-
- Application
-
- Presentation
-
- Session
-
- Transport
-
- Network
-
- Data Link
-
- Physical
Layer 1
Analog modem
Create connections between network segments via the public switched telephone network (PSTN) using the plain old telephone system (POTS)
- Modems provide for a single connection to a network
Hub
- It tabes the electrical signal that arrives on a port and replicates that signal out all of the other ports
- For a variety of reasons, the hub is not vert common in modern networking
Layer 2
Switch
Wireless access point
Layer 3
Multilayer switch
Router
Security
Firewall
- It functions at multiple layers of the OSI model
- Specifically: 2, 3, 4, 7
- It blocks packets from entering or leaving the network
- Via stateless inspection
- Via stateful inspection
- It’s the first line of defense in protecting the internal network from outside threats
Intrusion detection system
An IDS is a passive system designed to identify when a network breach or attack against the network is occurring
- An IDS cannot prevent or stop a breach or attack on its own
- It receives a copy of all traffic and evaluates it against a set of standards
- Signature based: evaluates network traffic for known malware or attack signatures
- Anomaly basedL evaluates network traffic against a specific declared security policy
- May be deployed at the host level
IPS
An IPS is an active system designed stop a breach or attack from succeeding in damaging the network
- usually designed to perform an action or set of actions to stop the malicious activity
- will inform a network administrator
- all traffic on the network segment flows through the IPS to either enter or leave the segment
- Like the IDS, all traffic is evaluated against a set of standard
- the best placement on the network is between a router (with a firewall) and the destination network segment
- BLock the offending IP address
- Close down the vulnerable interface
- Terminate the network session
- Redirect the attack
- Plus more
VPN
A virtual private network is used by remote hosts to access a private network through an encrypted tunnel through an encrypted tunnel through a public network.
Once the VPN connection is made, the remote host is no longer considered remote. It is actually seen by the private network as a local host. Even though the network traffic may pass through many different routers or systems. It is seen by both ends as a direct connection
The use of the VPB can help to reduce networking costs for organizations and businesses. The cost reduction is partially achieved because the VPN doesn’t require the use of a dedicated leased line to create the connection
VPN Type
- The site-to-site VPN
- allows a remote site’s network to connect to the main site’s network and be seen as a local network segment
- VPN concentrators on both ends of the VPN will manage the connection
- The remote-access VPN (host-to-site)
- allows select remote users to connect to the local network
- VPN concentrators on local network will manage the connection coming in from the remote users
- The remote system making the connection uses special software to make the connection
- The host-to-host VPN (SSL VPN)
- allows a secure connection between two systems without the use of VPN client software
- A VPN concentrator on the local network manages the connections
- The host seeking to connect uses a Web browser that supports the correct encryption technology (SSL/TLS) to make the correction to the VPN concentrator
VPN protocols
IPsec (Internet Protocol security)
- works at layer 3 of the OSI model and above
- The most common suite of protocols to secure a VPN connection
- Can be used with the Authentication Header protocol
- AH only offers authentication services, no encryption
- Can be used with Encapsulation Security Payload (ESP)
- ESP both authenticates and encrypts packets (the most popular method)
- Both AH and ESP will operate in one of two modes
- Can be used in transport mode (host-to-host)
- Can be used in tunnel mode (site-to-site)
- IPsec implements Internet Security Association and Key Management (ISAKMP) by default
- ISAKMP provides a method for transferring security key and authentication data between systems, outside of the security key generating process
GRE (Generic Routing Encapsulation)
GRE is a tunneling protocol that is capable of encapsulating a wide variety network layer protocols
- It is often used to create a sub-tunnel within an IPsec connection
- IPsec will only transmit unicast packets (one-to-one-communication). In many cases, there is a need to transmit multicast (one-to-some communication) or broadcast (one-to-many communication) packets across an IPsec connection. By using GRE, this can be accomplished.
PPTP (Point-to-Point Tunneling Protocol)
- An older VPN technology that supports dial-up VPN connection. On its own, it lacked native security features.
- Microsoft’s implementation included additional security by adding GRE
TLS (Transport Layer Security)
TLS is a cryptographic protocol used to create a secure encrypted connection between teo end devices or applications.
- It uses asymmetrical cryptography to authenticate end points, and then negotiate a symmetrical security key, which is used to encrypt the session
- TLS has largely replaced the Secure Socket Layer protocol.
