IndexNote to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

Symbols and Numbers/?, route, 540* (asterisk), wildcard, 559- (dash), IP routing, 260# (pound sign), Hosts table, 5352.4 GHz, 341–343, 3432.4 GHz/5 GHz, 345–346-4, 527, 5375GHz, 343–345-6, 527, 53710Base2. See thinnet10Base5. See thicknet10BaseFL, 10510BaseT, 92, 102, 10510GBaseER, 10610GBaseEW, 104, 10610GBaseGR, 10410GBaseLR, 104, 10610GBaseLW, 104, 10610GBaseSR, 104, 10510GBaseSW, 104, 10610GBaseT, 60, 104, 10525-pair cable, 7940 MHz, 345100BaseFX, 103, 105100BaseTX, 103, 105100-Megabit Ethernet, 58110 block, 79568A, 73, 73–74, 74568B, 73–741000BaseCX, 103, 1051000BaseLX, 103, 1051000BaseSX, 103, 1051000BaseT, 103

A-A, 543-a, 531, 541–543, 549

AAA. See authentication, authorization, and accounting

ABRs. See area border routersAC. See alternating currentaccess control lists (ACLs), 378, 378–379

firewalls, 453–456port numbers, 379stateful firewalls, 462

access links, 319access lists, 451Access Point mode, WAP, 359access points (AP), 347–348, 348, 355, 359–362

configuration, 359–362DHCP, 365installing, 355rogue, 423

access ports, 319accounts

anonymous, 394automatic account lockouts, 398–399security policy, 433user, 393–396

ACK (acknowledgment), 34, 37–39, 462ACLs. See access control listsactive detection, 429ActiveX attacks, 425AD. See administrative distancead hoc mode, wireless networks,

351–352, 352add, 539address learning, 304–306, 305Address Resolution Protocol (ARP), 90, 176,

176–177, 529–533IP routing, 258Proxy ARP, 622

AD-IDS. See anomaly-detection IDSadministrative distance (AD), 275–277, 280administrator training, 437ADSL. See Asymmetric Digital Subscriber LineAdvanced Encryption Standard (AES), 382,

388, 607AES-Counter Mode CBC-MAC Protocol

(AES-CCMP), 366, 367

137550bindex.indd 729 12/20/11 4:22 PM

COPYRIG

HTED M

ATERIAL

730 agents – black hole

agents, 163aggregate rate, 93AH. See Authentication Headeralias record, 133alternating current (AC), 587Angry IP, 575, 575–576anomaly-detection IDS (AD-IDS), 468anonymous accounts, 394antenna

troubleshooting, 609wireless, 349–351

antivirus engine, 440antivirus programs, 439–441antivirus scan, 440–441anycast, 202, 204AP. See access pointsAPIPA. See Automatic Private IP Addressingapplications

bandwidth, 653–654server logs, 651

Application layer, OSI, 31–32firewalls, 463–464

application server, 6, 39application-layer attacks, 425application-specific integrated circuit (ASIC),

130, 144, 302area border routers (ABRs), 288ARP. See Address Resolution Protocolarp, 530–533arp -a, 236ARPAnet, 157–158AS. See autonomous systemASBR. See autonomous system border routerASIC. See application-specific integrated circuitAsymmetric Digital Subscriber Line (ADSL),

392, 501Asynchronous Transfer Mode (ATM), 487,

508–509Attachment Unit Interface (AUI), 102–103attenuation, 71, 102, 606AUI. See Attachment Unit Interfaceauthentication, 400–406

authorization, and accounting (AAA), 402–403

CHAP, 405, 406EAP, 391, 406FTP, 161Kerberos, 402, 403MAC, 364MS-CHAP, 391, 405–406

NAC, 405PKI, 401RADIUS, 403RIPv2, 280TACACS+, 403–405, 404wireless networks, 357

Authentication Header (AH), 384authenticator, 405auto-detect mechanism, 93automatic account lockouts, 398–399Automatic Private IP Addressing (APIPA), 168,

197–198autonomous system (AS), 264–265, 274,

287, 289BGP, 285, 286EIGRP, 283

autonomous system border router (ASBR), 289autorooters, 425

Bbackbone

collapsed, 299networks, 20, 20–21OSPF, 288

backdoors, 425background checks, 433backups, 434badges, 433bandwidth, 492, 653–654Bandwidth on Demand Interoperability Group

(BONDING), 505BASE. See Basic Analysis and Security Enginebaselines, 163, 645–647Basic Analysis and Security Engine (BASE),

573Basic Rate Interface (BRI), 504basic service area (BSA), 352basic service set (BSS), 352Basic Service Set Identifiers (BSSIDs), 608beacons, 422Bearer channels, 505Berkeley Software Distribution (BSD), 158BGP. See Border Gateway Protocolbinary numbers, 94–98bit, 94, 190black box, 452black hole, 621

137550bindex.indd 730 12/20/11 4:22 PM

block acknowledgment – CHAP 731

block acknowledgment, 345blocking state, 310Bluetooth, 487, 497BNC. See British Naval ConnectorBONDING. See Bandwidth on Demand

Interoperability Groupboot-sector viruses, 420Border Gateway Protocol (BGP), 265, 285,

285–286bottlenecks, 646bounce, 426, 609BPDUs. See Bridge Protocol Data UnitsBPL. See Broadband over Power LineBRI. See Basic Rate Interfacebridges, 120, 300, 303

collision domain, 120Layer 2, 144–145multicast packets, 142

Bridge Protocol Data Units (BPDUs), 309Bridging mode, WAP, 359British Naval Connector (BNC), 57, 57, 63, 102Broadband over Power Line (BPL), 67–68, 68broadband services, 498–503, 499broadcasts, 40, 41, 203–204, 303, 651

Layer 2, IPv4, 198Layer 3, IPv4, 198–199

broadcast address, 191broadcast domains, 138, 140, 303

Ethernet, 90VLAN, 143, 314

broadcast storm, 307, 308, 622brute-force attacks, 426BSA. See basic service areaBSD. See Berkeley Software DistributionBSS. See basic service setBSSIDs. See Basic Service Set Identifiersbuffer, 35Buffer Full, 175buffer overflow, 421burst, 507bus topology, 12, 13butt set, 584byte, 94, 95, 190, 550

C-c, 543–544CA. See certificate authority

cables. See also specific cable typesproperties, 71–72troubleshooting, 604–609wiring standards, 72–78

cable modem, 499, 499, 501–503cable stripper/snips, 586cable testers, 77, 577, 577–579caching engines, 657–658caching proxy server, 135call setup, 168cameras, security policy, 433canonical name (CNAME), 133CARP. See Common Address Redundancy

ProtocolCarrier Sense Multiple Access with Collision

Detection (CSMA/CD), 91, 91–92, 118, 343, 606

Category 2 twisted-pair cable, 59Category 3 twisted-pair cable, 59Category 4 twisted-pair cable, 59Category 5 twisted-pair cable, 59, 103Category 5e twisted-pair cable, 59, 60,

62, 103Category 6 twisted-pair cable, 59, 103Category 6a twisted-pair cable, 59CATV. See community antenna televisionCCEVS. See Common Criteria Evaluation and

Validation SchemeCd, 558cellular WAN, 503central office (CO), 489central processing unit (CPU), 5, 274centralized WAN, 9certificate authority (CA), 401, 401certifiers, 580, 580Challenge Handshake Authentication Protocol

(CHAP), 405, 406change, 539change management, 647channels, 505

EtherChannel, 101side channel attack, 388T-series connections, 493–495WAP, 359wireless networks, 607

channel bonding, 101, 101, 101, 101channel service unit/data service unit (CSU/

DSU), 44, 76, 79, 488–489CHAP. See Challenge Handshake

Authentication Protocol

137550bindex.indd 731 12/20/11 4:22 PM

732 CIDR – decimal numbers

CIDR. See Classless Internet Domain RoutingCIR. See committed information ratecircuit switching, 491cladding, 63Class A network address, 193–194, 215, 217Class B network address, 194–195, 215, 216,

