Network+ Review

1. What type of fiber commonly uses lasers as a transmission source?
• Single-Mode Fiber  is used for laser trasmission
• Multi-Mode Fiber is used for LED most commonly 
• large-core fiber is another name to multi-mode fiber 
2. Is distance the only advantage in using single-mode over multi-mode fiber-optic cable?
• Multi-Mode Fiber
• short range communication (up to 2 km) 
• does not use lasers, most commonly uses LED 
• inexpensive light source 
• uses an orange color cable 
• called multi-mode because light can take more than one path through the cable 
• single-mode fiber
• small core 
• light only takes one path 
• up to 100km without processing
• most commonly uses laser light 
• normally a yellow cable color
• Short Answer, YES.
3. What is the difference between a logical and a physical network topologies?

• Completely different forms of documenting a network
• physical network layout
• 
• shows routers, servers, other connections 
• main issue is determining what subnet things are on 
• devices in a physical map can be on completely different networks 
• used for troubleshooting physical issues (i.e. cabling and conections)
• Logical network diagram 
• 
• you can see the routing paths 
• used for troubleshooting data connections
• given subnets 
• identifies location routers 

Media Converters

Media Converters 

• used to convert from one form of media to another
• most typical is to convert between copper cabling and fiber optic cabling 

CSU/DSU

• Channel Service Unit/Data Service Unit 
• a hardware device which converts data frames used on a LAN into data frames uesd on a WAN
• typically used to connect a T1 line to a local network

Network+

Load Balancer

• Load balancers are used when there are more than one line of communication available
• help to divide communication evenly between the different communication lines
• a form of clustering
• where you have more than one server servicing clients 

Bandwidth Shaper 

• used to help make communication more efficient
• provide a much higer level of control over what data gets sent where and when 
• can limit what data gets sent at what time 
• also known as bandwidth throttling 

Understanding IPv6 routing

Understanding Why IPv6 was Created 

• Limitations of IPv4
• IPv4 has been in use since 1981
• introduced and detailed in RFC 791 
• no substantial updates/improvements
• Exhaustion of IPv4 Address Space
• Explosive growth of the commercial internet
• proliferation of IP-enables devices (smartphones, tablets, etc)
• short-term solutions
• CIDR Classless Interdomain Routing
• NAT Network Address Translation 
• Private Addressing
• Integrated Security
• Original IPv4 specification did not indentify any security mechanisms
• IPsec was a later addition to IP 
• Scalability
• even with CIDR a typical BGP routing table is enormous 
• AT&T route server lists around 373,800 prefixes
• governments are mandating IPv6 adoption
• Benefits of IPv6 Improvements
• Vast Address Space
• 128 bit addressing (as opposed to 32 bit)
• addressing space is about 340 trillion addresses
• Address Assignment
• ability of a device to detect/create its own address
• advanced DHCP and auto-configuration features 
• Global Address Aggregation
• Hierarchical structure

Troubleshooting OSPF: Show Commands and Debug Commands

Relevant Debug and Show Commands 

1. OSPF Show Commands
2. OSPF Debug Commands 

OSPF Show Commands

• Show IP Protocols 
• Data Displayed by the command:
• OSPF Status and process-id
• area types configured
• protocols being redistributed
• networks being advertised
• neighbors/gateways
• helpful in troubleshooting:
• neighbor relationships
• missing routes
• summarization issues 
• filtering problems 
• Show IP route OSPF
• Data Displayed by the Command;
• OSPF routes from neigbors
• administrative distance
• cumulative cost metric
• route source/interface
• helpful in troubleshooting:
• missing routes 
• summarization issues 
• filtering problems
• general troubleshooting 
• Show IP OSPF Interfaces
• Data Displayed:
• Interfaces participating in OSPF
• Network Type(s)
• Neighbor count
• Authentication Type
• Timer Values
• Helpful in troubleshooting:
• neighbor relationships
• local congiuration issues
• routing problems
• Show IP OSPF Neighbors
• data displayed:
• Active fully adjacent neighbors
• router ID of neighbors
• IP address/interface of neighbors
• dead time of neighbors
• neighbor state/DR state (designated router state)
• Helpful for;
• Neighbor relationships
• local configuration issues
• Show IP OSPF Database
• Data Displayed:
• LSA types Per area
• Advertising router
• Link ID(Subnet)
• age
• Helpful For:
• Missing Routes
• Filtering Problems
• General troubleshooting 

