Protocols:
-
Application Layer breaks up data into Transport Layer
-
Segment: a chunk of data with a transport lawyer header, we put in a source and destination port number, and this port number is going to be directly related to an application layer protocol
-
Transport layer becomes the payload for the Network Layer which is called a Packet
-
Network Layer packet goes into the Data Link Layer payload into a Frame
-
Frame: a chunk of data with a Data Link layer header
-- Ethernet MTU(Maximum Transmission Unit) is 1500 Bytes Including Packet Header and Segment header
-
Link Layer sends the Frame down to the Physical Layer which breaks it into ones and zeros, and then that is converted into a signal
-
Require Physical, Data Link (traffic from one device to another) and Network layer (Internet Layer with routers to move traffic from one segment of the network to another, and if Layer 2 Bridge like a cable Modem that converts Ethernet frames and puts it in a DOCSIS frame (DOCSIS is protocol that cable modem uses to communicate to ISP)
-
IP Packet
-
IP Packet contains:
-
Source IP Address
-
Destination IP Address
-
TTL (counter every time it goes through a router it deceases).
-
Other
-
ICMP (Ping uses ICMP protocol)
-
Layer 2 Frame
-
Destination MAC Address
-
Source MAC Address
-
Layer 3 Protocol
128s
|
64s
|
32s
|
16s
|
8s
|
4s
|
2s
|
1s
|
1
|
1
|
0
|
0
|
0
|
0
|
0
|
0
|
Multiple placeholder by placeholder itself. Example: 11000000 is equal t 128 + 64 = 192
128s
|
64s
|
32s
|
16s
|
8s
|
4s
|
2s
|
1s
|
Example: 210
128s
|
64s
|
32s
|
16s
|
8s
|
4s
|
2s
|
1s
|
YES
|
Yes
|
No
|
Yes
|
No
|
No
|
Yes
|
No
|
210-128= 82
|
82-64=18
|
|
18-16=2
|
|
|
2-2=0
|
|
1
|
1
|
0
|
1
|
0
|
0
|
1
|
0
|
Example: 47
128s
|
64s
|
32s
|
16s
|
8s
|
4s
|
2s
|
1s
|
No
|
No
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
|
|
47-32=15
|
|
15-8=7
|
7-4=3
|
3-2=1
|
1-1=0
|
0
|
0
|
1
|
0
|
1
|
1
|
1
|
1
|
Binary
|
Decimal
|
Hexadecimal
|
0000
|
0
|
0
|
0001
|
1
|
1
|
0010
|
2
|
2
|
0011
|
3
|
3
|
0100
|
4
|
4
|
0101
|
5
|
5
|
0110
|
6
|
6
|
0111
|
7
|
7
|
1000
|
8
|
8
|
1001
|
9
|
9
|
1010
|
10
|
A
|
1011
|
11
|
B
|
1100
|
12
|
C
|
1101
|
13
|
D
|
1110
|
14
|
E
|
1111
|
15
|
F
|
10000
|
16
|
10
|
-
IP address are in the Network Layer, layer 3:
Network Portion
|
Host Portion (specific device on network
|
0203.0.113
|
.10
|
Example:
Street Address
|
Zip Code
|
123 Main Street
|
60787
|
-
IP addresses are really 32 bits long, just put it in decimal to read easier.
-
We don't use Classful anymore! Because we ran out of IP ranges as we didn't predict speed of growth of internet.
-
Classful Addressing (~1995 and prior)
Cast
|
Class
|
IP Range
|
IP Range Continued
|
Bits in subnet mask
|
Unicast
|
A
|
0.0.0.0
|
127.255.255.255
|
8 bits in network portion, 24 bits in host portion
|
Unicast
|
B
|
128.0.0.0
|
191.255.255.255
|
16 bits in network, 16 in host
|
Unicast
|
C
|
192.0.0.0
|
223.255.255.255
|
24 bits in network, 8 in host
|
Multicast
|
D
|
224.0.0.0
|
239.255.255.255
|
All bits in the network portion
|
Experimental
|
E
|
240.0.0.0
|
255.255.255.255
|
We don't use this anymore!
|
-
Classful Addressing Portions
Network Portion
|
Network Portion
|
Network Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
10
|
0
|
10
|
10
|
00001010
|
0000000
|
00001010
|
000001010
|
-
Classless Addressing (~1995 to present)
-
Subnet mask: Network Portion and Host Portion
Network Portion
|
Network Portion
|
Network Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
203
|
0
|
113
|
10
|
11001011
|
00000000
|
01110001
|
00001010
|
11111111
|
11111111
|
11111111
|
00000000
|
255
|
255
|
255
|
0
|
-
Subnet Mask
Network Portion
|
Host Portion
|
Host Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
10
|
0
|
0
|
10
|
11001011
|
00000000
|
000000000
|
00000000
|
11111111
|
00000000
|
00000000
|
00000000
|
255
|
0
|
0
|
0
|
-
Subnet Mask does not have to fall within the 8-bit boundary
10
|
0
|
0
|
10
|
00001010
|
00000000
|
00000000
|
00001010
|
11111111
|
11111111
|
11110000
|
00000000
|
255
|
255
|
240
|
0
|
-
The secret is making sure that we use subnet mask simply to identify which portion of the IP address is the host portion, a then when we are looking to see if its network, broadcast or host address we are looking at IP address, not the subnet mask. Subnet mask is just telling us where to look in the IP address for all Zeros (network Address), all ones (Broadcast), or anything except zeros and ones (Host).
-
Network Address:
-
Identifier for a group of devices
-
"Network Prefix"
-
Have all Zeros in the Host portion.
Network Portion
|
Network Portion
|
Network Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
203
|
0
|
113
|
10
|
11001011
|
00000000
|
01110001
|
00001010
|
11111111
|
11111111
|
11111111
|
00000000
|
255
|
255
|
255
|
0
|
-
Broadcast Address:
-
Identifier for all devices on a network.
-
It allows a sender to send a message to every single device on the network.
-
Have all 1's in host portion
Network Portion
|
Network Portion
|
Network Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
203
|
0
|
113
|
255
|
11001011
|
00000000
|
01110001
|
11111111
|
11111111
|
11111111
|
11111111
|
00000000
|
255
|
255
|
255
|
0
|
-
Host Address:
-
Identifies unique device on a network.
-
Identifies a unique device on the network, combo of network portion of address and host portion of address, where the host portion isn't identifying a network address nor the broadcast.
-
Anything EXCEPT all binary 0's or 1's
Network Portion
|
Network Portion
|
Network Portion
|
Host Portion
|
.
|
.
|
.
|
.
|
203
|
0
|
113
|
10
|
11001011
|
00000000
|
01110001
|
00001010
|
11111111
|
11111111
|
11111111
|
00000000
|
255
|
255
|
255
|
0
|
Examples
-
203.0.113.55 and 255.255.255.0 is a HOST address
-
192.0.168.10 and 255.255.255.0
-
cannot ARP for destination address because its not on our own local network because ARP messages cannot be sent through a router. ARP messages cannot be sent through a router.
-
Consult Routing table on PC. To reach Local network and a route for everything else, including default gateway
-
Static Routing: Manually adding networks that Routers do not know about, problem is that it does not change with network changes.
-
Dynamic Routing: will use a routing proton to build the routing tables themselves
-
RIP proton: is not used anymore.
-
EIGRP: Cisco's routing proton called Enhanced Interior Gateway Routing Protocol
-
OSPF: Open Shortest Path First, popular with enterprise
-
BGP: Border Gateway Protocol, used on public internet to move different business and internet service providers, more like a scripting language with parameters that we can configure.
-
Administrative Distance: the higher the number the lower the priority of routing protocol, determines which route is good one to add to the routing table.
-
tracert 8.8.8.8 -d will give only IP addresses and no DNS lookups.
