toutbien / projects

Projects Organized by Folder
0 stars 0 forks source link

Net+ #2

Open toutbien opened 11 months ago

toutbien commented 11 months ago

The hell that is due by February 12th.

toutbien commented 10 months ago
toutbien commented 10 months ago

WLAN uses an authentication server for security via 802.1X. IEEE 802.1X is a technology that allows wireless clients to authenticate with an authentication server (typically, a Remote Authentication Dial-In User Service (RADIUS) server).

toutbien commented 10 months ago

After a collision is detected in a CSMA/CD network, the device will resend the traffic. It will do so after waiting for a time period dictated by the backoff timer.

toutbien commented 10 months ago

Step 1. When a DHCP client initially boots, it has no IP address, default gateway, or other such configuration information. Therefore, the way a DHCP client initially communicates is by sending a broadcast message (that is, a DHCPDISCOVER message to a destination address of 255.255.255.255) in an attempt to discover a DHCP server. Step 2. When a DHCP server receives a DHCPDISCOVER message, it can respond with a unicast DHCPOFFER message. Since the DHCPDISCOVER message is sent as a broadcast, more than one DHCP server might respond to this discover request. However, the client typically selects the server that sent the first DHCPOFFER response received by the client. Step 3. The DHCP client communicates with this selected server by sending a unicast DHCPREQUEST message asking the DHCP server to provide IP configuration parameters. Step 4. Finally, the DHCP server responds to the client with a unicast DHCPACK message. This DHCPACK message contains a collection of IP configuration parameters.

toutbien commented 10 months ago
toutbien commented 10 months ago

A T1 and T3 are both examples of a leased line. (Think T-Mobile leases) Frame Relay is an example of a packet-switched WAN. ISDN is an example of circuit switched. ATM is an example of cell switched. (ATM = sell things to deposit money in the ATM)

toutbien commented 10 months ago

The “arp” command can be used to see what a Layer 2 MAC address corresponds to a known Layer 3 IP address. Additionally, the “arp” command can be used to statically add a MAC address to IP address mapping into a PC's ARP table (sometimes called the ARP cache). The “ipconfig” command can be used to display IP address configuration parameters on a Microsoft Windows® PC. Additionally, if DHCP is used by the PC, the “ipconfig” command can be used to release and renew a DHCP lease, which is often useful when troubleshooting. The “nbtstat” command displays NetBIOS information for IP-based networks. The nbt prefix of the “nbtstat” command refers to NetBIOS over TCP/IP, which is called NBT, or NetBT. This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows® PC. The “netstat” command can be used to display a variety of information about IP-based connections on a PC. For example, you can view information about current sessions, including source and destination IP addresses and port numbers. You can also display protocol statistics.

toutbien commented 10 months ago

Cables from end-user offices run back to common locations with the building. These locations are sometimes referred to as wiring closets. A central office (CO) is where a telephone company locates their phone switching equipment. An access point (AP) is a wireless device that interconnects a wired network with wireless devices. A media access unit (MAU) is a Layer 1 network device used for interconnecting Token Ring devices.

toutbien commented 10 months ago

Coarse wavelength-division multiplexing (CWDM) uses fewer than eight active wavelengths per fiber. Bidirectional wavelength-division multiplexing (WDM) multiplexes a number of optical carrier signals onto a single optical fiber by using different wavelengths. Using this technique enables bidirectional communications over one strand of fiber and increases the overall capacity. Enhanced quad small form-factor pluggable (QSFP+) is a smaller variant of a regular gigabit interface converter (GBIC) and is the small form-factor pluggable (SFP), which is sometimes called a mini-GBIC.

toutbien commented 10 months ago
toutbien commented 10 months ago

CARP (Common Address Redundancy Protocol) is a protocol that enables multiple hosts on the same network to share a set of IP addresses and thus provides failover redundancy. It is commonly used with routers and firewalls and can provide load balancing. (I'm just picturing a bunch of fish swimming and mirroring each other, redundantly)

Similarly, HSRP (Hot Standby Router Protocol) is a Cisco proprietary protocol used for establishing redundant gateways.

toutbien commented 10 months ago

In modern LAN, star topologies, a switch operates at Layer 2 and functions based on Layer 2 MAC addresses. The switch has replaced the hub as the center of the star topology that is formed to create the LAN

toutbien commented 10 months ago

Reverse lookup: DNS servers are also able to perform reverse lookups. As you might guess, this is when the client has the IP address of the resource, and the client needs the resolution to work in reverse.

