Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
185 Cards in this Set
- Front
- Back
|
CAT 3
|
UTP
Up to 10 Mbps 16 MHz Can be used for 10Mbs Ethernet but usually used for phone lines |
|
|
CAT 4
|
16 Mbps
20 MHz 4 Wire Pairs |
|
|
CAT 5
|
UTP
4 Wire pairs 1000 Mbps 100 MHz At least 12 twists per foot |
|
|
CAT 5e
|
High grade CAT 5
High Quality Copper Wires High twist-ratio advanced methods to reduce crosstalk and attenuation 350 MHz |
|
|
CAT 6
|
Four wire pairs wrapped in foil insulation
additional insulation for center wire pair fire resistant sheath 250MHz |
|
|
CAT 6e
|
Higher grade CAT 6
550 MHz Data throughputs at mulit-Gbps rates |
|
|
CAT 6a
|
550 MHz
10 Gbps No farther than 100m |
|
|
CAT 7
|
Each wire pair is surrounded by a shield
All wire pairs shielded again together 1GHz, but requires special connectors Large, less flexible, uncommon |
|
|
RFI
|
Radio Frequency Interference
|
|
|
EMI
|
Electromagnetic Interference
|
|
|
D Connector
|
Used on Coax Cable
Shaped like a D # of Pins Vary, depends on the name DB9 (9 pins), DB25 (25 pins) |
|
|
DIX Connector
|
Used with 10Base5 Cables
resembles connector that attaches a game controller to a port usually located on the back of the NIC |
|
|
RJ-11
|
Twisted Pair cable
Used on telephone systems |
|
|
RJ-45
|
Twisted Pair cable
Used with data systems |
|
|
What color wires in the RJ-45 does 10BaseT and 100BaseT ethernet use?
|
Green Pair and Orange Pair
These are the wires that are switched in a crossover cable. |
|
|
Cross Over Cable
|
Used to connect two computers together
|
|
|
Straight Through Cable
|
Used to connect a computer to a router or modem. Not used to connect directly to another computer's NIC
|
|
|
Rollover Cable
|
Less common than crossover or Straight through. Wires are exactly the opposite of the straight through cable. Used to connect to a NETWORK DEVICES CONSOLE PORT. Typically light blue.
AKA Null Modem Cable |
|
|
Name and describe Fiber Cable connectors
|
ST- Straight Tip, similar to BNC
SC-Square Connector, snaps into place MT-RJ- Mechanical Transfer Registered Jack. Small and used if space is an issue due to amount of cabling. LC- Locking Connector, becoming more popular that MT-RJ. Used with Gb Ethernet. |
|
|
Name the order of EIA/TIA 568B Standard wiring.
|
Orange Stripe, Orange, Green Stripe, Blue, Blue Stripe, Green, Brown Stripe, Brown
|
|
|
MDF
|
Main Distribution Frame
AKA Equipment Room |
|
|
Max recommended distance between devices and wiring closets?
|
90m
|
|
|
Fiberoptic Cable's distance limitations
|
2000m for Multimode
3000m for Single Mode |
|
|
Twisted Pair Distance limitations
|
90m Data
800m for telephone |
|
|
What is a Sweep Test
|
Tests for crosstalk, attenuation, and impedance across the network's entire frequency range
|
|
|
TCP
|
TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data.
|
|
|
IP
|
-This is a connectionless protocol, IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.
|
|
|
UDP
|
A connectionless, datagram service that provides an unreliable, best-effort delivery
|
|
|
ICMP
|
Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities.
|
|
|
SMTP
|
Used to reliably send and receive mail over the Internet.
|
|
|
FTP
|
File transfer protocol is used for transferring files between remote systems. Must resolve host name to IP address to establish communication. It is connection oriented (i.e. verifies that packets reach destination).
|
|
|
TFTP
|
Same as FTP but not connection oriented.
|
|
|
POP3
|
Post Office Protocol. A POP3 mail server holds mail until the workstation is ready to receive it.
|
|
|
IMAP
|
Like POP3, Internet Message Access Protocol is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP4) is a client/server protocol in which e-mail is received and held for you by your Internet server.
|
|
|
TELNET
|
Provides a virtual terminal or remote login across the network that is connection-based. The remote server must be running a Telnet service for clients to connect.
|
|
|
HTTP
|
The Hypertext Transfer Protocol is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. It is the protocol controlling the transfer and addressing of HTTP requests and responses.
|
|
|
HTTPS
|
Signifies that a web page is using the Secure Sockets Layer (SSL) protocol and is providing a secure connection. This is used for secure internet business transactions.
|
|
|
NTP
|
Network Time Protocol is a protocol that is used to synchronize computer clock times in a network of computers.