-
Length of the Network Prefix in bits
IP Address
|
203.0.113.
|
10
|
|
Subnet Mask
|
255.255.255.
|
0
|
|
Network Prefix 24 bits
|
11001011 00000000 01110001
|
00001010
|
|
Network Prefix 24 bits
|
11111111 11111111 11111111
|
00000000
|
|
CIDER Notation
|
203.0.113.
|
10
|
/24
|
-
Before 1994 there were no Private IP Addresses, just public IP addresses. Running out of IP addresses, changed to classless addressing (gave us subnet mask), then introduced private IP ranges. Not be routed publicly on the internet.
-
RFC 1918:
Class
|
Private IP address range
|
|
CIDER
|
|
|
A
|
10.0.0.0
|
10.255.255.255
|
/8
|
|
|
B
|
172.16.0.0
|
172.31.255.255
|
/12
|
|
|
C
|
192.168.0.0
|
192.168.255.255
|
/16
|
|
|
|
|
|
|
|
|
-
APIPA Automatic Private IP Addressing: EX 169.154.0.0/16 and is developed by Microsoft and red flag as someone doesn't know what they are doing and should not be used. Or something is wrong.
-
Loopback IP: Ex. 127.0.0.1 and messages sent to this never leave your computer and just a way to make sure IP is working on a workstation. |
-
If network portion of mask is different you will need a router/default gateway to communicate between the two computers.
Network: 10.0.0.0/8
Range: 10.0.0.0 - 10.255.255.255
Network: 00001010 | 00000000 00000000 00000000
Broadcast: 00001010 | 11111111 11111111 11111111
11111111 00000000 00000000 00000000
Lets find a host address on this network.
Host: 00001010 00000000 00001010 00000000
Change it to a /24 network:
10.0.10.0/24
Network: 00001010 00000000 00010010 | 00000000
Broadcast: 00001010 | 00000000 00001010 | 11111111
So this network now has 254 different hosts. Zero to 255 is 256 unique address but but remove network address which you cant apply to a device and one for the broadcast address which you cant apply to a device.
So now the network is 10.0.10.0 - 10.0.10.255
Its a way to break up /24 mask to be other kinds of masks:
10.0.0.0/8
|
10.0.10.0/24
|
10.0.16.0/22
|
10.1.0.0/16
|
10.2.0.0/30
|
Cant just randomly pick IP addresses and masks and apply it to networks. Do have to make sure there is no overlap between subnets.
-
Bit is 0 or 1
-
4 Bits is a Nibble and is made of of 0 or 1s, can be written as a hexadecimal value like: 0xA
-
Two Nibbles is 8 bits: 1001 0011
-
Eight bits in a byte: 11010111
-
Two nibbles is a byte and a byte is 8 bits. Hexadecimal of 0xA8 is one byte worth.
-
Two bytes is a hextet: 1001001110010011 and is in Hexadecimal 0xA8C5 which is equivalent to 16 bites.
-
32 bits long = 4 octets
-
192.168.10.10 or in binary: 11000000 1010100 00001010 00001010
-
128 bits long = 32 nibbles = 8 hextets
-
2001:0DB8:0002:008D:0000:00A5:52F5
-
To make it easier to read:
-
Eliminate Leading 0s
-
2001:0DB8:0002:008D:0000:00A5:52F5 or 2001:DB8:2:8D:0:0:A5:52F5 or 2001:DB8:2:8D:0:0:A5:52F5
-
just count 4 hextets, and that is 64 bits
-
use /64 subnet for everything, except for routers.
Network portion 64 bits
|
Interface Identifier 64 bits
|
2001:0DB8:0002:008D:
|
0000:00A5:52F5
|
-
IPv6 computers need a router unless they have the same subnet in which they can use IPv6 Link Local Addresses for local communication via a switch, otherwise on the internet they need IPv6 Unicast address, used for global communication (ie devices on the internet).
-
Link Local Address is: FE80::/10
-
Loopback address: ::1/128
-
-
IPv6 sends out periodic messages to find out who is on the network using IPv6
-
Multicast Address
-
one to many communication
-
Anycast Address
-
One IPv6 address to many devices
-
Used for Load balancing
-
Duel Stack: running IPv4 and IPv6 Protocols on a computer
-
There are no private IPv6 addresses, all are public, except for a documentation
-
You can always manually configure the network
-
SLAAC Stateless Address Auto-Configuration
-
Does not exhist in IPv4
-
Router in the network/default gateway, has IP address of 2001:DB8:4:A::1/64 and every so often it sends out a Router Advertisement on network 2001:DB8:4:A::/64 as a RA, so any other device can know what the network is and join.
-
Depending on the operating system:
-
It will configure (Windows Random 64 bit interface identifier), so the computer will create two IPv6 (Manual IPv6 and automatically generated Link Local IPv6 address).
-
Mac and Linux will use Modified EUI-64 address and take MAC address (MAC is layer 2) of network interface card, and split it in to middle of the MAC address and add FF:FE and this will make the address 64 bits long. Ex: 000C:29FF:FEFC:70A5. Then you take the first two bits and convert them into binary, Ex: 00 to 0000 0000 and then you take the 7th bit in that last and flip it to either 0 or 1, then convert it back to hexadecimal and now that becomes the interface identifier.
-
Once the router sends out the Router Advertisement, then client configures message back to rest of the network saying that the client computer is on the network now , this is my IPv6 address, and since the address is configured randomly, double check to make sure nobody else has it.
-
The DHCP server will help configure the IPv6 address, but router will need to turn off SLAAC
-
Allows for a lot more control, allows for shorter addresses, esp in internal networks
-
Main problem in IPv6 is that not everyone supports it.
-
Figure out a way to get IPv6 traffic across the IPv4 internet, and they are not backwards compatible
-
Build a tunnel: mechanism to take IPv6 message/packet and put it inside a IPv4 packet, and then rebuilt as a IPv6 packet
-
NAT is a Network Layer function (layer 3)
-
Router stores the source/client IP address in a table, with other parameters, and replace the source IP with that of the router, which is a public routable IP address. The packet goes to the desistination on the internet, and comes back to router which translates/swapps out address in packets in order to make those packets routable on internet.
-
In home networks its called Port Address Translation.
-
DHCP is Application Protocal, layer 7
-
DHCP typically needs DHCP server:
-
DHCP server hands out IP addresses for entire organization.
-
DHCP Scope
-
Network: 10.0.0.0/24
-
Excluded: 10.0.0.0.10 - 10.0.0.99 (for servers or printers or things that need static IP addresses)
-
Gateway: 10.0.0.1
-
DNS: 8.8.8.8
-
Lease Time: 10,080 min (means how many days it needs before requesting a new one)
-
DHCP Binding database
-
A Table that lists out the addresses that are handed out per device
-
IP address
-
Default Gateway
-
DNS
-
-
IP Helper Address on a router, found on larger companies espically with more than one subnet that were working with, and when DHCP server is somewhere on network, and any router on network will have IP Helper Address for clients sending out DHCP discover message, the message hits the router and router knows where to forward it to the DHCP server's own IP address. this is so you can have a single DHCP server for all subnets on network.
-
DNS is Application Layer 7 protocal, can use UDP or TCP depending on what your trying to accomplish.
-
URL is Uniform Resource Locator (www.nasa)
-
TLD is Top Level Domain (.ORG)
-
Second Level Domain nasa
-
Third Level Domain also called Hostname (WWW)
-
DNS is updated via DHCP
-
Forward Lookup
-
Reverse Lookup
-
Root Domain Server
-
Records
-
A: IPv4 record
-
AAAA: IPv6 Record
-
CNAME: Canonical Name Record, record where we can set it up in DNS and theres no IP address associated with it.