226–234Class C network address, 195–196, 215,

217–226, 219, 220–221, 221Class D network address, 196Class E network address, 196classful routing, 279, 281Classless Internet Domain Routing (CIDR),

197, 215–217, 287IPv6, 200NAT, 241subnet mask, 225

classless routing, 279, 282clean-desk policy, 431–432client machines, 5client mode, VTP, 322, 323client-server, 11, 11CLNS. See Connectionless Network Servicecloud computing, 658–659CNAME. See canonical nameCO. See central officecoaxial cable, 55–58, 67collapsed backbone, 299collisions, 40, 606collision domains, 94, 120, 300

Ethernet, 90routers, 143switches, 138, 140, 143, 302

collision events, 90collision light, 600–601.com, 131, 418committed information rate (CIR), 506Common Address Redundancy Protocol

(CARP), 658Common Criteria Evaluation and Validation

Scheme (CCEVS), 430communication satellite (comsat),

497–498, 498community antenna television (CATV), 57, 502compression, 33comsat. See communication satelliteConnectionless Network Service (CLNS), 290connectionless protocol, 170connection-oriented communication, 34–35, 35connectivity software, 519

connectivity testing, 651content filtering, 136–137, 137, 465Content Security Control (CSC), 464continuity testers, 579convergence, 257, 303

routing tables, 278, 279Spanning Tree Protocol, 311, 311

CPE. See customer premises equipmentCPU. See central processing unitCRC. See cyclic redundancy checkcrossover cable, 74, 75–76, 76, 640, 641crosstalk, 58, 605–606CSC. See Content Security ControlCSMA/CD. See Carrier Sense Multiple Access

with Collision DetectionCSU/DSU. See channel service unit/data

service unitcustomer premises equipment (CPE), 488cyclic redundancy check (CRC), 179

frames, 182IP routing, 258, 259, 261

D-d, 531D channel, 505DA. See Destination Addressdata communication equipment (DCE), 44Data Encryption Standard (DES), 387data frame, 42Data Link Connection Identifiers (DLCIs), 508Data Link layer, OSI, 42, 42–44

encapsulation, 179Ethernet, 94–101frames, 181IP routing, 258, 260, 261, 262

data over cable service interface specification (DOCSIS), 502

data packets, 40, 100data steam, 180–181data terminal equipment (DTE), 44, 507datagrams, 179DB-9, 69dBi. See decibel isotropicDCE. See data communication equipmentDDos. See distributed denial of service attacksdecibel isotropic (dBi), 350decimal numbers, 94–98

137550bindex.indd 732 12/20/11 4:22 PM

decompression – DS3 733

decompression, 33decryption, 33dedicated lines, 491de-encapsulation, 179default gateway

DHCP, 166incorrect, 615–616IP routing, 257–258, 261ping, 235–236

default routes, 285delay, 655delete, 539delivery protocol, 380demarc, 79–80, 489demarc extension, 79–80demilitarized zone (DMZ), 125, 125, 451

firewalls, 456–457, 457IDS/IPS, 573route, 537security policy, 433–434, 434

denial of service attack (DoS), 415ACLs, 454DDos, 417, 418DoS/SYN flood attack, 416, 417, 454firewalls, 463

Dense Wavelength Division Multiplexing (DWDM), 496

Department of Defense (DoD), 159, 430OSI, 158–159, 159port scanners, 576TCP/IP, 158–159, 160

DES. See Data Encryption Standarddestination, 539Destination Address (DA), 99–100Destination Unreachable, 175, 259, 261DFS. See Dynamic Frequency SelectionDHCP. See Dynamic Host Configuration

ProtocolDiffie-Hellmann algorithm, 388Diffusing Update Algorithm (DUAL), 283, 291dig, 533Digital, Intel, and Xerox (DIX), 101digital certificates, 473digital ID, 388Digital Signal 0 (DS0), 492–493Digital Signal 1 (DS1), 493Digital Signal 3 (DS3), 494digital subscriber line (DSL), 61, 487, 499, 499,

500–501. See also specific DSL types

digital subscriber line access multiplexer (DSLAM), 500

Dijkstra algorithm, 287DIP. See dual inline packageDirect Sequence Spread Spectrum (DSSS), 343directional antennas, 349–351Directory Service, 652disabled state, Spanning Tree Protocol, 310discontiguous networks, 280–282, 283distance vector (DV), 266, 266, 278, 278

EIGRP, 283RIPv2, 280routing protocols, 277, 278–286

distributed denial of service attacks (DDos), 417, 418

distributed WAN, 9distribution list, 455distribution network, 501distribution system (DS), 352diversity, 347DIX. See Digital, Intel, and XeroxDLCIs. See Data Link Connection Identifiers.dll, 418DMZ. See demilitarized zoneDNS. See Domain Name ServiceDNS Server, 652DOCSIS. See data over cable service interface

specificationDoD. See Department of DefenseDomain Name Service (DNS), 89, 130–135,

132, 134, 165–166certifiers, 580DHCP, 166DMZ, 451incorrect, 616IP address, 236ipconfig, 524network reconnaissance, 426port scanners, 574tracert, 520

door locks, 433DoS. See denial of service attackDOS commands, 236–237DoS/SYN flood attack, 416, 417, 454dropped packets, 655DS. See distribution systemDS0. See Digital Signal 0DS1. See Digital Signal 1DS3. See Digital Signal 3

137550bindex.indd 733 12/20/11 4:22 PM

734 DSL – equipment access

DSL. See digital subscriber lineDSLAM. See digital subscriber line access

multiplexerDSSS. See Direct Sequence Spread SpectrumDTE. See data terminal equipmentDTP. See Dynamic Trunking ProtocolDUAL. See Diffusing Update Algorithmdual inline package (DIP), 605dumb terminals, 7DV. See distance vectorDWDM. See Dense Wavelength Division

Multiplexingdynamic ARP table entries, 529dynamic DNS, 135Dynamic Frequency Selection (DFS), 344Dynamic Host Configuration Protocol

(DHCP), 125, 126, 126–129, 128, 129, 166–168, 167

APIPA, 198certifiers, 580DSL, 499evil twin, 424ipconfig, 524Parameter Request List, 127–128, 128protocol analyzers, 517, 517–518Scope Options, 127, 127server logs, 651WAP, 365

dynamic IP routing, 255, 264–266, 265dynamic NAT, 243dynamic packet filtering, 459dynamic state list, 459, 459Dynamic Trunking Protocol (DTP), 318dynamic VLAN, 318

E-e, 550–551EAP. See Extensible Authentication ProtocolEAR. See Export Administration Regulationsecho, 606echo request payload, 257.edu, 131EEOC. See equipment exceeds operator

capabilityEGPs. See exterior gateway protocols

EIA/TIA. See Electronic Industries Association/Telecommunications Industry Alliance

EIGRP. See Enhanced Interior Gateway Routing Protocol

electromagnetic interference (EMI), 71–72, 104, 355, 605

Electronic Industries Association/Telecommunications Industry Alliance (EIA/TIA), 60, 102, 505, 640

email server, 580email virus, 419, 451emergency virus scan, 441EMI. See electromagnetic interferenceEncapsulating Security Payload (ESP), 384encapsulation, 98–99

IP, 178–182, 179OSI, 45, 45

encryptionAES, 382, 388DES, 387devices, 136, 136–137OSI Presentation layer, 33passwords, 386–387PGP, 386–387, 389, 390public key, 388, 389security filtering, 386–389SSL, 382symmetrical key, 3873DES, 387–388VPN concentrator, 473wireless networks, 607wireless NICs, 356–358, 357

endpoints, 500end-user training, 436–437Enhanced Interior Gateway Routing Protocol