Forward lookup: You might not have realized this, but when you have a DNS server resolve a name (like ajsnetworking.com) into an IP address, you are having the DNS server perform a forward lookup. This is the most common scenario, and it is what DNS was invented to perform.

Recursive lookup: In this type of DNS query, the client instructs the DNS server to respond with an answer (if possible), and the client does not want to be referred to another DNS server.

toutbien commented 10 months ago

Enable spanning tree protections. If you are stuck with Spanning Tree Protocol (STP) in your network (many networks have not moved beyond this tech yet), then be sure to use any protections offered by the network device. These protections might include root guard, bridge protocol data unit (BPDU) guard, and flood guard. (To protect the trees, build bridges and guard them from floods, protect their roots)

Enable DHCP snooping. This involves preventing rogue DHCP servers and DHCP pool exhaustion attacks by restricting ports from accepting certain DHCP messages.

Use secure protocols. You should use secure protocols over unsecure protocols whenever possible! A great example of this was the much-needed migration from Telnet to Secure Shell (SSH) for remote management using terminals. Other unsecure protocols to remember include HTTP, SLIP, FTP, Trivial FTP (TFTP), Simple Network Management Protocol version 1/2 (SNMPv1/v2).

Secure SNMP. To perfect the previous best practice, be sure to use the security features of the relatively new SNMP version 3. Thanks to its ability to provide encryption and authentication to SNMP, the protocol can no longer be teased with the familiar taunt of “SNMP means Security is Not My Problem.”

toutbien commented 10 months ago

CABLES: RG59 is typically used for short distance applications, such as carrying composite video between two nearby devices. This cable type has loss characteristics such that it is not appropriate for long distance applications. RG-59 cable has a characteristic impedance of 75 Ohms. (5 looks like and S and 9 looks like someone with a big head and short legs)

RG-6 is commonly used by local cable companies to connect individual homes to a cable company's distribution network. Like RG-59 cable, RG-6 cable has a characteristic impedance of 75 Ohms. (Got your 6 = Got your back/ You're my home-y)

RG-58 has loss characteristics and distance limitations similar to those of RG-59. However, the characteristic impedance of RG-58 is 50 Ohms, and this type of coax was popular in early 10BASE2 Ethernet networks.

Multimode fiber (MMF) is a fiber optic cable type whose core has a diameter capable of transporting light arriving at different angles (that is, modes). While this type of cable is typically less expensive to manufacture (as compared to single-mode fiber), the different modes of light propagation can lead to multimode delay distortion and can corrupt data transmissions over long distances. (Mean Motha fucker, likes to fight but can't do it for long)

Single-mode fiber (SMF) is a fiber optic cable whose core has a diameter that is only large enough to transport light arriving at one angle (that is, a single mode). While only allowing a single mode of light to be transported by the fiber optic cable eliminates multimode delay distortion, SMF is typically more expensive than MMF.

toutbien commented 10 months ago

A demarcation point (also known as a demarc or a demarc extension) is the point in a telephone network where the maintenance responsibility passes from a telephone company to the subscriber (unless the subscriber has purchased inside wiring maintenance). This demarc is typically located in a box mounted to the outside of a customer's building (for example, a residential home). This box is called a network interface device (NID). (demarc is cramed in a box outside your house)

The tip and ring wires are the red and green wires found in an RJ-11 wall jack, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and a telephone's wall jack.

