Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
IndexNote to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.
Symbols and Numbers/?, route, 540* (asterisk), wildcard, 559- (dash), IP routing, 260# (pound sign), Hosts table, 5352.4 GHz, 341–343, 3432.4 GHz/5 GHz, 345–346-4, 527, 5375GHz, 343–345-6, 527, 53710Base2. See thinnet10Base5. See thicknet10BaseFL, 10510BaseT, 92, 102, 10510GBaseER, 10610GBaseEW, 104, 10610GBaseGR, 10410GBaseLR, 104, 10610GBaseLW, 104, 10610GBaseSR, 104, 10510GBaseSW, 104, 10610GBaseT, 60, 104, 10525-pair cable, 7940 MHz, 345100BaseFX, 103, 105100BaseTX, 103, 105100-Megabit Ethernet, 58110 block, 79568A, 73, 73–74, 74568B, 73–741000BaseCX, 103, 1051000BaseLX, 103, 1051000BaseSX, 103, 1051000BaseT, 103
A-A, 543-a, 531, 541–543, 549
AAA. See authentication, authorization, and accounting
ABRs. See area border routersAC. See alternating currentaccess control lists (ACLs), 378, 378–379
firewalls, 453–456port numbers, 379stateful firewalls, 462
access links, 319access lists, 451Access Point mode, WAP, 359access points (AP), 347–348, 348, 355, 359–362
configuration, 359–362DHCP, 365installing, 355rogue, 423
access ports, 319accounts
anonymous, 394automatic account lockouts, 398–399security policy, 433user, 393–396
ACK (acknowledgment), 34, 37–39, 462ACLs. See access control listsactive detection, 429ActiveX attacks, 425AD. See administrative distancead hoc mode, wireless networks,
351–352, 352add, 539address learning, 304–306, 305Address Resolution Protocol (ARP), 90, 176,
176–177, 529–533IP routing, 258Proxy ARP, 622
AD-IDS. See anomaly-detection IDSadministrative distance (AD), 275–277, 280administrator training, 437ADSL. See Asymmetric Digital Subscriber LineAdvanced Encryption Standard (AES), 382,
388, 607AES-Counter Mode CBC-MAC Protocol
(AES-CCMP), 366, 367
137550bindex.indd 729 12/20/11 4:22 PM
COPYRIG
HTED M
ATERIAL
730 agents – black hole
agents, 163aggregate rate, 93AH. See Authentication Headeralias record, 133alternating current (AC), 587Angry IP, 575, 575–576anomaly-detection IDS (AD-IDS), 468anonymous accounts, 394antenna
troubleshooting, 609wireless, 349–351
antivirus engine, 440antivirus programs, 439–441antivirus scan, 440–441anycast, 202, 204AP. See access pointsAPIPA. See Automatic Private IP Addressingapplications
bandwidth, 653–654server logs, 651
Application layer, OSI, 31–32firewalls, 463–464
application server, 6, 39application-layer attacks, 425application-specific integrated circuit (ASIC),
130, 144, 302area border routers (ABRs), 288ARP. See Address Resolution Protocolarp, 530–533arp -a, 236ARPAnet, 157–158AS. See autonomous systemASBR. See autonomous system border routerASIC. See application-specific integrated circuitAsymmetric Digital Subscriber Line (ADSL),
392, 501Asynchronous Transfer Mode (ATM), 487,
508–509Attachment Unit Interface (AUI), 102–103attenuation, 71, 102, 606AUI. See Attachment Unit Interfaceauthentication, 400–406
authorization, and accounting (AAA), 402–403
CHAP, 405, 406EAP, 391, 406FTP, 161Kerberos, 402, 403MAC, 364MS-CHAP, 391, 405–406
NAC, 405PKI, 401RADIUS, 403RIPv2, 280TACACS+, 403–405, 404wireless networks, 357
Authentication Header (AH), 384authenticator, 405auto-detect mechanism, 93automatic account lockouts, 398–399Automatic Private IP Addressing (APIPA), 168,
197–198autonomous system (AS), 264–265, 274,
287, 289BGP, 285, 286EIGRP, 283
autonomous system border router (ASBR), 289autorooters, 425
Bbackbone
collapsed, 299networks, 20, 20–21OSPF, 288
backdoors, 425background checks, 433backups, 434badges, 433bandwidth, 492, 653–654Bandwidth on Demand Interoperability Group
(BONDING), 505BASE. See Basic Analysis and Security Enginebaselines, 163, 645–647Basic Analysis and Security Engine (BASE),
573Basic Rate Interface (BRI), 504basic service area (BSA), 352basic service set (BSS), 352Basic Service Set Identifiers (BSSIDs), 608beacons, 422Bearer channels, 505Berkeley Software Distribution (BSD), 158BGP. See Border Gateway Protocolbinary numbers, 94–98bit, 94, 190black box, 452black hole, 621
137550bindex.indd 730 12/20/11 4:22 PM
block acknowledgment – CHAP 731
block acknowledgment, 345blocking state, 310Bluetooth, 487, 497BNC. See British Naval ConnectorBONDING. See Bandwidth on Demand
Interoperability Groupboot-sector viruses, 420Border Gateway Protocol (BGP), 265, 285,
285–286bottlenecks, 646bounce, 426, 609BPDUs. See Bridge Protocol Data UnitsBPL. See Broadband over Power LineBRI. See Basic Rate Interfacebridges, 120, 300, 303
collision domain, 120Layer 2, 144–145multicast packets, 142
Bridge Protocol Data Units (BPDUs), 309Bridging mode, WAP, 359British Naval Connector (BNC), 57, 57, 63, 102Broadband over Power Line (BPL), 67–68, 68broadband services, 498–503, 499broadcasts, 40, 41, 203–204, 303, 651
Layer 2, IPv4, 198Layer 3, IPv4, 198–199
broadcast address, 191broadcast domains, 138, 140, 303
Ethernet, 90VLAN, 143, 314
broadcast storm, 307, 308, 622brute-force attacks, 426BSA. See basic service areaBSD. See Berkeley Software DistributionBSS. See basic service setBSSIDs. See Basic Service Set Identifiersbuffer, 35Buffer Full, 175buffer overflow, 421burst, 507bus topology, 12, 13butt set, 584byte, 94, 95, 190, 550
C-c, 543–544CA. See certificate authority
cables. See also specific cable typesproperties, 71–72troubleshooting, 604–609wiring standards, 72–78
cable modem, 499, 499, 501–503cable stripper/snips, 586cable testers, 77, 577, 577–579caching engines, 657–658caching proxy server, 135call setup, 168cameras, security policy, 433canonical name (CNAME), 133CARP. See Common Address Redundancy
ProtocolCarrier Sense Multiple Access with Collision
Detection (CSMA/CD), 91, 91–92, 118, 343, 606
Category 2 twisted-pair cable, 59Category 3 twisted-pair cable, 59Category 4 twisted-pair cable, 59Category 5 twisted-pair cable, 59, 103Category 5e twisted-pair cable, 59, 60,
62, 103Category 6 twisted-pair cable, 59, 103Category 6a twisted-pair cable, 59CATV. See community antenna televisionCCEVS. See Common Criteria Evaluation and
Validation SchemeCd, 558cellular WAN, 503central office (CO), 489central processing unit (CPU), 5, 274centralized WAN, 9certificate authority (CA), 401, 401certifiers, 580, 580Challenge Handshake Authentication Protocol
(CHAP), 405, 406change, 539change management, 647channels, 505
EtherChannel, 101side channel attack, 388T-series connections, 493–495WAP, 359wireless networks, 607