(EIGRP), 40, 266, 282–284, 621AD, 275DV, 266IP routing, 254IS-IS, 290LS, 266multicast, 199RIPv2, 280v6, 291VLSM, 282

environment, 146–147, 337environmental monitors, 588–589equipment access, 432

137550bindex.indd 734 12/20/11 4:22 PM

equipment exceeds operator capability (EEOC) – forwarding state 735

equipment exceeds operator capability (EEOC), 602

ESP. See Encapsulating Security PayloadESS. See extended service setESSIDs. See Extended Service Set Identifierseth_addr, 531EtherChannel, 101Ethernet. See also specific Ethernet types

addressing, 98broadcast domain, 90channel bonding, 101, 101collision domain, 90CSMA/CD, 91, 91–92frames, 98–100, 99full duplex, 92–94half duplex, 92–94MMF, 66, 66–67OSI

Data Link layer, 42–43, 94–101Physical layer, 101–106, 102

RJ-45, 102SMF, 66, 66–67specifications, 87–114switches, 120–121, 121Type, 100, 259–262UTP, 102

crossover cable, 75ETSi. See European Telecommunications

Standards InstituteEuropean Telecommunications Standards

Institute (ETSi), 338Event Viewer, 652, 652evil twin, 423–424Evolved High Speed Packet Access (HSPA+),

503–504.exe, 418exit interviews, 435–436expansion slots, 118–119Export Administration Regulations (EAR), 386extended ACLs, 455–456extended demark, 489extended service set (ESS), 353, 354Extended Service Set Identifiers (ESSIDs), 608Extensible Authentication Protocol (EAP),

391, 406exterior gateway protocols (EGPs), 264–266,

265, 274extranet VPN, 382

F-f, 527, 538F connector, 56Fast Ethernet, 93, 103fault tolerance, 13, 15, 284, 658fax server, 6FCC. See Federal Communications

CommissionFCS. See Frame Check Sequencefeasible successor, 284Federal Communications Commission (FCC),

338–339FEP. See fluoroethylenepropylenefiber to premises, 496fiber-optic cable, 61–66, 63, 67FIFO. See first-in, first-outFile Replication Service, 652file server, 6, 580File Transfer Protocol (FTP), 160–161

application-layer attacks, 425bounce, 426DMZ, 456–457DNS, 133firewalls, 463OSI Application layer, 32password encryption, 386proxy, 461troubleshooting, 554–559

file viruses, 418–419firewalls, 125–126, 425, 452–468

ACLs, 453–456DMZ, 456–457, 457IP spoofing attacks, 378OSI

Application layer, 463–464Network layer, 461–463

protocol switching, 457–458scanning services, 464–468security policy, 433technologies, 453–461

first-in, first-out (FIFO), 656flat network, 314flow control, 35–36, 36fluoroethylenepropylene (FEP, Teflon), 55forward/filter decisions, 306–307forward/filter table, 304, 304, 306, 326forwarding state, 310

137550bindex.indd 735 12/20/11 4:22 PM

736 FQDN – host-based IDS (HIDS)

FQDN. See fully qualified domain namefractional T1 (FT1), 494frames

CRC, 182Ethernet, 98–100, 99IP routing, 259OSI

Data Link layer, 179, 181Physical layer, 182

Spanning Tree Protocol, 309switches, 306

Frame Check Sequence (FCS), 100, 179, 259, 260

frame filtering, 306Frame Relay, 16, 487, 506–508frequency, 72FT1. See fractional T1FTP. See File Transfer Protocolftp, 555FTP PORT, 426full duplex, 71

Ethernet, 92–94OSI Session layer, 33TCP, 168

fully qualified domain name (FQDN), 165–166

G-g, 531-g host-list, 536gateway, 539gateways, 7, 39. See also default gateway;

specific gateway protocolsBPL, 68encryption, 136–137incorrect, 615–616

GB. See gigabyteGeneric Routing Encapsulation (GRE), 383GetRequest, 638Gigabit Ethernet, 101, 104gigabyte (GB), 492G/L. See Global/Local bitglobal address, NAT, 243global unicast address, IPv6, 204Global/Local bit (G/L), 98.gov, 131GRE. See Generic Routing Encapsulationguards, 434

H-h maximum_hops, 536H.323, 464half duplex, 71

Ethernet, 92–94NICs, 123OSI Session layer, 33switches, 302wireless networks, 337

handshakeCHAP, 405, 406MS-CHAP, 391, 405–406three-way handshake, 34, 36, 168

hardware address, 88, 174, 254, 258, 260, 262

hardware broadcasts. See Layer 2hashing functions, 382HDLC. See High-Level Data Link ControlHDSL. See high bit-rate digital subscriber lineheadend, 501hello packets, 286, 291heuristic scanning, 439hexadecimal numbers, 94–98HFC. See hybrid fiber-coaxialHIDS. See host-based IDShierarchical addressing, 191–198high availability, 657high bit-rate digital subscriber line (HDSL),

500–501High Speed Serial Data Connector

(HSSDC), 103High-Level Data Link Control (HDLC), 491honeynets, 471honeypot, 471, 471hops, 175hop count, 40, 275, 290

DV, 278OSPF, 287RIP, 279RIPv2, 280

hostsduplex, 93networks, 7, 39VLSM, 281workstations, 5

host address, 192host-based firewalls, 453host-based IDS (HIDS), 471–472

137550bindex.indd 736 12/20/11 4:22 PM

hostname – Institute of Electrical and Electronics Engineers (IEEE) 737

hostname, 536Hosts table, 535–536Host-to-Host layer, DoD model, 159,

168–173hotfixes, 437–439HSPA+. See Evolved High Speed Packet AccessHSSDC. See High Speed Serial Data ConnectorHTML, 32HTTP. See Hypertext Transfer ProtocolHTTPS. See Hypertext Transfer Protocol

Securehubs, 39, 118, 118, 146

collision domains, 300full duplex, 93LAN, 4OSI Physical layer, 145–146switches, 143

humidity, 147, 588–589hybrid fiber-coaxial (HFC), 501hybrid IP routing, 266, 266, 277, 283hybrid mesh topology, 15hybrid topology, 18, 18Hypertext Transfer Protocol (HTTP), 6, 164

application-layer attacks, 425DMZ, 451DNS, 131firewalls, 463IP routing, 263IPv6, 202netstat, 547OSI Application layer, 32port numbers, 263proxy, 461Telnet, 560

Hypertext Transfer Protocol Secure (HTTPS), 164, 263, 382

I-i address, 537-i TTL, 527IBSS. See independent basic service setICA. See Independent Computing ArchitectureICMP. See Internet Control Message ProtocolICSA. See International Computer Security

AssociationID Ten T error (ID10T), 602IDC. See insulation displacement connector

IDF. See intermediate distribution frameIDS. See intrusion detection systemIE. See Internet ExplorerIEC. See International Electrotechnical

CommissionIEEE. See Institute of Electrical and Electronics

EngineersIETF. See Internet Engineering Task Forceif, 540if_addr, 531ifconfig, 525–526I/G. See Individual/Group bitIGMP. See Internet Group Management

ProtocolIGPs. See interior gateway protocolsIGRP. See Interior Gateway Routing ProtocolIMAP. See Internet Message Access Protocolinbound ACLs, 456incident response, 430independent basic service set (IBSS), 351Independent Computing Architecture

(ICA), 392Individual/Group bit (I/G), 98inet_addr, 531infrastructure mode, wireless networks,