How to Configure an IP Address: Windows

1. Start
1. Control Center
2. Network & Internet 
3. Network Connections
2. Local Area Connection 
1. right click properties
2. ipv4 properties (this is where you configure without DHCP)

General: 

1. Give it an IP (Either automatically or manually)
1. Give it a subnet Mask
2. give it a default gateway
2. establish a DNS server addresses (either automatically or manually)
1. give it a preferred DNS server
2. give it an alternate DNS server

Alternate Configuration: 

1. Click APIPA (Automatic Private IP address)
2. OR User Configured (Static) as a backup
1. configure for critical machines 
1. allows the ability to troubleshoot if there are network issues 

Net+ Exam

I have successfully registered for the network+ certification exam. I chose the date June 4th at 10am.

:D

Net+ Registration

Everything was working fine and then....


The voucher didn't work. 

Chapter 11: TCP/IP Security Pg 382

TACAS+ 

• Terminal Access Controller Access Control System Plus 
• a proprietary protocol developed by Cisco to support AAA in a network with many routers and switches
• uses TCP port 49 by default 
• separates authorization, authentication, and accountin into different parts 
• uses PAP, CHAP, md5 hashes, and Kerberos to authenticate 

Kerberos 

• an authentication protocol that has no connection to PPP 
• use for TCP/IP networks with many clients all connected to a single authenticating server 
• Key Distribution Center (KDC) 
• Authentication Server (AS)
• Ticket Granting Service (TGS)
• installed on the domain controller
• the client sends a request that includes a hash of the user name and password to the AS 
• the AS compares the results 

Net+ Practice Exam 7

Test Taken

Score: 76%

What to Remember:

1. The preamble of an Ethernet frame is 7 bytes.

Sources:
Registered Ports
OSI Model
Ethernet Frame
File Transfer Protocol
Network Topologies
Challenge Handshake Authentication Protocol
Digital Signatures
Virtual Private Network
Message Digest Algorithm
Remote Copy
Remote Shell
Cyclic Redundancy Check  

Net+ Practice Exam

Test Taken 
Score: 52%

Things To Remember:

1. SSH file Transfer protocol and Secure Copy allow for secure file transfer. 
2. In routing, the route with the lowest metric is the preferred route.
3. Smartjack provides an ISP with a troubleshooting tool for testing connection at the customer site without the need of sending a technician to that site. 
4. Transmission Control Protocol (TCP) features three-way handshake and re-transmission of lost packets.
5. User Datagram Protocol (UDP) is commonly used for streaming audio and video and offers fasters transfer speed than TCP.
6. Firewall reconfiguration is an example of an active response by an IPS.
7. An IDS can send alerts and log events.

List of Assigned Ports

Net+ Practice Exam

Test Taken
Score: 36%

Things To Remember:

1. Interference between two pairs in a cable measured at the same end of the cable as the signal source is called NEXT
2. Interference between two pairs of cables measured at the other end of the cable from the signal source is called FEXT
3. An IP address consists of a network ID and a host ID
4. A MAC address consists of an OUI and a device ID 
5. Trivial File Transfer Protocol (TFTP) uses UDP port 69
6. Simple Mail Transfer Protocol (SMTP) is used for relaying e-mail messages between mail servers  and runs on TCP port 25. Ports 110 and 143 need to be open in order to retrieve an e-mail from SMTP server. 
7. Reverse Address Resolution Protocol (RARP) does MAC to IP resolution 
8. Port numbers are divided into 3 ranges. 
9. HTTPS runs on TCP port 443

Network+ Practice Exam

Test Taken

Score: 28%

Things To Remember;