An NT1 is an ISDN device that interconnects a 4-wire ISDN circuit with a 2-wire ISDN circuit.

toutbien commented 10 months ago
toutbien commented 10 months ago

Extension Mechanisms for DNS (EDNS) supports features not supported in the original version of DNS (for example, security) while maintaining backwards compatibility with the original version of DNS. Rather than using new flags in the header, which would impact backwards compatibility, EDNS sends optional pseudo-resource-records between devices supporting EDNS. These records support sixteen new DNS flags.

A fully-qualified domain name (FQDN) is an address specifying all necessary domain and sub-domain information to uniquely identify a target system.

Start of Authority (SOA) is a DNS record that provides authoritative information about a DNS zone, such as contact information for the zone’s administrator.

Canonical Name (CNAME) is a DNS record that is an alias of an existing record, thus allowing multiple DNS records to map to the same IP address.

toutbien commented 10 months ago

A split tunnel, might have just the traffic that needs to access the corporate network be sent through the VPN tunnel, while traffic destined for the Internet (perhaps Office 365 traffic) can bypass the tunnel. Split tunneling is often an advantageous configuration because the bandwidth required by the VPN connection (and the overhead associated with it) can be minimized.

A client-to-site VPN allows a user with software on his client computer to connect to a centralized VPN termination device, whereas a site-to-site VPN interconnects two sites without requiring the computers at those sites to have any specialized VPN software installed.

With a clientless VPN, the client’s web browser acts as the VPN client software. This type of VPN connection leverages the SSL/TLS capabilities of the modern Internet and web browsers in order to provide the secured connection.

A full tunnel configuration is a convenient way to describe whether you will have all of the end-user traffic go through the VPN tunnel.

toutbien commented 10 months ago

Link Aggregation Control Protocol can be used to assist in the formation of port channel bundles of physical links.

HDLC is a WAN encapsulation protocol.

ARP is used to resolve MAC addresses to IP addresses.

VTP is the VLAN Trunking Protocol, which can be used to maintain VLAN database consistency in the enterprise.

toutbien commented 10 months ago

Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol used to communicate with an AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS does offer more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, while TACACS+ is a Cisco-proprietary protocol. (Radius will get you in the neighborhood but not to your house, it might pass you by)

Terminal Access Controller Access-Control System Plus (TACACS+) is a TCP-based protocol used to communicate with an AAA server. Unlike RADIUS, TACACS+ encrypts an entire authentication packet, rather than just the password. TACACS+ does offer accounting features, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietary protocol.

Challenge-Handshake Authentication Protocol (CHAP) performs a one-way authentication for a remote access connection. However, authentication is performed through a three-way handshake (that is, challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network. (Shake a CHAPS hand)

toutbien commented 10 months ago
toutbien commented 10 months ago

The Windows “nslookup” command is used to resolve a FQDN to its IP address. UNIX has a similar command, which can also be used for FQDN to IP address resolution.

Like the “nslookup” command, the “dig” command can be used to resolve FQDNs to IP addresses. Unlike the “nslookup” command, however, the “dig” command is entirely a command line command (that is, “dig” lacks the interactive mode of the “nslookup” command).

Issued by itself, the “ifconfig” command displays a UNIX host's interfaces along with configuration information about those interfaces, including: MAC address, maximum transmission unit (MTU), IPv4 address, and IPv6 address information. However, beyond just displaying interface information, the “ifconfig” command can also be used to configure interface parameters. For example, an interface's IP address can be configured with the “ifconfig” command.

One of the benefits of UNIX is its extensive syntax reference in the form of “manual pages,” commonly referred to as “man pages.” These man pages can be invoked with the “man” command, followed by the command for which you wish to view a syntax reference.

toutbien commented 10 months ago

DLP policies target activities at three levels: in operation (client level), in transit (network level), and at rest (storage level).

toutbien commented 10 months ago

A DHCP server can be configured to assign IP addresses to devices belonging to different subnets. Specifically, the DHCP server can determine the source subnet of the DHCP request and select an appropriate address pool from which to assign an address. One of these address pools (which typically corresponds to a single subnet) is called a scope.