352–353, 353inherent attenuation, 102injectors, PoE, 326, 326inside global address, NAT, 243inside local address, NAT, 243Institute of Electrical and Electronics Engineers

(IEEE), 42–43, 98, 338802, 43–44802.1D, 309802.1Q, 321802.1w, 311–312802.3, 99, 100, 101802.3ab, 103802.3af, 325802.3an, 104802.3at, 325802.3u, 103802.11, 338, 340–347, 347802.11a, 343–344802.11b, 341–342, 342802.11g, 342–343802.11h, 344–345802.11n, 345–346803.3z, 103

137550bindex.indd 737 12/20/11 4:22 PM

738 insulation displacement connector (IDC) – IP address

insulation displacement connector (IDC), 585–586

.int, 131Integrated Services Digital Networks (ISDN),

487, 504–505interior gateway protocols (IGPs), 264–266,

265, 274BGP, 285IS-IS, 289

Interior Gateway Routing Protocol (IGRP), 266, 275

intermediate distribution frame (IDF), 79Intermediate System-to-Intermediate System

(IS-IS), 266, 289, 289–290, 621internal routing protocols, 286International Computer Security Association

(ICSA), 431International Electrotechnical Commission

(IEC), 649International Organization for Standardization

(ISO), 28, 649Internet, 8–9, 122, 380Internet Control Message Protocol (ICMP),

175, 175–176, 415, 621ACLs, 454IP routing, 257, 260, 262ping, 236traceroute, 520

Internet Engineering Task Force (IETF), 157Internet Explorer (IE), 31Internet Group Management Protocol

(IGMP), 165Internet layer, DoD model, 159, 173–178Internet Message Access Protocol

(IMAP), 162Internet Options, Security tab, 466, 466Internet Protocol (IP), 40, 155–187. See also

specific IP topics and processesACLs, 378CLNS, 290encapsulation, 178–182, 179OSPF, 287SOHO, 140

Internet Protocol version 4 (IPv4), 198–199, 291

Internet Protocol version 6 (IPv6), 40, 200–205, 202

CLNS, 290IP routing, 254ipconfig, 522OSPF, 287

routing protocols, 290–291SOHO, 140

Internet Security Association and Key Management Protocol (ISAKMP), 385–386

Internet service providers (ISPs)BGP, 265, 285cable modem, 502CIDR, 215

internetwork, 8, 8devices, 39, 141DV, 278, 278routers, 41, 121, 139, 143routing tables, 278SOHO, 140switches, 142, 145

Internetwork Package Exchange (IPX), 100, 383, 458

Inter-Switch Link (ISL), 320–321intranet, 8, 382intrusion detection system (IDS), 433,

468–472, 572–573packet sniffers, 570–571

intrusion prevention system (IPS), 423, 470, 572–573

packet sniffers, 570–571inverse multiplexing, 505IP. See Internet ProtocolIP address, 7, 89–90, 189–210

ACLs, 379arp -a, 236BGP, 285DHCP, 127, 166DNS, 131–132, 165–166, 236DOS commands, 236–237evil twin, 424hierarchical addressing, 191–198incorrect, 615network configuration, 122–123NICs, 235port security, 456private, 196–198problem determination, 237, 237–241, 238Smurf attacks, 415static, 168subnets, 212–234switches, 121troubleshooting, 234, 234–241v4, 198–199VLSM, 282WAP, 348, 359

137550bindex.indd 738 12/20/11 4:22 PM

IP header – light-emitting diodes (LEDs) 739

IP header, 174, 174IP proxy, 460–461IP routing, 253–272, 256, 258, 263, 264. See

also specific routing typesARP, 258CRC, 258, 259, 261default gateway, 261Destination Unreachable, 259, 261dynamic, 264–266, 265FCS, 259, 260frames, 259hardware address, 258, 260, 262HTTP, 263HTTPS, 263hybrid, 266, 266ICMP, 257, 260, 262MAC address, 258OSI

Data Link layer, 258, 260, 261, 262Network layer, 260, 261Physical layer, 259, 262

packets, 261packet switching, 260process, 257–262Registry, 261static, 264–266, 265

IP Security (IPSec), 384, 385, 473IP spoofing attack, 378–379, 424, 424, 454IP stack, 235, 537ipconfig, 502, 521–524ipconfig/all, 236, 522–524ipconfig/release, 517, 524ipconfig/renew, 517, 524IPS. See intrusion prevention systemIPSec. See IP SecurityIPv4. See Internet Protocol version 4IPv6. See Internet Protocol version 6IPX. See Internetwork Package ExchangeISAKMP. See Internet Security Association and

Key Management ProtocolISDN. See Integrated Services Digital

NetworksIS-IS. See Intermediate System-to-Intermediate

SystemISL. See Inter-Switch LinkISO. See International Organization for

Standardizationisotropic antennas, 350ISPs. See Internet service providers

J-j host-list, 527jitter, 655

K-k host-list, 527Kerberos, 402, 403, 473Kevlar, 62

L-l size, 527L2F. See Layer 2 ForwardingL2TP. See Layer 2 Tunneling ProtocolLAN. See local area networkLAN Manager, 299latching, 63latency, 144, 302, 609latency sensitivity, 653Layer 2

bridges, 144–145broadcasts, IPv4, 198port security, 456Spanning Tree Protocol, 309switches, 144–145, 298, 302–309

Layer 2 Forwarding (L2F), 383Layer 2 Tunneling Protocol (L2TP), 383Layer 3

broadcasts, IPv4, 198–199port security, 456switches, routers, 41, 122

layered architecture, OSI, 28–29, 30–44, 31, 32

LC. See Local ConnectorLcd, 558LDAP. See Lightweight Directory

Access Protocollearning state, 310leased lines, 491least significant bit (LSB), 99LEDs. See light-emitting diodesLength, IEEE 802.3, 100light-emitting diodes (LEDs), 63, 119,

600–601

137550bindex.indd 739 12/20/11 4:22 PM

740 Lightweight Directory Access Protocol (LDAP) – microwave radio relay

Lightweight Directory Access Protocol (LDAP), 165

Link Aggregation, 101link light, 600–601link state (LS), 266, 266, 277, 283, 286–290link state advertisements (LSAs), 286link state packets (LSPs), 286link-local address, 204, 291listening state, 310LLC. See Logical Link Controlload balancing, 130, 275, 278, 657load testing, 651local address, 243, 262local area network (LAN), 3, 3–5. See also

Small Office, Home Office; virtual local area network; wireless local area network

IP routing, 254packet switching, 492RJ-11, 61routers, 4, 315, 451switches, 301

bridges, 303VLSM, 281VPN, 380–382

Local Connector (LC), 64, 65, 66local loop, 489logging, NIDS, 470logical address, 41, 254Logical Link Control (LLC), 43logical network diagrams, 645, 646LogMein, 519, 519Long Term Evolution (LTE), 503, 504loop avoidance, 307–309, 308loopback plug, 578, 578LS. See link stateLs, 558LSAs. See link state advertisementsLSB. See least significant bitLSPs. See link state packetsLTE. See Long Term Evolution

MMAC. See Media Access Controlmacro viruses, 420magnetic flux, 71–72mail exchanger (MX), 133mail relay, 434

mail server, 6, 433, 456main distribution frame (MDF), 79mainframes, 7man-in-the-middle attacks, 427, 427mask netmask, 539maximum burst rate (MBR), 507maximum transmission unit (MTU), 103,

