Computer Network + Notes

Video 1
Welcome to
CompTIA Network+ 2009 Training
Basic Networking Fundamentals

Train Signal, Inc.
Ed Liberman
In this video…
• About Your Instructor and Train Signal

• What’s Covered in this Course
• Network+ Certification Objectives

Train Signal, Inc.
Ed Liberman
About your Instructor and Train Signal
About Ed Liberman
• MCT, MCP, MCSA, MCSE, MCDST, MCTS, MCITP, A+,
NET+, SERVER+
• Has worked in technology for almost 20 years.
• Have been certified and instructing IT for over 10 years.
• Volunteer time in my local community as a math tutor
for struggling grade school children.
About Train Signal

• Casual Training Method
• Scenario-Based Training
1
Train Signal, Inc.
Ed Liberman
What’s Covered in this Course
• Video 2 – Basic Networking Fundamentals

– Objective 2.7 Explain common logical network topologies and their characteristics
• Video 3 – Network Media

– Objective 2.1 Categorize standard cable types and their properties
– Objective 2.2 Identify common connector types
– Objective 2.4 Given a scenario, differentiate and implement appropriate wiring standards
– Objective 2.6 Categorize LAN technology types and properties
– Objective 2.8 Install components of wiring distribution
• Video 4 – Network Topologies

– Objective 2.3 Identify common physical network topologies
– Objective 2.5 Categorize WAN technology types and properties
– Objective 2.7 Explain common logical network topologies and their characteristics
• Video 5 – OSI Model

– Objective 4.1 Explain the function of each layer of the OSI model

Train Signal, Inc.
Ed Liberman
• Video 6 – TCP/IP
– Objective 1.1 Explain the function of common networking protocols
– Objective 1.3 Identify the following address formats
– Objective 1.4 Given a scenario, evaluate the proper use of the following addressing
technologies and addressing schemes
• Video 7 – TCP/IP Protocols

– Objective 1.1 Explain the function of common networking protocols
– Objective 1.2 Identify commonly used TCP and UDP default ports
• Video 8 – Network Devices

– Objective 3.1 Install, configure and differentiate between common network devices
– Objective 3.2 Identify the functions of specialized network devices
– Objective 3.3 Explain the advanced features of a switch
• Video 9 – Routing
– Objective 1.5 Identify common IPv4 and IPv6 routing protocols
– Objective 1.6 Explain the purpose and properties of routing

Train Signal, Inc.
Ed Liberman
• Video 10 – Wireless Networking

– Objective 1.7 Compare the characteristics of wireless communication standards
– Objective 3.4 Implement a basic wireless network
• Video 11 – Networking Command Line Tools

– Objective 5.1 Given a scenario, select the appropriate command line interface tool and
interpret the output to verify functionality
• Video 12 – Network Performance Optimization

– Objective 4.5 Explain different methods and rationales for network performance
optimization
• Video 13 – Network Tools

– Objective 5.3 Given a scenario, utilize the appropriate hardware tools
• Video 14 – Network Monitoring

– Objective 4.4 Conduct network monitoring to identify performance and connectivity
issues using the following
– Objective 5.2 Explain the purpose of network scanners
2
Train Signal, Inc.
Ed Liberman
• Video 15 – Documentation
– Objective 4.2 Identify types of configuration management documentation
– Objective 4.3 Given a scenario, evaluate the network based on configuration
management documentation
• Video 16 – Troubleshooting
– Objective 4.6 Given a scenario, implement the following network troubleshooting
methodology
– Objective 4.7 Given a scenario, troubleshoot common connectivity issues and select an
appropriate solution
• Video 17 – Network Security

– Objective 6.1 Explain the function of hardware and software security devices
– Objective 6.2 Explain common features of a firewall
– Objective 6.3 Explain the methods of network access security
– Objective 6.4 Explain methods of user authentication
– Objective 6.5 Explain issues that affect device security
– Objective 6.6 Identify common security threats and mitigation techniques

Train Signal, Inc.
Ed Liberman
Are you ready to get started?
Let’s Go!!!
Video 2
Basic Networking
Fundamentals
3
Train Signal, Inc.
Ed Liberman
In this video…
• What is a network?
• What are some of the different types of networks?
–Client/Server
–Peer-to-Peer
–LANs/CANs/MANs/WANs
• How do we make connections?
• What is a Protocol?
• Introduction to addressing
–Private vs. Public

Train Signal, Inc.
Ed Liberman
What is a network?
• The definition of a network is simple.

• A network is created when you have two or more
hosts connected together so that they can
communicate and share resources.
• A host can be any device which has a “network
interface” which allows it to connect to other
devices on a network.
• Some examples of resources which can be shared
are documents and printers.

Train Signal, Inc.
Ed Liberman
What are some of the different types of networks?
• Client/Server
–In a Client/Server network each hosts will act
specifically as a server (The provider of
resources) OR a client (The receiver of
resources).
4
Train Signal, Inc.
Ed Liberman
• Peer-to-Peer
–In a Peer-to-Peer network every host will act as a
client AND a server.

Train Signal, Inc.
Ed Liberman
• LAN – Local Area Network

–Typically refers to a network contained within a
building.

Train Signal, Inc.
Ed Liberman
• CAN – Campus Area Network

–A network spread between multiple contiguous
buildings.
5
Train Signal, Inc.
Ed Liberman
• MAN – Metropolitan Area Network

–A network spread between multiple non-
contiguous buildings within the single
metropolitan area.

Train Signal, Inc.
Ed Liberman
• WAN – Wide Area Network

–A network spread over a wide area, typically
covering multiple cities and countries.

Train Signal, Inc.
Ed Liberman
How do we make connections?
• Network hosts communicate with each other by

sending bits of information across network media.
• Network media can be wire or wireless.
• Examples of wire media are copper and fiber optic.
• Examples of wireless media are RF and infra-red.
• We will discuss all the different forms of media in
detail later in this course.
6
Train Signal, Inc.
Ed Liberman
What is a protocol?
• The definition of a protocol is a set of rules and

procedures for communication.
• In order for hosts to communicate on a network
they must agree to use a common set of rules and
procedures or in other words, must use the same
network protocol.
• Some of the common network protocols used
today are TCP/IP, IPX/SPX, NetBEUI, and Apple Talk.
• We will discuss the TCP/IP network protocol in
detail later in this course.

Train Signal, Inc.
Ed Liberman
Introduction to addressing.
• All hosts on a network must be identified with an address on

that network.
• Addressing in computer networks is similar to how addressing
works with the postal network or telephone network.
• The most typical types of addresses used in computer
networking are MAC addresses and IP addresses.
• There are both private and public forms of addressing.
– Private addressing is used to keep communications safe
within the boundaries of a private secure network.
– Public addressing is used to allow communications with
the outside world, most typically known as the Internet.
• We will discuss addressing in detail later in this course.

Train Signal, Inc.
Ed Liberman
In this video we discussed:
• What a network is.

• Different types of networks:
–Client/Server
–Peer-to-Peer
–LANs/CANs/MANs/WANs
• Network media and protocols.
• The concept of addressing.
7
Video 3
Network Media

Train Signal, Inc.
Ed Liberman
In this video…
• Wired Media
–Twisted Pair
–Coaxial
–Fiber Optic
• What the heck is the plenum?
• Common Connectors
• Wiring Standards
• LAN Technology Types
• Wiring Distribution

Train Signal, Inc.
Ed Liberman
Wired Media – Twisted Pair
• CAT 3: 10 Mbps
• CAT 5: 100 Mbps
• CAT 5e: 1000 Mbps
• CAT 6: 1000 Mbps
• All categories can travel up to
100 meters before suffering
from attenuation.
• UTP: Unshielded Twisted Pair
– Susceptible to EMI
• STP: Shielded Twisted Pair
– Protects against EMI
• Uses an RJ-45 Connector
8
Train Signal, Inc.
Ed Liberman
Wired Media - Coaxial
• Coaxial cable is made up of 4 layers:

– Copper Core
– Inner Insulator
– Shielding Wire Mesh
– Outer Insulator
• Thinnet (RG-58)
– 10 Mbps
– 185 Meters
– Uses a BNC Connector
– Has been primarily replaced by
twisted pair.
• RG-59 & RG-6
– Typically used for cable tv.

Train Signal, Inc.
Ed Liberman
Wired Media – Fiber Optic
• Fiber optic cable uses light

pulses instead of electricity to
transmit data.
• Benefits
– More Secure
– Not Susceptible to EMI
– Very Fast
– Long Distances
• Drawbacks
– More Expensive
– Not as Flexible
• Uses SC, ST, and LC Connectors

Train Signal, Inc.
Ed Liberman
What the heck is the plenum?
• An enclosed space used

for airflow.
• Usually thought of as
the space above a drop
ceiling or below a raised
floor.
• Plenum grade cable
should always be used
in a plenum space.
9
Train Signal, Inc.
Ed Liberman
Common Connectors
SC
RJ-45 RJ-11 BNC
ST
LC
RG-59 or RG-6
RS-232 Serial
Cable

Train Signal, Inc.
Ed Liberman
Wiring Standards
• EIA/TIA - 568A vs. 568B

Train Signal, Inc.
Ed Liberman
Wiring Standards
• A straight cable has 568A wiring on both ends.

• A cross-over cable has 568A on one end and 568B
on the other.
• A rollover cable has 568A on one end and the
complete reversal of wires on the other.
• A loopback cable is used to fool the computer
interface into thinking it is connected to another
device.
10
Train Signal, Inc.
Ed Liberman
LAN Technology Types – Ethernet
• Ethernet is the most common form of network

communication used in today’s local networks.
• Ethernet is known as the 802.3 standard.
• Ethernet uses the CSMA/CD access method.
• CSMA/CD stands for Carrier Sense Multiple Access
with Collision Detection.