|
|
|
SNMP
|
Stands for Simple Network Management Protocol and is used for monitoring and status information on a network. SNMP can be used to monitor any device that is SNMP capable and this can include computers, printers, routers, servers, gateways and many more using agents on the target systems
|
|
|
SIP
|
Stands for Session Initiation Protocol and is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP).
|
|
|
RTP
|
Real-time Transport Protocol is the audio and video protocol standard used to deliver content over the Internet
|
|
|
IGMP
|
Internet Group Management Protocol is used to manage Internet Protocol multicast groups. IP hosts and adjacent multicast routers use IGMP to establish multicast group memberships. IGMP is only needed for IPv4 networks
|
|
|
TLS
|
Transport Layer Security is a cryptographic protocol that provides security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
|
|
|
Port for FTP
|
20, 21
|
|
|
Port for SSH
|
22
|
|
|
Port for TELNET
|
23
|
|
|
Port for SMTP
|
25
|
|
|
Port for DNS
|
53
|
|
|
Port for DHCP
|
67
|
|
|
Port for TFTP
|
69
|
|
|
Port for HTTP
|
80
|
|
|
Port for POP3
|
110
|
|
|
Port for NTP
|
123
|
|
|
Port for IMAP4
|
143
|
|
|
Port for SNMP
|
161
|
|
|
Port for HTTPS
|
443
|
|
|
Address range for Class A networks
|
1-126
|
|
|
Address range for Class B networks
|
128-191
|
|
|
Address range for class C networks
|
192-223
|
|
|
What are the IP address ranges for private networks?
|
10.0.0.0 - 10.254.254.254
172.16.0.0 - 172.31.254.254 192.168.0.0 - 192.168.254.254 |
|
|
PAT
|
Port Address Translation is a feature of a network device that translates TCP or UDP communications made between hosts on a private network and hosts on a public network. It allows a single public IP address to be used by many hosts on a private network.
|
|
|
APIPA
|
Stands for Automatic Private Internet Protocol Addressing. Client systems that are configured for dynamic IP assignment will use this if DHCP fails.
|
|
|
Link State routing protocols
|
Each router calculates the next best logical hop from it to every possible known destination which forms the node's routing table.
|
|
|
Open Shortest Path First (OSPF)
|
OSPF is an interior gateway protocol (IGP) that routes IP packets within a single routing domain and was designed to support variable-length subnet masking (VLSM) and Classless Inter-Domain Routing (CIDR) addressing.
|
|
|
Intermediate System to Intermediate System (IS-IS)
|
Each router independently builds a picture of the network's topology based on the data received and the best topological path through the network to the destination. IS-IS is an Interior Gateway Protocol (IGP) typically used on larger networks.
|
|
|
Distance-vector routing protocols
|
uses distance as one factor and the vector as the other to determine against the known routing tables to deliver data to source and destination locations. Routers using the distance-vector routing protocol will update other routers of topology changes periodically when a change is detected in the topology of a network
|
|
|
Routing Information Protocol (RIPv1)
|
RIP is a distance-vector routing protocol using “hop count” as a routing metric. The maximum number of hops allowed for RIP is 15 which effectively limits the size of networks that RIP can support.
|
|
|
Routing Information Protocol (RIPv2)
|
improved upon RIPv1 by having the ability to include subnet information with its updates which allows for Classless Inter-Domain Routing (CIDR) support. The 30 second proactive broadcast has been eliminated in favor of multicast advertisements for its updates. The 15 hop count limit remains so that the devices are backwards compatible with RIPv1 devices
|
|
|
Border Gateway Protocol (BGP)
|
is the core routing protocol of the Internet. It maintains a table of IP networks and the data that designates where and how to reach each network through autonomous systems (AS). BGP makes routing decisions based on path, network policies and / or rule sets.
|
|
|
Enhanced Interior Gateway Routing Protocol (EIGRP)
|
Proprietary from Cisco. Contains 3 tables: the Neighbor Table which stores the information about neighboring routers, the Topology Table which contains only the information and data regarding the routing tables from directly connected neighbors and the Routing table which stores the actual routes to all destinations.
|
|
|
802.11a
|
54 mbps
100 ft 5 GHz |
|
|
802.11b
|
11 mbps
300 ft 2.4 GHz |
|
|
802.11g
|
54 mbps
300 ft 2.4 GHz |
|
|
802.11n
|
540 mbps
600 ft 5 GHz and/or 2.4 GHz |
|
|
RADIUS
|
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS is often used by ISPs and enterprises to manage access to the Internet or internal networks, and wireless networks.
|
|
|
Plenum grade cabling
|
is required if the cabling will be run between the ceiling and the next floor (this is called the plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses when burned.