615, 621MB. See megabyteMBR. See maximum burst rateMD5. See Message-Digest algorithm 5MDF. See main distribution frameMD-IDS. See misuse-detection IDSMDI/MDI-X. See medium dependent

interface/medium dependent interface-crossover

mechanical transfer registered jack (MTRJ), 64–65, 65

Media Access Control (MAC), 43, 236, 345, 379

address, 88–90, 94, 98ARP, 529arp -a, 236bridges, 303DHCP, 127IP routing, 258ipconfig, 524IPv6, 202port security, 456PPPoE, 392switches, 120, 303TKIP, 366VLAN, 318

authentication, 364forward/filter table, 304, 304, 306

media converters, 66–67medium dependent interface/medium

dependent interface-crossover (MDI/MDI-X), 605

meet-in-the-middle attack, 387megabyte (MB), 492mesh topology, 15, 15–16Message-Digest algorithm 5 (MD5), 405metric, 40metric metric, 539mget, 559Microsoft Challenge Handshake

Authentication Protocol (MS-CHAP), 391, 405–406

microwave radio relay, 497

137550bindex.indd 740 12/20/11 4:22 PM

.mil – networks 741

.mil, 131Mills, David, 164MILNET, 158MIMO. See multiple-input multiple-outputmisuse-detection IDS (MD-IDS),

468–469, 469MLS. See multilayer switchMMF. See multimode fibermobility, 201modems, 434, 492. See also cable modemmodulation technique, 343monitor viewing, 433MPLS. See MultiProtocol Label SwitchingMS-CHAP. See Microsoft Challenge

Handshake Authentication ProtocolMtr, 536–537MTRJ. See mechanical transfer registered jackMTU. See maximum transmission unitmulticast packets

bridges, 142EIGRPv6, 291IPv4, 199IPv6, 204RIPng, 290–291routers, 41switches, 142

multifactor authentication, 400multilayer switch (MLS), 122, 130multimedia, 33multimeter, 582, 583multimode fiber (MMF), 62, 63, 66,

66–67, 103multipartite viruses, 420, 420–421multiple barrier system, 475, 476multiple-input multiple-output (MIMO),

345–346MultiProtocol Label Switching (MPLS), 9,

9, 16MX. See mail exchanger

N-N, 531-n, 537, 553–554-n count, 527NaaS. See network as a serviceNAC. See Network Access Controlname resolution, 131

NAT. See Network Address TranslationNational Fire Protection Association

(NFPA), 56National Institute of Standards and Technology

(NIST), 388National Security Agency (NSA), 386nbtstat, 540–546NCP. See Network Control Protocolnear-end crosstalk (NEXT), 60, 606neighbor table, 284, 284neighbor-discovery process, 291NESSUS, 472.net, 131NetBIOS. See Network Basic Input/Output

Systemnetstat, 546–554NetWare, 299–300networks, 2, 21–26, 89. See also specific

network types and devicesbackbone, 20, 20–21bus topology, 12, 13client-server, 11, 11configuration, 122–125devices, 115–153documentation, 638–649environment, 146–147firewalls, 125–126hosts, 7, 39hybrid topology, 18, 18LAN, 3–5mesh topology, 15, 15–16monitoring performance, 649–661MPLS, 9operating system, 5peer-to-peer, 10, 10–11physical media, 55–70physical topology, 12–18

selection, 18–21point-to-multipoint topology, 17, 17, 18point-to-point topology, 16–17, 17policies, 647procedures, 648ring topology, 14–15, 15security threat mitigation, 428–430security threats, 413–447segments, 20, 21

SOHO, 137–147troubleshooting, 604

servers, 5–6, 7star topology, 13–14, 14

137550bindex.indd 741 12/20/11 4:22 PM

742 Network Access Control (NAC) – Open Systems Interconnection (OSI)

troubleshooting, 595–633WAN, 7–9workstations, 5, 7

Network Access Control (NAC), 405Network Access layer, DoD model, 159network address, 40, 190, 192, 192–196

Class A, 193–194, 215, 217Class B, 194–195, 215, 216, 226–234Class C, 195–196, 215, 217–226, 219,

220–221, 221Class D, 196Class E, 196

Network Address Translation (NAT), 196, 241–245, 245, 621

configuration, 242IPv6, 200WAP, 348

network analyzer, 570network as a service (NaaS), 661Network Basic Input/Output System

(NetBIOS), 540–546Network Control Protocol (NCP), 157Network Interface Cards (NICs), 39,

118–119, 119crossover cable, 75–76duplex, 93–94firewalls, 452half duplex, 123IP address, 235packet sniffers, 570–571ping, 236wireless, 348, 349, 355–359, 357xDSL, 500

network interface device (NID), 80Network layer, OSI, 39–41

encapsulation, 179, 181firewalls, 461–463IP routing, 260, 261SOHO, 139–140

network management stations (NMSs), 39Network Mapper (NMAP), 472–473, 575, 674Network Monitor, 517network reconnaissance, 426network scanners, 570–576Network Time Protocol (NTP), 164network-based firewalls, 453network-based IDS (NIDS), 468–471, 469NEXT. See near-end crosstalknext-hop address, 291, 539next-hop router, 41

NFPA. See National Fire Protection Associationnibble, 94, 95NICs. See Network Interface CardsNID. See network interface deviceNIDS. See network-based IDSNIST. See National Institute of Standards

and TechnologyNMAP. See Network MapperNMSs. See network management stationsnoise immunity, 71–72nonces, 366–367notification, 432, 470Novell, 299–300NSA. See National Security Agencynslookup, 533–534NTP. See Network Time Protocol

OOC. See optical carrieroctet, 190OE. See operator errorOFDM. See Orthogonal Frequency Division

MultiplexingOLT. See optical line terminationomni directional antennas, 349–351on-access virus scan, 440–441on-demand virus scan, 440one-to-many address, 204ONUs. See optical network unitsopen access mode, WLAN, 363open impedance mismatch, 606open relay, 434Open Shortest Path First (OSPF), 40, 287–289,

288, 621IP routing, 254IS-IS, 290LS, 266RIPv2, 280v3, 291VLSM, 282

Open Systems Interconnection (OSI), 27–51Application layer, 31–32

firewalls, 463–464connection-oriented communication,

34–35, 35Data Link layer, 42, 42–44

encapsulation, 179Ethernet, 94–101

137550bindex.indd 742 12/20/11 4:22 PM

operating system – PEBCAK 743

frames, 181IP routing, 258, 260, 261, 262routers, 41

DoD model, 158–159, 159encapsulation, 45, 45flow control, 35–36, 36layered architecture, 28–29, 30–44, 31, 32MLS, 130Network layer, 39–41

encapsulation, 179, 181firewalls, 461–463IP routing, 260, 261SOHO, 139–140

PDU, 178Physical layer, 44

encapsulation, 179Ethernet, 101–106, 102frames, 182hubs, 145–146IP routing, 259, 262

Presentation layer, 33reference model, 30–44Session layer, 33TCP/IP, 157Transport layer, 33–34

ACK, 38–39encapsulation, 179port numbers, 181, 181, 245reliable networking, 38, 38–39

windows, 37, 37–38operating system, 5operator error (OE), 602optical carrier (OC), 495, 496optical line termination (OLT), 497optical network units (ONUs), 497optical time-domain reflectometer (OTDR),

581–582, 582.org, 131organizationally unique identifier (OUI), 98Orthogonal Frequency Division Multiplexing

(OFDM), 343OS/2, 299OSI. See Open Systems InterconnectionOSPF. See Open Shortest Path FirstOTDR. See optical time-domain reflectometerOUI. See organizationally unique identifieroutbound ACLs, 456out-of-order delivery, 655outside global address, NAT, 243outside local address, NAT, 243

overhead, 34overloading, 243, 244, 245

P-p

netstat, 551–553route, 538–539

-p period, 537packets, 179. See also specific packet types

dynamic filtering, 459IP routing, 254, 257, 261NAT, 244OSI Network layer, 39–40PDUs, 181TKIP, 366VLAN, 319

Packet InterNet Groper. See pingpacket shaping, 656packet sniffers, 426, 570–572, 571, 650–651packet switching