A DCHP reservation is a hardcoded assignment of an IP address to a specific MAC address.

DHCP options are the elements of IP address information that a DHCP server can assign to a DHCP client. Examples of DHCP options include DNS server and WINS server IP addresses.

A lease is a temporary IP address assignment that a DHCP server assigns to a DHCP client.

toutbien commented 10 months ago

Cat 8 is capable of 40Gbps speeds. Cat 8 only supports distances of 30 to 36 meters, depending on the patch cables used. These short distances and very high speeds are actually ideal for connections in the data center between high-speed multilayer switches.

toutbien commented 10 months ago

To make SANs even more accessible and flexible, they began to support iSCSI. This technology for network storage is IP-based Internet Small Computer System Interface (iSCSI). With iSCSI, a client using the storage is referred to as an initiator, and the system providing the iSCSI storage is called the iSCSI target. The networks supporting iSCSI are often configured to support larger-than-normal frame sizes, referred to as jumbo frames.

Networks and systems supporting virtual servers commonly have network-attached storage (NAS), where disk storage is delivered as a service over the network.

The storage area network (SAN) is a high-speed, very specialized network designed to store massive amounts of data and to make this data available quickly when requested by clients and/or servers.

toutbien commented 10 months ago

HTTP refers to the protocol being used, host1 refers to a host at pearsonitcertification.com and pearsonitcertification is a sub-domain beneath the top-level domain of .com (top level = tail)

toutbien commented 10 months ago
toutbien commented 10 months ago

Syslog Severity Levels: A Syslog level of 0, with a name of “Emergency,” is the most severe error condition, which renders a system unusable. A Syslog level of 1, with a name of “Alert,” is a condition requiring immediate attention. A Syslog level of 4, with a name of “Warning,” is a condition where a specific operation failed to complete successfully. A Syslog level of 7, with a name of “Debugging,” provides highly detailed information (for example, information about individual packets), which is typically used for troubleshooting purposes.

toutbien commented 10 months ago

Therefore, a design best practice for WLANs is to have 10 – 15 percent overlap in coverage areas. You would not want more than 15 percent of coverage overlap, because that would unnecessarily reduce your overall coverage area.

toutbien commented 10 months ago

While a 110 block supports higher speeds than a 66 block, using one block versus another does not impact network cabling pinouts.

If a punch down tool is not used when punching down wires on a 66 block or a 110 block, damage could occur to the blades on the block. However, the use of a punch down tool does not impact network cabling pinouts.

toutbien commented 10 months ago

There are a few IPv6 address types, the most common ones include: globally routable unicast addresses (2000 to 3999) (routable has a numerical address) link-local (FE80) ( and multicast (FF). (for free/everywhere)

toutbien commented 10 months ago

File Transfer Protocol (FTP) uses default TCP ports of 20 and 21.

Private VLANs allow multiple hosts to exist in the same VLAN, yet they are unable to communicate directly with each other. They can, for instance, reach the Internet or their gateway but are protected from each other.

Use dynamic ARP inspection (DAI). Remember, this Layer 2 security mechanism guards against MAC address spoofing. Note how it can make a nice pairing with port security!

Use control plane policing (CoPP). This is an excellent security feature that can control the rate of packets to and from the control plane of the network device. Attackers could easily cause a denial of service (DoS) on the network device by simply flooding fake Border Gateway Protocol (BGP) updates at the device.

toutbien commented 10 months ago

VLAN Trunking Protocol (VTP) is a Cisco-proprietary Ethernet switch feature that allows you to create, modify, or delete a VLAN on one switch and have that change propagated to all other switches in a VTP domain.

Power over Ethernet (PoE) allows an Ethernet switch to provide power to an attached device (for example, an IP phone or a wireless access point).