channel bonding, 101, 101, 101, 101channel service unit/data service unit (CSU/
DSU), 44, 76, 79, 488–489CHAP. See Challenge Handshake
Authentication Protocol
137550bindex.indd 731 12/20/11 4:22 PM
732 CIDR – decimal numbers
CIDR. See Classless Internet Domain RoutingCIR. See committed information ratecircuit switching, 491cladding, 63Class A network address, 193–194, 215, 217Class B network address, 194–195, 215, 216,
226–234Class C network address, 195–196, 215,
217–226, 219, 220–221, 221Class D network address, 196Class E network address, 196classful routing, 279, 281Classless Internet Domain Routing (CIDR),
197, 215–217, 287IPv6, 200NAT, 241subnet mask, 225
classless routing, 279, 282clean-desk policy, 431–432client machines, 5client mode, VTP, 322, 323client-server, 11, 11CLNS. See Connectionless Network Servicecloud computing, 658–659CNAME. See canonical nameCO. See central officecoaxial cable, 55–58, 67collapsed backbone, 299collisions, 40, 606collision domains, 94, 120, 300
Ethernet, 90routers, 143switches, 138, 140, 143, 302
collision events, 90collision light, 600–601.com, 131, 418committed information rate (CIR), 506Common Address Redundancy Protocol
(CARP), 658Common Criteria Evaluation and Validation
Scheme (CCEVS), 430communication satellite (comsat),
497–498, 498community antenna television (CATV), 57, 502compression, 33comsat. See communication satelliteConnectionless Network Service (CLNS), 290connectionless protocol, 170connection-oriented communication, 34–35, 35connectivity software, 519
connectivity testing, 651content filtering, 136–137, 137, 465Content Security Control (CSC), 464continuity testers, 579convergence, 257, 303
routing tables, 278, 279Spanning Tree Protocol, 311, 311
CPE. See customer premises equipmentCPU. See central processing unitCRC. See cyclic redundancy checkcrossover cable, 74, 75–76, 76, 640, 641crosstalk, 58, 605–606CSC. See Content Security ControlCSMA/CD. See Carrier Sense Multiple Access
with Collision DetectionCSU/DSU. See channel service unit/data
service unitcustomer premises equipment (CPE), 488cyclic redundancy check (CRC), 179
frames, 182IP routing, 258, 259, 261
D-d, 531D channel, 505DA. See Destination Addressdata communication equipment (DCE), 44Data Encryption Standard (DES), 387data frame, 42Data Link Connection Identifiers (DLCIs), 508Data Link layer, OSI, 42, 42–44
encapsulation, 179Ethernet, 94–101frames, 181IP routing, 258, 260, 261, 262
data over cable service interface specification (DOCSIS), 502
data packets, 40, 100data steam, 180–181data terminal equipment (DTE), 44, 507datagrams, 179DB-9, 69dBi. See decibel isotropicDCE. See data communication equipmentDDos. See distributed denial of service attacksdecibel isotropic (dBi), 350decimal numbers, 94–98
137550bindex.indd 732 12/20/11 4:22 PM
decompression – DS3 733
decompression, 33decryption, 33dedicated lines, 491de-encapsulation, 179default gateway
DHCP, 166incorrect, 615–616IP routing, 257–258, 261ping, 235–236
default routes, 285delay, 655delete, 539delivery protocol, 380demarc, 79–80, 489demarc extension, 79–80demilitarized zone (DMZ), 125, 125, 451
firewalls, 456–457, 457IDS/IPS, 573route, 537security policy, 433–434, 434
denial of service attack (DoS), 415ACLs, 454DDos, 417, 418DoS/SYN flood attack, 416, 417, 454firewalls, 463
Dense Wavelength Division Multiplexing (DWDM), 496
Department of Defense (DoD), 159, 430OSI, 158–159, 159port scanners, 576TCP/IP, 158–159, 160
DES. See Data Encryption Standarddestination, 539Destination Address (DA), 99–100Destination Unreachable, 175, 259, 261DFS. See Dynamic Frequency SelectionDHCP. See Dynamic Host Configuration
ProtocolDiffie-Hellmann algorithm, 388Diffusing Update Algorithm (DUAL), 283, 291dig, 533Digital, Intel, and Xerox (DIX), 101digital certificates, 473digital ID, 388Digital Signal 0 (DS0), 492–493Digital Signal 1 (DS1), 493Digital Signal 3 (DS3), 494digital subscriber line (DSL), 61, 487, 499, 499,
500–501. See also specific DSL types
digital subscriber line access multiplexer (DSLAM), 500
Dijkstra algorithm, 287DIP. See dual inline packageDirect Sequence Spread Spectrum (DSSS), 343directional antennas, 349–351Directory Service, 652disabled state, Spanning Tree Protocol, 310discontiguous networks, 280–282, 283distance vector (DV), 266, 266, 278, 278
EIGRP, 283RIPv2, 280routing protocols, 277, 278–286
distributed denial of service attacks (DDos), 417, 418
distributed WAN, 9distribution list, 455distribution network, 501distribution system (DS), 352diversity, 347DIX. See Digital, Intel, and XeroxDLCIs. See Data Link Connection Identifiers.dll, 418DMZ. See demilitarized zoneDNS. See Domain Name ServiceDNS Server, 652DOCSIS. See data over cable service interface
specificationDoD. See Department of DefenseDomain Name Service (DNS), 89, 130–135,
132, 134, 165–166certifiers, 580DHCP, 166DMZ, 451incorrect, 616IP address, 236ipconfig, 524network reconnaissance, 426port scanners, 574tracert, 520
door locks, 433DoS. See denial of service attackDOS commands, 236–237DoS/SYN flood attack, 416, 417, 454dropped packets, 655DS. See distribution systemDS0. See Digital Signal 0DS1. See Digital Signal 1DS3. See Digital Signal 3
137550bindex.indd 733 12/20/11 4:22 PM
734 DSL – equipment access
DSL. See digital subscriber lineDSLAM. See digital subscriber line access
multiplexerDSSS. See Direct Sequence Spread SpectrumDTE. See data terminal equipmentDTP. See Dynamic Trunking ProtocolDUAL. See Diffusing Update Algorithmdual inline package (DIP), 605dumb terminals, 7DV. See distance vectorDWDM. See Dense Wavelength Division
Multiplexingdynamic ARP table entries, 529dynamic DNS, 135Dynamic Frequency Selection (DFS), 344Dynamic Host Configuration Protocol
(DHCP), 125, 126, 126–129, 128, 129, 166–168, 167
APIPA, 198certifiers, 580DSL, 499evil twin, 424ipconfig, 524Parameter Request List, 127–128, 128protocol analyzers, 517, 517–518Scope Options, 127, 127server logs, 651WAP, 365
dynamic IP routing, 255, 264–266, 265dynamic NAT, 243dynamic packet filtering, 459dynamic state list, 459, 459Dynamic Trunking Protocol (DTP), 318dynamic VLAN, 318
E-e, 550–551EAP. See Extensible Authentication ProtocolEAR. See Export Administration Regulationsecho, 606echo request payload, 257.edu, 131EEOC. See equipment exceeds operator
capabilityEGPs. See exterior gateway protocols
EIA/TIA. See Electronic Industries Association/Telecommunications Industry Alliance
EIGRP. See Enhanced Interior Gateway Routing Protocol
