaloverflowfromanadjacentwire.
EMIElectricaldevicessuchasprinters,airconditioningunits,andtelevisionmonitorscanbesourcesof
electromagneticinterference,orEMI.SometypesofnetworkmediahavemoreresistancetoEMIthanothers.
StandardUTPcablehasminimalresistancetoEMI,whilefiberopticcableishighlyresistant.
Plenumgradecablingisrequiredifthecablingwillberunbetweentheceilingandthenextfloor(thisiscalled
theplenum).Plenumgradecablingisresistanttofireanddoesnotemitpoisonousgasseswhenburned.
SimplexSignalscanbepassedinonedirectiononly.
HalfDuplexHalfduplexmeansthatsignalscanbepassedineitherdirection,butnotinbothsimultaneously.
FullDuplexFullduplexmeansthatsignalscanbepassedineitherdirectionsimultaneously.

Domain2.2:CommonConnectorTypes
BNCThisconnectorhasfounduseswithbothbroadcasttelevisionequipmentand
computernetworks.Withregardstonetworking,thisconnectorwasusedonearly
10Base2(Thinnet)Ethernetnetworks.Ithasacenterpinconnectedtothecenter
coaxialcableconductorandametaltubeconnectedtotheoutercableshield.Arotating
ringoutsidethetubelocksthecabletothefemaleconnector.
RJ11ShortforRegisteredJack11,afourorsixwireconnectorusedprimarilyto
connecttelephoneequipmentintheUnitedStates(POTS).Thecableitselfiscalled
category1(Cat1)andisusedfordialupconnections.Modemshaverj11jacksthat
connectthemtothewalloutlet.

RJ45ShortforRegisteredJack45,itisaneightwireconnectorusedcommonlyto
connectdevicesonEthernetLANs.RJ45connectorslooksimilartoRJ11connectors
usedforconnectingtelephoneequipment,buttheyarelarger.

STTheSTconnectorisafiberopticconnectorwhichuses
aplugandsocketwhichislockedinplacewithahalftwist
bayonetlock.TheSTconnectorwasthefirststandardfor
fiberopticcabling.STConnectorsarehalfduplex.
SCTheSCconnectorisafiberopticconnectorwithapushpulllatchingmechanism
whichprovidesquickinsertionandremovalwhilealsoensuringapositiveconnection.SC
Connectorsarehalfduplex.

LCTheLCconnectorisjustlikeaSCconnectoronlyitishalfthesize.LikeSC
connectors,LCconnectorsarehalfduplex.

RS232Astandardforserialbinarydatainterconnection
betweenaDTE(Dataterminalequipment)andaDCE(Data
communicationequipment).Commonlyfoundinusewithbar
codescanners,measuringtools,andlaboratoryinstruments
aredesignedtointerfacetoacomputerusingastandard
RS232serialcableconnection.ManyoftheseusesarebeingreplacedwithUSBenableddevices.Theconnectorisa
DB9orDB25connector.

Domain2.3:CommonPhysicalNetworkTopologies
StarThestartopologyusestwistedpair(10baseTor100baseT)cablingandrequiresthatall
devicesareconnectedtoahub.Advantagesarecentralizedmonitoring,andfailuresdonotaffect
othersunlessitisthehub,easytomodify.Thedisadvantageisthatthehubisasinglepointof
failure.Ifitgoesdown,therearenocommunicationspossible.

MeshInatruemeshtopologyeverynodehasaconnectiontoeveryothernodeinthenetwork.
Afullmeshprovidesredundancyincaseofafailurebetweenlinks,butisimpracticalduethe
complexityandtheexpensiveamountofcablingrequired.

BusThistopologyisanoldoneandessentiallyhaseachofthecomputersonthenetworkdaisy
chainedtoeachother.Packetsmustpassthroughallcomputersonthebus.Thistypeischeap,
andsimpletosetup,butcausesexcessnetworktraffic,afailuremayaffectmanyusers,and
problemsaredifficulttotroubleshoot.

RingAringtopologyhasaphysicalandlogicalringandisusedonSONETandFDDInetworks
(notethatTokenRingnetworksareactuallyahybridstarringtopology).Anystationcansenda
packetaroundtheringbutonlythestationwiththetokencandoso.Thetokenispassedaround
theringgivingallstationsanopportunitytocommunicate.Thisisaveryfastandsimplenetwork.
Howeverifanypartoftheringgoesdown,theentireLANgoesdown.Ifthereisaproblemata
station,itmaybedifficulttolocateit.Ringnetworksarenotverycommon.
PointtopointThistopologygenerallyreferstoaconnectionrestrictedtotwoendpoints.Point
topointissometimesreferredtoasP2P(notthesameaspeertopeerfilesharingnetworks),or
Pt2Pt,orvariationsofthis.ExamplesofthistopologyincludeRS232serialconnectionsaswellas
lasernetworkconnectionsbetweenbuildings.

PointtoMultipointAlsoknownasP2MP,thisisamethodofcommunicationbetweenaseries
ofreceiversandtransmitterstoacentrallocation.Themostcommonexampleofthisistheuseof
awirelessaccesspointthatprovidesaconnectiontomultipledevices.
HybridHybridtopologiesarecombinationsoftheaboveandarecommononverylarge
networks.Forexample,astarbusnetworkhashubsconnectedinarow(likeabusnetwork)and
hascomputersconnectedtoeachhubasinthestartopology.

Domain2.4:WiringStandards
568Aand568BThenumber568referstotheorderinwhichtheindividualwiresinsideaCAT5cableare
terminated.Theonlydifferencebetweenthetwostandardsisthatthegreenandorangepinsareterminatedto
differentpins.Thereisnodifferenceinsignalandboththe568Aand568BareusedaspatchcordsforEthernet
connections.
StraightthroughvsCrossoverAstraightthroughcableuseseitherthe568Aor568Bwiringstandardandis
usedforconnectingdevicestorouters,hubs,switches,etc.Ancrossovercableisusedtoconnectcomputing
devicestogetherdirectly(i.e.connecting2computersdirectlytogether).Acrossovercableusesthe568Astandard
ononeendand568Bontheotherend.
RolloverRollovercable(alsoknownasCiscoconsolecable)isatypeofnullmodemcablethatismostcommonly
usedtoconnectacomputerterminaltoarouter'sconsoleport.Thiscableistypicallyflatandhasalightbluecolor.
Itgetsthenamerolloverbecausethepinoutsononeendarereversedfromtheother,asifthewirehadbeenrolled
overandyouwereviewingitfromtheotherside.
LoopbackAloopbackcableredirectstheoutputbackintoitselfandisusedfortroubleshootingpurposes(loopback
test).ThiseffectivelygivestheNICtheimpressionthatitiscommunicatingonanetwork,sinceitsabletotransmit
andreceivecommunications.

Domain2.5:WANTechnologyTypesandProperties
FrameRelayFramerelayisasecure,privatenetworkthatutilizesalogicalpathorvirtualcircuittoallocate
bandwidthforhighperformancetransmissions.Framerelayisthepremierhighspeedpacketswitchingprotocol
communicatingdata,imaging,andvoicebetweenmultiplelocations.Framerelayisavailableinarangeof
bandwidthsfrom56KbpstofullT1(1.54Mbps).
T1/T3AT1isadedicatedphoneconnectionsupportingdataratesof1.544Mbps.AT1lineactuallyconsists
of24individualchannels,eachofwhichsupports64Kbitspersecond.Each64Kbit/secondchannelcanbe
configuredtocarryvoiceordatatraffic.Mosttelephonecompaniesallowyoutobuyjustsomeoftheseindividual
channels,knownasfractionalT1access.T1linesareapopularleasedlineoptionforbusinessesconnectingtothe
InternetandforInternetServiceProviders(ISPs)connectingtotheInternetbackbone.TheInternetbackbone
itselfconsistsoffasterT3connections.T1comesineithercopperorfiberoptics.
ATMATMstandsforAsynchronousTransferModeandisahighspeed,packetswitchingtechniquethatuses
shortfixedlengthpacketscalledcells.ATMcantransmitvoice,video,anddataoveravariablespeedLANandWAN
connectionsatspeedsrangingfrom1.544Mbpstoashighas622Mbps.ATMiscapableofsupportingawiderangeof
traffictypessuchasvoice,video,imageanddata.
SONETSONETandSDHareasetofrelatedstandardsforsynchronousdatatransmissionoverfiberoptic
networks.SONETisshortforSynchronousOpticalNETworkandSDHisanacronymforSynchronousDigital
Hierarchy.SONETistheUnitedStatesversionofthestandardandSDHistheinternationalversion.SONETdefines
abaserateof51.84Mbpsandasetofmultiplesofthebaserateknownas"OpticalCarrierlevels."(OCx).Speeds
approaching40gigabitspersecondarepossible.
ISDNIntegratedServicesDigitalNetwork(ISDN)iscomprisedofdigitaltelephonyanddatatransportservices
offeredbyregionaltelephonecarriers.ISDNinvolvesthedigitalizationofthetelephonenetwork,whichpermits
voice,data,text,graphics,music,video,andothersourcematerialstobetransmittedoverexistingtelephone
wires.Thereare2typesofISDNchannels:
B(bearer)Transfersdataat64Kbps.AnISDNusuallycontains2Bchannelsforatotalof128kbps.
D(data)Handlessignallingateither16Kbpsor64Kbps(sometimeslimitedto56Kbps)whichenablestheB
channeltostrictlypassdata
Connection

Speed

Medium

ISDNBRI

64kbps/channel

Twistedpair

ISDNPRI

1,544kbps

Twistedpair

POTS

Upto56Kbps

Twistedpair

PSTN

64kbps/channel

Twistedpair

FrameRelay

56kbps45mbps

Varies

T1

1.544Mbps

Twistedpair,coaxial,oropticalfiber

ADSL

256Kbpsto24Mbps(ADSL2+)

Twistedpair

SDSL

1.544mbps

Twistedpair

VDSL

100mbps

Twistedpair

Cablemodem

512Kbpsto52Mbps

Coaxial

Satellite

1gbps(avg15mbps)

Air

T3

44.736Mbps

Twistedpair,coaxial,oropticalfiber

OC1

51.84Mbps

Opticalfiber

OC3

155.52Mbps

Opticalfiber

Wireless

1gbps

Air

ATM

10gbps

Opticalfiber

SONET

10gbps

Opticalfiber

PacketandCircuitSwitchingPacketswitchingreferstoprotocolsinwhichmessagesaredividedintopackets
beforetheyaresent.Eachpacketisthentransmittedindividuallyandcanevenfollowdifferentroutestoits
destination.Onceallthepacketsformingamessagearriveatthedestination,theyarerecompiledintotheoriginal
message.MostmodernWideAreaNetwork(WAN)protocols,includingTCP/IPandFrameRelayarebasedonpacket
switchingtechnologies.Incontrast,normaltelephoneserviceisbasedonacircuitswitchingtechnology,inwhicha
dedicatedlineisallocatedfortransmissionbetweentwoparties.Circuitswitchingisidealwhendatamustbe
transmittedquicklyandmustarriveinthesameorderinwhichitissent.Thisisthecasewithmostrealtimedata,
suchasliveaudioandvideo.Packetswitchingismoreefficientandrobustfordatathatcanwithstandsomedelays
intransmission,suchasemailmessagesandWebpages.

Domain2.6:LANTechnologyTypesandProperties
EthernetEthernetisthemostwidelyinstalledlocalareanetwork(LAN)technology.Specifiedinastandard,IEEE
802.3,EthernetwasoriginallydevelopedbyXeroxfromanearlierspecificationcalledAlohanet(forthePaloAlto
ResearchCenterAlohanetwork)andthendevelopedfurtherbyXerox,DEC,andIntel.Earlyethernetnetworks
usescoaxialconnections.Themostcommontypescurrentlyusetwistedpaircabling,however,fiberopticcablingis
becomingmuchmorecommonasstandardsandspeedsincrease.Belowaresomeoftheethernetstandards:
Connection
CableType
Type

Connector

Maximum
Speed
Length

10BaseT

Category3orbetter
UTPcable

RJ45

100
meters
(328ft)

10
mbps

100BaseTX

Cat5twistedpair

RJ45

100
meters
(328ft)

100
mbps

100BaseFX

FiberOptic

ST,SC

2000
meters

100
mbps

1000BaseT

CAT5eorhigher

RJ45

100
meters
(328ft)

1gbps

1000Base
LX

Laseroverfiber

SC

Upto
5000
meters

1gbps

1000Base
SX

Shortwavelengthlaser
overfiber

SC

Upto550
meters

1gbps

1000Base
CX

Twinaxorshorthaul
copper

9PinshieldedDsubminiatureconnector,or8pin
ANSIfiberchanneltype2(HSSC)connector.