- It works at Layer 5 and above of the OSI model
- The most common use is in creating a secure encrypted Internet session
- All modern Web browsers support TLS
SSL (Secure Socket Layer)
SSL is an older cryptography protocol that is very similar to TLS
- the most common use is in Internet transactions
- All modern Web browsers support SSL
- Due to issues with earlier versions of the protocol, it has largely been replaced by TLS protocol.
- SSL v3.3 has been developed to address the weaknesses of the earlier versions
Optimization and performance devices
Load balancer
- A load balancer may also be called a content switch or content filter
- A network appliance that is used to load balance between multiple hosts that contain the same data spreading out the workload for greater efficiency
- commonly used to distribute the requests (workload) to a server farm among the various servers, helping to ensure that no single server gets overloaded
proxy server
- a proxy server is appliance that requests resources on behalf of client machines
- It is often used to retrieve resources from outside untreated networks on behalf of the requesting client
- It hides and protects the requesting client
- It can also be utilized to filter allowed content
- It can increase network performance by caching commonly requested web pages
Network access services
Network interface controller (NIC)
- Is can also be called a network interface card
- The NIC is how a device connects to a network
- It works at 2 layers of the OSI model
- provides the functional means of network communication
- It also provides the local network node address through its burned in physical MAC address
- At Layer 1, It determines how the network data traffic will be converted a bit at a time into an electrical signal that can traverse the network media being used.
Remote Authentication Dial In USer Service (RADIUS)
a remote access service that is used to authenticate remote user and grant them access to authorized network resources.
- It is a popular AAA(Authentication, Authorization and Accounting protocol) used to help ensure that only authenticated end users are using the network resources they are authorized to use
- The accounting features are very robust
- Only the requestor’s(the end user’s) password is encrypted
Terminal Access Controller Access-Control System Plus (TACACS+)
A remote access service that is used to authenticate remote devices and grant them access to authorized network resources
- It is a popular AAA(Authentication, Authorization and Accounting protocol) used to help ensure that only authenticated end users are using the network resources they are authorized to use
- The accounting features are not as robust as those of RADIUS
- All transmission between devices are encrypted
Other services and applications
Remote Access Service (RAS)
not a protocol, but a roadmap
A description of combination of software and hardware required for a remote access connection. A client requests access from a RSA server. which either grants or rejects access
Web services
Creating a means of cross communication
Provides the means for communication between software packages or disparate platforms. It is usually achieved by translating the communication into an XML format.
Unifiedvoice service
Creating better voice communication systems
A description of the combination of software and hardware required to integrate voice communication channels into a network
DHCP
Most likely, a computer received its IP configuration from a DHCP (Dynamic Host Configuration Protocol) server, Not only did the server give the PC an IP address, but ir also told the PC where the default gateway was, and more than likely - how to find a DNS server
A computer will receive its IP configuration in one of two ways, statically (manually set) or dynamically (through a service like DHCP). static address assignment works fine for very small and stable networks, but quickly becomes unwieldy and error prone as the network grows
Static IP addressing
- The administrator assigns an IP number and subnet mask to each host in the network
- Each network interface that is going to be available to connect to the network requires this information
- The administrator assigns a default gateway location and DNS server location to each host in the network
- These are required if access outside of the network is going to be allowed (default gateway) and human friendly naming conventions are allowed to find net work resources
Dynamic IP addressing
- The administrator configures a DHCP server to handle the assigning process which automates the process
- THe DHCP server listens on a specific port for IP information requests
- Once it receives a request, the DHCP server responds with the required information
Typical DHCP process
- Upon boot up, a PC that is configured to request an IP configuration sends a DHCP discovery packet
- The discovery packet is sent to the broadcast address 255.255.255.255:67 (UDP 67)
- The DHCP server receives the discovery packet and responds with an offer packet
- The offer packet is sent to the MAC address of the computer using UDO port 68
- The computer receives the offer packet from the DHCP server and returns a request packet (requesting the proper IP configuration) to the DHCP server
- ONce the DHCP server receives the request packet, it sends back an acknowledgement packet, which contains the required IP configuration information
- Upon receipt of the acknowledgement packet, the PC change its IP configuration to reflect the information received
Components and process of DHCP
- Ports used
- PC sends discovery packet to 255.255.255.255:67
- DHCP sends offer packet to the PC’s MAC address on port 68
- Address scope
- Administrator configures the IP address range with one that is available to be handed out
- Address reservations
- Administrator reserves specific IP addresses to be handed out to specific MAC addresses, THese are used for devices that should always have the same IP address
- Allows for these addresses to be changed from a central location instead of having to log in to each device separately
- Leases
- Configuration parameters are only good for a specified amount of time
- Leases are configured by the administrator
- Options
- Default gateway location
- DNS server addresses
- Time server addresses
- …
- Preferred IP configuration
- A PC can have a preferred IP address
- The administrator can configure the DHCP server to either honor the preference or ignore it
Broadcast transmissions cannot pass through a router, If there is not a DHCP server on the local network segment, the router can be configured to be a DHCP relay. When a DHCP relay (which can also be called an IP helper)
receives a discovery packet from a node, it will forward that packet to the network segment on which the DHCP server residers
This allows for there to be fewer configured DHCP servers in any given network, reducing the amount of maintenance that an administrator needs to perform
DNS
DNS server
DNS is the process that maps human friendly names to IP addresses. Without it, we would have to memorize numerous IP addresses.