-
MX: Mail Exchange Record
-
NS: Nameserver/ Identifies Authorative Name Server
-
PTR: Pointer Record for reverse DNS, needed for Reverse DNS to work
-
SRV: Service Record, specifies IP address and Port number
-
TXT: additional info
-
Bus
-
Old tech, run on 10Base5(Thicknet) and 10Base2(Thinnet) hardware
-
Where all computers are connexted by a wire
-
Ring
-
We dont use anymore, devices connected in ring via twisted pair, coax or fiber
-
Star
-
where every divice has cable running to central location like a switch
-
Hybrid
-
Peer to Peer, direct communication with each other, both server and client for data
-
Client Server Network
-
LAN
-
Local Area Network: devices connected to centeral Switch
-
Needs Switches (Layer 2)
-
WLAN
-
WAN
-
Take two LANS over wide distance
-
Needs Routers (Layer 3)
-
SAN
-
Storage Area Network: Storage in a server
-
CAN: Campus Area Network
-
MAN: Metropolitan Area Network
-
PAN: Personal Area Network, your own connected devices, smart phone and watches
-
Leased Lines
-
Fiber Optics
-
40 GB or more
-
Dark Fiber (Leased fiber)
-
Metro Ethernet (Use fiber, but service will have lazers, and you can control stuff, but not as much as Dark Fiber). Many kinds of data bandwith, 10Mb, 100Mb, 1Gb, 10Gb, 40Gb.k
-
Multiprotocol Lable Switching MPLS: used to keep data of other groups seperate, and allow multiple VLANs (Way of seperating netork traffic to be organized into efficient and secure networks).
-
Optical WAN
-
Internet
-
DLS
-
Fiber Optic
-
Satellite
-
Cable
-
T1 Link (E1 in Europe)
-
Bell Labs
-
24 Channels @ 64k each + framing bit = 1.544Mbps
-
Telco Network --> to Demarcation Point/Smart Jack --> CSU/DSU (Cabele service unit/data service unit) or router. Its interface between T1 version of communication and the communcation to router
-
Demarcation Point is point in network that divides which between telephone companys equipment and which is the customers equipment
-
T3 (E3)
-
Numorous T1s bundled together, 44.736Mbps
-
ISDN
-
Prinary Rate Interface PRI
-
SIP trunk alternate, VOIP for POTS network, or use ISDN with a PRI
-
SDWAN
-
Software Defined LANs
-
Tunnels for communication (mGRE) Multipoint Generic Routing Encapsulation.
-
Server sets up routing paths
-
Virtualize datacenters
-
Servers, hooked up a SAN, so Processor, Memory, Network Interface and allow all virtual servers to run on one server. More efficiant with processor utilization and memory utilization. Less power, physical power, electricity.
-
Networking connection to physical servers requries lots of bandwith on a special secure network VLAN, with virtualized network hardware
-
Redundant servers with redundant virtual machines
-
Load balancer: can be virtual with virtual IP address VIP
-
Hypervisor runs all the virtual servers, data network and virtual servers, network function virtualization.
-
Sends out messages asking status of all the different systems and allows us to alert when a device goes down, or a link goes down, or something that is broken of the network
-
performance metrics and sensors
-
interface statistics
-
interface erros or alerts
-
environmental factors/sensors
-
device uptime/downtime (UPS fails)
-
Network Monitor server, Observium Server
-
Devices, Ports, Statuses, Map, uptime, processor spikes and memory in traffic, traffic though switch, status of ports and VLAN traffic, speed and duplex, packets (broadcast is ARP, multicast other traffic, VOIP seeing latency and jitter, temperature, errors
-
Event Logs: interface changes
-
Layer 2 Errors
-
Giant: Means Ethernet frame exceeds the MTU, bigger than 1500 bytes by default. Can enable Jumbo Frames, eleminate giants. Giants are a message that is too large, switch will throw away.
-
Runt: message that is too tiny, cant be processed and show up as error.
-
Encapsulation error: expecting non-tagged frame and it showed up as tagged frame.
-
CRC Error: cyclical redundancy check that is part of the frame header itself. so the CRC algorithm pushes out a 32 bit value, attach it to the frame in the FCS field and send it. Frame could be tampered with, or looses data as it travels near a florsient lite, and then throw frame away and let other protocls figure out that the frame needs to be re-sent.
-
Facilities Monitoring: check where we have places where we have networking gear
-
building room temperature
-
humidity
-
electrical status
-
floods sensors
-
Baselining: highlights traffic, processor utilization, memory, interface
-
SNMP Simple Network Management Protocol
-
Observium server uses SNMO to collect data about the devices
-
SNMP Manager and SNMP Agent
-
Devices on the network
-
Configure devices with Community String and the IP address of the SNMP server/Manager to all for them to talk with each other.
-
Management Information Base MIB: database of device properties.
-
Object Identifiers OID or MIB Number: number device is programmed with, so SNMP server knows about all devices.
-
SNMPv2c: community string to authenticate, read only or read write access with a community string, dangerious if compromised. Added bulk data collection mechanism.
-
SNMPv3: SNMP which is encrypted, SNMP View limits amount of OID numbers,authenticates devices and provides different levels of security. Set up username of certain MIBs, encripted
-
TRAP
-
tells when a device goes down or comes back up, send message to SNMP manager saying interface went down. report that to software and report that to admin.
-
WALK the tree:
-
When configuring Observium server, manually add each device on network, and configure all devices with SNMP config info. Walk the tree is SNMP manager sends out request to all devices to send back everything to report.
-
Netflow
-
Collecting info about whats happening on the devices via a snapshop.
-
Source and Destination IP addresses, source and destination ports, other info in frame, packet and segment headers, and sends it to NetFlow server.
-
Good for baselining, could detetect a spike in SSH traffic on network
-
Syslog
-
Uses as much as SNMP in order to collect critical info of what happening on network
-
in Observium server case its acutally Observium can be syslog server and SNMP server, and alot of logging soliutions may incorprorate it, or see other centrialized logging system
-
Syslog Server: requires NTP network time protocol or else does not work, so events get recoreded in correct order.
-
Syslog protocol is application layer protocol when event happens on device, it sends message to syslog server, syslog server, puts message in database so human can look at it.
-
Trace back events in network: Traffic Logs (how much traffic is flowing in and out similar to NetFlow), Audit Logs (who made a change, username and commands made), Syslog (stuff that happens on the device, set differnet logging levels).
-
Logging Levels, programmed with OS itself, use logging levels to tell syslog server to alert Admin:
Level
|
Severity
|
Meaning
|
-----
|
-----
|
----
|
0
|
Emergency
|
EX: processor reached 100% and overheating
|
1
|
Alert
|
EX: primary connection went down
|
2
|
Critical
|
EX: Failure in some service inside of the device
|
3
|
Error
|
EX: Port receved bad message and went into error disabled state
|
4
|
Warning
|
EX: running out of memery
|
5
|
Notice
|
EX: Informational message.
|
6
|
Informational
|
|
7
|
Debug
|
Troubleshooting, shows whats happening, can overwhelm device, so keep debug off unless specifc issue is debugging
|
-
Plans and Procedures
-
Standard operating procedures: sometimes directly from the manufacturer
-
Workflow: how it works and how we use it.
-
Technical Documentation
-
Contact Information: who supports software or support for vender
-
Change management
-
help desk
-
a way for engineers and analysts to communicate with each other about changes that are being made
-
process for chaning IT system configurations
-
Change management database
-
Documentation
-
example: upgrading hardware or modifying configuration
-
this is the change that is being made on this day and time
-
Effects on other systems, or notify other users of downtime
-
Cross IT Discussion, just in case it effects other users you can see changes in one location
-
Post Change Verification, asking users if its still working
-
Documenation for any changes that might have happened.