Port mirroring allows an Ethernet switch to make a copy of frames seen on one switch port and send those copies out of another Ethernet switch port, to which a network analyzer might be attached.

Spanning Tree Protocol (STP) is an Ethernet switch feature that allows redundant Layer 2 connections between multiple Ethernet switches, while preventing a topological loop from forming (which could result in symptoms such as broadcast storms).

toutbien commented 10 months ago

` image

toutbien commented 10 months ago

Three different QoS mechanisms are commonly used: best effort integrated services (IntServ) differentiated services (DiffServ)

Differentiated services is the most common; it classifies traffic and marks it based on the configured rules.

Integrated services is also referred to as hard QoS because it establishes strict bandwidth reservations throughout the proposed path using the Resource Reservation Protocol (RSVP).

toutbien commented 10 months ago

The primary method used to detect and prevent attacks using intrusion detection system (IDS) or intrusion prevention system (IPS) technologies is signature-based. A signature could be a string of bytes, in a certain context, that triggers detection.

With a policy-based approach, the IDS/IPS device needs a very specific declaration of the security policy. For example, you could write a network access policy that identified which networks could communicate with other networks. The IDS/IPS device could then recognize out of profile traffic, which did not conform to the policy, and then report that activity.

With statistical anomaly detection, an IDS/IPS device watches network traffic patterns over a period of time and dynamically builds a baseline. Then, if traffic patterns significantly vary from the baseline, an alarm can be triggered.

Non-statistical anomaly detection allows an administrator to define what normal traffic patterns are supposed to look like.

toutbien commented 10 months ago

Session Initiation Protocol (SIP) is a VoIP signaling protocol. (session SIP signal) Real-time Transport Protocol (RTP) is a VoIP protocol that carries voice media (as opposed to signaling). (RTP looks like reporter in real time with voice)

A hub-and-spoke topology enables you to minimize costs by not directly connecting any two spoke locations. A ring topology would connect all remote locations to each other. A full mesh would also connect all remote locations, and a partial mesh topology would connect some. The full mesh provides the greatest failover because every site is connected to every other site.

toutbien commented 10 months ago

The 802.11a WLAN standard has a maximum bandwidth of 54 Mbps. A The 802.11b WLAN standard has a maximum bandwidth of 11 Mbps. B The 802.11g WLAN standard has a maximum bandwidth of 54 Mbps. G The 802.11n WLAN standard has a maximum bandwidth greater than 300 Mbps. N

toutbien commented 10 months ago

Nslookup permits the simple and straightforward verification of DNS. No other tool listed here permits that level of DNS troubleshooting. Ping can do a simple test that DNS resolution is working, but it cannot provide details.

show interface: This command permits the examination of the statistics and the status of the interfaces on the network system.

show config: This command (or some variation of it) is used to examine the configuration of the network device. For example, on a Cisco router, the show running-configuration command permits you to see the current configuration of the device. This configuration is stored in the RAM of the device. To view the saved configuration that is loaded when the system is rebooted, you can use the show startup-configuration command.

show route: This command (or some variation of it) is used to view the routing table configuration of the network device. On a Cisco router, you can use show ip routeto view the IPv4 routing table.

show mac-address table: This command is used to view the contents of the MAC address table on a switch, which normally includes dynamically learned L2 source addresses on a specific interface. On a Cisco switch, the specific command is show mac-address table.

toutbien commented 10 months ago
toutbien commented 10 months ago

Technologies: Personal mode: WLAN security based on PSK technology is called personal mode.

IEEE 802.1X: Rather than having all devices in a WLAN be configured with the same PSK, a more scalable approach is to require all wireless users to authenticate using their own credentials (for example, a username and password).

Enterprise mode: WLAN security based on IEEE 802.1X and a centralized authentication server such as RADIUS is called enterprise mode.