1. 802.11i is the IEEE standard that specifies security mechanisms for wireless networks.
2. WPA2 uses AES encryption, is known as a Robust Security Network(RSN) and uses block encryption cipher. 
3. MAC address filtering and RADIUS can be used to enhance wireless network security.
4. DSSS, OFDM, AND FHSS are wireless broadcasting methods. 
5. SHA-1 and MD5 are cryptographic has functions. 
6. nbstat -n lists local NetBIOS names.
7. TTL describes the maximum time an IP packet can exist in a network. Every device process an IP packet must decrease the TTL value by at least 1. If the TTL field value reaches 0 while an IP packet is still on the way to its destination, the IP packet is considered deliverable and must be discarded. 

Network+ Practice Test

Test Taken

Score: 44%

What To Remember;

1. The TCP port used by Point-to-Point Tunneling Protocol is 1723
2. Asynchronous Transfer Mode (ATM) encodes data into cells 
3. DOCSIS is a cable modem standard
4. Public Switched Telephone Network (PSTN) is also commonly referred to as POTS
5. Faults in fiber-optic cabling can be located with the use of OTDR. 
6. netstat -o displays the process ID for each connection
7. E1 lines run at a speed of 2.048 Mbps
8. A packet sniffer can be used to analyze network traffic
9. 802.1Q is a VLAN standard
10. E3 lines run at the speed of 34.368 Mbps
11. Wireless broadband solution defined in the IEEE 802.16 standard is also referred to as WiMAX
12. An Ethernet cable terminated on both ends according to the TI/EIA-568-A standard or the TIA/EIA-568-B is a patch cable.

Practice Exam - Network+

Test Taken

Score 36%

What to Remember;

1. Address Resolution Protocol (ARP) provides IP to MAC resolution.
2. /24 subnet mask has 24 leading 1s in binary.
3. IP address from the 169.254/16 range may indicated problems with DHCP
4. To get a new DHCP release on Windows type the commands: ipconfig /release and ipconfig/renew
5. UDP port 67 is used by DHCP and bootstrap protocol
6. VLAN based on ports can be called a static VLAN
7. VLAN based on MAC addresses could be called a dynamic VLAN
8. Modems convert analog signals to digitals and vice versa.
9. DS0 signal rate has a value of 64 kbits
10. The DNS record AAAA is an IPv6 record
11. RC4 is used  to provide encryption in WEP 

Chapter 11: Security TCP/IP Pg 375 - 382

Authorization

• Access Control List (ACL): a clearly defined list of permissions that specify what an authenticated user may perform on a shared resource
• ACL Access Models;
• mandatory
• discretionary
• role based
• Mandatory Access Control (MAC): every resource is assigned a label that defines its secuiryt level
• used to define what privileges programs have to other programs stored in RAM
• oldest and least common of the three ACL access models
• Discretionary Access Control(DAC): based on the idea that a resource has an owner who may at his or her discretion assign access to that resource 
• Role-based Access Control (RBAC): defines a user's access to a resource based on the roles that the user plays in the network environment
• creates groups 

PPP

• Point-to-Point Protocol (PPP): enables two point-to-point devices to connect, authenticate with a user name and password, and negotiate the network protocol the two devices will use
• is not Ethernet but still can support TCP/IP
• Five distinct phases to a PPP connection:
• Link Dead: Means that the modem is turned off. Link control Protocol(LCP) will start the connection.
• Link Establishment: LCP will establish a connection 
• Authentication
• Network layer Protocol: LCP uses network control Protocol (NCP) to make the proper connections for the protocol.
• Termination: LCP will timeout and terminate
• Initiator: the side asking for the connection
• Authenticator: the side with the list of user names and passwords
• PPP came with two ways to authenticate a user name and password:
• Password Authentication Protocol (PAP): transmits the user name and password over the connection in plaintext
• anyone who can tap the connection can learn the user name and password
• Challenge Handshake Authentication Protocol (CHAP): relies on hashes based on a shared secret, usually a password both ends know
• periodically repats the entire authentication process 
• prevents man-in-the-middle attacks 