|
|
|
ST connector
|
fiber optic connector which uses a plug and socket which is locked in place with a half-twist bayonet lock. The ST connector was the first standard for fiber optic cabling. ST Connectors are half-duplex.
|
|
|
SC connector
|
fiber optic connector with a push-pull latching mechanism which provides quick insertion and removal while also ensuring a positive connection. SC Connectors are half-duplex.
|
|
|
LC connector
|
Fiber Optic cable just like a SC connector only it is half the size. Like SC connectors, LC connectors are half-duplex.
|
|
|
RS-232
|
The connector is a DB-9 or DB-25 connector. Serial connector for external devices.
|
|
|
568A and 568B
|
The number 568 refers to the order in which the individual wires inside a CAT 5 cable are terminated. The only difference between the two standards is that the green and orange pins are terminated to different pins.
|
|
|
Straight through vs Crossover
|
A straight through cable uses either the 568A or 568B wiring standard and is used for connecting devices to routers, hubs, switches, etc. An crossover cable is used to connect computing devices together directly (i.e. connecting 2 computers directly together). A crossover cable uses the 568A standard on one end and 568B on the other end.
|
|
|
Rollover cable
|
(also known as Cisco console cable) is a type of null-modem cable that is most commonly used to connect a computer terminal to a router's console port.
|
|
|
loopback cable
|
- A loopback cable redirects the output back into itself and is used for troubleshooting purposes (loopback test). This effectively gives the NIC the impression that it is communicating on a network, since its able to transmit and receive communications.
|
|
|
ATM
|
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps
|
|
|
SONET
|
SONET and SDH are a set of related standards for synchronous data transmission over fiber optic networks. SONET is short for Synchronous Optical NETwork and SDH is an acronym for Synchronous Digital Hierarchy. Up to 40Gbps.
|
|
|
ISDN
|
Integrated Services Digital Network (ISDN) is comprised of digital telephony and data-transport services offered by regional telephone carriers
|
|
|
Cable modem
|
512 Kbps to 52 Mbps
Coaxial |
|
|
ISDN PRI
|
1,544kbps
Twisted-pair |
|
|
Packet vs Circut Switching
|
Packet switching divides the packets up and reassembles them at the destination.
Circuit Switching has a dedicated connection and transmits the data in sequence. Used for real time data like live audio and video. |
|
|
10Base-T
|
Category 3 or better UTP cable
RJ-45 100 meters (328 ft) 10 mbps |
|
|
100Base-TX
|
Cat 5 twisted pair
RJ-45 100 meters (328 ft) 100 mbps |
|
|
100Base-FX
|
Fiber Optic
ST, SC 2000 meters 100 mbps |
|
|
1000Base-T
|
CAT5e or higher
RJ-45 100 meters (328 ft) 1 gbps |
|
|
1000Base-LX
|
Laser over fiber
SC Up to 5000 meters 1 gbps |
|
|
1000Base-SX
|
Short wavelength laser over fiber
SC Up to 550 meters 1 gbps |
|
|
10GBASE-SR
|
Shortwave laser over multi-mode fiber optics
LC, SC 300 meters 10 Gbps |
|
|
10GBASE-LR
|
Laser over single-mode fiber optics
LC, SC 2000 meters 10 Gbps |
|
|
10GBASE-ER
|
Laser over either single or multi-mode fiber
LC, SC 40 kilometers 10 Gbps |
|
|
10GBASE-SW
|
Shortwave laser over multi-mode fiber optics
LC, SC 300 meters 10 Gbps |
|
|
10GBASE-LW
|
Laser over single-mode fiber optics
LC, SC 2000 meters 10 Gbps |
|
|
10GBASE-EW
|
Laser over either single or multi-mode fiber
LC, SC 40 kilometers 10 Gbps |
|
|
10GBASE-T
|
Cat 5e (or higher) twisted pair
RJ-45 100 meters (328 ft) 10 Gbps |
|
|
CSMA/CD
|
CSMA/CD forces computers to “listen” to the wire before sending in order to make sure that no other host on the wire is sending.
|
|
|
Vertical Cross Connect
|
is a location within a building where cables originate and / or are terminated, reconnected using jumpers or pass throughs or are connected to patch panels or other similar devices where the locations are from upper or lower floors in the building.
|
|
|
Horizontal Cross Connect
|
similar to Vertical Cross Connect locations; these are within a building where cables originate and / or are terminated but these locations are all on the same floor or building level.
|
|
|
Intermediate Distribution Frame (IDF)
|
is another place much like a Horizontal Cross Connect location or a Vertical Cross Connect location where network administrators can physically change the network media around and where they can house other needed network equipment such as routers, switches, repeaters and so forth.