25meters

1gbps

10GBASE
SR

Shortwavelaserover
multimodefiberoptics

LC,SC

300
meters

10
Gbps

10GBASE
LR

Laseroversinglemode
fiberoptics

LC,SC

2000
meters

10
Gbps

10GBASE
ER

Laserovereithersingle
ormultimodefiber

LC,SC

40
kilometers

10
Gbps

10GBASE
SW

Shortwavelaserover
multimodefiberoptics

LC,SC

300
meters

10
Gbps

10GBASE
LW

Laseroversinglemode
fiberoptics

LC,SC

2000
meters

10
Gbps

10GBASE
EW

Laserovereithersingle
ormultimodefiber

10GBASET

Cat5e(orhigher)
twistedpair

LC,SC

RJ45

40
kilometers

10
Gbps

100
meters
(328ft)

10
Gbps

CSMA/CD(CarrierSenseMultipleAccesswithCollisionDetection)Intheearlydaysofethernet,when
twohostswouldsendpacketsatthesametime,acollisionwouldoccur.Astandardhadtobecreatedthatwould
havethehostsfollowrulesrelatingtowhentheycouldsenddataandwhentheycouldnot.ThisstandardisCarrier
SenseMultipleAccesswithCollisionDetection,referredtoasCSMA/CD.CSMA/CDforcescomputerstolistento
thewirebeforesendinginordertomakesurethatnootherhostonthewireissending.Ifacollisionisdetected,
bothofthesenderswillsendajamsignalovertheEthernet.Thisjamsignalindicatestoallotherdevicesonthe
Ethernetsegmentthattherehasbeenacollision,andtheyshouldnotsenddataontothewire.
HowEthernetCSMA/CDWorks
Bonding(AKALinkAggregation,PortTrunking,EtherChannel,etc.)Usesmultiplenetworkcables/portsin
paralleltoincreasethelinkspeedbeyondthelimitsofanyonesinglecableorport,andtoincreasetheredundancy
forhigheravailability.

Domain2.7:CommonLogicalNetworkTopologies
PeertoPeerApeertopeernetworkisoneinwhichlacksadedicatedserverandeverycomputeractsasbotha
clientandaserver.Thisisagoodnetworkingsolutionwhenthereare10orlessusersthatareincloseproximityto
eachother.Apeertopeernetworkcanbeasecuritynightmare,becausethepeoplesettingpermissionsforshared
resourceswillbeusersratherthanadministratorsandtherightpeoplemaynothaveaccesstotherightresources.
Moreimportantlythewrongpeoplemayhaveaccesstothewrongresources,thus,thisisonlyrecommendedin
situationswheresecurityisnotanissue.P2Pfilesharingnetworksworkunderasimilararchitecture,however,
therearedifferencesbetweenthemandtheLANnetworkingarchitecture.
Client/ServerThistypeofnetworkisdesignedtosupportalargenumberofusersandusesdedicatedserver/sto
accomplishthis.Clientslogintotheserver/sinordertorunapplicationsorobtainfiles.Securityandpermissions
canbemanagedby1ormoreadministratorswhichwhosetpermissionstotheservers'resources.Thistypeof
networkalsoallowsforconvenientbackupservices,reducesnetworktrafficandprovidesahostofotherservices
thatcomewiththenetworkoperatingsystem.
VPNAvirtualprivatenetworkisonethatusesapublicnetwork(usuallytheInternet)toconnectremotesitesor
userstogether.CompaniesusesitetositeVPNtosupportcriticalapplicationstoconnectofficestoremoteusers.
Insteadofusingadedicated,realworldconnectionsuchasleasedline,aVPNuses"virtual"connectionsrouted
throughtheInternetfromthecompany'sprivatenetworktotheremotesiteoremployee.
VLANAvirtualLANisalocalareanetworkwithadefinitionthatmapsworkstationsonabasisotherthan
geographiclocation(forexample,bydepartment,typeofuser,orprimaryapplication).ThevirtualLANcontroller
canchangeoraddworkstationsandmanageloadbalancingandbandwidthallocationmoreeasilythanwitha
physicalpictureoftheLAN.Networkmanagementsoftwarekeepstrackofrelatingthevirtualpictureofthelocal
areanetworkwiththeactualphysicalpicture.

Domain2.8:InstallcomponentsofWiringDistribution
VerticalCrossConnectisalocationwithinabuildingwherecablesoriginateand/orareterminated,
reconnectedusingjumpersorpassthroughsorareconnectedtopatchpanelsorothersimilardeviceswherethe
locationsarefromupperorlowerfloorsinthebuilding.Thesecablescouldbeofmultipledifferenttypesand
mediumssuchasphonenetworks,datalines,copperbased,fiberchannel,etc.
HorizontalCrossConnectsimilartoVerticalCrossConnectlocationsthesearewithinabuildingwherecables
originateand/orareterminatedbuttheselocationsareallonthesamefloororbuildinglevel.AswithVertical
CrossConnectconfigurations,theselocationscanbeofmultipledifferentnetworktypesandmediums.
PatchPanelwallorrackmountedcollectionofdataconnectionswhereallofthenetworkmediaconverges.
Theseroomsaregenerallysomeformoftelecommunicationsclosetinafacilityanditisusedtoconnectallofthe
differenttypesofincomingandoutgoingmediatypesontheLAN.Whentheyallspanthesamefloorofabuilding
theyaresometimesreferredtoasHorizontalCrossConnectlocationsandwhentheyspandifferentlevelsofa
location/differentfloorsofabuildingtheyaresometimesreferredtoasVerticalCrossConnectlocations.Themain
PatchPanelroomwilloftenbetheconnectionpointfortheLANtobeconnectedtotheWANand/ortheinternet.
66Blockisalegacytypeofpunchdownblockusedtoconnectsetsof22through26AmericanWireGauge
(AWG)solidcopperwireinatelephonesystem.Theyhavea25pairstandardnonsplitcapacityandgenerallyare
unsuitedfortrafficanddatanetworkcommunicationsabove10megabitspersecond(Mbps).

MainDistributionFrame(MDF)isawiredistributionframeforconnectingequipmentinsideafacilitytocables
andsubscribercarrierequipmentoutsideofthefacility.Oneexampleofthisiswhereallofthephonecablinginside
afacilityisruntoplannedphonelocations(e.g.offices)backtotheMDF.Whenthelocaltelephonecompanymakes
theexternalconnectionsthenallcircuitsarecompleted.
IntermediateDistributionFrame(IDF)isanotherplacemuchlikeaHorizontalCrossConnectlocationora
VerticalCrossConnectlocationwherenetworkadministratorscanphysicallychangethenetworkmediaaroundand
wheretheycanhouseotherneedednetworkequipmentsuchasrouters,switches,repeatersandsoforth.
25Pairisagroupingof25pairsofwiresallinsideasinglecovering/housingorouterinsulationcasing.Itisbest
suitedfortelephone/voicecablerunsratherthandatacablerunsandisgenerallyusedasafeedercable.
100Pairisalargercablingsegmenttoits25paircousinbutusedinthesamemannerallofthe100pairsof
wiresareinsideasinglecovering/housingorouterinsulationcasing.Itisbestsuitedfortelephone/voicecable
runsratherthandatacablerunsandisgenerallyusedasafeedercable.
110Blockisthemoremodernreplacementofthelegacy66Blockandisusedasawiringdistributionpointfor
wiredtelephonesystems(voice)andothertypesofwirednetworking(data).Ononesideoftheblockwiresare
puncheddownintoRJ11connectorsforvoiceandRJ45connectorsfordatacommunications.
Demarcisthepointofoperationalandadministrativecontrolchangeinanetwork.Oneexampleofthisisthe
MainDistributionFrame(MDF)pointinafacility.Thisiswherethewiredistributionframeforconnectingequipment
insideafacilitytocablesandsubscribercarrierequipmentoutsideofthefacilityoccursandthisisconsidereda
demarcationpointoftheoperationalcontroloftheinternalsystemswhereitchangesovertothecontrolofthe
externalpresence.
DemarcExtensionwheretheendofthelineoftheexternaladministrativecontrolisextendedbeyondthat
actualendpoint.Exampleyouareonebusinessinsideofalargehighrisebuildingonthe15thflooronlyandthe
MainDistributionFrame(MDF)pointisonthegroundfloor.YourresponsibilityprobablyendsattheIntermediate
DistributionFrame(IDF)onyourfloorandtheexternaladministration(examplePhoneCompany)endsatthe
MainDistributionFrame(MDF)onthegroundfloor.Thebuildingadministrationownsallthecablingresponsibility
betweentheMainDistributionFrame(MDF)onthegroundfloorandyourIntermediateDistributionFrame(IDF)on
yourfloor.ThatcablingiseffectivelytheDemarcExtension
SmartJackisanetworkconnectiondevicethatisusedtoconnectyourinternalnetworktoanexternalservice
providernetwork.Thedevicehandlesallofthecodeandprotocoldifferencesbetweenthetwonetworksandisoften
theactualdemarcationpointbetweenthetwoserviceentities.
WiringInstallationisthephysicalinstallationofinternalwiringinafacility.Thismaybethepullsofcopper
phoneanddatalinestotherunningoffiberopticmediumfromthedifferentcrossconnectlocations.
WiringTerminationistheendpointofnetworkedcablerunsthatwillgenerallyendeitherinapatchpanelora
jacklocationinanoffice.ThishashistoricallybeenthecopperwirerunsassociatedwithphonelinestotheRJ11
jacks/blockstothedatalinesontheRJ45connections.Wireterminationisalsoaconsiderationonfiberopticpulls
aswellwhichrequiresahighersetofskilllevel.

Domain3.0:NetworkDevices
Domain3.1:CommonNetworkDevices
HubAphysicallayernetworkdeviceusedtoconnectmultipleEthernetdevicestogether.
Activehubsactasarepeaterandboostthesignalinordertoallowforittotravelfarther,while
passivehubssimplypassthesignalthrough.Mosthubshaveanuplinkportthatallowsthem
toconnecttootherhubs,arouter,orothernetworkdevices.
Repeater:Aphysicallayerdevicethatboostssignalsin
ordertoallowasignaltotravelfartherandprevent
attenuation.Attentuationisthedegradationofasignalasittravelsfartherfrom
itsorigination.Repeatersdonotfilterpacketsandwillforwardbroadcasts.Both
segmentsmustusethesameaccessmethod,whichmeansthatyoucan't
connectatokenringsegmenttoanEthernetsegment.Repeaterscanconnectdifferentcabletypesasshownin
theimage.

ModemThemodemisadevicethatconvertsdigitalinformationtoanalogbyMODulatingiton
thesendingendandDEModulatingtheanaloginformationintodigitalinformationatthe
receivingend.Mostmodernmodemsareinternal,however,theycanbeinternalorexternal.
ExternalmodemsareconnectedtothebackofthesystemboardviaaRS232serialconnection.
Internalmodemsareinstalledinoneofthemotherboard'sPCIorISAexpansionslotsdepending
onthemodem.ThemodemcontainsanRJ11connectionthatisusedtopluginthetelephoneline.Modemshave
differenttransmissionmodesasfollows:
SimplexSignalscanbepassedinonedirectiononly.
HalfDuplexHalfduplexmeansthatsignalscanbepassedineitherdirection,butnotinboth
simultaneously.Halfduplexmodemscanworkinfullduplexmode.
FullDuplexFullduplexmeansthatsignalscanbepassedineitherdirectionsimultaneously.
ModemscanalsobeclassifiedbytheirspeedwhichismeasuredbytheBAUDrate.Onebaudisoneelectronicstate
changepersecond.Sinceasinglestatechangecaninvolvemorethanasinglebitofdata,theBitsPerSecond(BPS)
unitofmeasurementhasreplaceditasabetterexpressionofdatatransmissionspeed.Commonmodemspeeds
areV.34at28.8kbps,V.34+at33.6kbpsandV.90at56Kbps.
NetworkInterfaceCardANetworkInterfaceCard,oftenabbreviatedasNIC,isan
expansionboardyouinsertintoacomputersothecomputercanbeconnectedtoa
network.MostNICsaredesignedforaparticulartypeofnetwork,protocolandmedia,
althoughsomecanservemultiplenetworks.
MediaConverterssimplenetworkingdevicesthatmakeit
possibletoconnecttwodissimilarmediatypessuchastwisted
pairwithfiberopticcabling.Theywereintroducedtotheindustrynearlytwodecadesago,
andareimportantininterconnectingfiberopticcablingbasedsystemswithexisting
copperbased,structuredcablingsystems.TheyarealsousedinMANaccessanddata
transportservicestoenterprisecustomers.Fibermediaconverterssupportmanydifferent
datacommunicationprotocolsincludingEthernet,FastEthernet,GigabitEthernet,
T1/E1/J1,DS3/E3,aswellasmultiplecablingtypessuchascoax,twistedpair,multimodeandsinglemodefiber
optics.MediaconvertertypesrangefromsmallstandalonedevicesandPCcardconverterstohighportdensity
chassissystemsthatoffermanyadvancedfeaturesfornetworkmanagement.
SwitchAswitchisanetworkdevicethatfiltersandforwardspacketsbetween
LANsegmentsandensuresthatdatagoesstraightfromitsorigintoitsproper
destination.Switchesremembertheaddressofeverynodeonthenetwork,and
anticipatewheredataneedstogo.Aswitchonlyoperateswiththecomputerson
thesameLAN.Thisreducescompetitionforbandwidthbetweendevicesonthe
network.Itisn'tsmartenoughtosenddataouttotheinternet,oracrossaWAN.Thesefunctionsrequirearouter.
BridgeFunctionsthesameasarepeater,butcanalsodivideanetworkinorderto
reducetrafficproblems.Abridgecanalsoconnectunlikenetworksegments(ie.tokenring
andethernet).Bridgescreateroutingtablesbasedonthesourceaddress.Ifthebridge
can'tfindthesourceaddressitwillforwardthepacketstoallsegments.Bridging
methods:
TransparentOnlyonebridgeisused.
SourceRouteBridgingaddresstablesarestoredoneachPConthenetwork
SpanningTreePreventsloopingwherethereexistsmorethanonepathbetweensegments
WirelessAccessPointAWirelessAccessPointisaradiofrequencytransceiverwhichallowsyour
wirelessdevicestoconnecttoanetwork.TheWAPusuallyconnectstoawirednetwork,andcan
relaydatabetweenthewirelessdevices(suchascomputersorprinters)andwireddevicesonthe
network.Awirelessaccesspointwillsupportupto32wirelessdevices.Therangeofthewireless
signaldependsgreatlyonobstructionssuchaswalls.Formoreinformationaboutwireless
standards,seedomain1.7.
RouterFunctioningatthenetworklateroftheOSImodel,arouteris
similartoaswitch,butitcanalsoconnectdifferentlogicalnetworksor
subnetsandenabletrafficthatisdestinedforthenetworksontheother
sideoftheroutertopassthrough.Routerscreateormaintainatableof
theavailableroutesandcanbeconfiguredtousevariousroutingprotocolstodeterminethebestrouteforagiven
datapacket.Routerscanconnectnetworksthatusedisimilarprotocols.Routersalsotypicallyprovideimproved
securityfunctionsoveraswitch.