electromagnetic interference (EMI), 71–72, 104, 355, 605
Electronic Industries Association/Telecommunications Industry Alliance (EIA/TIA), 60, 102, 505, 640
email server, 580email virus, 419, 451emergency virus scan, 441EMI. See electromagnetic interferenceEncapsulating Security Payload (ESP), 384encapsulation, 98–99
IP, 178–182, 179OSI, 45, 45
encryptionAES, 382, 388DES, 387devices, 136, 136–137OSI Presentation layer, 33passwords, 386–387PGP, 386–387, 389, 390public key, 388, 389security filtering, 386–389SSL, 382symmetrical key, 3873DES, 387–388VPN concentrator, 473wireless networks, 607wireless NICs, 356–358, 357
endpoints, 500end-user training, 436–437Enhanced Interior Gateway Routing Protocol
(EIGRP), 40, 266, 282–284, 621AD, 275DV, 266IP routing, 254IS-IS, 290LS, 266multicast, 199RIPv2, 280v6, 291VLSM, 282
environment, 146–147, 337environmental monitors, 588–589equipment access, 432
137550bindex.indd 734 12/20/11 4:22 PM
equipment exceeds operator capability (EEOC) – forwarding state 735
equipment exceeds operator capability (EEOC), 602
ESP. See Encapsulating Security PayloadESS. See extended service setESSIDs. See Extended Service Set Identifierseth_addr, 531EtherChannel, 101Ethernet. See also specific Ethernet types
addressing, 98broadcast domain, 90channel bonding, 101, 101collision domain, 90CSMA/CD, 91, 91–92frames, 98–100, 99full duplex, 92–94half duplex, 92–94MMF, 66, 66–67OSI
Data Link layer, 42–43, 94–101Physical layer, 101–106, 102
RJ-45, 102SMF, 66, 66–67specifications, 87–114switches, 120–121, 121Type, 100, 259–262UTP, 102
crossover cable, 75ETSi. See European Telecommunications
Standards InstituteEuropean Telecommunications Standards
Institute (ETSi), 338Event Viewer, 652, 652evil twin, 423–424Evolved High Speed Packet Access (HSPA+),
503–504.exe, 418exit interviews, 435–436expansion slots, 118–119Export Administration Regulations (EAR), 386extended ACLs, 455–456extended demark, 489extended service set (ESS), 353, 354Extended Service Set Identifiers (ESSIDs), 608Extensible Authentication Protocol (EAP),
391, 406exterior gateway protocols (EGPs), 264–266,
265, 274extranet VPN, 382
F-f, 527, 538F connector, 56Fast Ethernet, 93, 103fault tolerance, 13, 15, 284, 658fax server, 6FCC. See Federal Communications
CommissionFCS. See Frame Check Sequencefeasible successor, 284Federal Communications Commission (FCC),
338–339FEP. See fluoroethylenepropylenefiber to premises, 496fiber-optic cable, 61–66, 63, 67FIFO. See first-in, first-outFile Replication Service, 652file server, 6, 580File Transfer Protocol (FTP), 160–161
application-layer attacks, 425bounce, 426DMZ, 456–457DNS, 133firewalls, 463OSI Application layer, 32password encryption, 386proxy, 461troubleshooting, 554–559
file viruses, 418–419firewalls, 125–126, 425, 452–468
ACLs, 453–456DMZ, 456–457, 457IP spoofing attacks, 378OSI
Application layer, 463–464Network layer, 461–463
protocol switching, 457–458scanning services, 464–468security policy, 433technologies, 453–461
first-in, first-out (FIFO), 656flat network, 314flow control, 35–36, 36fluoroethylenepropylene (FEP, Teflon), 55forward/filter decisions, 306–307forward/filter table, 304, 304, 306, 326forwarding state, 310
137550bindex.indd 735 12/20/11 4:22 PM
736 FQDN – host-based IDS (HIDS)
FQDN. See fully qualified domain namefractional T1 (FT1), 494frames
CRC, 182Ethernet, 98–100, 99IP routing, 259OSI
Data Link layer, 179, 181Physical layer, 182
Spanning Tree Protocol, 309switches, 306
Frame Check Sequence (FCS), 100, 179, 259, 260
frame filtering, 306Frame Relay, 16, 487, 506–508frequency, 72FT1. See fractional T1FTP. See File Transfer Protocolftp, 555FTP PORT, 426full duplex, 71
Ethernet, 92–94OSI Session layer, 33TCP, 168
fully qualified domain name (FQDN), 165–166
G-g, 531-g host-list, 536gateway, 539gateways, 7, 39. See also default gateway;
specific gateway protocolsBPL, 68encryption, 136–137incorrect, 615–616
GB. See gigabyteGeneric Routing Encapsulation (GRE), 383GetRequest, 638Gigabit Ethernet, 101, 104gigabyte (GB), 492G/L. See Global/Local bitglobal address, NAT, 243global unicast address, IPv6, 204Global/Local bit (G/L), 98.gov, 131GRE. See Generic Routing Encapsulationguards, 434
H-h maximum_hops, 536H.323, 464half duplex, 71
Ethernet, 92–94NICs, 123OSI Session layer, 33switches, 302wireless networks, 337
handshakeCHAP, 405, 406MS-CHAP, 391, 405–406three-way handshake, 34, 36, 168
hardware address, 88, 174, 254, 258, 260, 262
hardware broadcasts. See Layer 2hashing functions, 382HDLC. See High-Level Data Link ControlHDSL. See high bit-rate digital subscriber lineheadend, 501hello packets, 286, 291heuristic scanning, 439hexadecimal numbers, 94–98HFC. See hybrid fiber-coaxialHIDS. See host-based IDShierarchical addressing, 191–198high availability, 657high bit-rate digital subscriber line (HDSL),
500–501High Speed Serial Data Connector
(HSSDC), 103High-Level Data Link Control (HDLC), 491honeynets, 471honeypot, 471, 471hops, 175hop count, 40, 275, 290
DV, 278OSPF, 287RIP, 279RIPv2, 280
hostsduplex, 93networks, 7, 39VLSM, 281workstations, 5
host address, 192host-based firewalls, 453host-based IDS (HIDS), 471–472
137550bindex.indd 736 12/20/11 4:22 PM
hostname – Institute of Electrical and Electronics Engineers (IEEE) 737
hostname, 536Hosts table, 535–536Host-to-Host layer, DoD model, 159,
168–173hotfixes, 437–439HSPA+. See Evolved High Speed Packet AccessHSSDC. See High Speed Serial Data ConnectorHTML, 32HTTP. See Hypertext Transfer ProtocolHTTPS. See Hypertext Transfer Protocol
Securehubs, 39, 118, 118, 146
collision domains, 300full duplex, 93LAN, 4OSI Physical layer, 145–146switches, 143
humidity, 147, 588–589hybrid fiber-coaxial (HFC), 501hybrid IP routing, 266, 266, 277, 283hybrid mesh topology, 15hybrid topology, 18, 18Hypertext Transfer Protocol (HTTP), 6, 164
application-layer attacks, 425DMZ, 451DNS, 131firewalls, 463IP routing, 263IPv6, 202netstat, 547OSI Application layer, 32port numbers, 263proxy, 461Telnet, 560
Hypertext Transfer Protocol Secure (HTTPS), 164, 263, 382
I-i address, 537-i TTL, 527IBSS. See independent basic service setICA. See Independent Computing ArchitectureICMP. See Internet Control Message ProtocolICSA. See International Computer Security
AssociationID Ten T error (ID10T), 602IDC. See insulation displacement connector
IDF. See intermediate distribution frameIDS. See intrusion detection systemIE. See Internet ExplorerIEC. See International Electrotechnical