- Local DNS server
- the server on the local network that contains the HOSTs file that maps the FQDN to IP addresses in the local subdomain
- Top level Domain server (TLD)
- the server that contains the records for a top level domain
- Example include: com, org, net…
- Each of these servers contain all of th information for their respective domains
- Root server
- the service that contains the records for the TLD server
- Authoritative
- An authoritative DNS server is one that responds to a request that has been specifically configured to contain the information
- An authoritative response comes from the DNS server that actually hold the original record
- No-authoritative
- A non-authoritative DNS server is one that responds to a request with DNS information that it received from another DNS server
- A non-authoritative response is not a response from the official name server for the domain. Instead, it is a second or third-hand response (or even further removed)
DNS records
records | target |
---|---|
A | IPv4 |
AAAA | IPv6 |
CNAME | alias names to hostname |
PTR | points to a canonical name |
MX | email server |
TXT | text message |
DDNS
Permits lightweight and immediate updates to a local DNS database. THis is very useful when the FQDN remains the same, but the IP addresses is able to change on a regular basis
It is implemented as an additional service to DNS
DDNS updating
A method of updating traditional name servers without the intervention of an administrator (no manual editing or inputting of the configuration files is required)
- A DDNS provider supplies software that will monitor the IP address of a referenced system, Once the IP address changes, the software sends an update to the proper DNS server
- DDNS is useful when access is needed to a domain whose IP addresses is being supplied dynamically by an Internet Service Provider
Network address translation (NAT)
Network address translation solves the problem of how to route non-routable IP addresses
Being non-routable prevents the private IPv4 addresses from communicating with remote public networks. NAT very simply solves this problem. A router with NAT enabled will translate a private IP address into a routable public IP address. When the response return to the router, it passes the response back to the device that requested it.
NAT categories
Static NAT (SNAT)
each pricate IP address is assigned to a specific routable public IP address. This relationship is kept and maintained by the NAT enable router.
- when a device need access outside of the local network, the router translates the local IP address to the assigned public IP address. When the response comes back, the router will translate the public IP address back into the local one
- SNAP is not flexible and leads to scalability issues. An individual routable IP address must be kept for every device that requires to access outside of the local network
Dynamic NAT (DNAT)
the NAT enable router dynamically assign a routable IP address to devices from a pool of available public IP address
- When a device needs access outside of the local network, the router performs the NAT function, only the public IP address comes from a re-useable pool of public IP addresses
- As initially designed DNAT was more flexible than SNAT, but still led to some scalability issues. As more network traffic requires access to remote network, the pool of available public IP addresses needs to increase or outside access cannot be achieved
Port address translation (PAT)
PAT is a type of DNAT that was developed to increase the scalability of NAT
- when a local network device requires access to a public network, the NAT enable router dynamically assigns the public IP address to the device with the addition of dynamically assigning a port number to the end of the public IP address
- The router tracks the IP addresses and port numbers to ensure that network traffic is routed to and from the proper devices
- PAT still requires a pool of public IP addresses, but the pool may ply contain onr address or it may contain several fro a large private network.
- This is the preferred method of implementing NAT for two reasons
- less public IP addresses are required and it is also easier for administrators to maintain
NAT terminology
- Inside local address: 192.168.0.2
- a private IP address on the local network assigned to a specific device
- Inside global address: 24.113.185.118:1001
- a public IP address referencing an inside device
- The public IP address assigned to the inside device by the NAT enabled router to allow access outside of the network
- Outside global address: 74.125.28.147
- a public IP address referencing an outside device
- The public IP address assigned to a device outside of the local network
- Outside local address: 192.168.0.1:2002
- a private IP address assigned to an outside device
- The private IP address assigned to an outside device on the interior of the local network
Public switched telephone network
As a general rule, if you own and control the line that the data is using to get from one place to another, you are not using wide area network(WAN). On the other hand, if you are using a form of transmission that you don’t own, then you are likely using WAN.