**MAC address filtering: An AP can be configured with a listing of MAC addresses that are permitted to associate with the AP.**

toutbien commented 10 months ago

A routing metric is a parameter (or parameters) used by a routing protocol to make a route selection. OSPF uses a metric of cost, which is based on the link speed between two routers.

Hop count is the metric of RIP. RIP uses a metric of hop count, which is the number of routers that must be transited to reach a destination network.

Reliability and delay can only be used by EIGRP. EIGRP’s metric can used multiple parameters (that is, bandwidth, delay, reliability, load, and MTU). However, by default, EIGRP uses bandwidth and delay as its two metric components.

toutbien commented 10 months ago

The core layer is all about moving massive amounts of data in the enterprise network. Devices that are common at this layer include very high-speed routers and multilayer switches.

The distribution/aggregation layer is critical in the design. It is this layer that is responsible for connecting the access layer, and the many devices inside it, to the rest of the world and the valuable data that must be accessed. Devices that are common at this layer include high-speed routers, high-speed multilayer switches, firewalls, intrusion prevention devices, and proxy servers.

The access/edge layer is all about ensuring your (authorized!) users can access the network with ease and in a high-bandwidth fashion. The access layer is closest to your end users. Devices that are common at this layer include laptops, desktops, tablets, smartphones, inexpensive Layer 2 switches (access layer switches), and wireless access points (APs).

toutbien commented 10 months ago

10BASE2 Ethernet (also known as thinnet) uses coax cable, has a bandwidth capacity of 10 Mbps, and a distance limitation of 185 m. 10BASE5 Ethernet (also known as thicknet) uses coax cable, has a bandwidth capacity of 10 Mbps, and a distance limitation of 500 m. 10BASE-T Ethernet uses Cat 3 (or higher) UTP, has a bandwidth capacity of 10 Mbps, and a distance limitation of 100 m. 100BASE-TX Ethernet uses Cat 5 (or higher) UTP cable, has a bandwidth capacity of 100 Mbps, and a distance limitation of 100 m.

toutbien commented 10 months ago

A network that has “six nines” of availability is up and operational 99.9999 percent of the time. This equates to a maximum yearly downtime of approximately 30 seconds. A network that has “four nines” of availability is up and operational 99.99 percent of the time. This equates to a maximum yearly downtime of approximately 50 minutes. A network that has “three nines” of availability is up and operational 99.9 percent of the time. This equates to a maximum yearly downtime of approximately nine hours.

toutbien commented 10 months ago

A Smurf attack can use Internet Control Message Protocol (ICMP) traffic, directed to a subnet, to flood a target system with Ping replies. (there are a ton of smurfs)

FTP supports a variety of commands for setting up a session and managing file transfers. One of these commands is the PORT command and can, in some cases, be used by an attacker to access a system that would otherwise deny the attacker. This type of attack is called an “FTP bounce” attack.

A denial-of-service (DoS) attack occurs when an attacker sends the target system a flood of data or requests that consume the target system’s resources.

A distributed denial-of-service (DDoS) attack can increase the amount of traffic flooded to a target system, as compared to a DoS attack. Specifically, the attacker compromises multiple systems, and those compromised systems, called “zombies,” can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.

toutbien commented 10 months ago

An IPv6 Address (AAAA) record is used to map a hostname to an IPv6 address.

A Start of Authority (SOA) record provides authoritative information about a DNS zone, such as: e-mail contact information for the zone’s administrator, the zone’s primary name server, and various refresh timers.

A Mail Exchange (MX) record maps a domain name to an e-mail (or message transfer agent) server for that domain.

toutbien commented 10 months ago

Time Division Multiplexing (TDM) is a technology that allows multiple conversations to share the same transmission medium.

Cable television companies have a well established and wide reaching infrastructure for television programming. This infrastructure might contain both coaxial and fiber optic cabling. Such an infrastructure is called a hybrid fiber-coax (HFC) distribution network.

A DSL Access Multiplexer (DSLAM) is a device often located at a telephone central office (CO) that terminates and aggregates multiple DSL connections from customer