CommissionIEEE. See Institute of Electrical and Electronics
EngineersIETF. See Internet Engineering Task Forceif, 540if_addr, 531ifconfig, 525–526I/G. See Individual/Group bitIGMP. See Internet Group Management
ProtocolIGPs. See interior gateway protocolsIGRP. See Interior Gateway Routing ProtocolIMAP. See Internet Message Access Protocolinbound ACLs, 456incident response, 430independent basic service set (IBSS), 351Independent Computing Architecture
(ICA), 392Individual/Group bit (I/G), 98inet_addr, 531infrastructure mode, wireless networks,
352–353, 353inherent attenuation, 102injectors, PoE, 326, 326inside global address, NAT, 243inside local address, NAT, 243Institute of Electrical and Electronics Engineers
(IEEE), 42–43, 98, 338802, 43–44802.1D, 309802.1Q, 321802.1w, 311–312802.3, 99, 100, 101802.3ab, 103802.3af, 325802.3an, 104802.3at, 325802.3u, 103802.11, 338, 340–347, 347802.11a, 343–344802.11b, 341–342, 342802.11g, 342–343802.11h, 344–345802.11n, 345–346803.3z, 103
137550bindex.indd 737 12/20/11 4:22 PM
738 insulation displacement connector (IDC) – IP address
insulation displacement connector (IDC), 585–586
.int, 131Integrated Services Digital Networks (ISDN),
487, 504–505interior gateway protocols (IGPs), 264–266,
265, 274BGP, 285IS-IS, 289
Interior Gateway Routing Protocol (IGRP), 266, 275
intermediate distribution frame (IDF), 79Intermediate System-to-Intermediate System
(IS-IS), 266, 289, 289–290, 621internal routing protocols, 286International Computer Security Association
(ICSA), 431International Electrotechnical Commission
(IEC), 649International Organization for Standardization
(ISO), 28, 649Internet, 8–9, 122, 380Internet Control Message Protocol (ICMP),
175, 175–176, 415, 621ACLs, 454IP routing, 257, 260, 262ping, 236traceroute, 520
Internet Engineering Task Force (IETF), 157Internet Explorer (IE), 31Internet Group Management Protocol
(IGMP), 165Internet layer, DoD model, 159, 173–178Internet Message Access Protocol
(IMAP), 162Internet Options, Security tab, 466, 466Internet Protocol (IP), 40, 155–187. See also
specific IP topics and processesACLs, 378CLNS, 290encapsulation, 178–182, 179OSPF, 287SOHO, 140
Internet Protocol version 4 (IPv4), 198–199, 291
Internet Protocol version 6 (IPv6), 40, 200–205, 202
CLNS, 290IP routing, 254ipconfig, 522OSPF, 287
routing protocols, 290–291SOHO, 140
Internet Security Association and Key Management Protocol (ISAKMP), 385–386
Internet service providers (ISPs)BGP, 265, 285cable modem, 502CIDR, 215
internetwork, 8, 8devices, 39, 141DV, 278, 278routers, 41, 121, 139, 143routing tables, 278SOHO, 140switches, 142, 145
Internetwork Package Exchange (IPX), 100, 383, 458
Inter-Switch Link (ISL), 320–321intranet, 8, 382intrusion detection system (IDS), 433,
468–472, 572–573packet sniffers, 570–571
intrusion prevention system (IPS), 423, 470, 572–573
packet sniffers, 570–571inverse multiplexing, 505IP. See Internet ProtocolIP address, 7, 89–90, 189–210
ACLs, 379arp -a, 236BGP, 285DHCP, 127, 166DNS, 131–132, 165–166, 236DOS commands, 236–237evil twin, 424hierarchical addressing, 191–198incorrect, 615network configuration, 122–123NICs, 235port security, 456private, 196–198problem determination, 237, 237–241, 238Smurf attacks, 415static, 168subnets, 212–234switches, 121troubleshooting, 234, 234–241v4, 198–199VLSM, 282WAP, 348, 359
137550bindex.indd 738 12/20/11 4:22 PM
IP header – light-emitting diodes (LEDs) 739
IP header, 174, 174IP proxy, 460–461IP routing, 253–272, 256, 258, 263, 264. See
also specific routing typesARP, 258CRC, 258, 259, 261default gateway, 261Destination Unreachable, 259, 261dynamic, 264–266, 265FCS, 259, 260frames, 259hardware address, 258, 260, 262HTTP, 263HTTPS, 263hybrid, 266, 266ICMP, 257, 260, 262MAC address, 258OSI
Data Link layer, 258, 260, 261, 262Network layer, 260, 261Physical layer, 259, 262
packets, 261packet switching, 260process, 257–262Registry, 261static, 264–266, 265
IP Security (IPSec), 384, 385, 473IP spoofing attack, 378–379, 424, 424, 454IP stack, 235, 537ipconfig, 502, 521–524ipconfig/all, 236, 522–524ipconfig/release, 517, 524ipconfig/renew, 517, 524IPS. See intrusion prevention systemIPSec. See IP SecurityIPv4. See Internet Protocol version 4IPv6. See Internet Protocol version 6IPX. See Internetwork Package ExchangeISAKMP. See Internet Security Association and
Key Management ProtocolISDN. See Integrated Services Digital
NetworksIS-IS. See Intermediate System-to-Intermediate
SystemISL. See Inter-Switch LinkISO. See International Organization for
Standardizationisotropic antennas, 350ISPs. See Internet service providers
J-j host-list, 527jitter, 655
K-k host-list, 527Kerberos, 402, 403, 473Kevlar, 62
L-l size, 527L2F. See Layer 2 ForwardingL2TP. See Layer 2 Tunneling ProtocolLAN. See local area networkLAN Manager, 299latching, 63latency, 144, 302, 609latency sensitivity, 653Layer 2
bridges, 144–145broadcasts, IPv4, 198port security, 456Spanning Tree Protocol, 309switches, 144–145, 298, 302–309
Layer 2 Forwarding (L2F), 383Layer 2 Tunneling Protocol (L2TP), 383Layer 3
broadcasts, IPv4, 198–199port security, 456switches, routers, 41, 122
layered architecture, OSI, 28–29, 30–44, 31, 32
LC. See Local ConnectorLcd, 558LDAP. See Lightweight Directory
Access Protocollearning state, 310leased lines, 491least significant bit (LSB), 99LEDs. See light-emitting diodesLength, IEEE 802.3, 100light-emitting diodes (LEDs), 63, 119,
600–601
137550bindex.indd 739 12/20/11 4:22 PM
740 Lightweight Directory Access Protocol (LDAP) – microwave radio relay
Lightweight Directory Access Protocol (LDAP), 165
Link Aggregation, 101link light, 600–601link state (LS), 266, 266, 277, 283, 286–290link state advertisements (LSAs), 286link state packets (LSPs), 286link-local address, 204, 291listening state, 310LLC. See Logical Link Controlload balancing, 130, 275, 278, 657load testing, 651local address, 243, 262local area network (LAN), 3, 3–5. See also
Small Office, Home Office; virtual local area network; wireless local area network
IP routing, 254packet switching, 492RJ-11, 61routers, 4, 315, 451switches, 301
bridges, 303VLSM, 281VPN, 380–382
Local Connector (LC), 64, 65, 66local loop, 489logging, NIDS, 470logical address, 41, 254Logical Link Control (LLC), 43logical network diagrams, 645, 646LogMein, 519, 519Long Term Evolution (LTE), 503, 504loop avoidance, 307–309, 308loopback plug, 578, 578LS. See link stateLs, 558LSAs. See link state advertisementsLSB. See least significant bitLSPs. See link state packetsLTE. See Long Term Evolution