FirewallEitherahardwareorsoftwareentity(oracombinationofboth)that
protectsanetworkbystoppingnetworktrafficfrompassingthroughit.Inmost
cases,afirewallisplacedonthenetworktoallowallinternaltraffictoleavethe
network(emailtotheoutsideworld,webaccess,etc.),butstopunwantedtraffic
fromtheoutsideworldfromenteringtheinternalnetwork.Thisisachievedby
grantinganddenyingaccesstoresourcesbasedonasetofconfigurablerules.
DHCPServerAserverthatisresponsibleforassiginguniqueIPaddresstothe
computersonanetwork.ADHCPserverpreventstheassignmentofduplicateIP
addressestoclientsandreducesadministrativeeffortinnetworkconfiguration.ADHCPserverisactuallymoreofa
servicethatisfoundonnetworkoperatingsystemssuchasWindows2002/2008server,oronnetworkdevices
suchasrouters.

Domain3.2:SpecializedNetworkDevices
MultilayerSwitchAmultilayerswitch(MLS)isacomputernetworkingdevicethatswitchesonOSIlayer2like
anordinarynetworkswitchandprovidesextrafunctionsonhigherOSIlayers.SomeMLSsarealsoabletoroute
betweenVLANand/orportslikeacommonrouter.Theroutingisnormallyasquickasswitching(atwirespeed).
SomeswitchescanuseuptoOSIlayer7packetinformationtheyarecalledlayer47switches,contentswitches,
webswitchesorapplicationswitches.
ContentSwitchThemainfunctionofacontentswitchistoinspectthenetworkdatathatitreceivessothatit
candecidewhereonthenetworkthatdata(orrequest)needstobeforwardedto.Oncethisisdeterminedthedata
issenttotheappropriateserverwhichcanhandlethedata.Inmostcasestheswitchlookstoseewhattypeof
applicationorsoftwaretherequestistargetedat.Itdoesthisbylookingtoseewhatporttherequestsisdirected
at.Forexampleifthedataistargetedatanftpportthentherequestwillbesenttoanftpsever.Themainbenefit
ofthisapproachisthattheswitchactsasaloadbalancerasitcanbalancedataorrequestsacrossthedifferent
typeofapplicationserversusedbythebusiness.Asecondmajorfunctionthatthistypeofswitchcanperformisto
lookattheincomingrequestsandseewhichwebsitesaretargeted.Thisisimportantforlargeenterprisesor
hostingcompanies.Ifforexampleawebhostingcompanywashostingseveralthousandwebsitestheswitchcould
directrequeststothespecificserversthatthewebsitesarerunningon.Thesedevicestendtobeveryexpensive.
IDS/IPSThesetermsstandforIntrusionDetectionSystemandIntrusionPreventionSystemrespectively.IDSis
adevice(orapplication)thatmonitorsnetworkand/orsystemactivitiesformaliciousactivitiesorpolicyviolations.
IDSisapassivesystemthatgivesalertswhensomethingsuspiciousisdetectedandlogstheeventsintoadatabase
forreporting.IPS,ontheotherhand,sitsinlinewithtrafficflowsonanetwork,activelyshuttingdownattempted
attacksastheyresentoverthewire.Itcanstoptheattackbyterminatingthenetworkconnectionorusersession
originatingtheattack,byblockingaccesstothetargetfromtheuseraccount,IPaddress,orotherattribute
associatedwiththatattacker,orbyblockingallaccesstothetargetedhost,service,orapplication.Vendorsare
increasinglycombiningthetwotechnologiesintoasinglebox,nowreferredtoasIDPS.Thesedevicesareused
with,notinsteadof,afirewall.
LoadBalancerAloadbalancerisahardwareand/orsoftwaresolutionthatprovidesloadbalancingservices.Load
balancingisusedtodistributeworkloadsevenlyacrosstwoormorecomputers,networklinks,CPUs,harddrives,or
otherresources,inordertogetoptimalresourceutilization,maximizethroughput,minimizeresponsetime,and
avoidoverload.Usingmultiplecomponentswithloadbalancing,insteadofasinglecomponent,mayincrease
reliabilitythroughredundancy.Asanexample,Googlereceivesmany,manymoresearchrequeststhanasingle
servercouldhandle,sotheydistributetherequestsacrossamassivearrayofservers.
MutlifunctionNetworkDevicesAsyoumightguess,multifunctionnetworkdevicescombinethefunctionof
individualdevicesintoasingleunit.Anexampleiswirelessaccesspointswhichoftenincludeoneormoreofthe
following:firewall,DHCPserver,wirelessaccesspoint,switch,gateway,androuter.
DNSServerDNSisanInternetandnetworkingservicethattranslatesdomainnamesintoIPaddresses.The
internetisbasedonnumericalIPaddresses,butweusedomainnamesbecausetheyareeasiertoremember.DNS
istheservicethatlooksuptheIPaddressforadomainnameallowingaconnectiontobemade.Thisprocessisvery
similartocallinginformation.Youcallthemwithaname,theychecktheirdatabaseandgiveyouthephone
number.TheDNSserviceisincludedwithserveroperatingsystems(Windows2003/2008,Linux,etc.)andnetwork
devicessuchasrouters.
BandwidthShaperDescribesthemechanismsusedtocontrolbandwidthusageonthenetwork.Bandwidth
shapingistypicallydoneusingsoftwareinstalledonanetworkserver.Fromthisserver,administratorscancontrol
whousesbandwidth,forwhat,andwhen.Bandwidthshapingestablishesprioritiestodatatravelingtoandfromthe
Internetandwithinthenetwork.Abandwidthshaperessentiallyperformstwokeyfunctions:monitoringand
shaping.Monitoringincludesidentifyingwherebandwidthusageishighandatwhattimeofday.Afterthat
informationisobtained,administratorscancustomizeorshapebandwidthusageforthebestneedsofthenetwork.
IamunawarewhyCompTIAlistedthisinthe"networkdevices"sectionoftheirobjectives,butbandwidthshapers
aretypicallysoftware.

ProxyServerAproxyserveractsasamiddlemanbetweenclientsandtheInternetprovidingsecurity,
administrativecontrol,andcachingservices.Whenausermakesarequestforaninternetserviceanditpasses
filteringrequirements,theproxyserverlooksinitslocalcacheofpreviouslydownloadedwebpages.Iftheitemis
foundincache,theproxyserverforwardsittotheclient.Thisreducesbandwidththroughthegateway.Ifthepage
isnotinthecache,theproxyserverwillrequestthepagefromtheappropriateserver.Nowadays,thefunctionsof
proxyserversareoftenbuiltintofirewalls.
CSU/DSUAChannelServiceUnit/DataServiceUnit(CSU/DSU)actsasatranslatorbetweentheLANdata
formatandtheWANdataformat.SuchaconversionisnecessarybecausethetechnologiesusedonWANlinksare
differentfromthoseusedonLANs.AlthoughCSU/DSU'slooksimilartomodems,theyarenotmodems,andthey
don'tmodulateordemodulatebetweenanaloganddigital.Alltheyreallydoisinterfacebetweena56K,T1,orT3
lineandserialinterface(typicallyaV.35connector)thatconnectstotherouter.Manynewerroutershave
CSU/DSUsbuiltintothem.

Domain3.3:AdvancedFeaturesofaSwitch
PoEGenerallyspeaking,PoweroverEthernettechnologydescribesasystemtosafelypasselectricalpower,along
withdata,onEthernetcabling.StandardversionsofPoEspecifycategory5cableorhigher.Powercancomefroma
powersupplywithinaPoEenablednetworkingdevicesuchasanEthernetswitchorfromadevicebuiltfor
"injecting"powerontotheEthernetcabling.IPPhones,LANaccesspoints,andWiFiswitchestoRFIDreadersand
networksecuritycameras.AlloftheserequiremorepowerthanUSBoffersandveryoftenmustbepoweredover
longerrunsofcablethanUSBpermits.Inaddition,PoEusesonlyonetypeofconnector,an8P8C(RJ45),whereas
therearefourdifferenttypesofUSBconnectors.
SpanningTreeProtocolSpanningTreeisoneofthreebridgingmethodsanetworkadministratorcanuse.
Whichmethodyouuseusuallywillbedeterminedbythenetworkssize.Thesimplestmethodistransparent
bridging,whereonlyonebridgeorswitchexistsonthenetwork.ThenextisSourceRoute,inwhichbridging
addresstablesarestoredoneachPConthenetwork.Thenthereswhatyoucamefor,spanningtree,which
preventsloopswherethereexistsmorethanonepathbetweensegments.STPwasupgradedtoRapidSpanning
TreeProtocol(RSTP).
VLANAbroadcastdomainisnormallycreatedbytherouter.WithVLANs,aswitchcancreatethebroadcast
domain.Thisallowsavirtualnetwork,independentofphysicallocationtobecreated.

TrunkingVLANsarelocaltoeachswitch'sdatabase,andVLANinformationisnotpassedbetweenswitches.
TrunklinksprovideVLANidentificationforframestravelingbetweenswitches.TheVLANtrunkingprotocol(VTP)is
theprotocolthatswitchesusetocommunicateamongthemselvesaboutVLANconfiguration.

PortMirroringUsedonanetworkswitchtosendacopyofnetworkpacketsseenononeswitchport(oran
entireVLAN)toanetworkmonitoringconnectiononanotherswitchport.Thisiscommonlyusedfornetwork
appliancesthatrequiremonitoringofnetworktraffic,suchasanintrusiondetectionsystem.
PortAuthenticationTheIEEE802.1xstandarddefines802.1xportbasedauthenticationasaclientserver
basedaccesscontrolandauthenticationprotocolthatrestrictsunauthorizedclientsfromconnectingtoaLAN
throughpubliclyaccessibleports.Theauthenticationservervalidateseachclientconnectedtoaswitchportbefore
makingavailableanyservicesofferedbytheswitchortheLAN.

Domain3.4:ImplementaBasicWirelessNetwork
InstallClienttheactualstepstakentosetupacomputer,laptoporothernetworkconnecteddevicetothe
network.ThismaybeintheformofjustgettingitcorrectlyconfiguredtouseTCP/IPormoreinvolvedsuchas
installingasoftwaresuitesothatspecificnetworkparameterscanbeleveragedforproperconnectivitytonetwork
resourcesorresourcesonthedomain.
NetworkConnectionsDialogBoxusedtoconfiguredifferentaspectsofthenetworkconnectionsbywayofa
graphicaluserinterface(GUI)withintheMicrosoftWindowsoperatingsystems(WindowsXP,WindowsVista,Server
2003,etc).Withrespecttopeertopeernetworks,youcanusetheNetworkTaskspanetoCreateaNew
Connection,SetupaHomeorsmallofficenetworkaswellaschangetheWindowsFirewallsettingsandview
availablewirelessnetworks.
WirelessNetworkConnectionDialogBoxthegraphicaluserinterface(GUI)withintheMicrosoftWindows
operatingsystemsusedtoconfigurethewirelessdevicesandtheirsettings.OntheGeneraltabyoucanconfigure
thespecifichardwaresettings(parameters,drivers,etc)aswellastheprotocols(e.g.TCP/IP)andthenetwork
clientthatthedevicewilluse(e.g.ClientforMicrosoftNetworks).Additionally,youcaninstallservicesfromthis
screenaswell(e.g.VirtualMachineNetworkService).TheWirelessNetworkstabwillshowyoutheavailable
networksandallowyoutoconfigurepreferenceforeachofthenetworksencountered.
AccessPointPlacementcorrectlypositioningyourWirelessAccessPointswillallowfortheseamlessuseof
wirelessdevicesonyournetwork.Bycorrectlyplacingthedevices,userswillnotgenerallyexperiencesignallossof
theirconnectiontothenetwork.Itisimportanttounderstandthattherearemanythingsthataffectthewireless
accesspointsignalwithrespecttobroadcastandreceivingstrengththatincludetheconstructionandarchitecture
ofthebuildingwherethedevicesaredistributedaswellasgeneraldisruptionofthefrequencyrangethatthe
accesspointsoperateonbyotherdevices(e.g.microwaveovens,cordlessphones,etc).
PhysicalLocationsofWirelessAccessPoints(WAPs)deviceplacementbestpracticesincludeplanningfor
morethanjustnominalhalfdistancesbetweendevices.Considerationneedstobegiventowhattypeof
obstructionsmaybecurrentlyintheway(physicalfirebreaksinbetweenwallsmetalsuperstructure,etc)aswell
asfutureplanstosubdivideoffices.Electricalmotorsandotherhighercurrentcarryinglinesneedtobeconsidered
aswelltokeepinterferencetoaminimum.
WiredorWirelessConnectivityplanningforWAPtoWAPconnectionsonlyoramixofwiredandwireless
connections.ItseasiertoconnectWAPtoWAPinadaisychainsignalrelayconfigurationbutwhenyoudothisyou
needtorealizethataphysicalfailureinoneWAPdevicemaytakeoutallthedevices.Itismoreworkanditcosts
moreintimemoneyandefforttoconnecttheWAPsusingwiredconnectionsbacktoaswitchorarouterbutit
greatlyreducesthepotentialconnectivelylossonthenetworkthelossofasingleWAPwheretheWAPsarewired