|
|
|
Smart Jack
|
is a network connection device that is used to connect your internal network to an external service provider network. The device handles all of the code and protocol differences between the two networks and is often the actual demarcation point between the two service entities.
|
|
|
Hub
|
A physical layer network device used to connect multiple Ethernet devices together. Active hubs act as a repeater and boost the signal in order to allow for it to travel farther, while passive hubs simply pass the signal through.
|
|
|
Load Balancer
|
A load balancer is a hardware and/or software solution that provides load balancing services. Load balancing is used to distribute workloads evenly across two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload
|
|
|
Bandwidth Shaper
|
Server based software. From this server, administrators can control who uses bandwidth, for what, and when. Bandwidth shaping establishes priorities to data traveling to and from the Internet and within the network.
|
|
|
Spanning Tree Protocol
|
prevents loops where there exists more than one path between segments.
|
|
|
Trunking
|
Trunk links provide VLAN identification for frames traveling between switches. The VLAN trunking protocol (VTP) is the protocol that switches use to communicate among themselves about VLAN configuration.
|
|
|
Port Mirroring
|
Used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port.
|
|
|
Session
|
The phases involved in a session dialog are as follows: establishment, data-transfer and termination.
|
|
|
Transport
|
Provides flow control, error handling, and is involved in correction of transmission/reception problems. It also breaks up large data files into smaller packets, combines small packets into larger ones for transmission, and reassembles incoming packets into the original sequence.
|
|
|
Network
|
Addresses messages and translates logical addresses and names into physical addresses. It also manages data traffic and congestion involved in packet switching and routing.
|
|
|
Quality of Service
|
is a set of parameters that controls the level of quality provided to different types of network traffic. QoS parameters include the maximum amount of delay, signal loss, noise that can be accommodated for a particular type of network traffic, bandwidth priority, and CPU usage for a specific stream of data.
|
|
|
Traffic Shaping
|
any action on a set of packets (often called a stream or a flow) which imposes additional delay on those packets such that they conform to some predetermined constraint (a contract or traffic profile).Traffic shaping provides a means to control the volume of traffic being sent into a network in a specified period (bandwidth throttling), or the maximum rate at which the traffic is sent (rate limiting)
|
|
|
Crosstalk
|
Symptoms: Slow network performance and/or an excess of dropped or unintelligible packets. In telephony applications, users hear pieces of voice or conversations from a separate line.
Causes: Generally crosstalk occurs when two cables run in parallel and the signal of one cable interferes with the other. Crosstalk can also be caused by crossed or crushed wire pairs in twisted pair cabling. Resolution: the use of twisted pair cabling or digital signal can reduce the effects of crosstalk. Maintaining proper distance between cables can also help. |
|
|
Steps of the troubleshooting methodology
|
Gather Information on the Problem
Identify The Affected Area Determine If Anything Has Changed Establish The Most Probable Cause Determine If Escalation Is Necessary Implement and Test the Solution Identify the Results and Effects of the Solution Document the Process and Solution |
|
|
Near-End Crosstalk
|
Symptoms: Slow response from the network.
Causes: Attenuation is the degradation of signal strength. Resolution: Use shorter cable runs, add more access points, and/or add repeaters and signal boosters to the cable path. Or, evaluate the environment for interference. The interference you would look for would depend on the spectrum used. |
|
|
Collisions
|
Symptoms: High latency, reduced network performance, and intermittent connectivity issues.
Causes: Collisions are a natural part of Ethernet networking as nodes attempt to access shred resources. Resolution: Depends on the network. For example, replacing a hub with a switch will often solve the problem. |
|
|
Shorts
|
Symptoms: Electrical shorts—complete loss of signal.
Causes: Two nodes of an electrical circuit that are meant to be at different voltages create a low- resistance connection causing a short circuit. Resolution: Use a TDR to detect and locate shorts. Replace cables and connectors with known working ones. |
|
|
Open Impedance Mismatch
|
Symptoms: Also known as echo, the tell-tale sign of open mismatch is an echo on either the talker or listener end of the connection.
Causes: The mismatching of electrical resistance. Resolution: Use a TDR to detect impedance. Collect and review data,interpret the symptoms, and determine the root cause in order to correct the cause. |
|
|
Interference
|
Symptoms: Crackling, humming, and static are all signs of interference. Additionally, low throughput, network degradation, and poor voice quality are also symptoms of interference.
Causes: RFI can be caused by a number of devices including cordless phones, Blue-Tooth devices, cameras, paging systems, unauthorized access points, and clients in ad-hoc mode. Resolution: Remove or avoid environmental interferences as much as possible. This may entail simply turning off competing devices. Ensure there is adequate LAN coverage. To resolve problems proactively, test areas prior to deployment using tools such as spectrum analyzers. |
|
|
Port Speed
|
Symptoms: No or low speed connectivity between devices.