-
Systems life cycle
-
describing analizing, designing and implimenting new IT systems
-
IT is usally a service-based organization within a company where, where users come to IT with a problem
-
Analyze:
-
alyzing a problem that usually a non IT person is trying to solve
-
Design:
-
after a solution is in mind, design the solution
-
Making sure hardware is able to keep up with the solution
-
Looking at technical components, makeing sure we can implement it
-
Implementation
-
build out the system and prepair them for use
-
Utilize and support
-
analyst to support the system and helpdesk
-
phase out and dispose
-
desopose so and get rid of user data
-
Incident Response plan
-
Disaster recovery plan
-
Creating High Avilability networks
-
load balancer: distributes data to multiple differnet servers running the same service, redierect traffic.
-
Using multiple load balancers: if one fails or needs software upgrade, still have other load balancer operating
-
Load Balancers need to be connected to switches and connected to servers. Servers need to be connected to two loadbalancers each, using NIC teaming (network interface card), and need layer three switches or routers and those need to be redundant (maybe 4) via multipathing (via routing protocols, load balances, layer 2 protocols), multipule paths to data center.
-
First Hop Redundancy Protocols, provoide redundant default gateway for routers:
-
Hot Standby Routing Protocol HSRP
-
Virtual Router Redundancy Protocol VRRP
-
Redundant firewalls
-
redundant ISP, fiber into different buildings or different parts of the building
-
redundant power and batteries
-
redundant heating, cooling, fire suppression (FM200 gas in datacenter)
-
Redundant data centers
-
Hot site, ready for redundant backup
-
Warm site
-
Cold site
-
Cloud data center
-
Backups
-
Backup Tapes
-
Snapshot: taking image of server, like a virtual server, points of time when system is working correctly, could abandon
-
Service Level Agreement Terms
-
Business Agreement for Service written in a contract, law suite if breached.
-
Mean Time to Repair MTTR: contract backed by additional services provided or some credit back for cost of downtime.
-
Mean time between failures MTBF
-
Recovery Time Objective RTO
-
Recovery Point Objective RPO: how much data can we not collect or lose before business is adversly affected
-
how to figure out what to do next
-
business continuity plan
-
post disaster, how business continues to work without the IT system
-
Security and Device Policies
-
How users should behave how users behave with company hardware
-
onboarding and offboarding
-
invintory controls
-
security policy restrictions
-
-
Security Policy: CIA
-
Need for IT Security: databases of Name, address, age, profession etc but also location, age, medical records, security cameras, travel behavior etc, makes data valuable.
-
Confidentiality: keep data priviate
-
Integrity: keep data accurate, prevent tapeuring of info
-
Availibility: make sure data is avilable for certain groups
-
Threats:
-
accidential (construction company cutting a fiber coard) and intentional
-
Vulnerabilities: Org called MITRE publishes a list of CVE Common Vulnerabilities and Exposures CVE.ORG, zero days are when the exploit is unknown.
-
Exploits: things that could be exploited
-
Reduce Exposure
-
Zero Trust: dont trust any devices untill you run them through policy and procedures:
-
User Identity and authentication
-
Device Identity and Authentication
-
Policy Compliance Device Scan
-
Application Authorization access control
-
Role based access: only have access to required systems
-
Least Privilege: Allow as little access as required, applies to system processes too
-
Separation of Duties: Process require more than a single person
-
Network Access Control: Authenticate User, Authenticate device, scan device, provide least privilege access, provide access based on role.
-
Network Segmentation: creating different VLANS, put a firewall to the device you are connecting to which is called Screened Subnet or DMZ.
-
Honypot: Hacker will get a database that is provided
-
Defense in Depth: Zero Trust, least privilege, role based access, network segmentation enforcement, screened subnets DNZ, network access control, honeypots
-
AAA Authenticiation Methods:
-
Authentication: Multifactor, username and password
-
Authorization: Privileges/Access Rights
-
Accounting: record of who did what when
-
Server options: Cisco TACACS+ and IETF RADIUS protocols
-
Domain authentications, domain active directory server, sent via protocl called kerberos that sends username and password from client to server to validate device and username and password in encryption, sends tickets from user to server. LDAP lightweight directory access allow to use single username and password for multiple devices. SSO will allow for one username and pw for multiple systems.
-
Multifactor authentification: something you know, something you have, something you are, some where you are, something you do.
-
Access control, device sends UN and PW and switch sends it to LDAP or sends to TACAS or RADIUS server for auth to allow device on network, get auth then tells switch to open the port for connection. Wifi is controled via layer 2 access protocols 802.1x or EAP extensible authentication protocol or both.
-
On Boarding/Off Boarding
-
Remote Access/BYOD
-
secure device
-
Access control, device sends UN and PW and switch sends it to LDAP or sends to TACAS or RADIUS server for auth to allow device on network, get auth then tells switch to open the port for connection. Wifi is controled via layer 2 access protocols 802.1x or EAP extensible authentication protocol or both.
-
On Boarding/Off Boarding
-
Remote Access/BYOD
-
secure device
-
varus scan
-
malware scan
-
username/password/passcode requirements
-
cookies
-
privacy concers?
-
Password Policy
-
people that are in positions that have authority but dont have technical knowledge to understand it
-
password construction rules
-
password expiration/change rules
-
lost password rules
-
NIST Recommendations: users choose passwords in predictable way, special characters, change passwords in predictable ways. 8 characheters, avoid spacs, encourage longer easy to remember passwords, avoid forcing special stuff in the password, no mandatory resets, ban common passwords, dont re-use passwords for non-work related purposes, uncourage use of password vaults/ramdom password generators, enforce registration for multi factor authentication
-
Security Assessments
-
Risks in IT
-
technical risks: internally and externally
-
facilities risks: make sure IT infrastructure is security, switch closets are concern as as IT closets to be as secure as possible. IT is a critical component of the business and we need to start treating it that way.
-
human risks: most risk for ogs because of phishing, bad links, email attachments. but humans should be educated on
-
Assessing risks with reports
-
Internal policies, procedures and processes
-
SIEM Security Information and Event Management
-
External Security assessment professional, business assessment professional
-
Threat Assessment
-
what kind of org are you, what threats are specific for the group, what are the most serious threats and how to prevent those kinds of attacks
-
Vulnerability assessment
-
vulnerability assessment of network design, faciliites are securied as best as we can, firewalls and servers are configured correctly and whether users have limited access for those servers or role based access to those servers
-
posture assessment: validate those deviceses that are on network to make sure they dont have viruses and have no un-approved software.
-
Penetration Testing: hopefully not cause and outage and test the system and find out where the system is most vunerable.
-
NMAP
-
tells what services are open and running on the server.
-
Check out Matt Glass course on NMAP
-
Business risk assessment, would the business be viable should an attack happen
-
Examine policies and procedures
-
verify policies are followed
-
How to correct and realign to make sure
-
Assess vendor security posture.
-
SIEM Security Information and Event Management
-
rely on logging and SNMP collection
-
starts to corrolate events to generate reports, make sure users are doing things they should do, or find viruses outpreaks and track path.
-
Generate audit reports to validate security of internal network.
-
Acceptiable use policy
-
web browsing guidance/restrictions
-
software installations
-
email communcation guidlines
-
transfering data guidelines
-
personal vs professional use
-
consequences
-
Data Loss Prevention
-
Policy saying that dont do it
-
tech: DLP data loss prevention poliicy, to scann data if its being sent out into the internernet.
-
Remote access policy/VPN Access/Remote Desktop Access/remote application access
-
Common Network Attacks.
-
Check out Dale Meredith series of courses that about certifed network hacking.
-
Human Exploits
-
Social engineering: email phishing, impersonation, USB drives, tailgaiting, shoulder surfing
-
Technical attacks
-
DOS attack
-
DDOS Distributed attack: spoofing what the attacker craft a message from IP that is not their own workstation, reflective is when a third party sends messages server which the server then sends messages to another computer which then floods the computer. Amplification sends DNS servers and sends messages to one computer, can wrangle IOT devices to send traffic to DNS servers which then funnel traffic to a target computer or network
-
Wifi Attacks: WAR driving and tries to get password or pre-shaired key. Rouge AP attacks: trick users to join the AP by sending a deauthorization request to another AP. Evil twin attack: buy pineapple and see what past networks your devices have connected to old networks and then connects to the old network. MAC spoofing: setting outside of network and watch traffic and capture mac addresses and potentially connect as a MAC address and join the network.