backresultsinonlyimpactingtheusersofthatoneWAPinsteadofallWAPsupanddownstream.
InstallAccessPointanothertermfortheWirelessAccessPoint(s)thatwillallowyoutocorrectlygainaccessto
thenetworkwithyourdevice.Thispointontothenetworkwillallowtheclientdevicetoconfigureitselfwiththe
necessaryencryption(ifrequired)andanyothernetworkrequiredsettingsorelseriskbeingdefaultedoffthe
network.
ConfiguringEncryptionwithrespecttowirelessclientsthesearethesettingsmostcommonlyused.Disabled
simplymeansthateverythingispassedascleartext.WiredEquivalentPrivacy(WEP)isthelowestformofthe
typesofencryptionavailableandisgenerallyonlyusedtodaytoallowlegacydevicesthatcannothandlemore
robustencryptionprotocolstogainsomewhatsecuredaccesstothenetwork.WEPhasbeenchallengedand
defeatedforanumberofyearsmainlyduetotheincreaseincomputingpowerandthefactthatthekeysare
alphanumericorhexadecimalcharactersthatareconfiguredin40bit,64bit,128bit,153bitand256bitstrength.
WiFiProtectedAccess(WPA)wascreatedbytheWiFiAlliancetobettersecurewirelessnetworksandwascreated
inresponsetotheweaknessesresearchersfoundinWiredEquivalentPrivacy(WEP).TemporalKeyIntegrity
Protocol(TKIP)isusedinWPAtoencrypttheauthenticationandencryptioninformationthatwasinitiallypassedon
thewireincleartextbeforeanetworknodecouldsecureitscommunicationsonthenetwork.WiFiProtected
Accessversion2(WPA2)offersadditionalprotectionbecauseitusesthestrongestauthenticationandencryption
algorithmsavailableintheAdvancedEncryptionStandard(AES).
ConfiguringChannelsandFrequenciesmostwirelessroutersworkinthe2.4GHzfrequencyrangeand
requirenetworkadministratorstosetupthechannelsforthedevicestouse.1,6and11arethemainchannels
usedbecausetheygenerallywillnotbeinterferedwithfromotherdevicessuchascordlessphonesandBluetooth
devicesthatalsoworkatthisfrequencyrange.
SettingESSIDandBeaconExtendedServiceSetidentifier(ESSID)istheadvertisementfromtheWireless
AccessPointthatbasicallyannouncesitsavailabilityfornetworkdevicestomakeaconnection.Theannouncement
signalthatissentoutiscalledthebeacon.
VerifyingInstallationtheprocessthatisoutlinedformakingsurethatallthesettingsneededtoconnecta
networknodetothewirelessdevice.ThebestpracticestepsgenerallyincludeoninitialinstallationoftheWireless
AccessPoint(WAP)todosowithoutanysecuritytoverifythataclientcangetonthenetwork.Oncethatis
successfulyouwouldthenincorporatethesecurityprotocolthatyouwantedtouseandtomakesuretheclientcan
operateonthenetworkagain.Oncethisissuccessfullydoneitisassumedallothernetworknodeswouldbeableto
successfullyrepeatthesamestepstoaccessthenetworksecurelyandwiththetrafficencrypted.

Domain4.0:NetworkManagement
Domain4.1:OSIModel
TheOSInetworkingmodelisdividedinto7layers.Eachlayerhasadifferentresponsibility,andallthelayerswork
togethertoprovidenetworkdatacommunication.
Layer

Description

Application

Representsuserapplications,suchassoftwareforfiletransfers,databaseaccess,andemail.It
handlesgeneralnetworkaccess,flowcontrol,anderrorrecovery.Providesaconsistentneutral
interfaceforsoftwaretoaccessthenetworkandadvertisesthecomputersresourcestothe
network.

DeterminesdataexchangeformatsandtranslatesspecificfilesfromtheApplicationlayerformat
Presentation intoacommonlyrecognizeddataformat.Itprovidesprotocolconversion,datatranslation,
encryption,charactersetconversion,andgraphicscommandexpansion.

Session

Handlessecurityandnamerecognitiontoenabletwoapplicationsondifferentcomputersto
communicateoverthenetwork.Managesdialogsbetweencomputersbyusingsimplex(rare),half
duplexorfullduplex.Thephasesinvolvedinasessiondialogareasfollows:establishment,data
transferandtermination.

Transport

Providesflowcontrol,errorhandling,andisinvolvedincorrectionoftransmission/reception
problems.Italsobreaksuplargedatafilesintosmallerpackets,combinessmallpacketsintolarger
onesfortransmission,andreassemblesincomingpacketsintotheoriginalsequence.

Network

Addressesmessagesandtranslateslogicaladdressesandnamesintophysicaladdresses.Italso
managesdatatrafficandcongestioninvolvedinpacketswitchingandrouting.Itenablestheoption
ofspecifyingaserviceaddress(sockets,ports)topointthedatatothecorrectprogramonthe
destinationcomputer.

Theinterfacebetweentheupper"software"layersandthelower"hardware"Physicallayer.Oneof
itsmaintasksistocreateandinterpretdifferentframetypesbasedonthenetworktypeinuse.The
DataLinklayerisdividedintotwosublayers:theMediaAccessControl(MAC)sublayerandthe
LogicalLinkControl(LLC)sublayer.
DataLink

Physical

LLCsublayerstartsmaintainsconnectionsbetweendevices(e.g.serverworkstation).
MACsublayerenablesmultipledevicestosharethesamemedium.MACsublayermaintains
physicaldevice(MAC)addressesforcommunicatinglocally(theMACaddressofthenearest
routerisusedtosendinformationontoaWAN).
Thespecificationforthehardwareconnection,theelectronics,logiccircuitry,andwiringthat
transmittheactualsignal.Itisonlyconcernedwithmovingbitsofdataonandoffthenetwork
medium.MostnetworkproblemsoccuratthePhysicallayer.

Hereisanidiotic,yeteasywaytorememberthe7layers.Memorizethefollowing
sentence:AllPeopleSeemToNeedDataProcessing.Thefirstletterofeachwordcorrespondstothefirstletterof
thelayersstartingwithApplicationandendingwiththephysicallayer.

Domain4.3:EvaluatetheNetworkBasedonConfigurationManagement
Documentation
Thetopicscoveredinthissectionareeitheralreadycoveredelsewhere,oraretooexpansiveforthepurposesofthis
guide.Consultyourbook(s)formoreinformationaboutthesetopics.

Domain4.4:ConductNetworkMonitoringtoIdentifyPerformanceandConnectivity
Issues
Thetopicscoveredinthissectionareeitheralreadycoveredelsewhere,oraretooexpansiveforthepurposesofthis
guide.Consultyourbook(s)formoreinformationaboutthesetopics.

Domain4.5:ExplainDifferentMethodsandRationalesforNetworkPerformance
Optimization
QualityofService(QoS)isasetofparametersthatcontrolsthelevelofqualityprovidedtodifferenttypesof
networktraffic.QoSparametersincludethemaximumamountofdelay,signalloss,noisethatcanbe
accommodatedforaparticulartypeofnetworktraffic,bandwidthpriority,andCPUusageforaspecificstreamof
data.Theseparametersareusuallyagreeduponbythetransmitterandthereceiver.Boththetransmitterandthe
receiverenterintoanagreementknownastheServiceLevelAgreement(SLA).InadditiontodefiningQoS
parameters,theSLAalsodescribesremedialmeasuresorpenaltiestobeincurredintheeventthattheISPfailsto
providetheQoSpromisedintheSLA.

TrafficShaping(alsoknownas"packetshaping"orITMPs:InternetTrafficManagementPractices)isthecontrol
ofcomputernetworktrafficinordertooptimizeorguaranteeperformance,increase/decreaselatency,and/or
increaseusablebandwidthbydelayingpacketsthatmeetcertaincriteria.Morespecifically,trafficshapingisany
actiononasetofpackets(oftencalledastreamoraflow)whichimposesadditionaldelayonthosepacketssuch
thattheyconformtosomepredeterminedconstraint(acontractortrafficprofile).Trafficshapingprovidesameans
tocontrolthevolumeoftrafficbeingsentintoanetworkinaspecifiedperiod(bandwidththrottling),orthe
maximumrateatwhichthetrafficissent(ratelimiting),ormorecomplexcriteriasuchasGCRA.Thiscontrolcan
beaccomplishedinmanywaysandformanyreasonshowevertrafficshapingisalwaysachievedbydelaying
packets.Trafficshapingiscommonlyappliedatthenetworkedgestocontroltrafficenteringthenetwork,butcan
alsobeappliedbythetrafficsource(forexample,computerornetwork
cardhttp://en.wikipedia.org/wiki/Traffic_shapingcite_note2)orbyanelementinthenetwork.Trafficpolicingis
thedistinctbutrelatedpracticeofpacketdroppingandpacketmarking.

LoadBalancingisatechniquetodistributeworkloadevenlyacrosstwoormorecomputers,networklinks,
CPUs,harddrives,orotherresources,inordertogetoptimalresourceutilization,maximizethroughput,minimize
responsetime,andavoidoverload.Usingmultiplecomponentswithloadbalancing,insteadofasinglecomponent,
mayincreasereliabilitythroughredundancy.Theloadbalancingserviceisusuallyprovidedbyadedicatedprogram
orhardwaredevice(suchasamultilayerswitchoraDNSserver).

HighAvailability(akaUptime)referstoasystemorcomponentthatiscontinuouslyoperationalforadesirably
longlengthoftime.Availabilitycanbemeasuredrelativeto"100%operational"or"neverfailing."Awidelyheldbut
difficulttoachievestandardofavailabilityforasystemorproductisknownas"five9s"(99.999percent)
availability.

Sinceacomputersystemoranetworkconsistsofmanypartsinwhichallpartsusuallyneedtobepresentinorder
forthewholetobeoperational,muchplanningforhighavailabilitycentersaroundbackupandfailoverprocessing
anddatastorageandaccess.Forstorage,aredundantarrayofindependentdisks(RAID)isoneapproach.Amore
recentapproachisthestorageareanetwork(SAN).
Someavailabilityexpertsemphasizethat,foranysystemtobehighlyavailable,thepartsofasystemshouldbe
welldesignedandthoroughlytestedbeforetheyareused.Forexample,anewapplicationprogramthathasnot
beenthoroughlytestedislikelytobecomeafrequentpointofbreakdowninaproductionsystem.

CacheEngine(akaserver)isadedicatednetworkserverorserviceactingasaserverthatsavesWebpagesor
otherInternetcontentlocally.Byplacingpreviouslyrequestedinformationintemporarystorage,orcache,acache
serverbothspeedsupaccesstodataandreducesdemandonanenterprise'sbandwidth.Cacheserversalsoallow
userstoaccesscontentoffline,includingmediafilesorotherdocuments.Acacheserverissometimescalleda
"cacheengine."Acacheserverisalmostalwaysalsoaproxyserver,whichisaserverthat"represents"usersby
interceptingtheirInternetrequestsandmanagingthemforusers.Typically,thisisbecauseenterpriseresourcesare
beingprotectedbyafirewallserver.Thatserverallowsoutgoingrequeststogooutbutscreensallincomingtraffic.
Aproxyserverhelpsmatchincomingmessageswithoutgoingrequests.Indoingso,itisinapositiontoalsocache
thefilesthatarereceivedforlaterrecallbyanyuser.Totheuser,theproxyandcacheserversareinvisibleall
InternetrequestsandreturnedresponsesappeartobecomingfromtheaddressedplaceontheInternet.(The
proxyisnotquiteinvisibleitsIPaddresshastobespecifiedasaconfigurationoptiontothebrowserorother
protocolprogram.)

Faulttolerancedescribesacomputersystemorcomponentdesignedsothat,intheeventthatacomponent
fails,abackupcomponentorprocedurecanimmediatelytakeitsplacewithnolossofservice.Faulttolerancecan
beprovidedwithsoftware,orembeddedinhardware,orprovidedbysomecombination.Inthesoftware
implementation,theoperatingsystemprovidesaninterfacethatallowsaprogrammerto"checkpoint"criticaldata
atpredeterminedpointswithinatransaction.Inthehardwareimplementation(forexample,withStratusandits
VOSoperatingsystem),theprogrammerdoesnotneedtobeawareofthefaulttolerantcapabilitiesofthe
machine.
Atahardwarelevel,faulttoleranceisachievedbyduplexingeachhardwarecomponent.Disksaremirrored.Multiple
processorsare"lockstepped"togetherandtheiroutputsarecomparedforcorrectness.Whenananomalyoccurs,
thefaultycomponentisdeterminedandtakenoutofservice,butthemachinecontinuestofunctionasusual.