Causes: Ports are configured to operate at different speeds and are therefore incompatible with each other. Resolution: Verify that equipment is compatible and operating at the highest compatible speeds. For example, if a switch is running at 100 Mbs, but a computer’s NIC card runs at10 Mbs, the computer will run at the slower speed (10 Mbs). Replace the card with one that runs at 100 Mbs and throughput will be increased to the higher level (or at least higher levels since there are variables such as network congestion, etc.) |
|
|
Port Duplex Mismatch
|
Symptoms: Late collisions, alignment errors, and FCS errors are present during testing.
Causes: Mismatches are generally caused by configuration errors. These occur when the switch port and a device are configured to use a different duplex setting or when both ends are set to auto-negotiate the setting. Resolution: Verify that the switch port and the device are configured to use the same duplex setting. This may entail having to upgrade one of the devices. |
|
|
Incorrect VLAN
|
Symptoms: No connectivity between devices.
Causes: Devices are configured to use different VLAN’s Resolution: Reconfigure devices to use the same VLAN. |
|
|
Incorrect IP Address
|
Symptoms: No connectivity between devices.
Causes: Either the source or destination device has an incorrect IP address. Resolution: Use the ping command to determine if there is connectivity between devices. Resolution will depend on the problem. If a network is running a rouge DHCP server, for example, two computers could have leased the same IP address. Check TCP/IP configuration information using ipconfig /all on Window machines and ifconfig on Linux/UNIX/Apple machines. In that case troubleshoot DHCP (it may be off line, etc.). It could be the case that a static IP address was entered incorrectly. Check IP addresses; empty the arp cache on both computers. |
|
|
Wrong Gateway
|
Symptoms: No connectivity between devices.
Causes: The IP address of the gateway is incorrect for the specified route. Resolution: Change the IP address of the gateway to the correct address. |
|
|
Wrong DNS
|
Symptoms: No connectivity between devices.
Causes: A device is configured to use the wrong DNS server. Resolution: Open the network properties on a Windows machine. Open TCP/IP properties and check the IP address of the DNS server listed for the client. Put in the correct IP address. Test for connectivity. |
|
|
Wrong Subnet Mask
|
Symptoms: No connectivity between devices.
Causes: Either the source or destination device has an incorrect subnet mask. Resolution: Use the ping command to determine if there is connectivity between devices. Check the IP address on both devices. Change the incorrect subnet mask to a correct subnet mask. Test for connectivity. |
|
|
Issues that should be ID’d but Escalated
|
Switching Loop: Need spanning tree protocol to ensure loop free topologies.
Routing Loop: Packets are routed in a circle continuously. Route Problems: Packets don’t reach their intended destination. This could be caused by a number of things: configuration problems, convergence (in which you have to wait for the discovery process to complete), or a broken segment (a router is down, etc.). Proxy arp: If mis-configured, DoS attacks can occur. Broadcast Storms: The network becomes overwhelmed by constant broadcast traffic. |
|
|
Traceroute
|
A command-line troubleshooting tool that enables you to view the route to a specified host. This will show how many hops the packets have to travel and how long it takes. In Windows operating systems, the command used is "tracert".
|
|
|
NSLOOKUP
|
This is a command that queries a DNS server for machine name and address information. Originally written for Unix operating systems, this command is now available on Windows and other operating systems. To use nslookup, type "nslookup" followed by an IP address, a computer name, or a domain name. NSLOOKUP will return the name, all known IP addresses and all known aliases (which are just alternate names) for the identified machine. NSLOOKUP is a useful tool for troubleshooting DNS problems.
|
|
|
Hostname
|
The hostname command is used to show or set a computer's host name and domain name. It is one of the most basic of the network administrative utilities. A host name is a name that is assigned to a host (i.e., a computer connected to the network) that uniquely identifies it on a network and thus allows it to be addressed without using its full IP address. Domain names are user-friendly substitutes for numeric IP addresses.
|
|
|
Dig (domain information groper)
|
Dig is a Linux/Unix tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.
|
|
|
Mtr
|
Mtr is a Linux command line tool that combines the functionality of the traceroute and ping programs in a single network diagnostic tool.
|
|
|
Route
|
The route command is used to display and manipulate a local routing table. Examples of its use include adding and deleting a static route. This tool is available in Unix, Linux and Windows.
|
|
|
NBTSTAT
|
Is a Windows utility used to troubleshoot connectivity problems between 2 computers communicating via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS name cache and gives MAC address.