-
On Path Attack, or man in the middle attack: sends out ARP message that is spoofed, and fake a default gateway, and use trick certs and decrypt and re-incrypt traffic.
-
Roughe DHCP Server: can reply faster than the Official DHCP server even gets the request, then do a On Path Attack, to get traffic from a device.
-
Password Attacks: brute force attacks, critical to have a complex password. not have your password in rainbow tables
-
Virus/malware
-
Ransomware
-
DNS poisoning: send incoorect records onto DNS server
-
VLAN hopping: old by sending a bogus frame. no longer conserned about this.
-
Network Hardening Techniques
-
Securing Layer 2
-
new switches need to be configured, configure each port with specialized services
-
by default switches have preassigned VLANS to every single switch port, usually VLAN1, so need to abandon use of VLAN1
-
Disable all unused switch ports
-
Private VLANS, broadcast domain, virtual switch within a switch, so only devices that are on the VLAN hear the messages. Private VLANS are devices that are assigned its own unuque VLAN on the switch. Prevents ARP spoof and on path attach/man in the middle attack
-
Port Security
-
each port listens for MAC address of the device that is connected and record it in database. when you disconnect the device with a MAC address that was recorded, and can deny traffic, and shut down switch and have admin check out what happened to the switch.
-
Configuring switch: log into switch, show configureation of port
show run int f0/1
, shows vlan and access port vs trunk, shows port security, shows how to make mac address sticky so it configures and assignes MAC address autiomacially when you plug the device into the port. so when you plug a different deivice into the port it shows the new device mac adddress and says security violation occured, caused by MAC address 0024.9b09.41c9 on port FastEthernet0/1.
and will make the port into an error state. you can check by using show int f0/1
and it will say line protocol is down (err-disabled)
and then the admin has to go on the interface configuration to shut the port down and then bring up the port but will need to re-add the new MAC address. With the correct MAC adderss, you still need to shut down the port and reboot: show int f0/1
and config t
and int f0/1
and shutdown
and then no shutdown
and exit
-
Rouge DHCP Servers
-
label all switch ports as untrusted switchports for DHCP. But label the one single port that leads to the Official DHCP server as as the trusted port.
-
Dynamic ARP Operation, ARP requests are MAC address for certain IP addresses and then device with correct MAC address will respond. DHCP Snooping Bindings are as each device gets its IP address from DHCP server, make tabel on switch, and map MAC address, IP address and Port. So DHCP Snooping Bindings allow for ARP inspections to work. Works with IPv6 but its called IPv6 router advertisement guard
-
Layer 3 and 4 Access Control Lists
-
Can enable lists on routers and firewalls
-
what information we will permit and what infomation to deny and criteria for that. Checks IP address in
permit host 10.0.0.10
and implicity deny any
will block any IP address, vs explicitly deny any
-
Firewall: will need more phosicated access list,
permit any 192.168.10.10 eq 443
implicit deny any any
and eq is port 443 is HTTPS.
-
Control Plane Policing: prevents DDOS, prevents traffic though routers and layer 3 switches and routers, and if there is a spike in traffic, start to deny traffic related to DNS
-
Layer 7
-
Simple Network Management Protocol SNMP: use to collect info on devices and management server to change conif on devices. Each version of SNMP has a different version and each version has different security offered. Version 1 has no security. SNMPv2c has string to authenticate, and can configure device to read only or read write access. added bulk data collection. SNMPv3 allows access to only certain MIBs and encripts communication, and authenticatse device and server, and provides different levels of security based on view options that are configured.
-
Software Updates with Firmware Updates, Operating system or software patches.
-
Netstat: open command prompt and use
netstat -ano
to identify connections and services. Then open Task Manager and click Serives and sort by Process ID and show what servies are running. [::]
means its a IPv6 service. and UDP 0.0.0.0:500
is a VPN service. So you can see all services that are running on local machine by using netstat
command.
-
Password Security: Change default password. Make it reasonably complex. use Passowrd security guidlines.
-
Wireless Encryption
-
Wireless equivalent protocl
-
WPA
-
WPA2:
-
WPA3
-
WPA-3 Enterprise is where you set up TACAS or RADIUS server with AD.
-
Even if your using encrypted traffic at Layer 7, your data traffic is still 100% unencrypted.
-
Authentication:
-
Open Network Shared, dont do
-
Pre shared key PSK
-
EAP: Extensible Authentication Protocol, allows to send username and pw to TACACS server or RADIUS server then go check in AD to see if User is authorized to connect to server.
-
EAP-FAST
-
PEAP: similar to EAP-FAST
-
EAP-TLS
-
PEAP-TLS
-
MAC Filtering: easy to find MAC addresses, and can change and fake MAC addresses. easy to pass.
-
Geofencing can set up fake wifi signals for beyond walls of building
-
Client Isolation: clients can only talk to router and not other devices on network
-
Additional SSIDs: put multiple SSIDs can send out multiple SSIDs. Captiv portal to have user log into wireless network
-
Remote Access:
-
configure admin worstations with specific IP address on specific subnet and those subnets were allowed
-
Secure Shell SSH: CLI access to devices.
-
VPN:
-
Site to Site to connect two locations together. Router/firewall to router/firewall. Typically uses IPSec. `
-
Remote Access VPN: Client VPN installed on workstation and manually connect. IPSec and Clientless SSL. Split Tunnel, some traffic goes over internet and some goes to corporate network. Full tunnel: all traffic goes to firewall first, so org can scan all traffic before going out to internet
-
RDP and VNC to remotely connect.
-
Virtual Desktop: Need to enable Remote Desktop for each computer, but need Remote Desktop Gateway to control remote users. Virtual Desktop is a virtualized computer to remote to. Dont have to worry about remote users workstation. Used inside corporate network itsself
-
In/Out of band management, Network Management Options. Cutting your arm off when the network goes down. In Band is when you manage devices when network is up. When network is down called Out of Band, and can use dial up network to connect, or use a modem and firewall when network is down.
-
SSH: SSH using putty
-
Physical Security:
-
Cameras
-
Motion sensors, cameras and lights
-
Asset Tracking: know where each device is, asset tags, prevent users from opening computers, tamper stickers
-
Facility Access: card readers, secure access vestibule
-
Agreements
-
non-disclosure agreement NDA
-
Service level agreement SLA
-
memorandum of understanding MOU (users of the system and owners of the technology)
-
Data Center
-
label Aisles (depending on hot and cold airflow)
-
Server Fronts will be pointing towards each other
-
Each rack will be labeled with ABC and skip O confused with 0
-
Rack Diagram, 1 at bottom 24 at top. shows all equipment, Layer 3 switch, load balandcer, server 3, server 2, server 1, patch panel etc
-
IDF/MDF
-
Main Distribution Frame MDF
-
from old phone lines
-
where we terminalte connections from outside the building
-
Fiber WAN Connections
-
Single Mode Fiber
-
Multi mode fiber to IDFs
-
Network Hardware/Media Converters o
-
Telephone Connections if you have old land lines which might have Telco T1, PRI, POTS etc
-
VoIP: Maybe the MDF has VoIP gateway hardware connecting to to T1 or PRI, what connections are comeing into the facility
-
Intermediate Distribution Frame IDF
-
IDF connects to MDF typically though multi mode fiber
-
Cat6 patch panel: Network connections from users desks, connect users desktop to switch, which connects to MDF
-
Patch panel have labels, floor number, room number, jack number
-
Network Switches, connect devices to connect all devices that are coming into patch panel, connect to switch, and connect to multi mode fiber
-
Network Drawings
-
Icons from cysco
-
Doesnt have to be a map, or giographical map
-
which devices are connected together, and how they are connected together.