ParametersInfluencingQOS
Bandwidthistheaveragenumberofbitsthatcanbetransmittedfromthesourcetoadestinationoverthe
networkinonesecond.
Latency(AKA"lag")istheamountoftimeittakesapacketofdatatomoveacrossanetworkconnection.
Whenapacketisbeingsent,thereis"latent"time,whenthecomputerthatsentthepacketwaitsforconfirmation
thatthepackethasbeenreceived.Latencyandbandwidtharethetwofactorsthatdetermineyournetwork
connectionspeed.Latencyinapacketswitchednetworkismeasuredeitheroneway(thetimefromthesource
sendingapackettothedestinationreceivingit),orroundtrip(theonewaylatencyfromsourcetodestinationplus
theonewaylatencyfromthedestinationbacktothesource).Roundtriplatencyismoreoftenquoted,becauseit
canbemeasuredfromasinglepoint.Notethatroundtriplatencyexcludestheamountoftimethatadestination
systemspendsprocessingthepacket.Manysoftwareplatformsprovideaservicecalledpingthatcanbeusedto
measureroundtriplatency.Pingperformsnopacketprocessingitmerelysendsaresponsebackwhenitreceivesa
packet(i.e.performsanoop),thusitisarelativelyaccuratewayofmeasuringlatency.
Whereprecisionisimportant,onewaylatencyforalinkcanbemorestrictlydefinedasthetimefromthestartof
packettransmissiontothestartofpacketreception.Thetimefromthestartofpackettransmissiontotheendof
packettransmissionatthenearendismeasuredseparatelyandcalledserializationdelay.Thisdefinitionoflatency
dependsonthethroughputofthelinkandthesizeofthepacket,andisthetimerequiredbythesystemtosignal
thefullpackettothewire.
Someapplications,protocols,andprocessesaresensitivetothetimeittakesfortheirrequestsandresultstobe
transmittedoverthenetwork.Thisisknownaslatencysensitivity.Examplesoflatencysensitiveapplications
includeVOIP,videoconferencing,andonlinegames.InaVOIPdeployment,highlatencycanmeananannoying
andcounterproductivedelaybetweenaspeakerswordsandthelistenersreceptionofthosewords.Network
managementtechniquessuchasQoS,loadbalancing,trafficshaping,andcachingcanbeusedindividuallyor
combinedtooptimizethenetworkandreducelatencyforsensitiveapplications.Byregularlytestingforlatencyand
monitoringthosedevicesthataresusceptibletolatencyissues,youcanprovideahigherlevelofservicetoend
users.

JitterJitteristhedeviationinordisplacementofsomeaspectofthepulsesinahighfrequencydigitalsignal.As
thenamesuggests,jittercanbethoughtofasshakypulses.Thedeviationcanbeintermsofamplitude,phase
timing,orthewidthofthesignalpulse.Anotherdefinitionisthatitis"theperiodfrequencydisplacementofthe
signalfromitsideallocation."Amongthecausesofjitterareelectromagneticinterference(EMI)andcrosstalkwith
othersignals.Jittercancauseadisplaymonitortoflickeraffecttheabilityoftheprocessorinapersonalcomputer
toperformasintendedintroduceclicksorotherundesiredeffectsinaudiosignals,andlossoftransmitteddata
betweennetworkdevices.Theamountofallowablejitterdependsgreatlyontheapplication.

PacketLossisthefailureofoneormoretransmittedpacketstoarriveattheirdestination.Thiseventcan
causenoticeableeffectsinalltypesofdigitalcommunications.
Theeffectsofpacketloss:
Intextanddata,packetlossproduceserrors.
Invideoconferenceenvironmentsitcancreatejitter.
Inpureaudiocommunications,suchasVoIP,itcancausejitterandfrequentgapsinreceivedspeech.
Intheworstcases,packetlosscancauseseveremutilationofreceiveddata,brokenupimages,unintelligible
speechoreventhecompleteabsenceofareceivedsignal.
Thecausesofpacketlossincludeinadequatesignalstrengthatthedestination,naturalorhumanmade
interference,excessivesystemnoise,hardwarefailure,softwarecorruptionoroverburdenednetworknodes.Often
morethanoneofthesefactorsisinvolved.Inacasewherethecausecannotberemedied,concealmentmaybe
usedtominimizetheeffectsoflostpackets.

Echoiswhenportionsofthetransmissionarerepeated.Echoescanoccurduringmanylocationsalongthe
route.Splicesandimproperterminationinthenetworkcancauseatransmissionpackettoreflectbacktothe
source,whichcausesthesoundofanecho.Tocorrectforecho,networktechnicianscanintroduceanecho
cancellertothenetworkdesign.Thiswillcancelouttheenergybeingreflected.

HighBandwidthApplicationsAhighbandwidthapplicationisasoftwarepackageorprogramthattendsto
requirelargeamountsofbandwidthinordertofulfillarequest.Asdemandfortheseapplicationscontinuesto
increase,bandwidthissueswillbecomemorefrequent,resultingindegradationofanetworksystem.Onewayto
combattheeffectsoftheseapplicationsonanetworkistomanagetheamountofbandwidthallocatedtothem.
ThisallowsuserstostillusetheapplicationswithoutdegradingtheQoSofnetworkservices.
Examples:
ThinClients
VoiceoverIP
RealTimeVideo
Multimedia

Domain4.6:ImplementtheFollowingNetworkTroubleshootingMethodology
GatherInformationontheProblem
Inacontactcenternetwork,problemsaretypicallydiscoveredandreportedbyoneofthefollowingtypesofusers:
Externalcustomersdialingintoacallcentertoorderproducts,obtaincustomerservice,andsoforth.
Internalagentsreceivingincomingcallsfromacallqueueorinitiatingoutboundcollectioncallstocustomers.
InternalusersusingadministrativephonestocallemployeesinothercompanylocationsorPSTN
destinations,andperformbasicactionssuchascalltransfersanddialingintoconferences.
Asthenetworkadministrator,youmustcollectsufficientinformationfromtheseuserstoallowyoutoisolatethe
problem.Detailed,accurateinformationwillmakethistaskeasier.Asyouturnupyournetwork,youmayconsider
puttingthesequestionsinanonlineform.Aformwillencourageuserstoprovidemoredetailsabouttheproblem
andalsoputthemintothehabitoflookingforparticularerrormessagesandindicators.Capturingtheinformation
electronicallywillalsopermityoutoretrieveandreexaminethisinformationinthefuture,shouldtheproblem
repeatitself.
IdentifyTheAffectedArea
Determineiftheproblemislimitedtooneworkstation,orseveralworkstations,oneserver,onesegment,orthe
entirenetwork.Ifonlyonepersonisexperiencingacertainproblem,theproblemismostlikelyattheworkstation.
Ifgroupsofworkstationsareaffected,theproblemmightlieatapartofthenetworkthatusersallhavein

common,suchasaparticularsoftwareapplicationordatabase,aserver,thenetworksegment,orthenetwork
configuration.
DetermineIfAnythingHasChanged
Todeterminewhathaschanged,askquestionsuchas:
Couldyoudothistaskbefore?Ifthisisanewtask,perhapstheuserneedsdifferentsysetmpermissions,or
additionalhardwareofsoftware.
Ifyoucoulddoitbefore,whendidyoufirstnoticeyoucouldntdoitanymore?Trydofindoutwhat
happenedjustbeforetheproblemcameup,oratleasttrytopinpointthetime,sincethesourceofthe
problemmightberelatedtootherchangeselsewhereonthenetwork.
Whathaschangedsincethelasttimeyouwereabletodothistask?Userscangiveyouinformationabout
eventsthatmightaffecttheirlocalsystems.Youcanhelpthemwithleadingquestionssuchas,Did
someoneaddsomethingtoyourcomputer?orDidyoudosomethingdifferentlythistime?.
EstablishTheMostProbableCause
Toestablishthemostprobablecause,useasystematicapproach.Eliminatepossiblecauses,startingwiththe
obviousandsimplestoneandworkingbackthroughothercauses.Donotoverlookstraightforwardandsmple
correctionsthatcanfixarangeofproblemsanddonotcostmuchtimeorefforttotry.Youmightfindyoucan
resolvetheissueonthespot.
DetermineIfEscalationIsNecessary
Whiletroubleshootinganetworkproblem,youmightfindthecauseoftheproblemisnotanissuethatcanbe
resolvedoverthephoneorattheusersdesktop.Itmaybenecessarytocontactafellowemployeewhohas
specializedknowledge,oramoresenioradministratorwiththeappropriatepermissionsandauthoration.Inthese
cases,theproblemshouldbeescalatedtotheappropriatepersoneltoberesolvedasquicklyaspossible.Createan
ActionPlanandSolution,IdentifyingPotentialEffectOnceyouhavedeterminedtheprobablecause,youshould
createanactionplanbeforechangesaremade,detailingeachsteptakenwhileattemptingtoresolvetheissue.
Oneshouldalsobecertainthattheoriginalstate(beforetroubleshooting)canbereturnedtoincasethingsdonot
goasplanned.Alsoconsiderthehowtheplanwillaffecttheuserorotheraspectsofthenetwork.Thinkingahead
canhelpensureproductivitydoesntsufferandthatdowntimeisminimized.
ImplementandTesttheSolution
Implementtheactionplanstepbysteptofixtheproblem.Ifmultiplechangesaremadeatonce,youwillbeunable
toverifyexactlywhateffecteachadjustmenthad.Besuretodocumenteachstepbecauseyoucanlosesightof
whatyouhavetriedincomplextroubleshootingscenarios.Testthesolution.Makesurethesolutionimplemented
actuallysolvestheproblemanddidntcauseanynewones.Useseveraloptionsandsituationstoconductthetests.
Sometimestestingovertimeisneededtoensurethesolutionisthecorrectone.
IdentifytheResultsandEffectsoftheSolution
Verifythattheuseragreesthattheproblemissolvedbeforeyouproceedwithfinaldocumentationandclosingthe
request.Eveniftheproblemissolved,andthesolutionwaswellthoughtoutanddocumented,theremight
cascadingeffectselsewhereonthelocalsystemoronthenetwork.Testforthisbeforeclosingouttheissue.Ifa
majorchangewasmade,itisadvisabletocontinuemonitoringandtestingforseveraldaysorevenweeksafterthe
problemappearstoberesolved.
DocumenttheProcessandSolution
Documenttheproblemandprocessusedtoarrivedatthesolution.Maintaintherecordsaspartofanoverall
documentationplan.Thiswillprovideandevergrowingdatabaseofinformationspecifictoyournetworkandalsoit
willbevaluablereferencematerialforfuturetroubleshootinginstances.especiallyiftheproblemisspecifictothe
organization.Creatingatroubleshootingtemplatewithrequiredinformationincludedinalltroublereportswill
ensurealltroublereportsareaccurateandconsistentnomatterwhocompletesthem.

Domain4.7:TroubleshootCommonConnectivityIssuesandSelectanAppropriate
Solution
Crosstalk
Symptoms:Slownetworkperformanceand/oranexcessofdroppedorunintelligiblepackets.Intelephony
applications,usershearpiecesofvoiceorconversationsfromaseparateline.
Causes:Generallycrosstalkoccurswhentwocablesruninparallelandthesignalofonecableinterfereswiththe
other.Crosstalkcanalsobecausedbycrossedorcrushedwirepairsintwistedpaircabling.
Resolution:theuseoftwistedpaircablingordigitalsignalcanreducetheeffectsofcrosstalk.Maintainingproper
distancebetweencablescanalsohelp.
NearEndCrosstalk
Symptoms:Signallossorinterference

Causes:Nearendcrosstalkiscrosstalkthatoccurscloseralongthecabletothetransmittingend.Oftenoccursinor
neartheterminatingconnector.
Resolution:Testwithcabletesterfrombothendsofthecableandcorrectanycrossedorcrushedwires.Verifythat
thecableisterminatedproperlyandthatthetwistsinthepairsofwiresaremaintained.
Attenuation
Symptoms:Slowresponsefromthenetwork.
Causes:Attenuationisthedegradationofsignalstrength.
Resolution:Useshortercableruns,addmoreaccesspoints,and/oraddrepeatersandsignalboosterstothecable
path.Or,evaluatetheenvironmentforinterference.Theinterferenceyouwouldlookforwoulddependonthe
spectrumused.
Collisions
Symptoms:Highlatency,reducednetworkperformance,andintermittentconnectivityissues.
Causes:CollisionsareanaturalpartofEthernetnetworkingasnodesattempttoaccessshredresources.
Resolution:Dependsonthenetwork.Forexample,replacingahubwithaswitchwilloftensolvetheproblem.
Shorts
Symptoms:Electricalshortscompletelossofsignal.
Causes:Twonodesofanelectricalcircuitthataremeanttobeatdifferentvoltagescreatealowresistance
connectioncausingashortcircuit.
Resolution:UseaTDRtodetectandlocateshorts.Replacecablesandconnectorswithknownworkingones.
OpenImpedanceMismatch
Symptoms:Alsoknownasecho,thetelltalesignofopenmismatchisanechooneitherthetalkerorlistenerend
oftheconnection.
Causes:Themismatchingofelectricalresistance.
Resolution:UseaTDRtodetectimpedance.Collectandreviewdata,interpretthesymptoms,anddeterminethe
rootcauseinordertocorrectthecause.
Interference
Symptoms:Crackling,humming,andstaticareallsignsofinterference.Additionally,lowthroughput,network
degradation,andpoorvoicequalityarealsosymptomsofinterference.
Causes:RFIcanbecausedbyanumberofdevicesincludingcordlessphones,BlueToothdevices,cameras,paging
systems,unauthorizedaccesspoints,andclientsinadhocmode.
Resolution:Removeoravoidenvironmentalinterferencesasmuchaspossible.Thismayentailsimplyturningoff
competingdevices.EnsurethereisadequateLANcoverage.Toresolveproblemsproactively,testareaspriorto
deploymentusingtoolssuchasspectrumanalyzers.
PortSpeed
Symptoms:Noorlowspeedconnectivitybetweendevices.
Causes:Portsareconfiguredtooperateatdifferentspeedsandarethereforeincompatiblewitheachother.
Resolution:Verifythatequipmentiscompatibleandoperatingatthehighestcompatiblespeeds.Forexample,ifa
switchisrunningat100Mbs,butacomputersNICcardrunsat10Mbs,thecomputerwillrunattheslowerspeed
(10Mbs).Replacethecardwithonethatrunsat100Mbsandthroughputwillbeincreasedtothehigherlevel(or
atleasthigherlevelssincetherearevariablessuchasnetworkcongestion,etc.)
PortDuplexMismatch
Symptoms:Latecollisions,alignmenterrors,andFCSerrorsarepresentduringtesting.
Causes:Mismatchesaregenerallycausedbyconfigurationerrors.Theseoccurwhentheswitchportandadevice
areconfiguredtouseadifferentduplexsettingorwhenbothendsaresettoautonegotiatethesetting.Resolution:
Verifythattheswitchportandthedeviceareconfiguredtousethesameduplexsetting.Thismayentailhavingto
upgradeoneofthedevices.