Train Signal, Inc.
Ed Liberman
LAN Technology Types – Standard Ethernet
• 10BaseT
• 10 Base T
• 10 – How Fast = 10Mbps

• Base – Baseband vs Broadband = Baseband
• T – Type of Cable = Twisted Pair Cable

Train Signal, Inc.
Ed Liberman
LAN Technology Types – Fast Ethernet
• 100BaseTX
• 100BaseFX
• Both are 100Mbps

• Both are Baseband
• TX = Twisted Pair Cable

• FX = Fiber Optic Cable
11
Train Signal, Inc.
Ed Liberman
LAN Technology Types – Gigabit Ethernet
• 1000BaseT
• 1000BaseX
• Both are 1000Mbps or 1Gbps

• Both are Baseband
• T = Twisted Pair Cable

• X = Fiber Optic Cable

Train Signal, Inc.
Ed Liberman
LAN Technology Types – 10 Gigabit Ethernet
• 10GBaseT
• 10GBaseSR
• 10GBaseLR
• 10GBaseER
• 10GBaseSW
• 10GBaseLW
• 10GBaseEW
• All are 10Gbps

• All are Baseband
• T = Twisted Pair Cable

• SR,LR,ER = Fiber Optic Cable
• SW,LW,EW = SONET

Train Signal, Inc.
Ed Liberman
Wiring Distribution
• Cross Connects – Cable which connects you to a

backbone or provider. Typically cable found in a
wiring closet connected to a patch panel.
• Patch Panel –
• MDF – Main Distribution Frame

• IDF – Intermediate Distribution Frame
12
Train Signal, Inc.
Ed Liberman
Wiring Distribution
• 66 Block and 110 Block –
• 25 Pair and 100 Pair Cable –
• Demarc – The point at which the telephone company’s

network ends and connects to your wiring.
• Demarc Extension – An extension from where the
telephone company’s network ends and your network
truly begins.
• Smart Jack – The actual termination of a T1 line at your
office.

Train Signal, Inc.
Ed Liberman
• Different types of cabling.

• What the Plenum is and when to use plenum cable.
• Common Connectors used in network cabling.
• Wiring standards for twisted pair cable.
• Various Ethernet LAN technology types.
• Wiring distribution hardware.
Video 4
Network Topologies
13
Train Signal, Inc.
Ed Liberman
In this video…
• What does topology mean?

• Physical Network Topologies
• WAN Technologies
• What is a VPN?
• What is a VLAN?

Train Signal, Inc.
Ed Liberman
What does topology mean?
• A network topology is the layout of the network.

• The topology can be physical or logical.

Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Bus
• In the bus topology all of the computers are

connected in a straight line.
• Terminators must be used at each end of a bus
segment to prevent signals from bouncing.
• A single break in the cable would take down the
entire network.
14
Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Star
• In the star topology all of the computers are

connected through a central connection point
(hub).
• A single break in the cable would only take down
communication to one computer.
• A hub failure would take down the entire network.

Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Ring
• In the ring topology all of the computers are

connected in circular fashion.
• Data is passed around the ring from computer to
computer.
• A break in the cable would take down the entire
network.

Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Ring
• In the ring topology all of the computers are

connected in circular fashion.
• Data is passed around the ring from computer to
computer.
• A break in the cable would take down the entire
network.
15
Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Mesh
• In the mesh topology all of the computers are

connected to all other computers.
• Typically used in a WAN environment.
• Provides fault tolerance in the event of a
connection failure.

Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Mesh
• In the mesh topology all of the computers are

connected to all other computers.
• Typically used in a WAN environment.
• Provides fault tolerance in the event of a
connection failure.

Train Signal, Inc.
Ed Liberman
Physical Network Topologies - Hybrid
• Different types of topologies can be used together

to form a hybrid topology.
16
Train Signal, Inc.
Ed Liberman
WAN Technologies
• Circuit Switching
– A physical connection path is established
between the source and the destination typically
through a series of circuits.
• Packet Switching
– Data is broken into packets which then each
take a separate independent route to the
destination where they are reassembled back
into data.

Train Signal, Inc.
Ed Liberman
WAN Technologies
• POTS – Plain Old Telephone Service

• PSTN – Public Switched Telephone Network
• T1/ E1 – A T1 is a digital leased line consisting of 24

64K channels providing a transfer rate up to 1.544
Mbps. An E1 is the European version with 30
channels providing up to 2.048 Mbps.
• T3/E3 – A T3 is basically 28 T1 lines (672 channels)
providing a transfer rate up to 44.736 Mbps. An E3
has 512 channels providing up to 34.368 Mbps.

Train Signal, Inc.
Ed Liberman
WAN Technologies
• ISDN – Integrated Services Digital Network

–BRI: Basic Rate Interface uses 2 64K B-channels
to transmit data and 1 16K D-channel to transmit
control information.
– PRI: Primary Rate Interface uses 23 64K B-
channels for data and 1 64K D-channel for
control information providing for essentially the
same throughput as a T1 line.
17
Train Signal, Inc.
Ed Liberman
WAN Technologies
• SONET/OC-x – Synchronous Optical Network

– SONET is a network technology designed to
carry large volumes of traffic over relatively long
distances via fiber optic cabling.
–The data rates of a SONET network are divided
into OC-levels (Optical Carrier Levels):
OC-1 = 51.84 Mbps OC-48 = 2.488 Gbps

OC-3 = 155.52 Mbps OC-192 = 10 Gbps
OC-12 = 622.08 Mbps OC-256 = 13.271 Gbps
OC-24 = 1.244 Gbps OC-768 = 40 Gbps

Train Signal, Inc.
Ed Liberman
WAN Technologies
• Frame Relay
– A WAN where all nodes are connected through
a packet switching cloud.
– You pay a base price for an agreed upon CIR
(Committed Information Rate), and then pay
additional for only the bandwidth actually used.
• ATM – Asynchronous Transfer Mode
– Advanced packet switching network using fixed
length packets (53 bytes).
– Provides data rates up to 622 Mbps.

Train Signal, Inc.
Ed Liberman
WAN Technologies
• MPLS – Multiprotocol Label Switching

– MPLS is a technique, not a service.
– Known by many different names.
– Primary concept is the use of labeling.
http://www.networkworld.com/research/2007/040207-mpls-migration-explained.html
18
Train Signal, Inc.
Ed Liberman
WAN Technologies
• DSL – Digital Subscriber Line

– Provides high speed Internet connections using
standard copper telephone wires.
– DSL comes in different flavors:
• ADSL – Asymmetric Digital Subscriber Line allows
POTS and data to be transmitted simultaneously.
• SDSL – Symmetric Digital Subscriber Line cannot
share data transmission with POTS.
• VDSL – Very High Speed Digital Subscriber Line
allows access to the maximum bandwidth
available on a standard phone line (13 – 55 Mbps).

Train Signal, Inc.
Ed Liberman
WAN Technologies
• Cable Modem
– Provides high speed Internet connections using a
broadband cable connection.
• Satellite
– Provides high speed Internet connections using
satellite communication.
– Typically used where DSL and Cable Internet are not
available.
• Wireless
– Used primarily by mobile users.
– Provided through WiFi hotspots or through the
cellular phone network.

Train Signal, Inc.
Ed Liberman
What is a VPN?
• VPN stands for Virtual Private Network

• VPNs allow travelling users to connect to the local
network when they are not in the office.
• Users remotely connect to a VPN server over a
standard Internet connection.
• VPN connections are secured by using tunneling
protocols.
19
Train Signal, Inc.
Ed Liberman
What is a VLAN?
• VLAN stands for Virtual LAN (Local Area Network).

• There are 2 ways of looking at a VLAN:
1. One physical segment divided logically into 2
or more segments.
2. Multiple physical segments acting as a single
logical segment.
• We will discuss VLANs further later in this course.

Train Signal, Inc.
Ed Liberman
• Network Topologies
–Bus
–Star
–Ring
–Mesh
• WAN Technologies
• VPNs and VLANs
Video 5
OSI Model
20
Train Signal, Inc.
Ed Liberman
In this video…
• Review the Definition of a Protocol

• Explain the Different Layers of the OSI Model

Train Signal, Inc.
Ed Liberman
Definition of a Protocol
• What is a Protocol?
–A protocol is a set of rules and procedures used
for communication.

Train Signal, Inc.
Ed Liberman
Example: USPS Protocol
21
Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman
22
Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman
Example: Fedex Protocol

Train Signal, Inc.
Ed Liberman
Definition of a Protocol
• Computers on a network must agree upon a

common protocol in order to communicate.
Destination:
USPS P.O. Box
23
Train Signal, Inc.
Ed Liberman
Standards of Communication
• In this example:
–Packaging
–Addressing
–Payment
–Getting the package on the network

Train Signal, Inc.
Ed Liberman
What is the OSI Model?
• In the 1970’s the International Standards

Organization (ISO) developed the Open Systems
Interconnection (OSI) reference model to define
the basic standards for network communication.

Train Signal, Inc.
Ed Liberman
• In the 1970’s the International Standards

Organization (ISO) developed the Open Systems
Interconnection (OSI) reference model to define
the basic standards for network communication.
24
Train Signal, Inc.
Ed Liberman
• The OSI Model is made up of 7 layers.
• Application
• Presentation
• Session
• Transport
• Network
• Data Link
• Physical

Train Signal, Inc.
Ed Liberman
• Application •A
• Presentation •P
• Session •S
• Transport •T
• Network •N
• Data Link •D
• Physical •P

Train Signal, Inc.
Ed Liberman
• Application • All
• Presentation • People
• Session • Seem
• Transport • To
• Network • Need
• Data Link • Data
• Physical • Processing
25
Train Signal, Inc.
Ed Liberman
• Application • All • Away

• Presentation • People • Pizza
• Session • Seem • Sausage
• Transport • To • Throw
• Network • Need • Not
• Data Link • Data • Do
• Physical • Processing • Please

Train Signal, Inc.
Ed Liberman
• Here are some additional sayings:

–A Priest Saw Two Nuns Doing Pushups
–All People Should Try New Diet Pepsi
–Please Do Not Take Sales People’s Advice
–Please Do Not Tease Stupid Party Animals
26
27
Train Signal, Inc.
Ed Liberman
After watching this video you should be able to:
• Explain what a protocol is and how we use it to

communicate on a network.
• Define the 7 layers of the OSI Model and explain its

significance within a network.
28
Video 6
TCP/IP

Train Signal, Inc.
Ed Liberman
In this video…
• The TCP/IP Protocol Suite

• Working with IP Addresses
• Planning an IP Addressing Scheme
• Working with Binary Numbers
• Internetworking
• Classful vs. Classless Interdomain Routing (CIDR)
• Fundamentals of IPv6

Train Signal, Inc.
Ed Liberman
The TCP/IP Protocol Suite
• TCP/IP stands for the Transmission Control

Protocol/Internet Protocol. It is the basic
communication protocol of the Internet.
• Although it was designed to be an Internet protocol, it
can also be used as a communication protocol in a
private network.
• The TCP/IP architecture is based off the 4 layer DARPA

model. Each layer of the DARPA model corresponds to
one or more of the layers of the 7 layer OSI model.
• Each of the 4 layers have individual protocols which all
work together to form a protocol stack.
29
Train Signal, Inc.
Ed Liberman
What is the TCP/IP (DARPA) Model?

Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman
30
Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman
Transport Layer Protocols
• TCP – Transmission Control Protocol

–One to One
–Connection-oriented
–Reliable Communication
• UDP – User Datagram Protocol

–Connectionless
–Unreliable Communications

Train Signal, Inc.
Ed Liberman
What makes TCP connection-oriented?
• Connection-oriented communication means that a

connection must be established before data can be
exchanged.
• TCP uses a three-way handshake to establish this
connection.
31
Train Signal, Inc.
Ed Liberman
Three-way Handshake

Train Signal, Inc.
Ed Liberman
Three-way Handshake

Train Signal, Inc.
Ed Liberman
Three-way Handshake
32
Train Signal, Inc.
Ed Liberman
Three-way Handshake

Train Signal, Inc.
Ed Liberman
Transport Layer Protocols
• TCP – Transmission Control Protocol

–One to One
–Connection-oriented
–Reliable Communication
• UDP – User Datagram Protocol

–Connectionless
–Unreliable Communications

Train Signal, Inc.
Ed Liberman
Internet Layer Protocols
• IP – Internet Protocol
–Addressing
–Routing
• ARP – Address Resolution Protocol

–Resolves an IP address to hardware address
33
Train Signal, Inc.
Ed Liberman
Internet Layer Protocols
• ICMP – Internet Control Message Protocol

–Diagnostic and error reporting
• IGMP – Internet Group Management Protocol

–Manages IP multicast group membership

Train Signal, Inc.
Ed Liberman
Types of TCP/IP Communication
• Unicast (One to One)

• Multicast (One to Many)
• Broadcast (One to All)

Train Signal, Inc.
Ed Liberman
Unicast (One to One)
34
Train Signal, Inc.
Ed Liberman
Multicast (One to Many)

Train Signal, Inc.
Ed Liberman
Broadcast (One to All)

Train Signal, Inc.
Ed Liberman
Working with IP Addresses
• What is an IP Address?
–A 32 bit address that is used to uniquely identify
a computer on a network.
–The Network ID portion of the IP Address
identifies the network where the computer sits.
–The Host ID portion of the IP Address uniquely
identifies the computer on its network.
35
Train Signal, Inc.
Ed Liberman
• Example:
IP Address: 192.168.10.1
Network ID Host ID

Train Signal, Inc.
Ed Liberman
• Example:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
Network ID Host ID

Train Signal, Inc.
Ed Liberman
• Example:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
Network ID Host ID
36
Train Signal, Inc.
Ed Liberman
• Example:
IP Address: 192.168.10.1
Subnet Mask: 255.255.0.0
Network ID Host ID

Train Signal, Inc.
Ed Liberman
• Example:
IP Address: 192.168.10.1
Subnet Mask: 255.0.0.0
Network ID Host ID

Train Signal, Inc.
Ed Liberman
Simple Network:
37
Train Signal, Inc.
Ed Liberman
Planning an IP Addressing Scheme
• How to Plan an IP Addressing Scheme

–How many IP Addresses do you need today?
–How many IP Addresses will you need in the
future?
–Are you dealing with a pre-existing IP scheme?

Train Signal, Inc.
Ed Liberman
Rules for IP Addressing
• Each of the 4 numbers in an IP Address is called an

octet (8 bits).
–192.168.10.101
• A bit is a 1 or a 0.
• Each octet can only have a number from 0 to 255
–00000000 = 0
–11111111 = 255

Train Signal, Inc.
Ed Liberman
• The first octet cannot be 127.

• The 127 range has been reserved for diagnostics.
• 127.0.0.1 is known as the loopback address. (It is
sometimes also referred to as localhost.)
38
Train Signal, Inc.
Ed Liberman
• The Host ID cannot be all 0s or all 255s.

–All 0s represents the Network ID
–All 255s is the broadcast address
• Example:
–192.168.10.0 is a Network ID
–192.168.10.255 is the broadcast address for the
192.168.10.0 network.

Train Signal, Inc.
Ed Liberman
What is Classful IP Addressing?
• Originally IP Addresses where divided into different

“class” ranges:
– A Class: 1 – 126 255.0.0.0

– B Class: 128 – 191 255.255.0.0
– C Class: 192 – 223 255.255.255.0
– D Class: 224 – 239 Multicast
– E Class: 240 – 243 Experimental

Train Signal, Inc.
Ed Liberman
What is Classful IP Addressing?
• A Class – 126 Networks, 16,777,214 Hosts
• B Class – 16,384 Networks, 65,534 Hosts
• C Class – 2,097,152 Networks, 254 Hosts
• Total of 3,720,314,628 host addresses available
39
Train Signal, Inc.
Ed Liberman
Private vs. Public IP Addressing
• Private IP ranges which have been reserved from

Public Internet use:
– 10.0.0.0 – 10.255.255.255
– 172.16.0.0 – 172.31.255.255
– 192.168.0.0 – 192.168.255.255
– 169.254.0.0 – 169.254.255.255

Train Signal, Inc.
Ed Liberman
Private vs. Public IP Addressing
• Hosts assigned private IP Addresses can get to the

Internet through a technology called Network
Address Translation (NAT)
• Most of today’s companies use private IP

Addresses on their private networks.

Train Signal, Inc.
Ed Liberman
What is NAT?
40
Train Signal, Inc.
Ed Liberman
How Computers get IP Addresses
• Statically
• From a DHCP Server
• Using APIPA

Train Signal, Inc.
Ed Liberman
Working with Binary Numbers
• What is this number? – 3,482
Three Thousand Four Hundred Eighty Two
1,000 100 10 1
3 4 8 2
3x 1,000 = 3,000
4x 100 = 400
8x 10 = 80
2x 1 = 2
3,482

Train Signal, Inc.
Ed Liberman
Decimal vs. Binary
Decimal or Base 10:

106 105 104 103 102 101 100
1,000,000 100,000 10,000 1,000 100 10 1
Number Selection: 0 - 9
Binary or Base 2:
212 211 210 29 28 27 26 25 24 23 22 21 20
Number Selection: 0 - 1
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
41
Train Signal, Inc.
Ed Liberman
Convert Binary to Decimal
128 64 32 16 8 4 2 1
10101010

Train Signal, Inc.
Ed Liberman
128 64 32 16 8 4 2 1
1 0 1 0 1 0 1 0

Train Signal, Inc.
Ed Liberman
128 64 32 16 8 4 2 1
1 0 1 0 1 0 1 0
128
32
8
+ 2
170
42
Train Signal, Inc.
Ed Liberman
128 64 32 16 8 4 2 1
1 0 1 0 1 0 1 0
128
32
8
+ 2
170
Binary Decimal
10101010 = 170

Train Signal, Inc.
Ed Liberman
Convert Decimal to Binary
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
3482

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1
3482
- 2048
1434
43
Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1
3482 1434
- 2048 - 1024
1434 410

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 1
3482 1434 410
- 2048 - 1024 - 256
1434 410 154

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 1 1
3482 1434 410 154
- 2048 - 1024 - 256 - 128
1434 410 154 26
44
Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 1 1 1
3482 1434 410 154 26
- 2048 - 1024 - 256 - 128 - 16
1434 410 154 26 10

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 1 1 1 1
3482 1434 410 154 26 10
- 2048 - 1024 - 256 - 128 - 16 -8
1434 410 154 26 10 2

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 1 1 1 1 1
3482 1434 410 154 26 10 2
- 2048 - 1024 - 256 - 128 - 16 -8 -2
1434 410 154 26 10 2 0
45
Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 0 1 1 0 0 1 1 0 1 0
3482 1434 410 154 26 10 2
- 2048 - 1024 - 256 - 128 - 16 -8 -2
1434 410 154 26 10 2 0

Train Signal, Inc.
Ed Liberman
4096 2048 1024 512 256 128 64 32 16 8 4 2

1
1 1 0 1 1 0 0 1 1 0 1 0
3482 1434 410 154 26 10 2
- 2048 - 1024 - 256 - 128 - 16 -8 -2
1434 410 154 26 10 2 0
Decimal Binary
3482 = 110110011010

Train Signal, Inc.
Ed Liberman
Using the Calculator
Decimal Binary
3482 = 110110011010
46
Train Signal, Inc.
Ed Liberman
Binary IP Addresses
• Each of the 4 numbers in an IP Address is called an

octet (8 bits).
• A bit is a 1 or a 0.
• Each octet can only have a number from 0 to 255
192.168.10.101

Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
1 1 1 1 1 1 1 1
128
64 Binary Decimal
32
16 00000000 = 0
8 11111111 = 255
4
2
+ 1
255

Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
192.168.10.101
47
Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
192.168.10.101
192 = 11000000

Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
1 0 1 0 1 0 0 0
192.168.10.101
192 = 11000000
168 = 10101000

Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
0 0 0 0 1 0 1 0
192.168.10.101
192 = 11000000
168 = 10101000
10 = 00001010
48
Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
0 1 1 0 0 1 0 1
192.168.10.101
192 = 11000000
168 = 10101000
10 = 00001010
101 = 01100101

Train Signal, Inc.
Ed Liberman
Binary IP Addresses
128 64 32 16 8 4 2 1
192.168.10.101
192 = 11000000
168 = 10101000
10 = 00001010
101 = 01100101
11000000.10101000.00001010.01100101

Train Signal, Inc.
Ed Liberman
Binary Subnet Masks
128 64 32 16 8 4 2 1
1 1 1 1 1 1 1 1
255.255.255.0
255 = 11111111
255 = 11111111
255 = 11111111
0 = 00000000
11111111.11111111.11111111.00000000
49
Train Signal, Inc.
Ed Liberman
Binary IP Address & Subnet Mask
192.168.10.101
255.255.255.0
11000000.10101010.00001010.01100101
11111111.11111111.11111111.00000000

Train Signal, Inc.
Ed Liberman
Internetworking
• What is a Router?
– A router is a device that forwards data packets along

networks. A router is connected to at least two networks,
commonly two LANs or WANs or a LAN and its ISP’s network.
Routers are located at gateways, the places where two or
more networks connect, and are the critical device that keeps
data flowing between networks and keeps the networks
connected to the Internet. When data is sent between
locations on one network or from one network to a second
network the data is always seen and directed to the correct
location by the router. They accomplish this by using headers
and forwarding tables to determine the best path for
forwarding the data packets, and the use protocols such as
ICMP to communicate with each other and configure the best
route between any two hosts.