|
|
|
NETSTAT
|
Is a Windows, Linux, and Unix command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
|
|
|
Cable Testers
|
Cable testers are electronic devices used to test a cable's integrity by checking for opens and shorts which can cause connectivity problems.
|
|
|
Protocol Analyzers
|
This tool is used to monitor network traffic and display packet and protocol statistics and information. As far as we're concerned, it is pretty much the same thing as a packet sniffer. Most tools sold today combine the functions of the listening device (packet sniffer) and the analytical device (packet analyzer).
|
|
|
Certifiers
|
Certifiers are a tool that tests cables in order to ensure that they will perform the job intended. This includes checking the speed loads that it can handle.
|
|
|
TDR (Time Domain Reflectometer)
|
Sends a signal down a cable and measures the distance that the signal travelled before bouncing back (like sonar). Used to find opens and shorts in cables.
|
|
|
Multimeter
|
A multimeter, also known as a volt/ohm meter, is an electronic measuring instrument used to measure voltage, current and resistance.
|
|
|
Butt Set
|
A portable telephone that connects to a line using alligator clips and is used to test telephone circuits.
|
|
|
Voltage Event Recorder
|
Captures and logs electrical current information for devices which can then be accessed on a PC. Mostly used for mission critical devices such as those found in a hospital.
|
|
|
Application Layer vs. Network Layer Firewall
|
Stateful firewalls maintain pertinent information about any active sessions they have will speed packet processing using this information. This might include source and destination IP address, UDP or TCP ports, and other details about the connection such as the session initiation, type of data transfer and so forth. With Stateful processing if a packet does not match a currently established connection, it will be evaluated according to the rule set for new connections. If it does match it will be allowed to pass without needing to be compared to the rule sets in use. Stateless firewalls treat all of the packets on the network in isolation and independently from all of the other traffic on the wire. They have no way to know if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
|
|
|
Stateful vs. Stateless
|
Stateful firewalls maintain pertinent information about any active sessions they have will speed packet processing using this information. This might include source and destination IP address, UDP or TCP ports, and other details about the connection such as the session initiation, type of data transfer and so forth. With Stateful processing if a packet does not match a currently established connection, it will be evaluated according to the rule set for new connections. If it does match it will be allowed to pass without needing to be compared to the rule sets in use. Stateless firewalls treat all of the packets on the network in isolation and independently from all of the other traffic on the wire. They have no way to know if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
|
|
|
Scanning Services
|
the process that is used by all firewalls to review the packets that are passing through them. Sometimes they will just review the header information or they may be configured to look at the data as well. More advanced firewalls might also combine virus detection and / or other forms of malware detection as part of their scanning process to halt the transmission of suspect packets through the device.
|
|
|
Content Filtering
|
generally used at the application level to restrict or prevent access to websites that are not approved for work use, to block sites with objectionable material, or on a corporate black list for one reason or another. Content could be filtered in many different ways from suspect keywords, images on the site, downloadable files present, or site content labeling as defined by the website host itself (e.g. an adult site that defines itself as such – the content filter would review the site content level and apply the filter).
|
|
|
Signature Identification
|
a method of indentifying certain types of traffic based on a known behavior of that traffic. A firewall would know based on the signature definition comparison whether the traffic should be allowed to pass as permitted (e.g. http traffic or DNS traffic) or whether to deny traffic (e.g. repeated attempts to connect to multiple systems from multiple sessions, appearing as a possible Distributed Denial of Service (DDoS) attack.
|
|
|
Zones
|
demarcation points from one network type to another. Networks internal to a company are considered internal zones or intranets. A network external to the internal network is generally considered “the internet” or external zones. If there is a network that the company manages that is not a part of the internal intranet but is in place between the intranet and the internet this is called the demilitarized zone or the DMZ. The main purpose of this zone is to act as an additional layer of security buffer between the intranet and the internet.
|
|
|
ACL (Access Control List)
|
An ACL is a table in an operating system or network device (such as a router) that denies or allows access to resources.
MAC Filtering - This method controls access based on the unique MAC address assigned to all network devices. IP Filtering - This method controls access based on the IP addresses (or a range of addresses) of network devices. |
|
|
SSL VPN (Secure Sockets Layer virtual private network)
|
This is a VPN that runs on SSL and is accessible via https over a web browser. It allows users to establish secure remote access sessions from virtually any Internet connected browser. Unlike a traditional VPN, this method does not require the use of IPSec. The benefit of this solution is that it allows clients to access a corporate network from nearly anywhere which is not practical with a typical VPN.
|
|
|
VPN (Virtual Private Network)
|
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP) or IPSec. In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted.