IncorrectVLAN
Symptoms:Noconnectivitybetweendevices.
Causes:DevicesareconfiguredtousedifferentVLANs
Resolution:ReconfiguredevicestousethesameVLAN.
IncorrectIPAddress
Symptoms:Noconnectivitybetweendevices.
Causes:EitherthesourceordestinationdevicehasanincorrectIPaddress.
Resolution:Usethepingcommandtodetermineifthereisconnectivitybetweendevices.Resolutionwilldependon
theproblem.IfanetworkisrunningarougeDHCPserver,forexample,twocomputerscouldhaveleasedthesame
IPaddress.CheckTCP/IPconfigurationinformationusingipconfig/allonWindowmachinesandifconfigon
Linux/UNIX/Applemachines.InthatcasetroubleshootDHCP(itmaybeoffline,etc.).Itcouldbethecasethata
staticIPaddresswasenteredincorrectly.CheckIPaddressesemptythearpcacheonbothcomputers.
WrongGateway
Symptoms:Noconnectivitybetweendevices.
Causes:TheIPaddressofthegatewayisincorrectforthespecifiedroute.
Resolution:ChangetheIPaddressofthegatewaytothecorrectaddress.
WrongDNS
Symptoms:Noconnectivitybetweendevices.
Causes:AdeviceisconfiguredtousethewrongDNSserver.
Resolution:OpenthenetworkpropertiesonaWindowsmachine.OpenTCP/IPpropertiesandchecktheIPaddress
oftheDNSserverlistedfortheclient.PutinthecorrectIPaddress.Testforconnectivity.
WrongSubnetMask
Symptoms:Noconnectivitybetweendevices.
Causes:Eitherthesourceordestinationdevicehasanincorrectsubnetmask.
Resolution:Usethepingcommandtodetermineifthereisconnectivitybetweendevices.ChecktheIPaddresson
bothdevices.Changetheincorrectsubnetmasktoacorrectsubnetmask.Testforconnectivity.
IssuesthatshouldbeIDdbutEscalated
SwitchingLoop:Needspanningtreeprotocoltoensureloopfreetopologies.
RoutingLoop:Packetsareroutedinacirclecontinuously.
RouteProblems:Packetsdontreachtheirintendeddestination.Thiscouldbecausedbyanumberofthings:
configurationproblems,convergence(inwhichyouhavetowaitforthediscoveryprocesstocomplete),orabroken
segment(arouterisdown,etc.).
Proxyarp:Ifmisconfigured,DoSattackscanoccur.
BroadcastStorms:Thenetworkbecomesoverwhelmedbyconstantbroadcasttraffic.

WirelessConnectivityIssues
Interference
Symptoms:Lowthroughput,networkdegradation,droppedpackets,intermittentconnectivity,andpoorvoice
qualityareallsymptomscausedbyinterference.
Causes:RFIcanbecausedbycordlessphones,Bluetoothdevices,cameras,pagingsystems,unauthorizedaccess
points,metalbuildingframing,andclientsinadhocmode.
Resolution:Removeoravoidenvironmentalinterferencesasmuchaspossible.
IncorrectEncryption
Symptoms:Forwireless,ifencryptionlevelsbetweentwodevices(accesspointandclient)donotmatch,
connectionisimpossible.Similarly,ifdifferentencryptionkeysareusedbetweentodevicestheycantnegotiatethe
keyinformationforverificationanddecryptioninordertoinitiatecommunication.

Causes:Improperconfiguration.
Resolution:Ensurethatsecuritysettingsmatchbetweenandamongdevices.
CongestedChannel
Symptoms:Veryslowspeeds.
Causes:Interferencefromneighboringwirelessnetworkcongestednetworkchannel.
Resolution:Manywirelessroutersaresettoautoconfigurethewirelesschannel.Tryloggingintotherouterand
manuallychangethechannelthewirelessrouterisoperatingon.
IncorrectFrequency
Symptoms:Noconnectivity.
Causes:Inwireless,devicesmustoperateonthesamefrequency.Adevicefora802.11afrequencycant
communicatewithonedesignedfor802.11b.
Resolution:Deploydevicesthatoperateonthesamefrequency.
ESSIDMismatch
Symptoms:Noconnectivitybetweendevices.
Causes:DevicesareconfiguredtousedifferentESSIDs.
Resolution:SetthedevicestousethesameSSID.Ensurethatthewirelessclientandtheaccesspointarethe
same.Note:SSIDsarecasesensitive.
StandardMismatch
Symptoms:Noconnectivitybetweendevices.
Causes:Devicesareconfiguredtousedifferentstandardssuchas802.11a/b/g/n.
Resolution:Deviceshavetobechosentoworktogether.802.11a,forexample,isincompatiblewith802.11b/g
becausethefirstoperatesat5GHzandthesecondat2.4GHz.Oa802.11groutercouldbesetonlyforgmode
andyouaretryingtoconnectwitha802.11bwirelesscard.Changethemodeontherouter.
Distance
Symptoms:Slowconnectionandlowthroughput.
Causes:Thedistancebetweentwopointsmaybetoblameforthisconnectivityissue.Thelongerthedistance
betweenthetwopointstheprominenttheproblemmaybecome.Issuesthatcanoccurbetweenthetwopoints
includelatency,packetloss,retransmission,ortransienttraffic.
Resolution:Iftheissueiswithcabling,donotexceeddistancelimitations.Iftheissueiswithwireless,youmay
needtoincreasecoverage.Useaspectrumanalyzertodeterminecoverageandsignalstrength.
Bounce
Symptoms:Noorlowconnectivitybetweendevices.
Causes:Signalfromdevicebouncesoffobstructionsandisnotreceivedbuythereceivingdevice.
Resolution:Ifpossible,moveonedeviceortheothertoavoidobstructions.Monitorperformanceandcheckfor
interference.
IncorrectAntennaPlacement
Symptoms:Noorlowsignalandconnectivity.
Causes:Thepositionoftheaccesspointsantennacannegativelyaffectoverallperformance.
Resolution:Changethepositionoftheantennaandmonitordeviceperformance.

Domain5.0:NetworkTools
Domain5.1:CommandLineInterfaceTools

TracerouteAcommandlinetroubleshootingtoolthatenablesyoutoviewtheroutetoaspecifiedhost.This
willshowhowmanyhopsthepacketshavetotravelandhowlongittakes.InWindowsoperatingsystems,the
commandusedis"tracert".

IPCONFIGThiscommandisusedtoviewnetworksettingsfromaWindowscomputercommandline.Below
aretheipconfigswitchesthatcanbeusedatacommandprompt.
ipconfig/allwilldisplayallofyourIPsettings.
ipconfig/renewforcestheDHCPserver,ifavailabletorenewalease.
ipconfig/releaseforcesthereleaseofalease.
IFCONFIGIFCONFIGisaLinux/UnixcommandlinetoolthatissimilartoIPCONFIGinWindows.Commonuses
forifconfigincludesettinganinterface'sIPaddressandnetmask,anddisablingorenablingagiveninterface.At
boottime,manyUNIXlikeoperatingsystemsinitializetheirnetworkinterfaceswithshellscriptsthatcallifconfig.
Asaninteractivetool,systemadministratorsroutinelyusetheutilitytodisplayandanalyzenetworkinterface
parameters.

PINGPING(PacketInterNetGroper)isacommandlineutilityusedtoverifyconnectionsbetweennetworked
devices.PINGusesICMPechorequeststhatbehavesimilarlytoSONARpings.Thestandardformatforthe
commandispingip_address/hostname.Ifsuccessful,thepingcommandwillreturnrepliesfromtheremotehost
withthetimeittooktoreceivethereply.Ifunsuccessful,youwilllikelyrecieveanderrormessage.Thisisoneof
themostimportanttoolsfordeterminingnetworkconnectivitybetweenhosts.
ARP(AddressResolutionProtocol)AhostPCmusthavetheMACandIPaddressesofaremotehostin
ordertosenddatatothatremotehost,andit'sARPthatallowsthelocalhosttorequesttheremosthosttosend
thelocalhostitsMACaddressthroughanARPRequest.GuideToARP,IARP,RARP,andProxyARP

ARPPING(ARPING)ARPINGisacomputersoftwaretoolthatisusedtodiscoverhostsonacomputer
network.TheprogramtestswhetheragivenIPaddressisinuseonthelocalnetwork,andcangetadditional
informationaboutthedeviceusingthataddress.Thearpingtoolissimilarinfunctiontoping,whichprobeshosts
usingtheInternetControlMessageProtocolattheInternetLayer(OSILayer3).ArpingoperatesattheLinkLayer
(OSILayer2)usingtheAddressResolutionProtocol(ARP)forprobinghostsonthelocalnetwork(link)only,asARP
cannotberoutedacrossgateways(routers).However,innetworksemployingrepeatersthatuseproxyARP,the
arpingresponsemaybecomingfromsuchproxyhostsandnotfromtheprobedtarget.

NSLOOKUPThisisacommandthatqueriesaDNSserverformachinenameandaddressinformation.
OriginallywrittenforUnixoperatingsystems,thiscommandisnowavailableonWindowsandotheroperating
systems.Tousenslookup,type"nslookup"followedbyanIPaddress,acomputername,oradomainname.
NSLOOKUPwillreturnthename,allknownIPaddressesandallknownaliases(whicharejustalternatenames)for
theidentifiedmachine.NSLOOKUPisausefultoolfortroubleshootingDNSproblems.

HostnameThehostnamecommandisusedtoshoworsetacomputer'shostnameanddomainname.Itis
oneofthemostbasicofthenetworkadministrativeutilities.Ahostnameisanamethatisassignedtoahost(i.e.,
acomputerconnectedtothenetwork)thatuniquelyidentifiesitonanetworkandthusallowsittobeaddressed
withoutusingitsfullIPaddress.DomainnamesareuserfriendlysubstitutesfornumericIPaddresses.

Dig(domaininformationgroper)DigisaLinux/UnixtoolforinterrogatingDNSnameservers.Itperforms
DNSlookupsanddisplaystheanswersthatarereturnedfromthenameserver(s)thatwerequeried.

MtrMtrisaLinuxcommandlinetoolthatcombinesthefunctionalityofthetracerouteandpingprogramsina
singlenetworkdiagnostictool.

RouteTheroutecommandisusedtodisplayandmanipulatealocalroutingtable.Examplesofitsuseinclude
addinganddeletingastaticroute.ThistoolisavailableinUnix,LinuxandWindows.

NBTSTATIsaWindowsutilityusedtotroubleshootconnectivityproblemsbetween2computers
communicatingviaNetBT,bydisplayingprotocolstatisticsandcurrentconnections.NBTSTATexaminesthecontents
oftheNetBIOSnamecacheandgivesMACaddress.

NETSTATIsaWindows,Linux,andUnixcommandlinetoolthatdisplaysnetworkconnections(bothincoming
andoutgoing),routingtables,andanumberofnetworkinterfacestatistics.Itisusedforfindingproblemsinthe
networkandtodeterminetheamountoftrafficonthenetworkasaperformancemeasurement.

Domain5.2:NetworkScanners
PacketSniffersApacketsnifferisadeviceorsoftwareusedtocapturepacketstravelingoveranetwork
connection.Thepacketsareloggedandcanbedecodedinordertoprovideinformationandstatisticsaboutthe
trafficonthenetworkornetworksegment.Thesetoolsareusedfortroubleshootingdifficultnetworkproblems,
monitoringnetworktraffic,anddetectingintrusionattempts.AlsoknownasPacketAnalyzers.

IntrusionDetectionSoftwareThiswascoveredearlierindomain3.1.

IntrusionPreventionSoftwareThiswascoveredearlierindomain3.1.

PortScannersAportscannerisaprogramdesignedtoprobenetworkhostsforopenports.Thisisoftenused
byadministratorstoverifysecuritypoliciesoftheirnetworksandbyattackerstoidentifyrunningservicesonahost
thatcanbeexploitedtogainaccess.

Domain5.3:HardwareTools
CableTestersCabletestersareelectronicdevicesusedtotestacable'sintegritybycheckingforopensand
shortswhichcancauseconnectivityproblems.

ProtocolAnalyzersThistoolisusedtomonitornetworktrafficanddisplaypacketandprotocolstatisticsand
information.Asfaraswe'reconcerned,itisprettymuchthesamethingasapacketsniffer.Mosttoolssoldtoday

combinethefunctionsofthelisteningdevice(packetsniffer)andtheanalyticaldevice(packetanalyzer).

CertifiersCertifiersareatoolthattestscablesinordertoensurethattheywillperformthejobintended.This
includescheckingthespeedloadsthatitcanhandle.