MMAC. See Media Access Controlmacro viruses, 420magnetic flux, 71–72mail exchanger (MX), 133mail relay, 434
mail server, 6, 433, 456main distribution frame (MDF), 79mainframes, 7man-in-the-middle attacks, 427, 427mask netmask, 539maximum burst rate (MBR), 507maximum transmission unit (MTU), 103,
615, 621MB. See megabyteMBR. See maximum burst rateMD5. See Message-Digest algorithm 5MDF. See main distribution frameMD-IDS. See misuse-detection IDSMDI/MDI-X. See medium dependent
interface/medium dependent interface-crossover
mechanical transfer registered jack (MTRJ), 64–65, 65
Media Access Control (MAC), 43, 236, 345, 379
address, 88–90, 94, 98ARP, 529arp -a, 236bridges, 303DHCP, 127IP routing, 258ipconfig, 524IPv6, 202port security, 456PPPoE, 392switches, 120, 303TKIP, 366VLAN, 318
authentication, 364forward/filter table, 304, 304, 306
media converters, 66–67medium dependent interface/medium
dependent interface-crossover (MDI/MDI-X), 605
meet-in-the-middle attack, 387megabyte (MB), 492mesh topology, 15, 15–16Message-Digest algorithm 5 (MD5), 405metric, 40metric metric, 539mget, 559Microsoft Challenge Handshake
Authentication Protocol (MS-CHAP), 391, 405–406
microwave radio relay, 497
137550bindex.indd 740 12/20/11 4:22 PM
.mil – networks 741
.mil, 131Mills, David, 164MILNET, 158MIMO. See multiple-input multiple-outputmisuse-detection IDS (MD-IDS),
468–469, 469MLS. See multilayer switchMMF. See multimode fibermobility, 201modems, 434, 492. See also cable modemmodulation technique, 343monitor viewing, 433MPLS. See MultiProtocol Label SwitchingMS-CHAP. See Microsoft Challenge
Handshake Authentication ProtocolMtr, 536–537MTRJ. See mechanical transfer registered jackMTU. See maximum transmission unitmulticast packets
bridges, 142EIGRPv6, 291IPv4, 199IPv6, 204RIPng, 290–291routers, 41switches, 142
multifactor authentication, 400multilayer switch (MLS), 122, 130multimedia, 33multimeter, 582, 583multimode fiber (MMF), 62, 63, 66,
66–67, 103multipartite viruses, 420, 420–421multiple barrier system, 475, 476multiple-input multiple-output (MIMO),
345–346MultiProtocol Label Switching (MPLS), 9,
9, 16MX. See mail exchanger
N-N, 531-n, 537, 553–554-n count, 527NaaS. See network as a serviceNAC. See Network Access Controlname resolution, 131
NAT. See Network Address TranslationNational Fire Protection Association
(NFPA), 56National Institute of Standards and Technology
(NIST), 388National Security Agency (NSA), 386nbtstat, 540–546NCP. See Network Control Protocolnear-end crosstalk (NEXT), 60, 606neighbor table, 284, 284neighbor-discovery process, 291NESSUS, 472.net, 131NetBIOS. See Network Basic Input/Output
Systemnetstat, 546–554NetWare, 299–300networks, 2, 21–26, 89. See also specific
network types and devicesbackbone, 20, 20–21bus topology, 12, 13client-server, 11, 11configuration, 122–125devices, 115–153documentation, 638–649environment, 146–147firewalls, 125–126hosts, 7, 39hybrid topology, 18, 18LAN, 3–5mesh topology, 15, 15–16monitoring performance, 649–661MPLS, 9operating system, 5peer-to-peer, 10, 10–11physical media, 55–70physical topology, 12–18
selection, 18–21point-to-multipoint topology, 17, 17, 18point-to-point topology, 16–17, 17policies, 647procedures, 648ring topology, 14–15, 15security threat mitigation, 428–430security threats, 413–447segments, 20, 21
SOHO, 137–147troubleshooting, 604
servers, 5–6, 7star topology, 13–14, 14
137550bindex.indd 741 12/20/11 4:22 PM
742 Network Access Control (NAC) – Open Systems Interconnection (OSI)
troubleshooting, 595–633WAN, 7–9workstations, 5, 7
Network Access Control (NAC), 405Network Access layer, DoD model, 159network address, 40, 190, 192, 192–196
Class A, 193–194, 215, 217Class B, 194–195, 215, 216, 226–234Class C, 195–196, 215, 217–226, 219,
220–221, 221Class D, 196Class E, 196
Network Address Translation (NAT), 196, 241–245, 245, 621
configuration, 242IPv6, 200WAP, 348
network analyzer, 570network as a service (NaaS), 661Network Basic Input/Output System
(NetBIOS), 540–546Network Control Protocol (NCP), 157Network Interface Cards (NICs), 39,
118–119, 119crossover cable, 75–76duplex, 93–94firewalls, 452half duplex, 123IP address, 235packet sniffers, 570–571ping, 236wireless, 348, 349, 355–359, 357xDSL, 500
network interface device (NID), 80Network layer, OSI, 39–41
encapsulation, 179, 181firewalls, 461–463IP routing, 260, 261SOHO, 139–140
network management stations (NMSs), 39Network Mapper (NMAP), 472–473, 575, 674Network Monitor, 517network reconnaissance, 426network scanners, 570–576Network Time Protocol (NTP), 164network-based firewalls, 453network-based IDS (NIDS), 468–471, 469NEXT. See near-end crosstalknext-hop address, 291, 539next-hop router, 41
NFPA. See National Fire Protection Associationnibble, 94, 95NICs. See Network Interface CardsNID. See network interface deviceNIDS. See network-based IDSNIST. See National Institute of Standards
and TechnologyNMAP. See Network MapperNMSs. See network management stationsnoise immunity, 71–72nonces, 366–367notification, 432, 470Novell, 299–300NSA. See National Security Agencynslookup, 533–534NTP. See Network Time Protocol
OOC. See optical carrieroctet, 190OE. See operator errorOFDM. See Orthogonal Frequency Division
MultiplexingOLT. See optical line terminationomni directional antennas, 349–351on-access virus scan, 440–441on-demand virus scan, 440one-to-many address, 204ONUs. See optical network unitsopen access mode, WLAN, 363open impedance mismatch, 606open relay, 434Open Shortest Path First (OSPF), 40, 287–289,
288, 621IP routing, 254IS-IS, 290LS, 266RIPv2, 280v3, 291VLSM, 282
Open Systems Interconnection (OSI), 27–51Application layer, 31–32
firewalls, 463–464connection-oriented communication,
34–35, 35Data Link layer, 42, 42–44
encapsulation, 179Ethernet, 94–101
137550bindex.indd 742 12/20/11 4:22 PM
operating system – PEBCAK 743
frames, 181IP routing, 258, 260, 261, 262routers, 41
DoD model, 158–159, 159encapsulation, 45, 45flow control, 35–36, 36layered architecture, 28–29, 30–44, 31, 32MLS, 130Network layer, 39–41
encapsulation, 179, 181firewalls, 461–463IP routing, 260, 261SOHO, 139–140
PDU, 178Physical layer, 44
encapsulation, 179Ethernet, 101–106, 102frames, 182hubs, 145–146IP routing, 259, 262
Presentation layer, 33reference model, 30–44Session layer, 33TCP/IP, 157Transport layer, 33–34