Train Signal, Inc.
Ed Liberman
What is a Router?
50
Train Signal, Inc.
Ed Liberman
What is a Router?

Train Signal, Inc.
Ed Liberman
What is a Default Gateway?
• Computers can only communicate directly with

other computers on the same network.
• The only way for a computer to communicate with
a computer on a different network is through a
router. (Internetworking)
• The Default Gateway represents the IP Address of a
router that a computer uses to communicate
outside of its network.

Train Signal, Inc.
Ed Liberman
Simple Network:
51
Train Signal, Inc.
Ed Liberman
What is Subnetting?
• Subnetting is the process of taking a large network

and dividing it into smaller networks to increase
efficiency and manageability.

Train Signal, Inc.
Ed Liberman
What is Subnetting?
• Example:
Network - 172.16.0.0 (65534 Hosts)

Subnet Mask - 255.255.0.0
Subnet 1 - 172.16.1.0 (254 Hosts)

Subnet 2 - 172.16.2.0 (254 Hosts)
Subnet 3 - 172.16.3.0 (254 Hosts)
Subnet Mask - 255.255.255.0

Train Signal, Inc.
Ed Liberman
Classful vs. Classless Interdomain Routing (CIDR)
• Problems with Classful IP Addressing
Class A - 16,777,214 Hosts

Class B - 65,534 Hosts
Class C - 254 Hosts
• What do you do if you have 2,000 hosts?

–Pick Class B and waste 63,000+ addresses.
–Take 8 Class C’s and have cluttered routing table
entries.
52
Train Signal, Inc.
Ed Liberman
Solution:
• Classless Interdomain Routing (CIDR) with

Variable Length Subnet Masks (VLSM)
• Decimal Subnet Mask:

–255.255.255.0
• Binary Subnet Mask:
–11111111.11111111.11111111.00000000

Train Signal, Inc.
Ed Liberman
Variable Length Subnet Masks
• 11111111 – 255
• 11111110 – 254
• 11111100 – 252
• 11111000 – 248
• 11110000 – 240
• 11100000 – 224
• 11000000 – 192
• 10000000 – 128
• 00000000 – 0

Train Signal, Inc.
Ed Liberman
Subnetting with CIDR & VLSM
• If we start with 255.255.0.0, but want to divide into

smaller networks we need to take bits from the
Host ID and move them into the Network ID.
53
Train Signal, Inc.
Ed Liberman
Formulas
• Number of Subnets:
– 2n
– n = Number of 1’s in the Subnet ID
• Number of available host addresses:

– 2n – 2
– n = Number of 0’s in the Host ID
– Host ID cannot be all 0’s or all 1’s
• Example:
– 11111111.11111111.11111000.00000000
– 25 = 32 Subnets
– 211 – 2 = 2046 Available hosts in each subnet

Train Signal, Inc.
Ed Liberman
Simple Network:

Train Signal, Inc.
Ed Liberman
Simple Bad Network:
54
Train Signal, Inc.
Ed Liberman
Why won’t my network work?
Client - 192.168.10.101
Server - 192.168.10.201
Router - 192.168.10.200
SM - 255.255.255.248
We need to look at everything in binary:
11000000.10101000.00001010.01100101
11000000.10101000.00001010.11001001
11000000.10101000.00001010.11001000
11111111.11111111.11111111.11111000

Train Signal, Inc.
Ed Liberman
How can we fix my network?
• With a subnet mask of 255.255.255.248 each network will be

broken into blocks of 6 host addresses:
Example:
11000000.10101000.00001010.00000000 192.168.10.0
11000000.10101000.00001010.00000001 192.168.10.1
11000000.10101000.00001010.00000010 192.168.10.2
11000000.10101000.00001010.00000011 192.168.10.3
11000000.10101000.00001010.00000100 192.168.10.4
11000000.10101000.00001010.00000101 192.168.10.5
11000000.10101000.00001010.00000110 192.168.10.6
11000000.10101000.00001010.00000111 192.168.10.7

Train Signal, Inc.
Ed Liberman

Example:
11000000.10101000.00001010.00000000 192.168.10.0
11000000.10101000.00001010.00000001 192.168.10.1
11000000.10101000.00001010.00000010 192.168.10.2
11000000.10101000.00001010.00000011 192.168.10.3
11000000.10101000.00001010.00000100 192.168.10.4
11000000.10101000.00001010.00000101 192.168.10.5
11000000.10101000.00001010.00000110 192.168.10.6
11000000.10101000.00001010.00000111 192.168.10.7
Network ID: 192.168.10.0
Host ID’s: 192.168.10.1 – 192.168.10.6
Broadcast ID: 192.168.10.7
55
Train Signal, Inc.
Ed Liberman

Example:
11000000.10101000.00001010.00001000 192.168.10.8
11000000.10101000.00001010.00001001 192.168.10.9
11000000.10101000.00001010.00001010 192.168.10.10
11000000.10101000.00001010.00001011 192.168.10.11
11000000.10101000.00001010.00001100 192.168.10.12
11000000.10101000.00001010.00001101 192.168.10.13
11000000.10101000.00001010.00001110 192.168.10.14
11000000.10101000.00001010.00001111 192.168.10.15
Network ID: 192.168.10.8
Host ID’s: 192.168.10.9 – 192.168.10.14

Train Signal, Inc.
Ed Liberman

Example:
11000000.10101000.00001010.00000000 192.168.10.0
11000000.10101000.00001010.00000001 192.168.10.1
11000000.10101000.00001010.00000010 192.168.10.2
11000000.10101000.00001010.00000011 192.168.10.3
11000000.10101000.00001010.00000100 192.168.10.4
11000000.10101000.00001010.00000101 192.168.10.5
11000000.10101000.00001010.00000110 192.168.10.6
11000000.10101000.00001010.00000111 192.168.10.7
Network ID: 192.168.10.0
Host ID’s: 192.168.10.1 – 192.168.10.6

Train Signal, Inc.
Ed Liberman
Simple Network (Fixed):
56
Train Signal, Inc.
Ed Liberman
CIDR Notation
• Without CIDR Notation

–192.168.10.1
–255.255.255.248
• With CIDR Notation

–192.168.10.1/29

Train Signal, Inc.
Ed Liberman
Fundamentals of IPv6
• Disadvantages of IPv4
• IPv6 Solutions
• IPv6 Addressing
• Types of IPv6 Addresses

Train Signal, Inc.
Ed Liberman
Disadvantages of IPv4
• Not Enough Addresses

• Cluttered the Internet Routing Tables
• Difficult to Configure
• Security is Optional
57
Train Signal, Inc.
Ed Liberman
IPv6 Solutions
• Plenty of Addresses - 3.4 x 1038

• Simplified the Internet Routing Tables
• Easy and Automated Configuration
• Security is Required

Train Signal, Inc.
Ed Liberman
IPv6 Addressing
• 128 bits long

– 11111110100000000000000000000000000000000000000000000000000000
000000010111101110000000001111111100000010001110000100011110110001
• Displayed in 16 bit hexadecimal blocks

–FE80:0000:0000:0000:05EE:00FF:0238:47B1
• Simplify by suppressing the leading 0’s
–FE80:0:0:0:5EE:FF:238:47B1
• Further compress by expressing a single contiguous
set of 0 blocks into “::”
–FE80::5EE:FF:238:47B1

Train Signal, Inc.
Ed Liberman
Types of IPv6 Addresses
• Unicast (One to One)

–Global Addresses
–Link-Local Addresses - FE80
FE 80
–Unique Local Addresses - FC or FD
• Multicast (One to Many)
• Anycast (One to One of Many)
58
Train Signal, Inc.
Ed Liberman
• Describe the TCP/IP Protocol Suite.
• Explain what an IP address is and decide on an address range

appropriate for a network.
• Convert IP addresses from decimal to binary and from binary to

decimal.
• Explain what a Router is and how we connect networks together.
• Explain Subnetting and decide when to use Classful vs. Classless

Interdomain Routing.
• Describe the fundamentals of IPv6.
Video 7
TCP/IP Protocols

Train Signal, Inc.
Ed Liberman
In this video…
• FTP • DHCP
• TFTP • DNS
• HTTP • Telnet
• HTTPS • SSH
• NTP • SNMP
• POP3 • SIP
• IMAP4 • RTP
• SMTP • TLS
59
Train Signal, Inc.
Ed Liberman
FTP
• The File Transfer Protocol provides connection

oriented file transfer between a client and a server.
It was originally used to transfer files between
UNIX systems, and is now the most popular file
transfer protocol on the Internet.
• FTP uses TCP port 21 for control and TCP port 20 for
data transport.

Train Signal, Inc.
Ed Liberman
TFTP
• The Trivial File Transfer Protocol provides

connectionless file transfer functions. TFTP is a
simple and small protocol, which makes it suitable
for transferring small amounts of data. It is
primarily used for updating devices such as routers
and switches. Another common use is transferring
the data required to boot a diskless system over
the network.
• TFTP uses UDP port 69.

Train Signal, Inc.
Ed Liberman
HTTP
• The Hypertext Transfer Protocol was originally

designed for transferring World Wide Web
documents and has been extended to transfer
other types of files as well. Its most common use is
transferring web pages between a web browser
and a web server.
• HTTP uses TCP port 80 by default.
60
Train Signal, Inc.
Ed Liberman
HTTPS
• HTTPS is used in exactly the same way as the HTTP

protocol. The difference is that HTTPS uses SSL
(Secure Sockets Layer) to send data in an encrypted
form and to authenticate the server. For example,
when you buy something online using a credit card.
• HTTPS uses TCP port 443 by default.

Train Signal, Inc.
Ed Liberman
NTP
• The Network Time Protocol is used to provide

accurate time synchronization by synchronizing the
time of a computer to a reference time source, such
as an NTP server, a radio or a satellite receiver. NTP
is capable of synchronizing distributed clocks to the
millisecond.
• NTP uses UDP port 123.

Train Signal, Inc.
Ed Liberman
POP3
• The Post Office Protocol is used to retrieve email. POP3

can be used to access the “Inbox” folder only.
• POP3 clients connect to TCP port 110.
IMAP4
• The Internet Message Access Protocol is also used to

retrieve email. Unlike POP3, IMAP4 can be used to
access all server-based messaging folders thereby
eliminating the need for a local repository.
• IMAP4 clients connect to TCP port 143.
61
Train Signal, Inc.
Ed Liberman
SMTP
• The Simple Mail Transfer Protocol is used for

sending email to and between email servers.
• SMTP uses TCP port 25.