TDR(TimeDomainReflectometer)Sendsasignaldownacableandmeasuresthedistancethatthesignal
travelledbeforebouncingback(likesonar).Usedtofindopensandshortsincables.

OTDR(OpticalTimeDomainReflectometer)SimilartotheTDRabove,however,thisisusedtotestfiber
opticcableswithlight.

MultimeterAmultimeter,alsoknownasavolt/ohmmeter,isanelectronicmeasuringinstrumentusedto
measurevoltage,currentandresistance.

TonerProbeMostwilldetectopensandshortslikeacabletester,butthistoolismainlyusedtolocatethe
terminationpointsofcables.

ButtSetAportabletelephonethatconnectstoalineusingalligatorclipsandisusedtotesttelephonecircuits.

PunchDownToolApunchdowntoolisusedtoconnectcablingsuchastelephoneandethernettowalljacks.

CableStripperFairlyselfexplanatory.Atoolusedtostripthejacketsoffofcablesinordertoexposethewire
thatcanbeconnectedtoconnectorsorwalljacks.

SnipsSpecialscissorsusedforcuttingcable.

VoltageEventRecorderCapturesandlogselectricalcurrentinformationfordeviceswhichcanthenbe
accessedonaPC.Mostlyusedformissioncriticaldevicessuchasthosefoundinahospital.

TemperatureMonitorWearen'tentirelysurewhatCompTIAisreferringtowiththis.Thereareallkindsof
temperaturemonitorsfromCPUtemperaturemonitoringsoftwaretodevicesthatmonitorthetemperatureofa
serverroom.

Domain6.0:NetworkSecurity
Domain6.1:HardwareandSoftwareSecurityDevices
Thetopicscoveredinthissectionarealreadycoveredelsewhereinthisguide.

Domain6.2:Firewalls
ApplicationLayervs.NetworkLayerAnapplicationlayerfirewallworksattheapplicationlayerofaprotocol
stack.(ThisistrueforboththeOSImodelandtheInternetProtocolSuite(TCP/IP))Sometimesreferredtoasa
proxybasedfirewallorproxyserver,itcanbesoftwarerunningonacomputerorserverorasastandalonepieceof
hardware.Themainfunctionoftheapplicationlayerfirewallistoanalyzetrafficbeforepassingittoagateway
point.Anetworklayerfirewallissometimesreferredtoasapacketfilterandthesewilloperateatthenetworklayer.
Thedeviceswillnotallowpacketstopassthefirewallunlesstheymatchtherulesetasconfiguredbythefirewall
administrator.Networklayerfirewallscanbeeitherstatefulorstateless.

Statefulvs.StatelessStatefulfirewallsmaintainpertinentinformationaboutanyactivesessionstheyhave
willspeedpacketprocessingusingthisinformation.ThismightincludesourceanddestinationIPaddress,UDPor
TCPports,andotherdetailsabouttheconnectionsuchasthesessioninitiation,typeofdatatransferandsoforth.
WithStatefulprocessingifapacketdoesnotmatchacurrentlyestablishedconnection,itwillbeevaluated
accordingtotherulesetfornewconnections.Ifitdoesmatchitwillbeallowedtopasswithoutneedingtobe
comparedtotherulesetsinuse.Statelessfirewallstreatallofthepacketsonthenetworkinisolationand

independentlyfromalloftheothertrafficonthewire.Theyhavenowaytoknowifanygivenpacketispartofan
existingconnection,istryingtoestablishanewconnection,orisjustaroguepacket.

ScanningServicestheprocessthatisusedbyallfirewallstoreviewthepacketsthatarepassingthrough
them.Sometimestheywilljustreviewtheheaderinformationortheymaybeconfiguredtolookatthedataas
well.Moreadvancedfirewallsmightalsocombinevirusdetectionand/orotherformsofmalwaredetectionaspart
oftheirscanningprocesstohaltthetransmissionofsuspectpacketsthroughthedevice.

ContentFilteringgenerallyusedattheapplicationleveltorestrictorpreventaccesstowebsitesthatarenot
approvedforworkuse,toblocksiteswithobjectionablematerial,oronacorporateblacklistforonereasonor
another.Contentcouldbefilteredinmanydifferentwaysfromsuspectkeywords,imagesonthesite,downloadable
filespresent,orsitecontentlabelingasdefinedbythewebsitehostitself(e.g.anadultsitethatdefinesitselfas
suchthecontentfilterwouldreviewthesitecontentlevelandapplythefilter).

SignatureIdentificationamethodofindentifyingcertaintypesoftrafficbasedonaknownbehaviorofthat
traffic.Afirewallwouldknowbasedonthesignaturedefinitioncomparisonwhetherthetrafficshouldbeallowedto
passaspermitted(e.g.httptrafficorDNStraffic)orwhethertodenytraffic(e.g.repeatedattemptstoconnectto
multiplesystemsfrommultiplesessions,appearingasapossibleDistributedDenialofService(DDoS)attack.

Zonesdemarcationpointsfromonenetworktypetoanother.Networksinternaltoacompanyareconsidered
internalzonesorintranets.Anetworkexternaltotheinternalnetworkisgenerallyconsideredtheinternetor
externalzones.Ifthereisanetworkthatthecompanymanagesthatisnotapartoftheinternalintranetbutisin
placebetweentheintranetandtheinternetthisiscalledthedemilitarizedzoneortheDMZ.Themainpurposeof
thiszoneistoactasanadditionallayerofsecuritybufferbetweentheintranetandtheinternet.

Domain6.3:NetworkAccessSecurity
ACL(AccessControlList)AnACLisatableinanoperatingsystemornetworkdevice(suchasarouter)that
deniesorallowsaccesstoresources.
MACFilteringThismethodcontrolsaccessbasedontheuniqueMACaddressassignedtoallnetwork
devices.
IPFilteringThismethodcontrolsaccessbasedontheIPaddresses(orarangeofaddresses)ofnetwork
devices.
SSLVPN(SecureSocketsLayervirtualprivatenetwork)ThisisaVPNthatrunsonSSLandisaccessible
viahttpsoverawebbrowser.ItallowsuserstoestablishsecureremoteaccesssessionsfromvirtuallyanyInternet
connectedbrowser.UnlikeatraditionalVPN,thismethoddoesnotrequiretheuseofIPSec.Thebenefitofthis
solutionisthatitallowsclientstoaccessacorporatenetworkfromnearlyanywherewhichisnotpracticalwitha
typicalVPN.

VPN(VirtualPrivateNetwork)AVPNisanetworkthatuses
apublictelecommunicationinfrastructure,suchastheInternet,to
provideremoteofficesorindividualuserswithsecureaccessto
theirorganization'snetwork.AVPNworksbyusingtheshared
publicinfrastructurewhilemaintainingprivacythroughsecurity
proceduresandtunnelingprotocolssuchastheLayerTwo
TunnelingProtocol(L2TP)orIPSec.Ineffect,theprotocols,by
encryptingdataatthesendingendanddecryptingitatthe
receivingend,sendthedatathrougha"tunnel"thatcannotbe"entered"bydatathatisnotproperlyencrypted.

L2TP(Layer2TunnelingProtocol)L2TPisanextensionofthePointtoPointTunnelingProtocol(PPTP)
usedonVPNs.L2TPmergesthebestfeaturesoftwoothertunnelingprotocols:PPTPfromMicrosoftandL2Ffrom
CiscoSystems.Asatunnellingprotocol,L2TPdoesnotincludeencryption,butisoftenusedwithIPsecprovideVPN
connectionsfromremoteuserstoaremotenetwork.

IPSec(InternetProtocolSecurity)IPsecisaprotocolsuitethatensuresconfidentiality,integrity,and
authenticityofdatacommunicationsacrossapublicnetworkbyauthenticatingandencryptingeachIPpacketofa
datastream.IPSECismadeoftwodifferentprotocols:AHandESP.AH(Authenticationheader)isresponsiblefor
authenticityandintegrity,whileESP(EncapsulatingSecuritypayload)encryptsthepayload.IPSecisoftenusedin
conjunctionwithL2TPonVPNs.

RAS(RemoteAccessService)RASreferstoanycombinationofhardwareandsoftwaretoenableremote
accesstoanetwork.ARASserverisaspecializedcomputerwhichaggregatesmultiplecommunicationchannels
together.Anexampleofthiswouldbeaserverthatdialupusersdialinto.Thetermwasoriginallycoinedby
MicrosoftduringtheWindowsNTeraandisnowcalledRoutingandRemoteAccessService(RRAS).

RDP(RemoteDesktopProtocol)OriginallyreleasedwithWindowsNT4.0TerminalServices,RDP4.0allowed
userstoconnecttoacomputerandremotelycontrol(AKAShadow)it.WiththereleaseofWindowsVistaand
upcomingWindowsLonghorn,version6.0willallowonetoconnecttospecificapplicationsratherthantheentire
desktopoftheremotecomputer.RemoteDesktopallowssystemsadministratorstoremotelyconnecttoauser's
computerfortechnicalsupportpurposes,orconnecttoaserverformaintenanceandadministrationpurposes.By
default,RDPusesTCPport3389.

PPPoE(PointtoPointProtocoloverEthernet)Inthepast,mostinternetuserswereconnectedtothe
internetviaaserialmodemusingPPP,however,currenttechnologieshavereplaceddialupinternetconnections
withDSLandcable,forexample.Inshort,PPPoEisanetworkprotocolforencapsulatingPPPframesinEthernet
frames.

PPP(PointtoPointProtocol)Providesastandardmeansofencapsulatingdatapacketssentoverasingle
channelWANlink.Specifically,PPPprovidesamethodforconnectingapersonalcomputertotheInternetusinga
standardphonelineandamodemusingaserialconnection(Dialup).PPPreplacedSLIPasthestandardfordialup
connectionsasitsupportsmoreprotocolsthanjustTCP/IP.

VNC(VirtualNetworkComputing)VNCmakesitpossibletointeractwithacomputerfromanycomputeror
mobiledeviceontheInternet.UnlikeMicrosoft'sRDP,VNCofferscrossplatformsupportallowingremotecontrol
betweendifferenttypesofcomputers.Popularusesforthistechnologyincluderemotetechnicalsupportand
accessingfilesonone'sworkcomputerfromone'shomecomputer,orviceversa.

ICA(IndependentComputingArchitecture)ICAisaproprietaryprotocolforanapplicationserversystem,
designedbyCitrixSystems.ProductsconformingtoICAareCitrix'sWinFrame,CitrixXenApp(formerlycalled
MetaFrame/PresentationServer),andCitrixXenDesktopproducts.ThesepermitordinaryWindowsapplicationsto
berunonaWindowsserver,andforanysupportedclienttogainaccesstothoseapplications.BesidesWindows,ICA
isalsosupportedonanumberofUnixserverplatformsandcanbeusedtodeliveraccesstoapplicationsrunningon
theseplatforms.ThereisawiderangeofclientssupportedincludingWindows,Mac,Unix,Linux,andvarious
Smartphones.

Domain6.4:MethodsofUserAuthentication
PKI(PublicKeyInfrastructure)Apublickeyinfrastructure(PKI)isthecombinationofsoftware,encryption
technologies,processes,andservicesthatenableanorganizationtosecureitscommunicationsandbusiness
transactions.PKIusesapublicandaprivatecryptographickeypairthatisobtainedandsharedthroughatrusted
authority.Thepublickeyinfrastructureprovidesforadigitalcertificatethatcanidentifyanindividualoran
organizationanddirectoryservicesthatcanstoreand,whennecessary,revokethecertificates.

KerberosInventedbyMIT,thisprotocolhasbeenevolvingintheUnixworldforoveradecadeandhasbecome
astandardinWindowsoperatingsystems.Kerberosisanetworkauthenticationprotocolwhichutilizessymmetric
cryptographytoprovideauthenticationforclientserverapplications.ThecoreofaKerberosarchitectureistheKDC
(KeyDistributionServer)thatservesasthetrustedthirdpartyandisresponsibleforstoringauthentication
informationandusingittosecurelyauthenticateusersandservices.Inorderforthissecuritymethodtowork,itis
paramountthattheKDCisavailableandsecure.Theclocksofallhostsinvolvedmustbesynchronizedaswell.

AAAAAAcommonlystandsforauthentication,authorizationandaccounting.
RADIUS(RemoteAuthenticationDialInUserService)RADIUSisanetworkingprotocolthat
providescentralizedAuthentication,Authorization,andAccounting(AAA)managementandprovidesa
methodthatallowsmultipledialinNetworkAccessServer(NAS)devicestoshareacommonauthentication
database.RADIUSisoftenusedbyISPsandenterprisestomanageaccesstotheInternetorinternal
networks,andwirelessnetworks.Microsoft'sanswertocorporatewirelesssecurityistheuseofRADIUS
authenticationthroughitsInternetAuthenticationServices(IAS)product.

TACACS+(TerminalAccessControllerAccessControlSystem)TACACS+isaproprietaryCisco
securityapplicationthatprovidescentralizedvalidationofusersattemptingtogainaccesstoarouteror
networkaccessserver.TheTACACS+protocolprovidesauthenticationbetweenthenetworkaccessserver
andtheTACACS+daemon,anditensuresconfidentialitybecauseallprotocolexchangesbetweenanetwork
accessserverandaTACACS+daemonareencrypted.WhereasRADIUScombinesauthenticationand
authorizationinauserprofile,TACACS+separatesthetwooperations.AnotherdifferenceisthatTACACS+
usestheTransmissionControlProtocol(TCP)whileRADIUSusestheUserDatagramProtocol(UDP).
802.1X802.1XisanIEEEStandardforportbasedNetworkAccessControl(PNAC).Thisstandardisdesignedto
enhancethesecurityofwirelesslocalareanetworks(WLANs)byprovidinganauthenticationframeworkthatallows
ausertobeauthenticatedbyacentralauthority.Itisusedforsecuringwireless802.11accesspointsandisbased
ontheExtensibleAuthenticationProtocol(EAP).