ACK, 38–39encapsulation, 179port numbers, 181, 181, 245reliable networking, 38, 38–39
windows, 37, 37–38operating system, 5operator error (OE), 602optical carrier (OC), 495, 496optical line termination (OLT), 497optical network units (ONUs), 497optical time-domain reflectometer (OTDR),
581–582, 582.org, 131organizationally unique identifier (OUI), 98Orthogonal Frequency Division Multiplexing
(OFDM), 343OS/2, 299OSI. See Open Systems InterconnectionOSPF. See Open Shortest Path FirstOTDR. See optical time-domain reflectometerOUI. See organizationally unique identifieroutbound ACLs, 456out-of-order delivery, 655outside global address, NAT, 243outside local address, NAT, 243
overhead, 34overloading, 243, 244, 245
P-p
netstat, 551–553route, 538–539
-p period, 537packets, 179. See also specific packet types
dynamic filtering, 459IP routing, 254, 257, 261NAT, 244OSI Network layer, 39–40PDUs, 181TKIP, 366VLAN, 319
Packet InterNet Groper. See pingpacket shaping, 656packet sniffers, 426, 570–572, 571, 650–651packet switching
Frame Relay, 506IP routing, 260LAN, 492SOHO, 140
packet-filter firewalls, 462PANs. See personal area networksPAP. See Password Authentication Protocolpartial mesh topology, 16passive detection, 429Passive Optical Network (PON), 496–497passphrase, 367passwords, 396–400
automatic account lockouts, 398–399encryption, 386–387security policy, 433WAP, 359
password attacks, 426Password Authentication Protocol (PAP), 405PAT. See Port Address Translationpatch cable, 74, 640patches, 437–439
security policy, 434pathping, 536–537payload protocol, 380PDUs. See Protocol Data UnitsPEBCAK. See problem exists between chair
and keyboard
137550bindex.indd 743 12/20/11 4:22 PM
744 peer-to-peer networks – protocol switching
peer-to-peer networks, 10, 10–11penetration, 422personal area networks (PANs), 497PGP. See Pretty Good Privacyphishing, 426, 427–428physical barriers, 475Physical layer, OSI, 44
encapsulation, 179Ethernet, 101–106, 102frames, 182hubs, 145–146IP routing, 259, 262
physical network diagrams, 642–644, 643, 644
physical security, 474–478physical topology, networks, 12–18
selection, 18–21ping, 176, 235–236, 526–529Ping of Death, 415PKI. See Public Key Infrastructureplain old telephone service (POTS), 59, 487
ADSL, 501ISDN, 504PSTN, 489
plennum-rated coating, 56, 62PoE. See Power over Ethernetpoint of presence (POP), 489pointer record (PTR), 133point-to-multipoint topology, 17, 17, 18,
349–351point-to-point connection, 92point-to-point link, 14Point-to-Point Protocol (PPP), 391–392, 491Point-to-Point Protocol over Ethernet
(PPPoE), 392DSL, 499
point-to-point topology, 16–17, 17, 103, 349–351
Point-to-Point Tunneling Protocol (PPTP), 383–384
policiesnetworks, 647security, 430–436, 647
polyvinyl chloride (PVC), 55, 62PON. See Passive Optical NetworkPOP. See point of presence; Post Office
Protocolports
access ports, 319IDS, 470, 470
routers, 124security, 456speed, 124, 614switches, 123, 310trunk ports, 319–320, 320USB, 70WAN, 8
Port Address Translation (PAT), 243, 244, 245, 245, 621
port duplex mismatch, 614port mirroring, 326–328, 328port numbers, 171–173, 172, 263
ACLs, 379OSI Transport layer, 181, 181, 245
port scanners, 426, 574–576, 575port sweeping, 574port-redirection attacks, 427Post Office Protocol (POP), 162POTS. See plain old telephone servicePower over Ethernet (PoE), 324–326, 325power switch, 601–602powers of 2, 214PPP. See Point-to-Point ProtocolPPPoE. See Point-to-Point Protocol
over EthernetPPTP. See Point-to-Point Tunneling Protocolpreamble, 99prefix routing, 279Presentation layer, OSI, 33Pre-Shared Key (PSK), 367–368Pretty Good Privacy (PGP), 386–387,
389, 390Primary Rate Interface (PRI), 504print, 539print server, 6private cloud, 659private IP address, 196–198private network, 451private side firewalls, 125proactive defense, 429–430problem exists between chair and keyboard
(PEBCAK), 602procedures
networks, 648security, 436–441
Process/Application layer, DoD model, 158–168
protocol analyzers, 517–518, 579–580, 651Protocol Data Units (PDUs), 45, 178, 181protocol switching, 457–458, 458
137550bindex.indd 744 12/20/11 4:22 PM
Proxy ARP – routers 745
Proxy ARP, 622proxy server, 6, 135, 136, 460, 460–461PSK. See Pre-Shared KeyPSTN. See Public Switched Telephone NetworkPTR. See pointer recordpublic cloud, 659public key encryption, 388, 389Public Key Infrastructure (PKI), 401, 402public side firewalls, 125Public Switched Telephone Network (PSTN),
59, 487, 489–490punch-down tool, 585, 585–586, 586PVC. See polyvinyl chloridePwd, 558
Q-q num-queries, 537quality of service (QoS), 41, 144, 316–317,
655–656
R-R, 527-r, 544–545, 551-r count, 527rack-mounted switches, 641, 642radio frequency interference (RFI), 606RADIUS. See Remote Authentication Dial In
User ServiceRapid Spanning Tree Protocol (RSTP), 311–312RARP. See Reverse Address Resolution
ProtocolRAS. See Remote Access Servicesrate limiting, 656RDC. See Remote Desktop ConnectionRDP. See Remote Desktop ProtocolReal-time Transport Protocol (RTP), 163Recommended Standard 232 (RS-232), 69, 69recording equipment, 432reference model, OSI, 30–44registered jack (RJ), 640
RJ-11, 60–61, 61RJ-45, 60–61, 61, 102, 500, 640
Registry, 257, 261regulations, 648–649reliable networking, 33, 38, 38–39
remote access, 390–392remote access server, 6, 236Remote Access Services (RAS), 390–391, 391Remote Authentication Dial In User Service
(RADIUS), 365, 365, 403, 621PPPoE, 392VPN concentrator, 473
Remote Desktop Connection (RDC), 162, 391Remote Desktop Protocol (RDP), 162, 391Remote Desktop Services, 162remote-access VPN, 382repeaters, 39, 146replay attacks, 366Requests for Comments (RFCs), 164resistance-to-change syndrome, 201Reverse Address Resolution Protocol (RARP),
177, 178reverse lookup zone, 134RFCs. See Requests for CommentsRFI. See radio frequency interferenceRG-6, 57, 58RG-58 A/U, 57RG-58 U, 57RG-59, 57RG-62, 58ring topology, 14–15, 15RIP. See Routing Information ProtocolRIPng. See Routing Information Protocol
next generationRIPv2. See Routing Information Protocol
version 2Rivest, Shamir, and Adleman (RSA), 382, 388,
391, 473RJ. See registered jackRJ-11, 60–61, 61RJ-45, 60–61, 61, 102, 500, 640rogue access points, 423rootkit, 425round-robin load balancing, 278route, 537–540routers, 4, 121–122. See also IP routing
ABRs, 288ACLs, 378ASBR, 289broadcasts, 651collision domains, 143CPU, 274Internet, 122internetwork, 41, 139, 143IP routing, 255
137550bindex.indd 745 12/20/11 4:22 PM