-
IP network listed
-
IP addresses
-
Interfaces
-
Device names
-
how they are logically laid out
-
Userful when using Trace Route to find path of message though the network, to troubleshoot issues
-
Naming conventions
-
Number of devices
-
Types of devices
-
type/location of building
-
Other Docs
-
Site Survey Reports for wireless coverage
-
site survey of building materials
-
create heatmap of wireless signals
-
adjust power of APs to get coverage or add more APs
-
-
Audit assessment reports
-
Secuirty audit/assessment
-
invintory audit/assessment
-
user access audit/assessment
-
baseline configurations
-
daily snapshot of configes, called configuration management. periodic records of device configuration
-
usually a simple file of text
-
put in central location, to compaire configations
-
baseline configs for routers, switches and firewalls.
-
3 Tier Design
-
Core
-
"Backbone" of the network.
-
Connect all the distribution layer nodes together.
-
High speed connections
-
Few to no policies
-
Limit changes to make traffic flow fast
-
Distribution
-
Connecting/Distributin network to all Access layer devices (computers and switches) to Layer 3 switches or routers to take all access layer devices and connect them to redundant devices (multiple Layer 3 routers or multiple Layer 3 switches.
-
Filter traffic that is undesirable on network
-
Routing Policies and implement routing protocols to distribute network for high-speed paths that are redundant and resiliant though the network.
-
Access
-
Computers in a office networked to a switch,
-
Control access to network (policies on the switches)
-
Software Defined Networks SDN
-
The overlay we put in infrastrucutre on our hardware to describe how to move traffic nice and quick across the network
-
Datacenter use: At the top of the rack, place a network switch, and network switch will be the point where all the servers in the rack connect, this is called a leaf (kinda like Access Layer). Leaf connects to Spine switch (kinda like Distrobution layer)o
-
East West communication: server to server communcation.
-
North South communication: client goes into data center, goes out to client.
-
Application Layer
-
Where utilities and rulesets allow network to operate via polies (control traffic loads during peak times etc.)
-
Control Layer
-
The configuration that is applied to SDN Controller is applied in Control Layer.
-
Responsible for moving traffic arround, accepting the configuration from the administrator from the workstation there, giving right info like IP addresses via DHCP services. applying some access control rules to limit where traffic can go, and responsible for moving traffic to right right location at the most efficient way possible.
-
Infrastructure Layer
-
Consitst of routers, switches, Layer 3 switches connected together with certain policies (routing and switching).
-
Already has networking applied
-
Management Plane: mechanism of configuring, controlling and monitoring all devices on network via SDN Controller which will host all configurations that will get applied as an overlay to rest of hardware to make it easier to control and manipulate traffic. The configuration that is applied to SDN Controller is applied in Control Layer.
-
Storage Area Network Connections
-
SAN (just processorsers and memory) connections to Servers
-
Servers need a way to connect to the SAN, is done with switch, 3 ways to do this
-
Fibre Channel: (connection via SAN, fiber optics to connect to a fiber optic switch to distribute SAN to servers). Layer 2 protocal, dont need to worry about IP or TCP or anything above the data link layer of OSI Model.
-
Fibre Channel over Ethernet FCoE: over high speed Ethernet
-
iSCSi: Uses TCPIP connection between SAN and servers.
-
Data Center Services
-
Server (Processsor and Memory)
-
Storage (Disk)
-
OS/Software
-
Community Cloud: When you have a private organization offering a specialized service to allow other smaller orgs to connect to it and use those services.
-
Popular consumer markets
-
Used in commercial operation for decades
-
Hosted DNS
-
Hardware/Software
-
"Server Side" services: Like a Linux server, where you can use processor and memory and storage space
-
Database: SQL database, sending data to and from database
-
Colocation: services set up in someone elses data center to offer redundancy to our own systems.
-
Server Hardware
-
Disk/Storage
-
Automation to expand service needs.
-
Virtual desktop to user
-
"workstation" is mobile
-
easy to deploy
-
easy to support
-
Mutitenancy: redundancy, grow rapidly
-
Elasticity: grow or shrink enviroment
-
Scalability:
-
Security
-
Identify the problem
-
Everyone has ego, and frusterations happen.
-
Talk and gather infomation. What can user can and cant do?
-
Identify the symptions.
-
Talk to other users and question users to figure out where issue is.
-
Change Managment, see if a change made by IT caused the issue.
-
Try and duplicate problem. If problem is not repeatable, dont disregard.
-
Multiple Problems, multiple things happening?
-
Establish a theory of cause
-
Use OSI model to identify where the issue. Which will tell where to look further. Figure out what protocols and systems are involved in the system.
-
7 Application Layer
-
6 Presentation Layer
-
5 Session Layer
-
4 Transport Layer
-
3 Network Layer
-
2 Data Link Layer
-
1 Physical Layer
-
Check your ego. Keep an open mind
-
test the theory
-
Avoid Breaking network, keep ego in check, take care to not break stuff
-
Escalate to higher level
-
estabish a plan of action
-
Examine required changes
-
change managment, to communcate changes to the systems, which dont need appovial, examin plan of action
-
Rollback plan, avoid a system wide action
-
Implement a solution
-
Verify solution
-
call to user to see if solution is good
-
IT is a service based org, kind friendly and helpfull for users to do their job
-
Document solution
Cable Types and Distances
|
|
|
|
cable type
|
material
|
distance
|
bandwidth
|
----
|
----
|
----
|
----
|
Cat 5/6/7
|
Copper
|
100M
|
up to 10Gb
|
Multi Mode SX
|
Fiber
|
1km
|
up to 100GB
|
Single Mode LX
|
Fiber
|
70 km
|
up to 10Gb+
|
-
wired cable specifications and uses
-
Max Bandwith is limited distancem not to mention max distance.
-
Crossover cabels will still work but might have to switch cables.
-
always try a different cable: damaged cable, bent pins, incorrect pinouts, incorrect cable type, open/short bent wires, bad port.
-
Punch down tool and cable test are your friends.
-
Attenuation: when cable is too far
-
EMI: effecting interference from electrial equipment, espically from floresent lights.
-
Crosstalk:
-
Cableing issues with ethernet switch: like when computer is set to half duplex and switch is full duplex, it will not work. o
-
Rollover cable: Serial Port RS232 to Console Port of a router or switch, looks just like ethernet cable but is not. Sometimes is light blue.
-
Link lite on ethernet switch: green good, yellow perhaps bad. Just know the lights on the switch. No lights might mean something is wrong.
-
copper cabling tools
-
always try a different cable: damaged cable, bent pins, incorrect pinouts, incorrect cable type, open/short bent wires, bad port.
-
fiber optic cabling tools
-
Dirty ends: scratched or dirty might need to be cleaned, specifc training will be needed.
-
Fiber optic operation, use two seperate fibers to send data. TX/RX Reverse is when the cords are switched, link light will not blink.
Transciver Mismatch: SX Transceiver and LX Transceiver will not communcate with eacher other.
-
OTDR Optical Time Domain Reflectometer: able to find how many meters in is the break/fault.
-
Light meter: strength of signal. Will need loopback adapter to shine the light reflected back at the other end of the loop.
-
Fusion Splicer: put fiber into machine, put two ends and fuse them for one continues length.
-
Other
-
Multimeter: might use it to test electricy.
-
Ping:
-
Find out if remote device is online or offline.
-
Packet Internet Groper.
-
Destination Host Unreachable: Router saying the host is not reachable.
-
Destination Network Unreachable: dont often get this message.
-
Transmit failed: Network cable is unpluggedo.
-
Windows:
IPCONFIG
shows default gateway is the router. ipconfig /all
is MAC addresses.