One of the most common physical infrastructures used in WAN technology is the public switched telephone network (PSTN) due to its widespread availability
PSTN is sample extend of layer 1
- Dial-up
- Utilizes the PSTN to transmit network traffic as an analog signal
- Requires an analog modem to format the network traffic
- Maximum theoretical speed is 56Kbps
Integrated Services Digital Network (ISDN)
- Digital point-to-point WAN technology using the PSTN
- Completely digital service
- Requires the use of a terminal adapter for the connection to the end node
- A primary Rate Interface uses 23 64 Kbps B channels and one 64 Kbps D channel for call setup and link management
- Achieves 1.544 Mbps speed
- Commonly implemented as a Basic Rate interface, using two B channels and one D channel
- Achieves 128 Kbps speed
- Not as capable as a DSL, but it can often be implemented where DSL cannot be installed
xDSL
- a digital WAN technology using the PSTN
- Requires the use of a digital modem
- Dedicated digital line between the end point and a class-5 central office
- it is only possible within 18000 feet of the CO
- Carries voice and data
SDSL
- synchronous in nature (upload and download speed is same)
- Does not carry voice communications
- If voice service is required, an additional line is needed
- Used by businesses that don’t need the performance of a T-1 leased line, but that do require the symmetrical upload and download speeds
ADSL
- Asynchronous in nature (upload speed is slower than download speed)
- It can carry data and voice
- Common upload speeds of 768 Kbps with download speeds of up to 9 Mbps
- Most common implementation of DSL in the SOHO environment
VDSL (Very-high-bit-rate DSL)
- Asynchronous in nature
- Used when high quality video and VoIP is necessary
- Commonly limited to a download speed of 52 Mbps and an upload speed of 12 Mbps
- It is only possible when located within 4000 feet of a CO
- Current standard allows for up to 100 Mbps over PSTN.
- To achieve that, the end point must be within 300 meters of a CO
GSM/CDMA
Cellular carriers use one of two methods for connecting devices to their networks - and they are not compatible
Currently in the US, AT&T and T-Mobile use GLobal System for Mobile (GSM) to connect their devices to their networks, Sprint and Verizon use Code Division Multiple Access(CDMA) as their method of connecting to networks
the majority of the rest of the world utilizes GSM as the method of accessing cellular network
Cellular networking
cellular network involves using the cellular phone system for more than just phone calls
- 1G cellular was only capable of voice transmissions
- 2G cellular added simple data transmission capability
- 3G cellular is the beginning of cellular WAN networking
- 4G is still an emerging technology, it currently consists of LTE and WiMAX
- LTE(Long Term Evolution): uses an all-IP based core with high data rates. It is compatible with 3G and WiMAX
- the current standards allow for up to 300 Mbps in download speed and up to 75 Mbps in upload speed
WiMAX
World Wide Interoperability for Microwave Access networking
- WiMAX was originally developed as a last mile alternative for use when DSL or cable was not available
- Is use microwave transmissions as ana over-the-air method to transmit voice and data
- requires a line of sight between relay stations
- WiMAX can be used to cover significant geographic distances
- Many municipalities are exploring the use of WiMAX as a means of providing reasonable price broadband to their citizens
- It is often considered to be a type of 4G technology because it is compatible with LET networks
- WiMAX is not compatible with 3G type networks
Metro Ethernet WAN
A metro Ethernet connection is when the service provider connects to the customer’s site through an RJ45 connector
The customers view the WAN connection as an Ethernet connection, while, in reality the type of connection will be dependent on the level of service that has been purchased.
Metro Ethernet is commonly deployed as a WAN technology by municipalities at the metropolitan area network level
Leased line WAN
Point-to-Point protocol (PPP) is a common data link layer protocol used with leased line networks
PPP simultaneously transmits multiple Layer 3 protocols through the use of control protocols
PPP includes a feature called Multilink PPP, which allow for multiple physical interfaces to be bonded together and act as single logical interface - effectively increasing the available bandwidth
Cabling
Twisted Pair network cabling
Most people are familiar with twisted pair cables, as they are the standard in the modern LAN
Twisted pair cables are composed of four pairs of wires contained within an insulating sheath. Each pair of wires is twisted together to reduce electromagnetic interference (EMI). The twist rates differ between the pairs of wires to reduce crosstalk between the pairs.