746 route-update packets – security audits
LAN, 4, 315, 451missing routes, 621next-hop, 41OSI
Data Link layer, 42Network layer, 39–41
point-to-point topology, 16ports, 124QoS, 144security zones, 478SOHO, 138subnets, 220traceroute, 236WAN, 8
route-update packets, 40routing by rumor, 278routing flow tree, 275Routing Information Protocol (RIP), 40, 266,
279, 283, 621AD, 275convergence, 278IP routing, 254OSPF, 287–288
Routing Information Protocol next generation (RIPng), 290–291
Routing Information Protocol version 2 (RIPv2), 280, 282, 283, 621
routing loops, 621routing protocols, 254, 273–296. See also
specific protocolsAD, 275–277classes, 277DV, 277, 278–286hybrid IP routing, 277IPv6, 290–291LS, 277, 286–290
routing tables, 255, 257convergence, 278, 279EIGRP, 283, 284internetwork, 278SOHO, 140
RS-232. See Recommended Standard 232
RSA. See Rivest, Shamir, and AdlemanRST (reset packet), 574RSTP. See Rapid Spanning
Tree ProtocolRTP. See Real-time Transport Protocol
S-S, 545–546-s, 531, 546, 551-s count, 527-S srcaddr, 527SA. See Source AddressSaaS. See software as a serviceSarbanes-Oxley Act of 2002
(Sar-Ox), 648SAs. See security associationsSATAN. See Security Administrator Tool for
Analyzing NetworksSC. See subscriber connectorscanning services, 464–468schematics, 639–642Scope Options, 127, 127SCP. See Secure Copy ProtocolSDH. See Synchronous Digital HierarchySDSL. See symmetric digital subscriber lineSecure Copy Protocol (SCP), 165Secure File Transfer Protocol (SFTP), 161Secure Shell (SSH), 164, 392
SFTP, 161Telnet, 561
Secure Sockets Layer (SSL), 383tunneling, 382–383VPN concentrator, 473
Secure Sockets Layer Virtual Private Network (SSL VPN), 382–383
securityantivirus programs, 439–441DSL, 499hardware/software, 450–452patches and upgrades, 437–439physical, 474–478policies, 430–436, 647procedures, 436–441server logs, 651threats, 413–447
mitigation, 428–430wireless networks, 421–424
training, 436–437wireless networks, 362–368
Security Administrator Tool for Analyzing Networks (SATAN), 429
security associations (SAs), 385–386security audits, 397, 431
137550bindex.indd 746 12/20/11 4:22 PM
security filtering – SSM 747
security filtering, 377–392ACLs, 378, 378–379encryption, 386–389remote access, 390–392tunneling, 379–380, 380
Security Services Module (SSM), 464Security Set Identifier (SSID), 353, 357, 364
evil twin, 423WAP, 359war driving, 422
Security tab, Internet Options, 466, 466security zones, 476, 477, 478segments
networks, 20, 21SOHO, 137–147troubleshooting, 604
OSIconnection-oriented communication, 34flow control, 35
PDU, 178TCP, 169, 169UDP, 170
sendmail, 425serial cables, 68–70servers, 5–6, 7. See also specific
server typesserver logs, 651–652server mode, VTP, 322, 323service level agreement (SLA), 656service packs, 438Service Set Identifiers (SSIDs), 608Session Initiation Protocol (SIP), 163Session layer, OSI, 33session secret, 367SetRequest, 638SFD. See start frame delimiterSFF. See small form factorSFTP. See Secure File Transfer Protocolshared keys, 360shielded twisted-pair (STP), 58, 72short circuits, 606Shortest Path First (SPF), 286. See also Open
Shortest Path Firstshow ip route, 255show mac address-table, 307shunning, 470side channel attack, 388signal degradation, 354–355signature identification, 466
Simple Mail Transfer Protocol (SMTP), 162, 560
proxy, 461Simple Network Management Protocol
(SNMP), 121, 163, 463, 638–639simplex, 33single sign-on, 400single-mode fiber (SMF), 62, 63, 66, 66–67
10GBase-LW, 1041000BaseLX, 103
SIP. See Session Initiation Protocolsite-to-site VPN, 382SLA. See service level agreementsmall form factor (SFF), 63–65Small Office, Home Office (SOHO), 121,
137–147, 501, 580smart antennas, 345smart jack, 80SmartDraw, 639, 644, 644, 645SMF. See single-mode fiberSMTP. See Simple Mail Transfer ProtocolSmurf attacks, 415–416, 416, 454SNAT. See static NATSNMP. See Simple Network Management
ProtocolSnort, 574social engineering, 427–428software address, 174software as a service (SaaS), 661SOHO. See Small Office, Home OfficeSONET. See Synchronous Optical NetworkSource Address (SA), 100SPAN. See Switch Port Analyzerspanning trees, 303Spanning Tree Protocol (STP), 309, 309–312,
311, 620–621spanning-tree algorithm (STA), 309spatial multiplexing, 346SPF. See Shortest Path Firstsplit pairs, 579, 606splitters, 501SQL injection attacks, 574SSH. See Secure ShellSSID. See Security Set IdentifierSSIDs. See Service Set IdentifiersSSL. See Secure Sockets LayerSSL VPN. See Secure Sockets Layer Virtual
Private NetworkSSM. See Security Services Module
137550bindex.indd 747 12/20/11 4:22 PM
748 ST – TCP
ST. See straight tipSTA. See spanning-tree algorithmStacheldraht, 417standard ACLs, 455star topology, 13–14, 14start frame delimiter (SFD), 99state table, 459, 462state transitions, 44stateful firewalls, 462–463stateful packet inspection, 462–463stateless firewall, 462–463static ARP table entries, 530static IP addressing, 168static IP routing, 255, 264–266, 265, 275static NAT (SNAT), 243, 245static VLAN, 317–318steady state, 257STP. See shielded twisted-pairstraight tip (ST), 63, 64straight-through cable, 75strong passwords, 398subnets
autonomous systems, 265Class B network address, 226–234Class C network address,
217–226, 219IP address, 212–234VLSM, 281
subnet masks, 214–215CIDR, 216–217, 225Class C network address,
220–221, 221DHCP, 166EIGRP, 283route, 539VLSM, 281
subscriber connector (SC), 63, 64supplicant, 405surge protectors, 587swipe mechanisms, 433switches, 120–121, 297–334. See also specific
switch and switching typesaddress learning, 304–306broadcast domain, 140collision domains, 138, 140,
143, 302Ethernet, 121forward/filter decisions, 306–307half duplex, 302hubs, 143
internetwork, 142, 145LAN, 4, 301
bridges, 303Layer 2, 144–145, 298, 302–309Layer 3, routers, 41loop avoidance, 307–309, 308MAC address, 303multicast packets, 142nbtstat, 541–546netstat, 548–554networks before, 298–301, 299PoE, 324–326ports, 123, 310port mirroring, 326–328, 328PSTN, 490rack-mounted, 641, 642services, 302–309SPAN, 326–328Spanning Tree Protocol, 309–312VLAN, 313–321, 316, 451VTP, 322wireless networks, troubleshooting, 609
Switch Port Analyzer (SPAN), 326–328symmetric digital subscriber line (SDSL), 501symmetrical key encryption, 387SYN (synchronize), 34, 462, 674SYN flood, 416, 417, 463
DoS/SYN flood attack, 416, 417, 454SYN/ACK (synchronize- acknowledgment), 34,
416, 674Synchronous Digital Hierarchy (SDH), 495Synchronous Optical Network (SONET), 15,