Frame Relay, 506IP routing, 260LAN, 492SOHO, 140

packet-filter firewalls, 462PANs. See personal area networksPAP. See Password Authentication Protocolpartial mesh topology, 16passive detection, 429Passive Optical Network (PON), 496–497passphrase, 367passwords, 396–400

automatic account lockouts, 398–399encryption, 386–387security policy, 433WAP, 359

password attacks, 426Password Authentication Protocol (PAP), 405PAT. See Port Address Translationpatch cable, 74, 640patches, 437–439

security policy, 434pathping, 536–537payload protocol, 380PDUs. See Protocol Data UnitsPEBCAK. See problem exists between chair

and keyboard

137550bindex.indd 743 12/20/11 4:22 PM

744 peer-to-peer networks – protocol switching

peer-to-peer networks, 10, 10–11penetration, 422personal area networks (PANs), 497PGP. See Pretty Good Privacyphishing, 426, 427–428physical barriers, 475Physical layer, OSI, 44

encapsulation, 179Ethernet, 101–106, 102frames, 182hubs, 145–146IP routing, 259, 262

physical network diagrams, 642–644, 643, 644

physical security, 474–478physical topology, networks, 12–18

selection, 18–21ping, 176, 235–236, 526–529Ping of Death, 415PKI. See Public Key Infrastructureplain old telephone service (POTS), 59, 487

ADSL, 501ISDN, 504PSTN, 489

plennum-rated coating, 56, 62PoE. See Power over Ethernetpoint of presence (POP), 489pointer record (PTR), 133point-to-multipoint topology, 17, 17, 18,

349–351point-to-point connection, 92point-to-point link, 14Point-to-Point Protocol (PPP), 391–392, 491Point-to-Point Protocol over Ethernet

(PPPoE), 392DSL, 499

point-to-point topology, 16–17, 17, 103, 349–351

Point-to-Point Tunneling Protocol (PPTP), 383–384

policiesnetworks, 647security, 430–436, 647

polyvinyl chloride (PVC), 55, 62PON. See Passive Optical NetworkPOP. See point of presence; Post Office

Protocolports

access ports, 319IDS, 470, 470

routers, 124security, 456speed, 124, 614switches, 123, 310trunk ports, 319–320, 320USB, 70WAN, 8

Port Address Translation (PAT), 243, 244, 245, 245, 621

port duplex mismatch, 614port mirroring, 326–328, 328port numbers, 171–173, 172, 263

ACLs, 379OSI Transport layer, 181, 181, 245

port scanners, 426, 574–576, 575port sweeping, 574port-redirection attacks, 427Post Office Protocol (POP), 162POTS. See plain old telephone servicePower over Ethernet (PoE), 324–326, 325power switch, 601–602powers of 2, 214PPP. See Point-to-Point ProtocolPPPoE. See Point-to-Point Protocol

over EthernetPPTP. See Point-to-Point Tunneling Protocolpreamble, 99prefix routing, 279Presentation layer, OSI, 33Pre-Shared Key (PSK), 367–368Pretty Good Privacy (PGP), 386–387,

389, 390Primary Rate Interface (PRI), 504print, 539print server, 6private cloud, 659private IP address, 196–198private network, 451private side firewalls, 125proactive defense, 429–430problem exists between chair and keyboard

(PEBCAK), 602procedures

networks, 648security, 436–441

Process/Application layer, DoD model, 158–168

protocol analyzers, 517–518, 579–580, 651Protocol Data Units (PDUs), 45, 178, 181protocol switching, 457–458, 458

137550bindex.indd 744 12/20/11 4:22 PM

Proxy ARP – routers 745

Proxy ARP, 622proxy server, 6, 135, 136, 460, 460–461PSK. See Pre-Shared KeyPSTN. See Public Switched Telephone NetworkPTR. See pointer recordpublic cloud, 659public key encryption, 388, 389Public Key Infrastructure (PKI), 401, 402public side firewalls, 125Public Switched Telephone Network (PSTN),

59, 487, 489–490punch-down tool, 585, 585–586, 586PVC. See polyvinyl chloridePwd, 558

Q-q num-queries, 537quality of service (QoS), 41, 144, 316–317,

655–656

R-R, 527-r, 544–545, 551-r count, 527rack-mounted switches, 641, 642radio frequency interference (RFI), 606RADIUS. See Remote Authentication Dial In

User ServiceRapid Spanning Tree Protocol (RSTP), 311–312RARP. See Reverse Address Resolution

ProtocolRAS. See Remote Access Servicesrate limiting, 656RDC. See Remote Desktop ConnectionRDP. See Remote Desktop ProtocolReal-time Transport Protocol (RTP), 163Recommended Standard 232 (RS-232), 69, 69recording equipment, 432reference model, OSI, 30–44registered jack (RJ), 640

RJ-11, 60–61, 61RJ-45, 60–61, 61, 102, 500, 640

Registry, 257, 261regulations, 648–649reliable networking, 33, 38, 38–39

remote access, 390–392remote access server, 6, 236Remote Access Services (RAS), 390–391, 391Remote Authentication Dial In User Service

(RADIUS), 365, 365, 403, 621PPPoE, 392VPN concentrator, 473

Remote Desktop Connection (RDC), 162, 391Remote Desktop Protocol (RDP), 162, 391Remote Desktop Services, 162remote-access VPN, 382repeaters, 39, 146replay attacks, 366Requests for Comments (RFCs), 164resistance-to-change syndrome, 201Reverse Address Resolution Protocol (RARP),

177, 178reverse lookup zone, 134RFCs. See Requests for CommentsRFI. See radio frequency interferenceRG-6, 57, 58RG-58 A/U, 57RG-58 U, 57RG-59, 57RG-62, 58ring topology, 14–15, 15RIP. See Routing Information ProtocolRIPng. See Routing Information Protocol

next generationRIPv2. See Routing Information Protocol

version 2Rivest, Shamir, and Adleman (RSA), 382, 388,

391, 473RJ. See registered jackRJ-11, 60–61, 61RJ-45, 60–61, 61, 102, 500, 640rogue access points, 423rootkit, 425round-robin load balancing, 278route, 537–540routers, 4, 121–122. See also IP routing

ABRs, 288ACLs, 378ASBR, 289broadcasts, 651collision domains, 143CPU, 274Internet, 122internetwork, 41, 139, 143IP routing, 255

137550bindex.indd 745 12/20/11 4:22 PM

746 route-update packets – security audits

LAN, 4, 315, 451missing routes, 621next-hop, 41OSI

Data Link layer, 42Network layer, 39–41

point-to-point topology, 16ports, 124QoS, 144security zones, 478SOHO, 138subnets, 220traceroute, 236WAN, 8

route-update packets, 40routing by rumor, 278routing flow tree, 275Routing Information Protocol (RIP), 40, 266,

279, 283, 621AD, 275convergence, 278IP routing, 254OSPF, 287–288

Routing Information Protocol next generation (RIPng), 290–291

Routing Information Protocol version 2 (RIPv2), 280, 282, 283, 621

routing loops, 621routing protocols, 254, 273–296. See also

specific protocolsAD, 275–277classes, 277DV, 277, 278–286hybrid IP routing, 277IPv6, 290–291LS, 277, 286–290

routing tables, 255, 257convergence, 278, 279EIGRP, 283, 284internetwork, 278SOHO, 140

RS-232. See Recommended Standard 232

RSA. See Rivest, Shamir, and AdlemanRST (reset packet), 574RSTP. See Rapid Spanning

Tree ProtocolRTP. See Real-time Transport Protocol

S-S, 545–546-s, 531, 546, 551-s count, 527-S srcaddr, 527SA. See Source AddressSaaS. See software as a serviceSarbanes-Oxley Act of 2002