|
|
|
L2TP (Layer 2 Tunneling Protocol)
|
L2TP is an extension of the Point-to-Point Tunneling Protocol (PPTP) used on VPNs. L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. As a tunnelling protocol, L2TP does not include encryption, but is often used with IPsec provide VPN connections from remote users to a remote network.
|
|
|
IPSec (Internet Protocol Security)
|
IPsec is a protocol suite that ensures confidentiality, integrity, and authenticity of data communications across a public network by authenticating and encrypting each IP packet of a data stream. IPSEC is made of two different protocols: AH and ESP. AH (Authentication header) is responsible for authenticity and integrity, while ESP (Encapsulating Security payload) encrypts the payload. IPSec is often used in conjunction with L2TP on VPNs.
|
|
|
RAS (Remote Access Service)
|
RAS refers to any combination of hardware and software to enable remote access to a network. A RAS server is a specialized computer which aggregates multiple communication channels together. An example of this would be a server that dial-up users dial into. The term was originally coined by Microsoft during the Windows NT era and is now called Routing and Remote Access Service (RRAS).
|
|
|
RDP (Remote Desktop Protocol)
|
Originally released with Windows NT 4.0 Terminal Services, RDP 4.0 allowed users to connect to a computer and remotely control (AKA Shadow) it. With the release of Windows Vista and upcoming Windows Longhorn, version 6.0 will allow one to connect to specific applications rather than the entire desktop of the remote computer. Remote Desktop allows systems administrators to remotely connect to a user's computer for technical support purposes, or connect to a server for maintenance and administration purposes. By default, RDP uses TCP port 3389.
|
|
|
PPPoE (Point to Point Protocol over Ethernet)
|
In the past, most internet users were connected to the internet via a serial modem using PPP, however, current technologies have replaced dial-up internet connections with DSL and cable, for example. In short, PPPoE is a network protocol for encapsulating PPP frames in Ethernet frames.
|
|
|
PPP (Point to Point Protocol)
|
provides a method for connecting a personal computer to the Internet using a standard phone line and a modem using a serial connection (Dial-up). PPP replaced SLIP as the standard for dial-up connections as it supports more protocols than just TCP/IP.
|
|
|
VNC (Virtual Network Computing)
|
VNC makes it possible to interact with a computer from any computer or mobile device on the Internet. Unlike Microsoft's RDP, VNC offers cross-platform support allowing remote control between different types of computers. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa.
|
|
|
ICA (Independent Computing Architecture)
|
ICA is a proprietary protocol for an application server system, designed by Citrix Systems. Products conforming to ICA are Citrix's WinFrame, Citrix XenApp (formerly called MetaFrame/Presentation Server), and Citrix XenDesktop products. These permit ordinary Windows applications to be run on a Windows server, and for any supported client to gain access to those applications. Besides Windows, ICA is also supported on a number of Unix server platforms and can be used to deliver access to applications running on these platforms. There is a wide range of clients supported including Windows, Mac, Unix, Linux, and various Smartphones.
|
|
|
PKI (Public Key Infrastructure)
|
A public key infrastructure (PKI) is the combination of software, encryption technologies, processes, and services that enable an organization to secure its communications and business transactions. PKI uses a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
|
|
|
Kerberos
|
Invented by MIT, this protocol has been evolving in the Unix world for over a decade and has become a standard in Windows operating systems. Kerberos is a network authentication protocol which utilizes symmetric cryptography to provide authentication for client-server applications. The core of a Kerberos architecture is the KDC (Key Distribution Server) that serves as the trusted third party and is responsible for storing authentication information and using it to securely authenticate users and services. In order for this security method to work, it is paramount that the KDC is available and secure. The clocks of all hosts involved must be synchronized as well.
|
|
|
AAA
|
AAA commonly stands for “authentication, authorization and accounting”.
|
|
|
RADIUS (Remote Authentication Dial In User Service)
|
RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management and provides a method that allows multiple dial-in Network Access Server (NAS) devices to share a common authentication database. RADIUS is often used by ISPs and enterprises to manage access to the Internet or internal networks, and wireless networks. Microsoft's answer to corporate wireless security is the use of RADIUS authentication through its Internet Authentication Services (IAS) product.
|
|
|
TACACS+ (Terminal Access Controller Access-Control System)
|
TACACS+ is a proprietary Cisco security application that provides centralized validation of users attempting to gain access to a router or network access server. The TACACS+ protocol provides authentication between the network access server and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between a network access server and a TACACS+ daemon are encrypted. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations. Another difference is that TACACS+ uses the Transmission Control Protocol (TCP) while RADIUS uses the User Datagram Protocol (UDP).
|
|
|
802.1X
|
802.1X is an IEEE Standard for port-based Network Access Control (PNAC). This standard is designed to enhance the security of wireless local area networks (WLANs) by providing an authentication framework that allows a user to be authenticated by a central authority. It is used for securing wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP).