-
route print
shows routing table. Shows IP addresses with mask and is on interface. Default route is when traffic is not on the main interface.
-
arp -a
shows all messages sent to device, see dynamic addresses. arp -d *
will clear arp table. ARP table will eventually clear out.
-
route -n
avoids delay of DNS, shows critical info of router (default gateway)
-
Automatic Private IP address: 169.254.0.0 and is when something is wrong.
-
Traceroute/Tracert
-
Sends out packet to destination, makes a list of routers, and sometimes routers dont answer back, or skip.
-
Windows:
tracert -d 10.0.0.10
-d hides DNS for faster
-
NMAP: application utility that can scan another remote system to see what ports are open and potentially scan for vunulabilities.
-
netstat -ano
run on the device, to see what ports are open.
-
Linux:
-
ifconfig
shows all interfaces on workstation and in it is ens33
is the ethernet interface on the device and the IP address of the workstation is the inet
address.
-
Hostname
:
-
hostname is name of workstation
-
NSLookup example.com
: looks up local machine for hostname or IP address, or change DNS server lookup by typing nslookup example.com 8.8.8.8
-
Dig
: gives DNS records`
-
PuTTY:
-
telnet
-
connect to router and click
show ip route
shows routing infomation and how to reach it. Also shows network interface cards, showing ethernet and unique network. O means the route was learned from OSPF, C mean static route and was manually configured. show arp
shows arp table.
-
Router
-
show mac address-table
as switches dont have IP tables, maps port number to mac address. show mac address-table address 00c.29fc.70a5
will tell you what switch port the mac address is connected to.
-
Packet Capture
-
Wireshark adn WinPcap: capture all traffic from network interface card and analize infomation in wireshark on problem PC.
-
show traffic only to and from router, user query:
ip.addr==192.168.10.1
-
Port Mirror: option on some switches to take all traffic on one port and mirror it on another port to capture traffic with another device or PC.
-
Network Tap: device takes all traffic and sends traffic to another device.
-
Capture Traffic using TCPDUMP on linux
-
tcpdump -v
v for verbose. doesnt have same analizing as wireshark
-
Bandwith Testing:
iPef
CLI utility tests speed between two devices. iperf -s
to start server and iperf -c 10.0.0.100
starts testing speed of the other device. Otherwise use fast.com
-
IP Scanning
-
Utilities like Nmap, to scan a rang of IP addresses on the network. Good for finding a device and you dont know the IP address.
-
TFTP: Software like Tftpd64, once you are in the router and switch, can use command
copy
to copy files to and from device with copy tftp flash
-
Netflow: way of collecting data from switch or router to give snapshot of traffic.
-
Throughput is amout of data that we can transfer on any given signal.
-
Negotiated speed: stronger the signal higher the speed, further away from signal lower data speed to prevent errors
-
Received Signal Strenght Indication RSSI, device measuring wifi signal
-
Effective isotropic radiated power EIRP: measurement on device itself, Radio power outpoot subtraceted by cord of signal loss, plus the antennas power give us decibles or dbs
-
Antennas
-
Signal Polarization: if antena is horizontal it makes the signal vertical, if antenna is vertical it makes the signal horizontal.
-
Reflection: wireless signal might be reflected by the wall, or be absorbed, attena placement is crital.
-
Attenuation: when moving farther away from signal it
-
Common wireless issues
-
using wrong atenna like yagi for direction or a omni direction
-
Frequency mismatch: 5.0 GHz (better cover with alot more channels) and 2.4GHz (only three channels, even though there are 13-14 available, use cahnnel 1, 6 and 11 becase in order to get 802.11 to work correctly we need 22 MHz of space to get wireless signals to work and transfer data where you need at least 5 channels of space to do that. need each AP on a different channel. or if you have two differenet SSIDs make sure each is on its own unique channel in that particual area,)
-
Interference: 2.4 GHz makes water molicules spin from microwave, so use 5 GHz. are users complaining about microwaves ovens.
-
Channel overlaps: use a Spectrum Analyzer tool to view each frequency.
-
Wireless Coverage: In site surveys make sure you have enough coverage.
-
Channels: make sure all APs are not on the same channel, put each AP on its own channel (with 2.4 you can only use 3 cahnnels)
-
Client Disassociation: weak signal or someother interference. See wireless controler to see what is goiung.
-
AP Association Time: related to Client Dissociation, show controller how long a device can connected to the network.
-
Channel Utilization: controler that preconfigures each AP.
-
Configuraiton issues
-
Wrong SSID
-
Wrong Passphrase password
-
Security Mismatch
-
Captive Protal issues
-
Wrong Cofiguation
-
wrong gateway
-
can happen if a misconfigure or a issue with DHCP server when its not handing out default gateway.
-
wrong subnet mask
-
will be a warning saying defualt gateway is not on the same network segments (sebnet) that is defined by the IP address and subnet mask.
-
IP address
-
will be a warning saying defualt gateway is not on the same network segments (sebnet) that is defined by the IP address and subnet mask.
-
DNS
-
Duplicate IPs
-
strange consiquence, sometimes windows will assign it 169.254 address, or not give you an error. Cant ping gateway.
-
Duplicate MACs
-
DHCP server issues
-
strange consiquence, sometimes windows will assign it 169.254 addres
-
DHCP server can run out of addresses to hand ou
-
too many devices, hand out all avilable addresses and run out of addresses. change lease time on DHCP server to make the lease time shorter or add more addresses.
-
Rogue DNCP server, might show that you cannot ping your defualt gateway, can be attacker on network, or where a user tries to bring in their AP where it tries to give out addresses.
-
getting
ipconfig
working again
-
use
release
and renew
to request DHCP server to give a new IP address.
-
Layer 2 switch issues
-
Duplicate MACs
-
ipconfig /all
shows MAC physical Address, and this should be unique but can be changed.
-
Where pings to your the IP address of the computer arnt always going to work.
-
have to log into swich via cerial cabel and you will see a error saying that the mac address is flak=pping between ports ex Fa0/3 and port Fa0/1en
-
show mac address-table add 000c.29fc.70a5
and see the two ports. So on a switch you cant have the same mac address on the same VLAN on 2 different ports at the same time. so you can change the VLAN the device is on by config t
and select port int f0/3
and switch ports switchport access vlan 50
but you should not have duplicate mac addresses so this is not good anyway.
-
Changing VLANS
-
use the ARP table to see what devices are on the VLAN. Use in command prompt
arp -a
to see what devices are on your broadcast domain.
-
config t
-
int f0/1
-
switchport access vlan 20
-
Speed/Duplex Mismatch: force the speed or duplex, happens on older devices, or could happen if port doesnt get reverted back to default config, when were done with the device. Device just wont link up on switch.
-
Spanning Tree Protocol not enabled, connecting two switches with two links, end up getting messages that spin around, and it never stops and it will shut the switch down.
-
Optical Link Budget: minimun amout of light needed to make work. can be cauased by too many faults in the cord or put in patch pannel.
-
Collisions: hubs only, but dont happen with switches, only hubs.
-
Multicast: ghosting a pc, set up dozen of computers, but can overwhelm the network.
-
Layer 3 routing issues
-
Routing Loop: How IP routing works, destination IP address of the packet needs to be the IP of the destination server/computer. Routing tables will guide the way of the frame in routers. IF router is misconfigured, can mess up traffic in routing the packet back and forth. Fixed with TTL value, time to live, in IP protocol. Command prompt error will say 'ttl expired in transit' and tracert will show a ping between the two routers.
-
pinging the router will show that destination is not avilable. doing a
tracert -d
to the router willl show you where it stops. so try to SSH to the router, show ip route
and the valuess with C is a direct connected route. if not there, add the route route, config t
and ip route 10.0.0.0 255.255.255.255.0 172.16.0.6
with the final IP being the router connected to the server we want to connect to.