(Sar-Ox), 648SAs. See security associationsSATAN. See Security Administrator Tool for

Analyzing NetworksSC. See subscriber connectorscanning services, 464–468schematics, 639–642Scope Options, 127, 127SCP. See Secure Copy ProtocolSDH. See Synchronous Digital HierarchySDSL. See symmetric digital subscriber lineSecure Copy Protocol (SCP), 165Secure File Transfer Protocol (SFTP), 161Secure Shell (SSH), 164, 392

SFTP, 161Telnet, 561

Secure Sockets Layer (SSL), 383tunneling, 382–383VPN concentrator, 473

Secure Sockets Layer Virtual Private Network (SSL VPN), 382–383

securityantivirus programs, 439–441DSL, 499hardware/software, 450–452patches and upgrades, 437–439physical, 474–478policies, 430–436, 647procedures, 436–441server logs, 651threats, 413–447

mitigation, 428–430wireless networks, 421–424

training, 436–437wireless networks, 362–368

Security Administrator Tool for Analyzing Networks (SATAN), 429

security associations (SAs), 385–386security audits, 397, 431

137550bindex.indd 746 12/20/11 4:22 PM

security filtering – SSM 747

security filtering, 377–392ACLs, 378, 378–379encryption, 386–389remote access, 390–392tunneling, 379–380, 380

Security Services Module (SSM), 464Security Set Identifier (SSID), 353, 357, 364

evil twin, 423WAP, 359war driving, 422

Security tab, Internet Options, 466, 466security zones, 476, 477, 478segments

networks, 20, 21SOHO, 137–147troubleshooting, 604

OSIconnection-oriented communication, 34flow control, 35

PDU, 178TCP, 169, 169UDP, 170

sendmail, 425serial cables, 68–70servers, 5–6, 7. See also specific

server typesserver logs, 651–652server mode, VTP, 322, 323service level agreement (SLA), 656service packs, 438Service Set Identifiers (SSIDs), 608Session Initiation Protocol (SIP), 163Session layer, OSI, 33session secret, 367SetRequest, 638SFD. See start frame delimiterSFF. See small form factorSFTP. See Secure File Transfer Protocolshared keys, 360shielded twisted-pair (STP), 58, 72short circuits, 606Shortest Path First (SPF), 286. See also Open

Shortest Path Firstshow ip route, 255show mac address-table, 307shunning, 470side channel attack, 388signal degradation, 354–355signature identification, 466

Simple Mail Transfer Protocol (SMTP), 162, 560

proxy, 461Simple Network Management Protocol

(SNMP), 121, 163, 463, 638–639simplex, 33single sign-on, 400single-mode fiber (SMF), 62, 63, 66, 66–67

10GBase-LW, 1041000BaseLX, 103

SIP. See Session Initiation Protocolsite-to-site VPN, 382SLA. See service level agreementsmall form factor (SFF), 63–65Small Office, Home Office (SOHO), 121,

137–147, 501, 580smart antennas, 345smart jack, 80SmartDraw, 639, 644, 644, 645SMF. See single-mode fiberSMTP. See Simple Mail Transfer ProtocolSmurf attacks, 415–416, 416, 454SNAT. See static NATSNMP. See Simple Network Management

ProtocolSnort, 574social engineering, 427–428software address, 174software as a service (SaaS), 661SOHO. See Small Office, Home OfficeSONET. See Synchronous Optical NetworkSource Address (SA), 100SPAN. See Switch Port Analyzerspanning trees, 303Spanning Tree Protocol (STP), 309, 309–312,

311, 620–621spanning-tree algorithm (STA), 309spatial multiplexing, 346SPF. See Shortest Path Firstsplit pairs, 579, 606splitters, 501SQL injection attacks, 574SSH. See Secure ShellSSID. See Security Set IdentifierSSIDs. See Service Set IdentifiersSSL. See Secure Sockets LayerSSL VPN. See Secure Sockets Layer Virtual

Private NetworkSSM. See Security Services Module

137550bindex.indd 747 12/20/11 4:22 PM

748 ST – TCP

ST. See straight tipSTA. See spanning-tree algorithmStacheldraht, 417standard ACLs, 455star topology, 13–14, 14start frame delimiter (SFD), 99state table, 459, 462state transitions, 44stateful firewalls, 462–463stateful packet inspection, 462–463stateless firewall, 462–463static ARP table entries, 530static IP addressing, 168static IP routing, 255, 264–266, 265, 275static NAT (SNAT), 243, 245static VLAN, 317–318steady state, 257STP. See shielded twisted-pairstraight tip (ST), 63, 64straight-through cable, 75strong passwords, 398subnets

autonomous systems, 265Class B network address, 226–234Class C network address,

217–226, 219IP address, 212–234VLSM, 281

subnet masks, 214–215CIDR, 216–217, 225Class C network address,

220–221, 221DHCP, 166EIGRP, 283route, 539VLSM, 281

subscriber connector (SC), 63, 64supplicant, 405surge protectors, 587swipe mechanisms, 433switches, 120–121, 297–334. See also specific

switch and switching typesaddress learning, 304–306broadcast domain, 140collision domains, 138, 140,

143, 302Ethernet, 121forward/filter decisions, 306–307half duplex, 302hubs, 143

internetwork, 142, 145LAN, 4, 301

bridges, 303Layer 2, 144–145, 298, 302–309Layer 3, routers, 41loop avoidance, 307–309, 308MAC address, 303multicast packets, 142nbtstat, 541–546netstat, 548–554networks before, 298–301, 299PoE, 324–326ports, 123, 310port mirroring, 326–328, 328PSTN, 490rack-mounted, 641, 642services, 302–309SPAN, 326–328Spanning Tree Protocol, 309–312VLAN, 313–321, 316, 451VTP, 322wireless networks, troubleshooting, 609

Switch Port Analyzer (SPAN), 326–328symmetric digital subscriber line (SDSL), 501symmetrical key encryption, 387SYN (synchronize), 34, 462, 674SYN flood, 416, 417, 463

DoS/SYN flood attack, 416, 417, 454SYN/ACK (synchronize- acknowledgment), 34,

416, 674Synchronous Digital Hierarchy (SDH), 495Synchronous Optical Network (SONET), 15,

104, 495Syslog, 650

T-t, 527T1

crossover cable, 76, 77WAN connection, 494

T3, 494–495TA. See terminal adapterTACACS+. See Terminal Access Control

Access-Control System Plustapping, 72TCP. See Transmission Control Protocol

137550bindex.indd 748 12/20/11 4:22 PM

TCP/IP – Tribe Flood Network (TFN) 749

TCP/IP. See Transmission Control Protocol/Internet Protocol

TDM. See time-division multiplexingTDR. See time-domain reflectometerTeflon. See fluoroethylenepropylenetelephony server, 6Telnet, 160, 386, 560, 560–561telnet, 561temperature, 146, 588–589Temporal Key Integrity Protocol (TKIP),

366–367Terminal Access Control Access-Control

System Plus (TACACS+), 403–405, 404terminal adapter (TA), 504–505Terminal Services Client (TSC), 162, 391TFN. See Tribe Flood NetworkTFN2K. See Tribe Flood Network 2000TFTP. See Trivial File Transfer Protocolthicknet, 57, 102, 104thin client, 661thin computing, 661thin protocol. See User Datagram Protocolthinnet, 56, 56, 102, 105Third Generation Partnership Project 2

(3GPP2), 503thrashing, 3083DES. See Triple Data Encryption Standard3GPP2. See Third Generation Partnership

Project 2three-way handshake, 34, 36, 168throughput, 495, 518

testing, 518–519, 651Time to Live (TTL), 236, 520time-division multiplexing (TDM),