|
|
|
CHAP (Challenge Handshake Authentication Protocol)
|
A type of authentication protocol used on PPP connections. CHAP uses a 3-way handshake in which the authentication agent sends the client program a key to be used to encrypt the user name and password. CHAP not only requires the client to authenticate itself in the beginning, but sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder.
|
|
|
MS-CHAP (MicroSoft Challenge Handshake Authentication Protocol)
|
This is Microsoft's version of CHAP and is a one-way encrypted password, mutual authentication process used in Windows operating systems. Like the standard version of CHAP, MS-CHAP is used for PPP authentication, but is considered by some to be more secure. MS-CHAPv2 was released to solve many of the problems and deficiencies of the first version.
ol) |
|
|
EAP (Extensible Authentication Protocol)
|
EAP is an extension to the Point-to-Point Protocol (PPP) was developed in response to an increasing demand to provide an industry-standard architecture for support of additional authentication methods within PPP. EAP is an authentication framework, not a specific authentication mechanism that is typically used on wireless networks. It provides some common functions and negotiation of authentication methods, called EAP methods. EAP methods can provide a secure authentication mechanism and negotiate a secure Pair-wise Master Key (PMK) between the client and NAS. The PMK can then be used for the wireless encryption session which uses TKIP or CCMP (based on AES) encryption. Strong EAP types such as those based on certificates offer better security against brute-force or dictionary attacks and password guessing than password-based authentication protocols, such as CHAP or MS-CHAP.
|
|
|
Restricting Local and Remote Access
|
A lot of local access restriction will come from physical security measures but you can also set systems to not allow local login at the console except for certain specific account names in the domain or certain specific account names in the local accounts database. With respect to remote access you can also mange the same principle of least privilege by only allowing remote access to just the individuals that absolutely need it as part of their role responsibly and by denying everyone else. Those that are allowed the access should then still need to provide at least a username and password in order to authenticate to the remote system.
|
|
|
Secure Shell (SSH)
|
Application Layer protocol in the Internet Protocol Suite that allows data to be exchanged using a secure channel between two networked devices and was designed as a replacement for Telnet and other insecure remote shells, which send information including account name information and passwords in clear text.
|
|
|
Simple Network Management Protocol version 3 (SNMPv3)
|
Application Layer protocol in the Internet Protocol Suite that is used mostly in network management systems to monitor network attached devices. Version 3 provides important security features that the prior versions did not including message integrity that ensures packets were not altered, authentication that verifies that the inbound data is from an expected source system as well as encryption for the traffic stream itself.
|
|
|
Secure File Transfer Protocol (SFTP)
|
sometimes called SSH file transfer protocol is a network protocol that provides secured, encrypted file transfer capability over TCP port 22 by default.
|
|
|
Secure Copy Protocol (SCP)
|
Application Layer protocol in the Internet Protocol Suite that leverages the Secure Shell (SSH) protocol using TCP port 22 by default to copy files from system to system on the same network or across different networks.
|
|
|
File Transfer Protocol (FTP)
|
Application Layer protocol in the Internet Protocol Suite that uses port 20 for data connections and listens on port 21. Often FTP is set up for anonymous access for the putting and getting of files. Even when user name identification is required and password authentication is request to systems using FTP it is done via clear text.
|
|
|
Remote Shell (RSH)
|
a command line program which can execute shell commands as another user and on another computer across a computer network. All of the commands that are sent are done in clear text and any authentication is also sent over the wire unencrypted. Secure Shell (SSH) is the secure replacement for this utility.
|
|
|
Remote Copy Protocol (RCP)
|
a Unix based command line utility that is used to copy data from one system to another. The utility sends unencrypted information over the network including any applicable account and password information. It has been replaced by Secure File Transfer Protocol (SFTP) which is sometimes called SSH file transfer protocol.
|
|
|
Simple Network Management Protocol versions 1 or 2 (SNMP)
|
Application Layer protocol in the Internet Protocol Suite that is used for system management and configuration. Version 1 was originally introduced in the late 80s and does not have really any applicable security features available. Authentication is performed using the “community string", which is effectively nothing more than a password and that was transmitted in clear text. Version 2 did offer some improvements in performance, security, and confidentiality but it did this through a “party-based” security system that was considered overly complex and it was not widely accepted as a result.
|
|
|
Smurf
|
his is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages in an attempt to cause massive network traffic. To accomplish this, the attacker sends ICMP echo packets to broadcast addresses of vulnerable networks with a forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies which will overload it. These types of attacks are very easy to prevent, and as a result, are no longer very common.
|