Train Signal, Inc.
Ed Liberman
DHCP
• The Dynamic Host Configuration Protocol is used

for assigning dynamic IP addresses to devices on a
network. DHCP simplifies network administration
by keeping track of IP addresses in a database
rather than an administrator having to manage and
assign them manually.
• DHCP uses UDP ports 67 & 68.

Train Signal, Inc.
Ed Liberman
DNS
• The Domain Naming System is a standard name

service that allows your computer to register and
resolve domain names.
• DNS uses TCP port 53 for zone transfers and UDP
port 53 for lookups.
62
Train Signal, Inc.
Ed Liberman
Telnet
• Telnet is a terminal emulation protocol that allows

remote access to a system. Telnet can also refer to
software which can be used by a client to remotely
connect to and configure operating systems and
network devices.
• Telnet uses TCP port 23.

Train Signal, Inc.
Ed Liberman
SSH
• Secure Shell can be used to provide similar

functionality as Telnet, but is much more secure.
Telnet is considered insecure mainly because it
sends username and password information in clear
text. Therefore, Telnet should be replaced with
SSH. SSH employs encryption through certificates
and authenticates the server to the client.
• SSH operates on TCP port 22.

Train Signal, Inc.
Ed Liberman
SNMP
• The Simple Network Management Protocol is used

for network management. It works by having
network devices, acting as agents, collecting
information and providing that information to
SNMP managers.
• SNMP uses UDP port 161.
63
Train Signal, Inc.
Ed Liberman
SIP
• The Session Initiation Protocol can establish,

modify and terminate multimedia sessions or calls.
Examples of multimedia sessions include
multimedia conferences, distance learning, and
Internet telephony.
RTP
• The Real-Time Transport Protocol provides end-to-
end network transport functions suitable for
applications transmitting real-time data such as
audio, video or simulation data, over multicast or
unicast network services.

Train Signal, Inc.
Ed Liberman
TLS
• Transport Layer Security is a protocol for

establishing a secure connection between a client
and a server. TLS is capable of authenticating both
the client and the server creating an encrypted
connection between the two. TLS is considered to
be a replacement for SSL (Secure Sockets Layer).

Train Signal, Inc.
Ed Liberman
• Describe what some of the various TCP/IP Protocols

are and when they would be used.
• List the commonly used TCP and UDP ports.
64
Video 8
Network Devices

Train Signal, Inc.
Ed Liberman
In this video…
• Modem/NIC
• Repeater/Hub
• Bridge/Switch
• Router
• Firewall/Proxy Server
• Wireless Access Point
• Basic DHCP Server/DNS Server
• CSU/DSU
• Load Balancer/Bandwidth Shaper

Train Signal, Inc.
Ed Liberman
Modem
• Modems are used for dial-up

connections over standard analog
telephone lines. They can be
integrated onto a system’s
motherboard, an internal
expansion card, or an external
peripheral device.
NIC
• Network Interface Cards are used

to connect systems to physical
network media. They can be
integrated onto a system’s
motherboard or an internal
expansion card.
65
Train Signal, Inc.
Ed Liberman
Repeater
• Repeaters are used to help

deal with attenuation issues.
A repeater will take a signal in
on one port and retransmit it
out the other.
Hub
• Hubs are basically multiport

repeaters. A hub will take a
signal in on one port and
forward it on to all other
ports.

Train Signal, Inc.
Ed Liberman
Bridge
• Bridges operate at the Data Link

layer of the OSI model. Bridges
have simplistic routing tables
based on MAC addresses.
Bridges are used to create
separate collision domains.
Switch
• Switches are basically multiport

bridges. Switches can be used so
each computer resides in its own
collision domain.

Train Signal, Inc.
Ed Liberman
Router
• Routers are used to connect networks together.

Routers have sophisticated routing tables which
can determine the best route to get information
from one network to another. Routers function at
the Network layer of the OSI model. Routers are
used to create separate broadcast domains.
66
Train Signal, Inc.
Ed Liberman
Different Types of Switches
• A Multilayer Switch functions at the Data Link layer

of the OSI model just like a regular switch, but also
provides additional functionality at higher OSI
layers.
• A Content Switch is an example of a Multilayer

Switch which is used to distribute incoming
requests to servers that can handle the data in the
packets. The Content Switch will inspect the
network data and then decide where it should be
forwarded to.

Train Signal, Inc.
Ed Liberman
Advanced Switch Functionality

• Power over Ethernet (PoE) is used to transfer electrical
power, along with data, over standard twisted pair cable.
• The Spanning Tree Algorithm (STA) is used by switches to
determine the best route when there is more than one
connection to a node.
• Virtual LANs (VLANs) can be created in order to emulate
multiple broadcast domains using switches.
• Trunking is when a switch presents more than one VLAN
configuration over a single connection to another switch or a
router.
• Port Mirroring is used to send a copy of network data to a
second (mirrored) connection usually for the purposes of
monitoring.
• Port Authentication is used to restrict access based upon
authentication information. Typically used in 802.1x network.

Train Signal, Inc.
Ed Liberman
Firewall
• Firewalls are used to protect private
networks from external intrusion.
Firewalls can control what data is
allowed in or out of a network.
Firewalls can be created with
hardware or software.
Proxy Server
• Proxy Servers serve 3 main purposes.
– Disguise an end users actual
identity using NAT.
– Cache requests to save
bandwidth.
– Control content permitted to be
requested from the Internet.
67
Train Signal, Inc.
Ed Liberman
Wireless Access Point
• A Wireless Access Point (WAP) is basically the same

thing as a hub, but the connections are made via
the airwaves rather than cable.

Train Signal, Inc.
Ed Liberman
Basic DHCP Server
• DHCP is a TCP/IP service used to dynamically assign IP

addresses on a network. A DHCP server is responsible
for managing the pool of IP addresses available to be
used on the network. Some network devices have basic
DHCP server functionality built into them.
DNS Server
• DNS is a TCP/IP service used to resolve host names to IP

addresses. A DNS server is responsible for maintaining a
hierarchical directory of names in a database and
respond to client requests for name resolution.

Train Signal, Inc.
Ed Liberman
CSU/DSU
• A Channel Service Unit/Data Service Unit is a

hardware device which converts data frames used
on a LAN into data frames used on a WAN. Typically
a CSU/DSU will be used to connect a T1 line to a
local network.
68
Train Signal, Inc.
Ed Liberman
Load Balancer
• Load balancers are used when there are more than on

line of communication available. Load balancers help to
divide communication evenly between the different
communication lines.
Bandwidth Shaper
• Bandwidth shapers are very similar to load balancers in

that they are used to help make communication more
efficient. The difference is that bandwidth shapers
provide a much higher level of control over what data
gets sent where and when.

Train Signal, Inc.
Ed Liberman
• Describe what some of the various network

devices are and when they would be used.
Video 9
Routing
69
Train Signal, Inc.
Ed Liberman
In this video…
• Understanding Routing Tables

• Static vs. Dynamic Routing
• Routing Protocols
–Distance Vector Routing
–Link State Routing
• What is Convergence?
• IGP vs. EGP

Train Signal, Inc.
Ed Liberman
Understanding Routing Tables
• Routing tables are used by network devices in

order to determine where a packet should be sent
in an attempt to get it routed to its final
destination.

Train Signal, Inc.
Ed Liberman
Static vs. Dynamic Routing
• Static Routing
–All routers have to have their routing table
configured and updated manually.
• Dynamic Routing
–Routers communicate with each other to share
their routing information with each other.
70
Train Signal, Inc.
Ed Liberman

Train Signal, Inc.
Ed Liberman
Hi! I’m a router!

I am attached to Network A
over here and Network B over
here.
A B

Train Signal, Inc.
Ed Liberman
AB
I have been pre-configured with

this information, but that is all I
know right now.
A B
71
Train Signal, Inc.
Ed Liberman
C A AB
Hi there! I’m a router too!

I not only know about Network A,
but the other side of me is
connected to Network C.
C A B

Train Signal, Inc.
Ed Liberman
C A AB
1 Hop - C
Great, I will keep that in mind if

anyone over here is looking for
Network C.
C A B

Train Signal, Inc.
Ed Liberman
C A AB
1 Hop - C
And as long as we are sharing

information, did you know that I
am also connected to Network
B?
C A B
72
Train Signal, Inc.
Ed Liberman
C A AB
B - 1 Hop 1 Hop - C
No I didn’t, but I will make a note of

that for future reference.
C A B

Train Signal, Inc.
Ed Liberman
C A AB B D,E
B - 1 Hop 1 Hop - C
Hello. I’m also a router.

Not only am I connected to Network
B, but the other side of me is
connected to Networks D & E.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
B - 1 Hop 1 Hop - C D- 1 Hop
E - 1 Hop
Awesome, I will keep that in

mind if anyone over here is
looking for those networks.
C A B D
E
73
Train Signal, Inc.
Ed Liberman
C A AB B D,E
B - 1 Hop 1 Hop - C D- 1 Hop
E - 1 Hop
As long as we are sharing

information, I am also
connected to Network A?
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
B - 1 Hop 1 Hop - C D- 1 Hop 1 Hop - A
E - 1 Hop
Good to know.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
E - 1 Hop
And here is something really

cool! On the other side of
Network A is another router.
C A B D
E
74
Train Signal, Inc.
Ed Liberman
C A AB B D,E
E - 1 Hop
No way!!!
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
E - 1 Hop
Yes way, and that router is also

connected to Network C.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
E - 1 Hop 2 Hops - C
Cool, I will update my information.
C A B D
E
75
Train Signal, Inc.
Ed Liberman
C A AB B D,E
Hey you, the router on Network

A! I just found out about
another router on Network B.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
Yeah, so what.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
Well, that router is also

connected to Networks D & E.
Just thought you might want to
know.
C A B D
E
76
Train Signal, Inc.
Ed Liberman
C A AB B D,E
D- 2 E - 1 Hop 2 Hops - C
E -Hops
2 Hops
Hey, that is good information.

Thanks.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
E -Hops
2 Hops
All 3 router are now completely aware of all 5 networks.
C A B D
E

Train Signal, Inc.
Ed Liberman
C A AB B D,E
E -Hops
2 Hops
And they all lived happily ever after.