-
DNS issues
-
nslookup
-
any address that starts with 10.somethiung is a private IP address and connect be routed.
-
ipconfig /flushdns
will flush the dns records on the local computer
-
NTP and Certificate Issues
-
Time: make sure the computer has correct time set.
-
Firewall Restrictions
-
If you see a computer on the
arp -a
table, and you can ping the device at 10.9 but you cant ping 10.9 to the other device 10.30? The firewall might deny all other traffice going to device, but allow all trafic from computer and back to computer. You could create inbound rule on firewall. Ports only happen in layer 4 protocols, TCP and UDP.
-
BYOD challanges, users using their own device. Security, age and many issues. Or admin control over users device.
-
Licensed features issues:
-
Network perfromance issues.
-
Patch panel labeling
-
no standards in labeling
-
Patch Panels
-
48 or 24 ports, identifier label or switch room identifier
-
Patch cables is a patch panel to switch
-
Use toner to find patch panel.
-
Ports on a switch
-
Odds on top, evens on bottom
-
Switch stack number(1)/module number (0)/port number (GI is gigabit)
-
6-8-12 ports and 24-48 ports
-
9000 series switches
-
Stacked switches are 1 to higher number from top to bottom
-
Smaller switches
-
Cascading Switches, connecting switches switches
-
MAC address tables of top switch will show Port example: 1 and mac address of each computer ex: DF 7B. and the Bottom switch will show Port example 1 and mac of the other computers on top switch, example: c2 a7 6e b3 3f
-
Broadcast messages can be a problem, with broadcast storm with messages if all the switches are connected to each other. Spanning Tree Protocol stops these broadcast storms but not all switches have STP
-
show mac address-table dynamic
or CAM table table, Content Addressable directory and show one port show mac address-table interface int f0/1
-
KNow the IP address, find switchport:
-
no mapping on switch of IP address to switchport, as switch is layer 2 device, but all IP addresses are affilated with MAC addresses.
-
find out where 10.0.0.128 is plugged into the switch, go from that local network segment (have to be on the workstation that can
-
look at AARP table on workstation,
arp -a
, show the mapping on the workstation of IP addresses to respective MAC addresses.
-
SSH into the Switch that the workstation is connected to.
show mac address-table ?
and the ? allows you to type the address mac address-table address 000c.292d.9200
which will show into the port. Then look at the network map and see what switch is connected to that port and SSH into that new switch, and show the mac address of the new swich show mac address-table address 000c.29ed.9200
-
show cdp neighbor
will show all neighbors that are connected to the switch.
nd remember that MAC address eventually get forgotten in MAC address Tables
-
-
Swtich Memory
-
Bootstrap stored in EEPROM, OS operating stored in flash memoery, startup-config is stored in virtual NVRAM, running-config is stored in RAM
-
Working with config and use
copy running-config startup-config
were taking copy of running-config in ram and your copying it to flash, but we dont call it startup-config, you call it config.txt
-
Switch Cofiguration LAB: RS-232 Port connects computer to thw Switch via the Console Port
-
Use Putty
-
User mode is
>
-
en
is enable to privilaged mode #
-
Config mode is
config t
-
Change name of switch:
hostname Blakeswitch1
-
Domain Name so you can generate crypto key to enable SSH:
ip domain-name blake.com
-
Banner message of the day, for when users connect to it they can see what is going on:
banner motd #this is Blake's switch, stay out!#
-
Security stuff
-
create password from user mode to privilaged mode:
enable secret passwordcisco
-
create username:
username blake scret passwordcisco
-
generate crypto key and enable SSH:
crypto key generate rsa
-
Change version of SSH:
ip ssh ver 2
-
Enable password encryption:
service password-encryption
-
Go to line con 0:
line con 0
-
put a password on it:
password passwordcisco
-
Log in:
login
and exit: exit
-
Configure switch so we can SSH into it:
line vty 0 4
-
Log into the switch with that username and password that is in the database on the router:
login local
-
Only allow SSH:
transport input ssh
-
Switch needs IP address for the SSH, switches do not examin IP addresses (only mac addresses in the frame and frame header, switches purpose is a layer 2 device), so IP address is just to SSH to the Switch, not route traffic. So to create a IP address, must create virtual interface:
interface vlan 1
which is a switched virtual interface SVI and has MAC address and IP address: ip address 10.0.0.5 255.255.255.0
and no shutdown
-
VLAN 1 are just the switch ports, so they can access the virtual interface, to see current config use
show running-config
and save config copy running-config startup-config
-
Show contense of flash memory:
show flash
-
SSH into the switch:
-
use putty in SSH mode, and you can ping the IP to make sure the computer can see the switch on the network.
-
use
en
to enter into privilaged mode
-
change password:
config t
-
enable secret:
randompasswordh
-
exit:
exit
and copy running config to startup config: running-config startup-config
-
Reset passowrd:
-
password is stored in file called config.txt and flash memory. access flash memory from ROMmon mode, by pressing button one button on switch while switch boots up for a hard reset wich brings you to switch, and you have to initialize flash memory with
flash_init
and look at flash memory: dir flash
which will show the config.txt file where the password is located, but you need to rename the file to something else than config.text
by renaming it rename flash:config.text flash:config.bak
then boot up switch with boot
, after it boots up use en
for privilaged mode and do show flash
to show files in flash memory, and rename rename flash:config.bak flash:config.text
and now make that running config file to make it startup config file: copy flash:/config.text running-config
now switch has running config copied over, now go into config mode and change enable secret to something you know: enable secret cisco
and exit and copy running-config startup-conf
-
Upgrading the IOS
-
showversion
shows version of OS and showflash
and shows OS that is curretly loading, OS files should end in .BIN, so change directiries by `dir flash:/c2960-lanbasek9-mx.150-2.SE6
-
Size of the .BIN file is important to check free memory
show flash
-
Check integrety of the .BIN file, exactly same bits as same as router:
verify /md5 flash:c2960-lanbasek9-mz.150-2.se7.bin
runs the file though the md5 algerathm and it spits out a value and use the values to verify integrity of the file
-
Turn on TFTP server
-
Ping work station
pin 10.0.0.10
-
Now copy the file
copy tftp flash
and enter address 10.0.0.10
and source file name
-
see if file transferd by
show flash
-
Use new file for switch
boot system flash:/c2960-lanbasek9-mz.150-2.se7.bin
-
exit and save
copy running-config startup-config
-
reload the switch
reload
to the new .BIN file
-
go back into privialge mode
en
and show version show version
-
Putty
-
Solarwinds keeps network sessions active to remote into.
-
Console
-
directly connecting to the switch via RJ45 to USB, Cisco specific, should be in the MDF room
-
Console ports for Cisco are blue port, yellow is management port
-
Prompts: # means privilege exec mode, (Config) is config mode so be careful, show command will show settings
-
VLANs
-
network is assigned a number and name, some
-
Depending on AD OU, device will but put on the VLAN
-
Clearpass
-
trunk port, multiple VLANs at a time to connect across VLANs
-
access ports, where only one VLAN exhist on the port
-
NAC port: type of access port, security port, and talks to clearpass and decides what vland the device belongs to
-
Build port: also an access port, port assigned to particular VLAN
-
static access ports: are for the servers, where VM ware host connects to server
-
MAB: Mack Authentication, authenticated with MAC. Add the dynamic VLAN setting so it goes on the correct network.
-
Dot1X authentication: domain controllers, all computers should be using dot1x
-
Solarwinds
-
Gets DHCP reservations
-
Can use MAPs to see maps.
-
Can set up alerts
-
Wireless
-
Green: has two different VLANs
-
Purple: lift scanners
-
Blue: old lift scanners
-
Red: going away, wireless infogenissis access,
-
EmployeeDevice being replaced: for employee cell phones, new password changed every year.
-
Slate: for V. devices, temperate sensors, i9's iPads, each device has own password to its mac address