AAA

• Authentication, Authorization, and Accounting (AAA): designed for port authentication 

Radius

• Radius Authentication Dial-In User Service (RADIUS): was created to support ISPs with to connect modems to computers to a single central database 
• Consists of three devices:
• the server that has access to a database of user names and passwords 
• Network Access Servers (NASs)
• a group of systems that dial into the network 
• a single server can support multiple NASs and provide a complete PPP connection from the requesting system 

Chapter 11: Securing TCP/IP Pg 368 - 375

Encryption and the OSI Model 

• Layer 1: No common encryption done at this layer
• Layer 2: A common Place for encryption use proprietary encryption devices. These boxes scramble all of the data in an Ethernet frame except the MAC address information. Devices or programs encode and decode the information on-the-fly at each end. 
• Layer 3: Only one common protocol encrypts at lyaer 3: IPsec. IP sec is typically done via software that takes the IP packet and encrypts everything insdie the packet, leaving only the IP addresses and a few other fields unencrypted. 
• Layer 4: Neither TCP nor UDP offers any encryption methods 
• Layers 6 and 6: Not common layers for encryption
• Layer 7: many  applications use their own encryption, placing them squarely in layer 7. 

Nonrepudiation 

• simple means that the receiver of information is confident the sender is authentic 

Hash 

• Cyrptographic Hash Function: a mathematical function that you run on a string of binary digits of any length that results in a value of some fixed length 
• Also known as a hash
• output is known as a checksum or a digest
• it is a one-way function which means it is irreversible
• should not be able to re-create the data 
• should have a unique checksum for any two different input streams 
• used most commonly to encrypt files 
• Message-Digest Algorithm version 5 (MD5) 
• Challenge-Response Authentication Mechanism-Message Digest 5(CRAM-MD5)
• a tool for server authentication 

Digital Signatures 

• Digital Signature: a string of ones and zeroes that can only be generated by the sender 

PKI

• certifcate: a standardized type of digital signature that includes the digital signature of a third party 
• public-key certificate: an electronic document that uses a digital signature to bind a public key with an identity

Chapter 11: Securing TCP/IP Pg 359 - 368

Making TCP/IP Secure

• Four Areas:
• Encryption
• to scramble, mix up, or change the data in such a way that makes certain people unable to read it
• Nonrepudiation
• the process that guarantees that the data is the same as orginally sent and that it came from the source you think it should have come from 
• authentication
• to verify that whoever accesses the data is the person you want accessing that data 
• authorization 
• defines what a person accessing the data can do with that data 

Encryption

• plaintext: data is in an easily read or viewed industry-wide standard form 
• also referred to as cleartext 
• cipher: a series of complex and hard to reverse mathematics you run on a string of ones and zeroes to make an new set of seeming meaningless ones and zeros 
• complete algorithm: the method used to implement a cipher
• symmetric-key algorithm: any encryption that uses the same key for both encryption and decryption 

Symmetric-Key Algorithm Standards

• most algorithms are called block ciphers because they encrypt data in single chunks
• work well when data comes in clearly discrete chunks
• stream cipher: takes a single bit at a time and encrypts quickly
• Data Encryption Standard(DES)
• used a 64-bit block and a 56-bit block key 
• Rivest Cipher 4(RC4): 
• Advanced Encryption Standard (AES)
• a block cipher 
• uses 128-bit block size
• uses 128-, 192-, and 256-bit key size

Asymmetric-Key Algorithm Standards

• Public-Key Crytography:
• allowed keys to be exchanged securely
• Ribest shamir Adleman(RSA)
• fully functional algorithm that enabled secure digital signatures