THE END
C A B D
E
77
Train Signal, Inc.
Ed Liberman
Routing Protocols
• Distance Vector Routing

–Each router communicates all the networks it
knows about to the other routers to which it is
directly attached. Communication takes place
on a regular basis.
• Link State Routing
–Each routers builds a map of the entire network.
LSAs (Link State Advertisements) are used to
communicate information about networks they
are connected to. Communication only takes
place when a change has been made.

Train Signal, Inc.
Ed Liberman
Distance Vector Protocols
• RIP (Routing Information Protocol)

– Maximum 15 hops.
– Originally had updates sent every 30 seconds.
– Does not support authentication.
– Uses broadcast communication.
• RIPv2
– Maximum 15 hops.
– Supports authentication.
– Uses multicast communication.
• BGP (Border Gateway Protocol)
– Core routing protocol of the Internet.
– Typically used by ISPs.

Train Signal, Inc.
Ed Liberman
Link State Protocols
• OSPF (Open Shortest Path First)

–Used in medium to large networks.
–Bases its paths off “link states”.
–Can also use cost metrics to give preference to
certain paths.
• IS-IS (Intermediate System to Intermediate System)

–Intermediate system is another name for a
router.
–Originally designed with the OSI model.
78
Train Signal, Inc.
Ed Liberman
Hybrid Routing Protocols
• EIGRP (Enhanced Interior Gateway Routing

Protocol)
–Evolved from IGRP.
–Uses the Diffusing-Update Algorithm (DUAL).
–Each router keeps a copy of its neighbor’s
routing tables.
–Each router periodically sends out a “hello”
packet to keep track of the “state” of its
neighbors.

Train Signal, Inc.
Ed Liberman
What is Convergence?
• When changes are made to a network every router

on the network will need to make the appropriate
changes to their routing tables in order to
accommodate the changes.
• This could be the addition or deletion of a router or
could simply be a change in metrics for a path.
• Convergence is the process of all routers becoming
aware of changes to a network.

Train Signal, Inc.
Ed Liberman
IGP vs. EGP
• IGP (Interior Gateway Protocol)

–A routing protocol used to exchange
information between routers within a LAN.
• EGP (Exterior Gateway Protocol)

–A routing protocol used to route information
outside a local network, typically out to the
Internet.
79
Train Signal, Inc.
Ed Liberman
• Explain what a routing table is and know how to

read one.
• Explain the differences between static and dynamic
routing.
• Describe the difference between Link State and
Distance Vector routing protocols.
• Explain the differences between Interior and
Exterior routing protocols.
Video 10
Wireless Networking

Train Signal, Inc.
Ed Liberman
In this video…
• Benefits of Wireless Networking

• Components of a Wireless Access Point (WAP)
• Where to Place a WAP
• Wireless Networking Standards
• How to Secure a Wireless Network
• Setting up a Wireless Access Point
80
Train Signal, Inc.
Ed Liberman
Benefits of Wireless Networking
• No More Cables!!!
• Easier to install.
• Connect networks through walls and other
obstacles.
• Quickly allow temporary access.
• Equally secure???

Train Signal, Inc.
Ed Liberman
Components of a Wireless Access Point
• BSS (Basic Service Set)

• ESS (Extended Service Set)
• SSID (Service Set Identifier)
• ESSID (Extended Service Set Identifier)
• BSSID (Basic Service Set Identifier)
• BSA (Basic Service Area)

Train Signal, Inc.
Ed Liberman
Where to Place a WAP
• The placement of your WAP is very important.

There are many factors which will help you
determine where to place your WAP.
–Where are the wireless clients located?
–How far can the WAP send and receive its
signals?
–Are you using a directional antenna?
–Do you need to prevent certain areas from
receiving the wireless signal?
81
Train Signal, Inc.
Ed Liberman
Wireless Networking Standards
• 802.11a
– Uses the 5GHz frequency.
– Data rates up to 54Mbps.
– Ranges less than 100 feet and easily obstructed.
• 802.11b
– Uses the 2.4GHz frequency.
– Ranges up to 300 feet outdoors and 100 feet indoors.
• 802.11g
– Uses the 2.4GHz frequency.
– Ranges up to 300 feet outdoors and 100 feet indoors.
• 802.11n
– Uses both the 2.4GHz and 5GHz frequencies.
– Ranges up to 1000 feet.

Train Signal, Inc.
Ed Liberman
RF Channels used by 802.11 b/g

Train Signal, Inc.
Ed Liberman
RF Channels used by 802.11a
82
Train Signal, Inc.
Ed Liberman
How to Secure a Wireless Network
• Disable SSID Broadcast

–If attackers do not see the presence of a WAP
then they may think there is no wireless network
to attack.
• MAC Filtering
–You can specify what computers can connect to
your WAP based upon the MAC address of their
wireless network card.

Train Signal, Inc.
Ed Liberman
• WEP (Wired Equivalency Privacy)

–It was used in the early stages of wireless
networking.
–It is very easy to configure.
–It provides encryption for all data transmitted
over the wireless network.
–It originally used a 40 bit encryption key, but
later advanced to using 128 bit encryption.
–It was later found to be very easily cracked.

Train Signal, Inc.
Ed Liberman
• WPA (Wi-Fi Protected Access)

–Designed as an improvement to WEP.
–It utilizes TKIP which uses a hashing algorithm to
scramble the encryption keys.
–It uses the Extensible Authentication Protocol
(EAP) which is based off public-key encryption
technology which is a much more secure way to
verify authorized network users.
83
Train Signal, Inc.
Ed Liberman
• 802.1x
–Requires the use of Certificates and RADIUS.
–Certificates can be used to provide a higher level
of authentication of the user and/or computer
attempting to connect.
–A RADIUS server is used to centralize the
connection requests to the wireless network.

Train Signal, Inc.
Ed Liberman
Setting up a Wireless Access Point
Let’s go take a look…

Train Signal, Inc.
Ed Liberman
• Explain the benefits of using wireless networking.

• Describe the components of a wireless access point
(WAP).
• Describe the different wireless networking
standards.
• Know how to secure a wireless network.
• Install a wireless access point.
84
Video 11
Networking Command Line
Tools

Train Signal, Inc.
Ed Liberman
In this video…
• IPCONFIG/IFCONFIG/ARP
• PING/ARP PING
• TRACERT/TRACEROUTE
• MTR
• NETSTAT/NBTSTAT/ROUTE
• NSLOOKUP/DIG/HOST

Train Signal, Inc.
Ed Liberman
IPCONFIG/IFCONFIG/ARP
• IPCONFIG
–Used to view TCP/IP configuration in the
Windows operating system.
• IFCONFIG
–Used to view TCP/IP configuration in the Unix,
Linux, and Macintosh operation systems.
• ARP
–Used to view and manage the ARP cache.
85
Train Signal, Inc.
Ed Liberman
PING/ARP PING
• PING
–Used to check connectivity between networking
devices.
• ARP PING
–Used to check connectivity between networking
devices using their MAC addresses.
–Can only be used within a single subnet.
–Requires a 3rd party utility.

Train Signal, Inc.
Ed Liberman
TRACERT/TRACEROUTE
• The TRACERT command is used in the Windows

operating system to view the entire path a packet
takes to get from one device to another.
• Unix, Linux, and Macintosh operating systems have

a similar utility called TRACEROUTE.

Train Signal, Inc.
Ed Liberman
MTR
• The MTR utility is used by the Unix and Linux

operating systems to view the entire path a packet
takes to get from one device to another while also
displaying additional statistics about each node
along the way.
• The Windows operating system has a utility called
PATHPING which does basically the same thing.
• It is kind of like taking PING and TRACERT and
putting them together to create a more powerful
utility.
86
Train Signal, Inc.
Ed Liberman
NETSTAT/NBTSTAT/ROUTE
• NETSTAT
–Used to display TCP/IP statistics and
connections.
• NBTSTAT
–Used to display NetBIOS statistics to assist in
troubleshooting name resolution issues.
• ROUTE
–Used to display and manage the routing table.

Train Signal, Inc.
Ed Liberman
NSLOOKUP/DIG/HOST
• NSLOOKUP
– Used by the Windows operating system to troubleshoot DNS
name resolution issues.
– It has both interactive and non-interactive modes.
• DIG
– Used by the Unix, Linux, and Macintosh operating systems
for the same purpose.
– NSLOOKUP can also be used in these operating systems, but
DIG is considered to be more powerful.
– It does not have an interactive mode.
• HOST
– Used by the Unix and Linux operating system to do reverse
lookups on an IP address.
– NSLOOKUP is used for this purpose in Windows.

Train Signal, Inc.
Ed Liberman
Working with Networking Command Line Tools
87
Train Signal, Inc.
Ed Liberman
• Describe what some of the various network

command line tools are and when they would be
used.
Video 12
Network Performance
Optimization

Train Signal, Inc.
Ed Liberman
In this video…
• Reasons
–Uptime
–Latency Sensitivity
–High Bandwidth Applications
• QoS
• Traffic Shaping
• Load Balancing
• Fault Tolerance
• Caching Engines
88
Train Signal, Inc.
Ed Liberman
Reasons
• Uptime
– A measure of time that a network is running. It is the
opposite of downtime. Different business solutions
require different levels of uptime.
• Latency Sensitivity
– Some applications require very quick delivery (low
latency) of data in order to be effective.
• High Bandwidth Applications

– Certain applications require the availability of a high
level of bandwidth to transfer large quantities of
data.

Train Signal, Inc.
Ed Liberman
QoS
• Quality of Service (QoS) is a strategy used to

control the flow of network traffic.
• With QoS administrators can provide preferential

delivery for the applications which need it.

Train Signal, Inc.
Ed Liberman
Traffic Shaping
• One of the methods administrators use to ensure

QoS is traffic shaping.
• Traffic Shaping is used to enforce the control of
network traffic.
• Generally traffic should be shaped based upon
different priority factors.
• Examples:
–Users
–Applications
–Time of Day
89
Train Signal, Inc.
Ed Liberman
Load Balancing
• Load balancing is a general term which defines the use

of more than one (insert variable) to provide a service.
• Client needs are satisfied by the first available (insert
variable).
• Sometimes client needs can be satisfied by all available
(insert variable).
• Variables:
– Servers
– Hard Drives
– Transmission Lines

Train Signal, Inc.
Ed Liberman
Fault Tolerance
• If something is fault tolerant then it means that in the

event of a failure(fault) it will continue to
function(tolerance).
• Fault tolerance can and should be implemented at all
levels of a network:
– Hard Drives
– Power Supply
– Network Adapters
– Servers
– Routers
– Network Links

Train Signal, Inc.
Ed Liberman
RAID
• RAID 0
–Disk Striping
• RAID 1
–Disk Mirroring and Duplexing
• RAID 5
–Disk Striping with Parity
90
Train Signal, Inc.
Ed Liberman
Caching Engines
• Caching engines are used to store information so it

does not have to be retrieved off the network
multiple times.
• A proxy server is an example of a caching engine.