UTP vs STP
Unshielded Twisted Pair (UTP), Shielded Twisted Pair (STP)
- STP has an additional shield that is either wrapped around each pair of wires or around all four pairs
- STP reduces the opportunity for EMI or crosstalk, but is more expensive
- UTP is deployed in the network much more often then STP
Plenum vs non-plenum twisted pair
- Most twisted pair is non-plenum grade
Straight-through vs crossover
A straight-through cable is used to connect different types of devices together (PC to switch, switch to router)
A crossover cable is used to connect similar devices together (PC to PC, or switch to switch)
They use a different pinout to achieve the connection
A rollover or console cable is often required to connect to the console port on a switch or router, It is quite common for one end of the rollover cable to use an RJ45 connector, while the other end utilizes an RS 232 (DB 9) connector
Twisted pair network connectors
- RJ11
- common usage is voice
- RJ45
- common usage is networking
- RJ48C
- UTP coupler
- 66 block
- 110 block
- DB9
- DB25
Categories of Twisted pair
- Cat3
- 100Mbps
- Cat5
- 100Mbps, 100BaseT
- Cat 5e
- 1Gbps, 1000BaseT
- Cat 6
- 10Gbps, 55M
- Cat 6a
- 10Gbps, 100M
- Cat 7
Coaxial cabling
Coaxial cabling is one of the oldest Ethernet cabling standards
- baseband
- broadband
- RG58
- RG59
- RG6
- cable TV
- connector
- BNC
- F connector
Fiber optic cabling
- It is relatively and harder to work with
- It is not that common in the LAN
- It resists all form of EMI and cannot be easily tapped
- It can cover long distances at high speed
- It is designated by fiber type, cladding size, and jacket size
- most applications require that fiber cables be run in pairs(send, receive)
- The type of connector used on fiber optic cabling can impact the performance of the transmissions
- UPC (-55dB)
- APC (-70dB)
Fiber Type
- Multimode fiber
- led
- Single-mode fiber
- laser
Fiber optic cabling connector
- SC
- ST
- LC
- MTGJ
- Fiber optic coupler
Cabling tools
- Crimpers
- Wire strippers
- The punchdown tool
- cable tester
- TDR
- OTDR
Network topologies
A topology is basically a map that can describe how a network is laid out or how the network functions
PTP vs CS
- Peer-to-Peer
- Nodes control & grant access to resources on the network
- No 1 node or group of nodes controls access to a specific type of resources
- Each node is responsible for the resources it iss willing to share
- Client/Server
- Network resources access is controlled by a central server
- A server determines what resources get shared, who is allowed to use the resources and even when resources can be used
- Hybrid
- PTP and CS
Network topologies Model
the original Ethernet standards established a bus topology for the network, both logically & physically
Bus
- The signal traverses from one and end of the network to the other
- A break in the line breaks the network
- The ends of the line must be terminated in order to prevent signal bounce
- The network cable is the central point
Ring
- A bus line with the end points connected together
- A break in the ring breaks the ring
- Often implemented with multiple rings that counter rotate
- Not very common in the LAN, but used in WAN
Star
- Nodes radiate out from a central point
- When implemented with hub a break in a segment brings down the bus
- When implemented with switch a break in a segment only brings down the segment
- most common implementation of the modern LAN
Mesh
- Multiple connections between nodes on the network
- Full mesh means that every node has a physical connection to every other node
- partial mesh means that there are multiple paths between nodes
- A full mesh topology is expensive to install because of the wiring constraints
Point-to-Point
Point-to-multipoint
MPLS
Categories of networks
- LAN
- MAN
- WAN
- PAN
- SCADA
- Medianet
Just too much
for speed, I just summary Interview Questions
Interview
- Unicasting
- If the message is sent from a source to a single destination node, it is called Unicasting. This is typically done in networks.
- Anycasting
- If the message is sent from a source to any of the given destination nodes. This is used a lot in Content delivery Systems where we want to get content from any server.
- Multicasting
- If the message is sent to some subset of other nodes, it is called Multicasting. Used in the situation when there are multiple receivers of the same data. Like video conferencing, updating something on CDN servers which have a replica of same data.
- Broadcasting
- If the message is sent to all the nodes in a network it is called Broadcasting. This is typically used in Local networks, for examples DHCP and ARP use broadcasting.
Stop-and-Wait Protocol
In Stop and wait protocol, a sender after sending a frame waits for an acknowledgment of the frame and sends the next frame only when acknowledgment of the frame has received.
Piggybacking
Piggybacking is used in bi-directional data transmission in the network layer (OSI model). The idea is to improve the efficiency. Piggyback acknowledgment (of the received data) is hooked on the data frame (to be sent) instead of sending a separate frame.