Chapter 10: Network Naming Pg 349 - End

WINS

• LMHOSTS: 
• contains a list of the NetBIOS names and corresponding IP addresses of the hos systems on the network 
• work exactly the same as the DNS HOSTS file
• WINS: Windows Internet Name Service
• let NetBIOS hosts register their names with just the one server
• eliminates the need for broadcasting and thereby reducing NetBIOS overhead substantially
• enables NetBIOS name resolution across routers
• enables NetBIOS to function in a routed network 
• WINS Proxy Agent: 
• forwards WINS broadcasts to a WINS server on the other side of the router

Configuring WINS Clients

• configure the IP address of a WINS server in its WINS settings under Network Properties
• windows system will look for a WINS server to register its NetBIOS name 
• if it finds a WINS server, it will register its NetBIOS name to the WINS server
• if it doesn't it will automatically start broadcasting its NetBIOS name 
• you can add WINS information to DHCP if necessary

Troubleshooting WINS

• most WINS problems are NetBIOS problems
• most common problem is having two systems share the same name
• can use nbstat to help deal with NetBIOS problems 
• -c switch tells nbstat to check the current NetBIOS name cache 

Diagnosing TCP/IP Networks

• most TCP/IP problems come from improper configuartion 
• use the same steps no matter what the error 
• check the network connetions and protocols
• Steps:
• Diagnose the NIC: use ping with the loopback address to determine if the system can send an receive packets
• type ping 127.0.0.1 or ping localhost 
• if you get an error, check the NICs driver and replace it if necessary
• Diagnose Locally: ping a few neighboring systems by both IP address and DNS name
• use the net view command to see if the other local systems are visible 
• if you can't ping by DNS, check the DNS settings
• if you can't see the network using net view you may have a problem with your NetBIOS settings 
• Check IP address and subnet mask: ensure you have the right IP address and subnet mask. If using DHCP, renew the lease. 
• Run netstat: run netstat with no options at all and with the -s option. Running netstat with no options shows all the current connections to the sytem. 
• Run netstat -s: Displays several statistics that can help diagnose problems. If the display shows you are sending but not receiving, it is likely that there is a broken network cable.
• Diagnose to the Gateway: Ping the local interface and then the one to the internet. If you can't ping the router, it is either down or there is no connection to it. 
• Diagnose to the Internet: Ping an address on the internet, try several if the first one does not work. run tracert to mark out the entire route the ping packet traveled between you and whatever you were trying to ping. 

Things to Remember:

1. netBIOS uses a flat name space whereas DNS servers use a hierarchial name space.
2. the DNS root directory is represented by a dot (.)
3. To see the DNS cache on a Windows system, run the command ipconfig /displaydns at the command prompt. 
4. The HOSTS file is checked first when trying to resolve to FQDN to IP address.
5. The MX record is used by mail servers to determine where to send e-mail
6. the command ipconfig /flushdns eliminates the DNS cache.
7. the tool to use for querying DNS server functions is nslookup.
8. A DNS server stores the IP addresses and FQDNs for the computers within a domain in the forward lookup zone.  

Chapter 10: Network Naming Pg 346 - 349

DNS Security Extensions

• querying a DNS server gives you a list of every computer name and IP address that it serves
• DNS Security Extensions (DNSSEC) - a set of authentication and authorization specifications designed to prevent impersonations of DNS servers 
• implemented through extension mechanism for DNS (EDNS)
• a specifcation that expands several parameter sizes 

Troubleshooting DNS

• most DNS problems result from a problem with the client systems
• run ipconfig /flushdns on windows to eliminate any DNS caches on the local system
• ping
• run ping with the name of a well-known website
• if you get a "server not found error" run ping using just the IP address
• if ping works with the IP address but not with the web site name, you have a DNS problem
• once a problem with DNS is discovered, check to make sure the system has the correct DNS server entry
• run ipconfig /all to see if those DNS settings are the same as the ones in the server 
• if they aren't, refresh the DHCP settings 
• if the correct DNS settings for the DNS server and the DNS settings in ipconfig /all math those settings, the problem is with the DNS server itself
• nslookup (Name Server Lookup) enables DNS server queries
• allows the query of all types of information from a DNS server and change the system uses DNS
• running nslookup outputs an IP address and the name of the default DNS server
•