Train Signal, Inc.
Ed Liberman
• Describe why it is important to have an optimized

network.
• Explain how an administrator can use QoS and
traffic shaping to keep control over the flow of
network traffic.
• Explain how load balancing and fault tolerance are
used to keep network services highly available.
• Describe what a caching engine is.
Video 13
Network Tools
91
Train Signal, Inc.
Ed Liberman
In this video…
• Cable Strippers
• Snips
• Crimpers
• Punch Down Tool
• Cable Testers/Certifiers
• TDR/OTDR
• Toner Probe
• Voltage Event Recorder
• Multimeter
• Protocol Analyzer
• Temperature Monitor
• Butt Set

Train Signal, Inc.
Ed Liberman
Cable Strippers
• Cable strippers are used to strip off the outer

insulation of a cable when getting it ready for a
connector.

Train Signal, Inc.
Ed Liberman
Snips
• Snips are used to cut cables.
92
Train Signal, Inc.
Ed Liberman
Crimpers
• Crimpers are used to attach a connector on the end

of a cable.

Train Signal, Inc.
Ed Liberman
Punch Down Tool
• A punch down tool is used to connect wire to a

punch down block.

Train Signal, Inc.
Ed Liberman
Cable Testers/Certifiers
• Cable testers are used to test whether a cable is

working properly.
• Certifiers are used to test and validate whether a

cable is ready to handle certain levels of
throughput.
93
Train Signal, Inc.
Ed Liberman
TDR/OTDR
• A Time Domain Reflectometer (TDR) is used to

check the continuity of a copper cable.
• An Optical Time Domain Reflectometer (OTDR) is

used to check the continuity of a fiber optic cable.
• These tools can be used to help locate where there

is a break in the cable.

Train Signal, Inc.
Ed Liberman
Toner Probe
• A toner probe is used to locate the end of a cable.

• It is made up of 2 components, a tone generator
and a probe.

Train Signal, Inc.
Ed Liberman
Voltage Event Recorder
• A voltage event recorder is used to monitor the

quality of the power coming from a wall outlet.
94
Train Signal, Inc.
Ed Liberman
Multimeter
• A multimeter is used to test a variety of information

about cables, connectors and outlets.

Train Signal, Inc.
Ed Liberman
Protocol Analyzer
• A protocol analyzer is used to analyze network

protocols.
Temperature Monitor
• A temperature monitor is used to monitor the

temperature and humidity of a server room and
alert an administrator if there is a drastic change.
Butt Set
• A butt set is used to allow an administrator to “butt

in” to a communication line.

Train Signal, Inc.
Ed Liberman
• Describe what some of the various network tools

are and when they would be used.
95
Video 14
Network Monitoring

Train Signal, Inc.
Ed Liberman
In this video…
• Network Monitoring Utilities

–Packet Sniffers
–Port Scanners
–IDS/IPS
• System Logs
• Event Logs
• History Logs

Train Signal, Inc.
Ed Liberman
Network Monitoring Utilities
• There are many reasons for monitoring a network.

–Performance
–Maintenance
–Security
• There are many different utilities which can be used
to monitor a network.
–Packet Sniffers
–Port Scanners
–IDS/IPS
96
Train Signal, Inc.
Ed Liberman
Packet Sniffers
• Packet sniffers can be either hardware or software.

• They are used to capture and listen to
transmissions which are travelling on a network.
• They can be used to help find vulnerabilities in a
network and notify you of a possible intrusion.

Train Signal, Inc.
Ed Liberman
Port Scanners
• Port scanners are used to look for open ports on a

network or a system.
• Typically port scanning is done through software.
• Port scanners are used by administrators and
attackers to recognize potential vulnerabilities.

Train Signal, Inc.
Ed Liberman
IDS/IPS
• Intrusion Detection Software(IDS)

–Used to watch for network patterns which could
represent an attack on a system or network.
–A log is maintained and/or an administrator can
be notified.
• Intrusion Prevention Software(IPS)

–Generally has all the capability of IDS.
–It is also designed to automatically attempt to
stop the attack along with notifying an
administrator.
97
Train Signal, Inc.
Ed Liberman
System Logs
• System logs maintain information about all system

related events.
Event Logs
• Event logs maintain events which take place on a

system.
History Logs
• History logs maintain a history of events which take

place on a system or network.

Train Signal, Inc.
Ed Liberman
Working with Logs

Train Signal, Inc.
Ed Liberman
• Describe the purpose of using network monitoring

utilities.
• Describe the purpose of logging.
98
Video 15
Documentation

Train Signal, Inc.
Ed Liberman
In this video…
• Why is documentation so important?

• What should I document?
• Wiring Schematics
• Physical and Logical Network Diagrams
• Baselines
• Network Policies
• Network Procedures
• Network Configurations
• Regulations

Train Signal, Inc.
Ed Liberman
Why is documentation so important?
• Training
– It is easier to train new administrators when there is
good documentation available to them familiarize
themselves with the environment.
• Troubleshooting
– Most problems occur more than once. It is easier to
reference documentation than to troubleshoot the
same problem repeatedly.
• Reporting
– It is easier to justify your work and solidify your
purpose when you have good documentation to give
to your superiors.
99
Train Signal, Inc.
Ed Liberman
What should I document?
•Everything!!!!!
–Hardware
–Software
–Network Topology
–Wiring Layout
–Server Configuration
–Network Services
–Network Procedures

Train Signal, Inc.
Ed Liberman
Wiring Schematics
• Wiring schematics become increasingly important

as a network grows.
• They need to be complex enough to thoroughly
explain the entire network while simple enough for
a new administrator to understand.

Train Signal, Inc.
Ed Liberman
Physical and Logical Network Diagrams
100
Train Signal, Inc.
Ed Liberman
Baselines
• Baseline readings are an integral component to

maintaining optimal network performance.
• These readings are typically taken when the
network is functioning normally.
• When there is a performance problem on the
network new performance readings are taken and
need to be compared against the original baseline
readings.
• New baseline readings should be taken periodically
to help recognize trends in changes to network
performance.

Train Signal, Inc.
Ed Liberman
Network Policies
• Network policies are used to establish rules and

guidelines regarding network usage and conduct.
• It is very important to review and modify these
policies as the network and business needs change.
• Examples:
–Network Usage Policy
–Internet/Email Usage Policy
–External Software Policy

Train Signal, Inc.
Ed Liberman
Network Procedures
• Network procedures are used to establish how

networking tasks are to be performed.
• There are many procedures that a network
administrator is responsible for doing.
• Having good documentation of these procedures
will help guide an administrator in appropriately
managing the network.
101
Train Signal, Inc.
Ed Liberman
Network Configuration
• It is very important to not only have wiring

schematics, physical, and logical network diagrams,
but to also have detailed configuration
documentation of all significant networking devices
on a network.

Train Signal, Inc.
Ed Liberman
Regulations
• Regulations are very similar to policies in the sense

that they establish rules and guidelines.
• The difference is that policies are created within an
organization and regulations are the actual
legalities which are created by the government.

Train Signal, Inc.
Ed Liberman
• Explain the importance of having good

documentation?
• Recognize and understand wiring schematics,
physical, and logical network diagrams.
• Describe the purpose of using baselines.
• Create network policies, procedures, and
configuration documentation.
• Understand the importance of following
regulations.
102
Video 16
Troubleshooting

Train Signal, Inc.
Ed Liberman
In this video…
• The Process of Troubleshooting

– Gather Information.
– Who’s affected?
– What’s Changed?
– Why is this happening?
– Can I handle it?
– Find a solution.
– Try it.
– See if it worked.
– DOCUMENT EVERYTHING!!!
• Common Issues
– Physical Issues
– Logical Issues
– Issues to Escalate
– Wireless Issues

Train Signal, Inc.
Ed Liberman
The Process of Troubleshooting
• Gather Information.
• Who’s affected?
• What’s Changed?
• Why is this happening?
• Can I handle it?
• Find a solution.
• Try it.
• See if it worked.
• DOCUMENT EVERYTHING!!!
103
Train Signal, Inc.
Ed Liberman
Common Issues
• Physical Issues
–Crosstalk
–Near End Crosstalk (NEXT)
–Far End Crosstalk (FEXT)
–Attenuation
–Collisions
–Shorts
–Open Impedance Mismatch (echo)
–Interference

Train Signal, Inc.
Ed Liberman
Common Issues
• Logical Issues
–Port Speed
–Port Duplex Mismatch
–Incorrect VLAN
–Incorrect IP Address
–Wrong Gateway
–Wrong DNS
–Wrong Subnet Mask

Train Signal, Inc.
Ed Liberman
Common Issues
• Issues to Escalate
–Switching Loop
–Routing Loop
–Route Problems
–Proxy ARP
–Broadcast Storms
104
Train Signal, Inc.
Ed Liberman
Common Issues
• Wireless Issues
–Interference
–Incorrect Encryption
–Incorrect Channel
–Incorrect Frequency
–ESSID Mismatch
–Standard Mismatch (802.11 a/b/g/n)
–Distance
–Bounce
–Incorrect Antenna Placement

Train Signal, Inc.
Ed Liberman
• Effectively troubleshoot network problems.

• Describe common connectivity issues.
Video 17
Network Security
105
Train Signal, Inc.
Ed Liberman
In this video…
• Firewalls
• Other Security Devices
• Network Access Security
–Filtering
–Tunneling and Encryption
–Remote Access Protocols
• User Authentication
• Device Security
• Common Security Threats

Train Signal, Inc.
Ed Liberman
Firewalls
• Firewalls are used to control the flow of data.

• They can be either network based or host based.
• Different types of firewalls function at different layers of
the OSI model.
• Application layer firewalls have added functionality such
as:
– Stateful Inspection
– Scanning Services
– Content Filtering
– Signature Identification
• Firewalls can also be used to create perimeter networks
(DMZ).