CHAP(ChallengeHandshakeAuthenticationProtocol)AtypeofauthenticationprotocolusedonPPP
connections.CHAPusesa3wayhandshakeinwhichtheauthenticationagentsendstheclientprogramakeytobe
usedtoencrypttheusernameandpassword.CHAPnotonlyrequirestheclienttoauthenticateitselfinthe
beginning,butsendschallengesatregularintervalstomakesuretheclienthasn'tbeenreplacedbyanintruder.

MSCHAP(MicroSoftChallengeHandshakeAuthenticationProtocol)ThisisMicrosoft'sversionofCHAP
andisaonewayencryptedpassword,mutualauthenticationprocessusedinWindowsoperatingsystems.Likethe
standardversionofCHAP,MSCHAPisusedforPPPauthentication,butisconsideredbysometobemoresecure.
MSCHAPv2wasreleasedtosolvemanyoftheproblemsanddeficienciesofthefirstversion.

EAP(ExtensibleAuthenticationProtocol)EAPisanextensiontothePointtoPointProtocol(PPP)was
developedinresponsetoanincreasingdemandtoprovideanindustrystandardarchitectureforsupportof
additionalauthenticationmethodswithinPPP.EAPisanauthenticationframework,notaspecificauthentication
mechanismthatistypicallyusedonwirelessnetworks.Itprovidessomecommonfunctionsandnegotiationof
authenticationmethods,calledEAPmethods.Thereareroughly40differentmethodsdefined.Commonlyused
methodscapableofoperatinginwirelessnetworksincludeEAPTLS,EAPSIM,EAPAKA,PEAP,LEAPandEAPTTLS.
WhenEAPisinvokedbyan802.1XenabledNetworkAccessServer(NAS)devicesuchasan802.11WirelessAccess
Point,modernEAPmethodscanprovideasecureauthenticationmechanismandnegotiateasecurePairwise
MasterKey(PMK)betweentheclientandNAS.ThePMKcanthenbeusedforthewirelessencryptionsessionwhich
usesTKIPorCCMP(basedonAES)encryption.StrongEAPtypessuchasthosebasedoncertificatesofferbetter
securityagainstbruteforceordictionaryattacksandpasswordguessingthanpasswordbasedauthentication
protocols,suchasCHAPorMSCHAP.

Domain6.5:IssuesThatAffectDeviceSecurity
PhysicalSecurityphysicalsecurityisjustasitsounds,locksonthedoors,cameraseverywhere,andsoforth.
Dependingonthedepthofsecurityneededtheremaybeadditionallayersofsecuritysuchasanaccessbadgethat
operatesadoorthatisadditionallycheckedbyaguard.Youmighthaveadualdoorentrancesuchasamantrap
wherethefirstdooryoubadgeopensandyouwalkthroughitanditmustcompletelyclosebeforethenextdoora
fewfeetinfrontofyoubecomesoperationaltobadethrough.

RestrictingLocalandRemoteAccessAlotoflocalaccessrestrictionwillcomefromphysicalsecurity
measuresbutyoucanalsosetsystemstonotallowlocalloginattheconsoleexceptforcertainspecificaccount
namesinthedomainorcertainspecificaccountnamesinthelocalaccountsdatabase.Withrespecttoremote
accessyoucanalsomangethesameprincipleofleastprivilegebyonlyallowingremoteaccesstojustthe
individualsthatabsolutelyneeditaspartoftheirroleresponsiblyandbydenyingeveryoneelse.Thosethatare
allowedtheaccessshouldthenstillneedtoprovideatleastausernameandpasswordinordertoauthenticateto
theremotesystem.

SecureShell(SSH)ApplicationLayerprotocolintheInternetProtocolSuitethatallowsdatatobeexchanged
usingasecurechannelbetweentwonetworkeddevicesandwasdesignedasareplacementforTelnetandother
insecureremoteshells,whichsendinformationincludingaccountnameinformationandpasswordsincleartext.

HypertextTransferProtocolSecure(HTTPS)ApplicationLayerprotocolintheInternetProtocolSuitethat
functionsonport443bydefaultandusesthestandardHypertextTransferProtocolwiththeSSL/TLSprotocolto
provideencryptionandsecureidentificationoftheserverwhichallowstheserver/clientcommunicationstobe
secured.Aneverydayexampleofthiswouldbeanytimeyoupurchasesomethingonlineandtheshoppingwebsite
takesyoufromtheregularstorefrontpagesdefinedashttp://andredirectsyoutotheirsecuredserversathttps://

SimpleNetworkManagementProtocolversion3(SNMPv3)ApplicationLayerprotocolintheInternet
ProtocolSuitethatisusedmostlyinnetworkmanagementsystemstomonitornetworkattacheddevices.Version3
providesimportantsecurityfeaturesthatthepriorversionsdidnotincludingmessageintegritythatensures
packetswerenotaltered,authenticationthatverifiesthattheinbounddataisfromanexpectedsourcesystemas
wellasencryptionforthetrafficstreamitself.

SecureFileTransferProtocol(SFTP)sometimescalledSSHfiletransferprotocolisanetworkprotocolthat
providessecured,encryptedfiletransfercapabilityoverTCPport22bydefault.

SecureCopyProtocol(SCP)ApplicationLayerprotocolintheInternetProtocolSuitethatleveragesthe
SecureShell(SSH)protocolusingTCPport22bydefaulttocopyfilesfromsystemtosystemonthesamenetwork
oracrossdifferentnetworks.

TelnetApplicationLayerprotocolintheInternetProtocolSuitethatwastraditionallyusedtoconnectdumb
terminalstomainframesystems.Todayitissometimesusedtoconnecttoheadlessnetworkequipmentsuchas
switchesandroutersbyusingacommandwindow.Itisaclientserverprotocolthatrunsonport23bydefault,and
doesnotencryptanydatasentovertheconnection.

HypertextTransferProtocol(HTTP)ApplicationLayerprotocolintheInternetProtocolSuitethatisthe
standardprotocolinuseontheWorldWideWeb.Operatingonport80bydefault,internetclientscontactaweb
serverandrequestpagesbackfromthatservertotheirwebbrowserswhichrenderthereturnedcontentfromthe
connectioncall.

FileTransferProtocol(FTP)ApplicationLayerprotocolintheInternetProtocolSuitethatusesport20for
dataconnectionsandlistensonport21.OftenFTPissetupforanonymousaccessfortheputtingandgettingof
files.EvenwhenusernameidentificationisrequiredandpasswordauthenticationisrequesttosystemsusingFTP
itisdoneviacleartext.

RemoteShell(RSH)acommandlineprogramwhichcanexecuteshellcommandsasanotheruserandon
anothercomputeracrossacomputernetwork.Allofthecommandsthataresentaredoneincleartextandany
authenticationisalsosentoverthewireunencrypted.SecureShell(SSH)isthesecurereplacementforthisutility.

RemoteCopyProtocol(RCP)aUnixbasedcommandlineutilitythatisusedtocopydatafromonesystem
toanother.Theutilitysendsunencryptedinformationoverthenetworkincludinganyapplicableaccountand
passwordinformation.IthasbeenreplacedbySecureFileTransferProtocol(SFTP)whichissometimescalledSSH
filetransferprotocol.

SimpleNetworkManagementProtocolversions1or2(SNMP)ApplicationLayerprotocolintheInternet
ProtocolSuitethatisusedforsystemmanagementandconfiguration.Version1wasoriginallyintroducedinthe
late80sanddoesnothavereallyanyapplicablesecurityfeaturesavailable.Authenticationisperformedusingthe
communitystring",whichiseffectivelynothingmorethanapasswordandthatwastransmittedincleartext.
Version2didoffersomeimprovementsinperformance,security,andconfidentialitybutitdidthisthroughaparty
basedsecuritysystemthatwasconsideredoverlycomplexanditwasnotwidelyacceptedasaresult.

Domain6.6:CommonSecurityThreats
DoS(DenialofService)ADoSattackisacommontypeofattackinwhichfalserequeststoaserveroverload
ittothepointthatitisunabletohandlevalidrequests,causeittoreset,orshutitdowncompletely.Thereare
manydifferenttypesofDoSattacksincludingSynFloodingandPingFlooding.

VirusesAComputerVirusisaprogramthatcancopyitselfandinfectacomputerwithoutthepermissionor
knowledgeoftheuser.AComputerVirushas2majorcharacteristics:theabilitytoreplicateitself,andtheabilityto
attachitselftoanothercomputerfile.EveryfileorprogramthatbecomesinfectedcanalsoactasaVirusitself,
allowingittospreadtootherfilesandcomputers.Theterm"computervirus"isoftenusedincorrectlyasacatchall
phrasetoincludealltypesofMalwaresuchasComputerWorms,TrojanHorses,Spyware,Adware,andRootkits.
Therearemanydifferentantivirusprogramsavailabletopreventandremoveviruses.Sincenewthreatsare

createdalmostconstantly,itisimportanttokeepthevirusdefinitionfilesupdatedforyoursoftware.

WormWormsarestandaloneprogramsthatdonotneedotherprogramsinordertoreplicatethemselveslikea
viruswhichreliesonuserstoinadvertentlyspreadit.VirusesandWormscanbepreventedbyinstallingantivirus
softwarewhichcanberunonservers,clients,firewallsandotherdevices.

AttackersWearen'tentirelysurewhatCompTIAisreferringtowiththistermsowewillofferageneral
definition.Thetermattackersreferstoanypersonorgroupofpeoplethatcauseharmonindividualcomputers,
networks,andtheinternet.Thiscouldincludehackers,virusandmalwarecreators,andanyoneelsewhoattempts
tointerferewithnormalcomputerandnetworkoperations.

ManintheMiddleTheseattackscanincludetheinterceptionofemail,files,passwordsandothertypesofdata
thatcanbetransferredacrossanetwork.ThisisaformofDataTheftattack.

SmurfThisisatypeofdenialofserviceattackthatfloodsatargetsystemviaspoofedbroadcastpingmessages
inanattempttocausemassivenetworktraffic.Toaccomplishthis,theattackersendsICMPechopacketsto
broadcastaddressesofvulnerablenetworkswithaforgedsourceaddresspointingtothetarget(victim)ofthe
attack.AllthesystemsonthesenetworksreplytothevictimwithICMPechoreplieswhichwilloverloadit.These
typesofattacksareveryeasytoprevent,andasaresult,arenolongerverycommon.

RogueAccessPointThistermmostoftenreferstounauthorizedaccesspointsthataredeployedwith
maliciousintent.Butingeneral,itwouldrefertoanyunauthorizeddeviceregardlessofitsintent.TypesofRogue
APscouldincludeoneinstalledbyanemployeewithoutproperconsent,amisconfiguredAPthatpresentsasecurity
risk,APfromneighboringWLANs,oroneusedbyanattacker.Topreventtheinstallationofrogueaccesspoints,
organizationscaninstallwirelessintrusionpreventionsystemstomonitortheradiospectrumforunauthorized
accesspoints.

SocialEngineering(Phishing)Socialengineeringdescribesvarioustypesofdeceptionusedforthepurpose
ofinformationgathering,fraud,orcomputersystemaccess.Phishing,aformofsocialengineering,isthefraudulent
processofattemptingtoacquiresensitiveinformationsuchasusernames,passwordsandcreditcarddetailsby
masqueradingasatrustworthyentityinanelectroniccommunicationsuchasemail,chat,orinstantmessaging.

MitigationTechniquesForthepurposesofthisguide,wecan'tcoverallofthevariousoptionstoprevent
securitybreaches,sowe'llkeepitbriefwiththefollowing:
PoliciesandProceduresanoutlineinagroup,organizationoracrossanenterprisewhichoutlinesdifferent
setsofstandardsandactions.Thesewilloftendefineacceptableuseofnetworksystemsandrepercussions
forviolations.Generallytheyaredraftedbysystemandnetworkadministratorsasanoutlineofserviceand
useandlegalwillgenerallytightenuptheactualmeaning.Managementwillultimatelyneedtofollowup
withapprovalauthorizationandwhowillactuallyenforcethem.
UserTrainingskillsthatneedtobecommunicatedtotheendusercommunitythatareusingthenetwork
resourcesandconnectedsystems.Thistrainingusuallyconsistsofrudimentaryexplanationsofexpectedand
acceptableuseandwhattheproceduresareforviolations.Additionally,itwillincludesomebasiclevelof
explanationofsecuritythreatsandhowuserinteractioncanhelpdefendthenetworkaswellasmakeit
moreatriskwhenthewrongactionsaretaken.
PatchesandUpdatesoperatingsystemupdatesandapplicationfixesthatarereleasedtoenhancesecurity
featuresortofixknownissueswithsoftware.Generally,mostofthepatchesandsomeoftheupdatesare
releasedinordertocorrectrecentlydiscoveredsecuritydeficienciesinthecode.Theseupdatesarealways
deliveredbytheapplicationownerunlessaspecificagreementismadebetweentheapplicationownerand
anothervendor.Usersandadministratorswouldgenerallydownloadtheseupdatesmanuallytoinstallonto
systemsorsetupsometypeofautomatedsystemfordeliverytomanagedsystemsanddevices.