493, 505time-domain reflectometer (TDR), 581TLS. See Transport Layer SecurityToken Ring, 299toll network, 489toner probe, 582–584, 584topology table, 283–284, 284TPC. See Transmit Power ControlTraceroute, 176, 454traceroute, 236, 520–521tracert, 236, 520tracking, 433traffic contract, 656traffic shaping, 656transceivers, 39

Transmission Control Protocol (TCP), 33, 168–169

connection-oriented communication, 34DNS, 134full duplex, 168OSI Transport layer, 39port numbers, 171–173, 172port scanners, 574segments, 169, 169stateful firewalls, 462throughput testers, 518UDP, 169–170

Transmission Control Protocol/Internet Protocol (TCP/IP), 7, 157–177

ACLs, 379ARP, 529DoD model, 158–159, 160FTP, 554history, 157–158IGMP, 165IPSec, 385L2TP, 383nbtstat, 540–546netstat, 546–554network segments, 604OSI

Application layer, 31windows, 37

ping, 526protocol switching, 457–458subnets, 213SYN flood, 416Telnet, 560traceroute, 520–521

transmission speedscables, 71DSL, 499WAN, 492

Transmit Power Control (TPC), 344–345transparent bridging, 145transparent mode, VTP, 322–323, 323Transport layer, OSI, 33–34

ACK, 38–39encapsulation, 179port numbers, 181, 181, 245reliable networking, 38, 38–39

Transport Layer Security (TLS), 163, 382traps, 163, 638Tribe Flood Network (TFN), 417

137550bindex.indd 749 12/20/11 4:22 PM

750 Tribe Flood Network 2000 (TFN2K) – Variable Length Subnet Mask (VLSM)

Tribe Flood Network 2000 (TFN2K), 417Triple Data Encryption Standard (3DES),

387–388Trivial File Transfer Protocol (TFTP),

32, 161Trojan horse, 421troubleshooting

ARP, 529–533cables, 604–609connectivity software, 519FTP, 554–559Hosts table, 535–536ifconfig, 525–526IP address, 234, 234–241ipconfig, 521–524Mtr, 536–537nbtstat, 540–546networks, 595–633

segments, 604nslookup, 533–534ping, 526–529protocol analyzers, 517–518route, 537–540steps, 609–623Telnet, 560–561throughput testers, 518–519tips, 623–626tools, 515–568traceroute, 520–521wireless networks, 607–609workstations, 604

trunk ports, 319–320, 320trusted network, 451Trusted Sites, 467, 467trust-exploitation attacks, 427TSC. See Terminal Services ClientT-series WAN connections, 492–495TTL. See Time to Livetunneling

IPSec, 384L2TP, 383PPTP, 383–384security filtering, 379–380, 380SSL, 382–383SSL VPN, 382–383VPN, 380–382

twisted-pair cable, 58–61Type, Ethernet, 100, 259–262

UUDP. See User Datagram Protocolunicast, 199, 204, 550UNII. See Unlicensed National Information

Infrastructureuninterruptible power supply (UPS), 587unique local address, 204Universal Serial Bus (USB), 69–70, 70Unlicensed National Information

Infrastructure (UNII), 339, 339, 343–344, 344

unreliable protocol, 170unshielded twisted-pair (UTP), 58–59

connecting, 60–61Ethernet, 102

crossover cable, 75ISDN, 504PSTN, 490wiring schematics, 639–640xDSL, 500

untrusted network, 451upgrades, 437–439UPS. See uninterruptible power supplyuptime, 654USB. See Universal Serial Bususer accounts, 393–396User Datagram Protocol (UDP), 33, 169–170

DHCP, 166–167DNS, 134netstat, 547OSI Transport layer, 39packet sniffers, 572port numbers, 171–173, 172port scanners, 574RIPng, 290segments, 170throughput testers, 518

UTP. See unshielded twisted-pair

V-v, 531-v TOS, 527Variable Length Subnet Mask (VLSM),

280–282, 282, 287

137550bindex.indd 750 12/20/11 4:22 PM

VDSL – wireless antennas 751

VDSL. See very high bit-range digital subscriber line

very high bit-range digital subscriber line (VDSL), 501

video, 654virtual circuits, 34, 36, 508virtual desktops, 660–661virtual local area network (VLAN), 41, 313

broadcast domains, 143dynamic, 318identifying, 318–321incorrect, 615ipconfig, 524membership, 317QoS, 316–317static, 317–318switches, 121, 313–321, 316, 451trunk ports, 319–320, 320voice, 319

virtual machines (VMs), 659virtual networks, 658–661, 660Virtual Private Network (VPN), 381. See also

VPN concentratorpacket sniffers, 571tunneling, 380–382

virtual servers, 659virtual switches, 660viruses, 417–421virus definition files, 440VLAN. See virtual local area networkVLAN Management Policy Server

(VMPS), 318VLAN Trunking Protocol (VTP),

321–324, 323VLSM. See Variable Length Subnet MaskVMPS. See VLAN Management Policy ServerVMs. See virtual machinesVoice over IP (VoIP), 74, 163, 464, 501

bandwidth, 654network configuration, 122PoE, 324switches, 121

voice VLAN, 319VoIP. See Voice over IPvoltage event recorder, 587–588volt/ohm meter (VOM), 582VPN. See Virtual Private NetworkVPN concentrator, 137, 137, 473, 473VTP. See VLAN Trunking Protocolvulnerability scanners, 472–473

W-w timeout, 527, 537WAN. See wide area networkWAP. See wireless access pointswar chalking, 422war driving, 363, 422Wavelength Division Multiplexing

(WDM), 496Web proxy server, 135, 461web server, 6, 39, 456, 580well-known port numbers, 172WEP. See Wired Equivalent Privacywide area network (WAN), 7–9, 485–514, 489

broadband services, 498–503, 499cellular, 503connection types, 490–495, 491demarc, 79IP routing, 254network segments, 604protocols, 504–509subnets, 213VLSM, 281, 282VPN, 380–382wireless, 503–504wiring, 495–496

Wi-Fi, 345Wi-Fi Alliance, 338, 339–340Wi-Fi Protected Access (WPA), 366, 367–368,

423, 607cracking, 423WAP, 360

WiMAX. See World Wide Interoperability for Microwave Access

windows, OSI, 37, 37–38Windows Internet Naming Service (WINS),

131, 166Windows Update, 437–438, 438WINS. See Windows Internet Naming Servicewire crimper, 586Wired Equivalent Privacy (WEP), 357,

364–365, 607cracking, 422WAP, 360

wireless access points (WAP), 347–348, 348configuration, 359–362DHCP, 365installing, 355

wireless antennas, 349–351

137550bindex.indd 751 12/20/11 4:22 PM

752 wireless local area network (WLAN) – zones

wireless local area network (WLAN), 337–373history, 339IEEE 802.11, 340–347ipconfig, 522

wireless networks, 335–373ad hoc mode, 351–352, 352authentication, 357components, 347–351infrastructure mode, 352–353, 353installing, 351–362security, 362–368security threats, 421–424signal degradation, 354–355switches, troubleshooting, 609transmission media, 497–498troubleshooting, 607–609

wireless NICs, 348, 349, 355–359, 357wireless WAN, 503–504wire-map testers, 578–579Wireshark, 570–571wiring. See also cables

EIA/TIA, 640schematics, 639–642security policy, 432–433

standards, 72–78WAN, 495–496

WLAN. See wireless local area networkWLAN Association (WLANA), 338workgroups, 3workstations, 5, 7, 604World Wide Interoperability for Microwave

Access (WiMAX), 503, 504worms, 421WPA. See Wi-Fi Protected Access

XxDSL, 500–501

ZZimmerman, Phil, 389zones

firewalls, 466–467security, 476, 477, 478

137550bindex.indd 752 12/20/11 4:22 PM