Train Signal, Inc.
Ed Liberman
Firewalls
106
Train Signal, Inc.
Ed Liberman
Other Security Devices
• An Intrusion Detection System(IDS) is used to help

an administrator recognize a possible attack on a
network or system.
• An Intrusion Prevention System(IPS) has similar
functionality to an IDS, but will actively make
changes to lock down the network or system if a
potential intrusion is present.
• A VPN concentrator is basically a hardware based
VPN server. It is used to setup a secure VPN
connection with the remote client before passing
them on through to the internal network.

Train Signal, Inc.
Ed Liberman
Network Access Security
• Filtering
–MAC Filtering is typically used by wireless access
points to help control who has wireless access
to the network.
–IP Filtering is typically used by network layer
firewalls to help control who can access a
network or system.
• Access Control Lists(ACLs) are used to verify

whether someone has the appropriate MAC or IP to
gain access to a network or system.

Train Signal, Inc.
Ed Liberman
• Tunneling and Encryption

– Virtual Private Networks(VPNs) are used to securely
extend the internal network out to remote clients.
– These virtual connections are secured using a
tunneling protocol:
• Point to Point Tunneling Protocol (PPTP)
• Layer 2 Tunneling Protocol (L2TP)
• IPSec
– Another way of making a secure connection is
through an SSL VPN.
107
Train Signal, Inc.
Ed Liberman
• Remote Access Protocols

–Remote Access Service (RAS)
–Routing and Remote Access Service (RRAS)
–Serial Line Internet Protocol (SLIP)
–Point to Point Protocol (PPP)
–Point to Point Protocol over Ethernet (PPPoE)
• Remote Control Protocols
–Remote Desktop Protocol (RDP)
–Virtual Network Computing (VNC)
–Independent Computing Architecture (ICA)

Train Signal, Inc.
Ed Liberman
User Authentication
• AAA
–Before we get into authentication we have to
know the difference between Authentication,
Authorization, and Accounting (AAA).
• Authentication is the process of identifying a
user or computer.
• Authorization is the process of determining
the level of access for a user or computer.
• Accounting is the process of keeping a log of
activity by a user or computer.

Train Signal, Inc.
Ed Liberman
User Authentication
• There are 2 protocols used to provide

authentication, authorization, and accounting:
–Remote Authentication Dial In User Service
(RADIUS)
–Terminal Access Controller Access Control
System+ (TACACS+)
• One significant difference is that TACACS+ relies on

TCP connections while RADIUS uses UDP
connections.
108
Train Signal, Inc.
Ed Liberman
User Authentication
• Example:

Train Signal, Inc.
Ed Liberman
User Authentication
• Public Key Infrastructure(PKI) is a term used to

describe a network which has been fully configured
to use certificates and public key encryption.
• Certificates are used as a form of electronic
identification cards which can only be issued by
authorized issuers.
• Public key encryption is a form of asymmetric
encryption.

Train Signal, Inc.
Ed Liberman
User Authentication
• Cryptography is a process of applying an algorithm

to clear text in order to convert it to cipher text.
• Secret keys are used as a variable in the algorithm
to keep the formula secure.
• These keys can be symmetric or asymmetric.
Example: The algorithm is to go up x letters.

The key is “x”
If x=2 then Train Signal Vtckp Ukipcn
If x=5 then Train Signal Ywfns Xnlsfq
109
Train Signal, Inc.
Ed Liberman
User Authentication
• Symmetric Key Encryption

–The same key is used to encrypt and decrypt
data.
–There needs to be a key for every unique
communication.
–Key exchange and storage can be a challenge.
–Good for use in a small secure environment.
–When used over an unsecure network an
asymmetric key is usually used to secure the
exchange.

Train Signal, Inc.
Ed Liberman
User Authentication
• Asymmetric Key Encryption

–Key pairs are used to encrypt and decrypt data.
–Key exchange and storage is simplified.
–Good for use in a large unsecure environment.
–The most common form of asymmetric
encryption is known as public key encryption.

Train Signal, Inc.
Ed Liberman
Public Key Encryption
• Every user has a pair of keys

• One key in the pair is accessible only to the
individual user. This key is called the private key.
• The other key is publicly accessible. This key is
called the public key.
110
Train Signal, Inc.
Ed Liberman
• Example:
–If we have 100 users then there would be a total
of 200 keys. 100 keys would be private and only
accessible to their respective user, and 100 keys
would be public and would be accessible to
everyone.
–Each user would have access to 101 keys.
(100 public keys plus their 1 private key.)
–Any key can be used to encrypt data.
–Only the matching paired key can be used to
decrypt the data.

Train Signal, Inc.
Ed Liberman
How does it work: John wants to send secure data to Mary.
John
Mary
John encrypts data with Mary’s public key.
John sends secured data to Mary.
Mary decrypts the data with her private

key. Private Public
Private Public

Train Signal, Inc.
Ed Liberman
How does it work: John wants to send authenticated data to Mary.
John
Mary
John encrypts data with his own private
key.
John sends authenticated data to Mary.
Mary verifies the data by decrypting with

John’s public key.
Private Public
Private Public
111
Train Signal, Inc.
Ed Liberman
User Authentication
• 802.1x is considered to be a secure network access

control standard.
• It is really a set of protocols and requirements
which include certificate services and RADIUS.
• Typically used for secure wireless network access
although it is capable of securing wired networks as
well.

Train Signal, Inc.
Ed Liberman
User Authentication
• Kerberos is used as a secure authentication

protocol.
• Kerberos uses a secret key to keep authentication
information (usernames & passwords) secure.
• Kerberos uses a symmetric key encryption
methodology so it is typically used within private
networks where key management can be handled
easily.
• Kerberos allows for user to have a single sign-on.
• Kerberos can also be used for mutual
authentication.

Train Signal, Inc.
Ed Liberman
User Authentication
• Remote Access Authentication Protocols

–Password Authentication Protocol (PAP)
–Challenge Handshake Allocation Protocol
(CHAP)
–Microsoft Challenge Handshake Allocation
Protocol (MSCHAP)
–Microsoft Challenge Handshake Allocation
Protocol version 2 (MSCHAPv2)
–Extensible Authentication Protocol (EAP)
112
Train Signal, Inc.
Ed Liberman
Device Security
• It is very important to keep your network devices

secure.
• These devices should be secured from local access
as well as remote access.
• Local access can be secured by using physical
security.
• Remote access can be secured through secure
connectivity protocols.

Train Signal, Inc.
Ed Liberman
Device Security
• One of the most overlooked areas of security is the

restriction of physical access to important network
devices such as servers, switches and routers.
• This can sometimes be easily remedied by locking
these devices in a secure room.
• In situations where a device cannot be placed in a
secure location, surveillance equipment can be
used to help deter would be attackers.

Train Signal, Inc.
Ed Liberman
Device Security
• Here is a table of secure and unsecure

communication protocols:
113
Train Signal, Inc.
Ed Liberman
Common Security Threats
• Viruses
– Software which is designed to perform harm to a
system which is loaded without the user’s
permission.
• Worms
– A form of a virus which can self propagate from
system to system.
• Trojan Horses
– A form of a virus which disguises itself as a harmless
program to fool the user into installing and/or
executing it.

Train Signal, Inc.
Ed Liberman
• Denial of Service (DoS)

–An attack which is not designed to steal or
destroy, but rather to overwhelm a system to
the point that it cannot perform its regularly
designed functions.
• Smurf
–A type of DoS attack where ping requests are
sent to a broadcast address with a spoofed
source address.

Train Signal, Inc.
Ed Liberman
• Social Engineering (phishing)

– Someone pretending to be somebody that they are
not in order to gain your trust so you will share
secret information.
• Man in the Middle
– An attacker gets between the sender and the
recipient, intercepts information in transmission, and
modifies the transmission before passing it on.
• Rogue Access Points
– Access points placed on the network without the
administrators knowledge.
114
Train Signal, Inc.
Ed Liberman
• Who are your attackers?
EVERYONE!!!

Train Signal, Inc.
Ed Liberman
• What can be done to protect the network?
–Implement strong policies and procedures.

–Conduct well thought out and continuous end
user training.
–Keep all security related patches and updates up
to date (Automate if possible).
–Subscribe to security bulletins.

Train Signal, Inc.
Ed Liberman
• Describe the purpose and different types of

firewalls and other security related devices.
• Explain the different options available to secure
access to a network.
• Explain the different forms of user authentication.
• Describe common security threats and how to help
mitigate against them.
115

Computer Network + Notes

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Computer Network + Notes

Transféré par

Droits d'auteur :

Formats disponibles

Video 1

Basic Networking Fundamentals

• About Your Instructor and Train Signal

Basic Networking Fundamentals

About your Instructor and Train Signal

About Train Signal

What’s Covered in this Course

• Video 2 – Basic Networking Fundamentals

• Video 3 – Network Media

• Video 4 – Network Topologies

• Video 5 – OSI Model

Basic Networking Fundamentals

What’s Covered in this Course

• Video 7 – TCP/IP Protocols

• Video 8 – Network Devices

Basic Networking Fundamentals

What’s Covered in this Course

• Video 10 – Wireless Networking

• Video 11 – Networking Command Line Tools

• Video 12 – Network Performance Optimization

• Video 13 – Network Tools

• Video 14 – Network Monitoring

What’s Covered in this Course

• Video 17 – Network Security

Basic Networking Fundamentals

Are you ready to get started?

Basic Networking Fundamentals

• The definition of a network is simple.

Basic Networking Fundamentals

What are some of the different types of networks?

What are some of the different types of networks?

Basic Networking Fundamentals

What are some of the different types of networks?

• LAN – Local Area Network

Basic Networking Fundamentals

What are some of the different types of networks?

• CAN – Campus Area Network

What are some of the different types of networks?

• MAN – Metropolitan Area Network

Basic Networking Fundamentals

What are some of the different types of networks?

• WAN – Wide Area Network

Basic Networking Fundamentals

How do we make connections?

• Network hosts communicate with each other by

• The definition of a protocol is a set of rules and

Basic Networking Fundamentals

• All hosts on a network must be identified with an address on

Basic Networking Fundamentals

In this video we discussed:

• What a network is.

Basic Networking Fundamentals

Basic Networking Fundamentals

Wired Media – Twisted Pair

Wired Media - Coaxial

• Coaxial cable is made up of 4 layers:

Basic Networking Fundamentals

Wired Media – Fiber Optic

• Fiber optic cable uses light

Basic Networking Fundamentals

What the heck is the plenum?

• An enclosed space used

Basic Networking Fundamentals