104, 495Syslog, 650
T-t, 527T1
crossover cable, 76, 77WAN connection, 494
T3, 494–495TA. See terminal adapterTACACS+. See Terminal Access Control
Access-Control System Plustapping, 72TCP. See Transmission Control Protocol
137550bindex.indd 748 12/20/11 4:22 PM
TCP/IP – Tribe Flood Network (TFN) 749
TCP/IP. See Transmission Control Protocol/Internet Protocol
TDM. See time-division multiplexingTDR. See time-domain reflectometerTeflon. See fluoroethylenepropylenetelephony server, 6Telnet, 160, 386, 560, 560–561telnet, 561temperature, 146, 588–589Temporal Key Integrity Protocol (TKIP),
366–367Terminal Access Control Access-Control
System Plus (TACACS+), 403–405, 404terminal adapter (TA), 504–505Terminal Services Client (TSC), 162, 391TFN. See Tribe Flood NetworkTFN2K. See Tribe Flood Network 2000TFTP. See Trivial File Transfer Protocolthicknet, 57, 102, 104thin client, 661thin computing, 661thin protocol. See User Datagram Protocolthinnet, 56, 56, 102, 105Third Generation Partnership Project 2
(3GPP2), 503thrashing, 3083DES. See Triple Data Encryption Standard3GPP2. See Third Generation Partnership
Project 2three-way handshake, 34, 36, 168throughput, 495, 518
testing, 518–519, 651Time to Live (TTL), 236, 520time-division multiplexing (TDM),
493, 505time-domain reflectometer (TDR), 581TLS. See Transport Layer SecurityToken Ring, 299toll network, 489toner probe, 582–584, 584topology table, 283–284, 284TPC. See Transmit Power ControlTraceroute, 176, 454traceroute, 236, 520–521tracert, 236, 520tracking, 433traffic contract, 656traffic shaping, 656transceivers, 39
Transmission Control Protocol (TCP), 33, 168–169
connection-oriented communication, 34DNS, 134full duplex, 168OSI Transport layer, 39port numbers, 171–173, 172port scanners, 574segments, 169, 169stateful firewalls, 462throughput testers, 518UDP, 169–170
Transmission Control Protocol/Internet Protocol (TCP/IP), 7, 157–177
ACLs, 379ARP, 529DoD model, 158–159, 160FTP, 554history, 157–158IGMP, 165IPSec, 385L2TP, 383nbtstat, 540–546netstat, 546–554network segments, 604OSI
Application layer, 31windows, 37
ping, 526protocol switching, 457–458subnets, 213SYN flood, 416Telnet, 560traceroute, 520–521
transmission speedscables, 71DSL, 499WAN, 492
Transmit Power Control (TPC), 344–345transparent bridging, 145transparent mode, VTP, 322–323, 323Transport layer, OSI, 33–34
ACK, 38–39encapsulation, 179port numbers, 181, 181, 245reliable networking, 38, 38–39
Transport Layer Security (TLS), 163, 382traps, 163, 638Tribe Flood Network (TFN), 417
137550bindex.indd 749 12/20/11 4:22 PM
750 Tribe Flood Network 2000 (TFN2K) – Variable Length Subnet Mask (VLSM)
Tribe Flood Network 2000 (TFN2K), 417Triple Data Encryption Standard (3DES),
387–388Trivial File Transfer Protocol (TFTP),
32, 161Trojan horse, 421troubleshooting
ARP, 529–533cables, 604–609connectivity software, 519FTP, 554–559Hosts table, 535–536ifconfig, 525–526IP address, 234, 234–241ipconfig, 521–524Mtr, 536–537nbtstat, 540–546networks, 595–633
segments, 604nslookup, 533–534ping, 526–529protocol analyzers, 517–518route, 537–540steps, 609–623Telnet, 560–561throughput testers, 518–519tips, 623–626tools, 515–568traceroute, 520–521wireless networks, 607–609workstations, 604
trunk ports, 319–320, 320trusted network, 451Trusted Sites, 467, 467trust-exploitation attacks, 427TSC. See Terminal Services ClientT-series WAN connections, 492–495TTL. See Time to Livetunneling
IPSec, 384L2TP, 383PPTP, 383–384security filtering, 379–380, 380SSL, 382–383SSL VPN, 382–383VPN, 380–382
twisted-pair cable, 58–61Type, Ethernet, 100, 259–262
UUDP. See User Datagram Protocolunicast, 199, 204, 550UNII. See Unlicensed National Information
Infrastructureuninterruptible power supply (UPS), 587unique local address, 204Universal Serial Bus (USB), 69–70, 70Unlicensed National Information
Infrastructure (UNII), 339, 339, 343–344, 344
unreliable protocol, 170unshielded twisted-pair (UTP), 58–59
connecting, 60–61Ethernet, 102
crossover cable, 75ISDN, 504PSTN, 490wiring schematics, 639–640xDSL, 500
untrusted network, 451upgrades, 437–439UPS. See uninterruptible power supplyuptime, 654USB. See Universal Serial Bususer accounts, 393–396User Datagram Protocol (UDP), 33, 169–170
DHCP, 166–167DNS, 134netstat, 547OSI Transport layer, 39packet sniffers, 572port numbers, 171–173, 172port scanners, 574RIPng, 290segments, 170throughput testers, 518
UTP. See unshielded twisted-pair
V-v, 531-v TOS, 527Variable Length Subnet Mask (VLSM),
280–282, 282, 287
137550bindex.indd 750 12/20/11 4:22 PM
VDSL – wireless antennas 751
VDSL. See very high bit-range digital subscriber line
very high bit-range digital subscriber line (VDSL), 501
video, 654virtual circuits, 34, 36, 508virtual desktops, 660–661virtual local area network (VLAN), 41, 313
broadcast domains, 143dynamic, 318identifying, 318–321incorrect, 615ipconfig, 524membership, 317QoS, 316–317static, 317–318switches, 121, 313–321, 316, 451trunk ports, 319–320, 320voice, 319
virtual machines (VMs), 659virtual networks, 658–661, 660Virtual Private Network (VPN), 381. See also
VPN concentratorpacket sniffers, 571tunneling, 380–382
virtual servers, 659virtual switches, 660viruses, 417–421virus definition files, 440VLAN. See virtual local area networkVLAN Management Policy Server
(VMPS), 318VLAN Trunking Protocol (VTP),
321–324, 323VLSM. See Variable Length Subnet MaskVMPS. See VLAN Management Policy ServerVMs. See virtual machinesVoice over IP (VoIP), 74, 163, 464, 501
bandwidth, 654network configuration, 122PoE, 324switches, 121
voice VLAN, 319VoIP. See Voice over IPvoltage event recorder, 587–588volt/ohm meter (VOM), 582VPN. See Virtual Private NetworkVPN concentrator, 137, 137, 473, 473VTP. See VLAN Trunking Protocolvulnerability scanners, 472–473
W-w timeout, 527, 537WAN. See wide area networkWAP. See wireless access pointswar chalking, 422war driving, 363, 422Wavelength Division Multiplexing
(WDM), 496Web proxy server, 135, 461web server, 6, 39, 456, 580well-known port numbers, 172WEP. See Wired Equivalent Privacywide area network (WAN), 7–9, 485–514, 489
broadband services, 498–503, 499cellular, 503connection types, 490–495, 491demarc, 79IP routing, 254network segments, 604protocols, 504–509subnets, 213VLSM, 281, 282VPN, 380–382wireless, 503–504wiring, 495–496
Wi-Fi, 345Wi-Fi Alliance, 338, 339–340Wi-Fi Protected Access (WPA), 366, 367–368,
423, 607cracking, 423WAP, 360
WiMAX. See World Wide Interoperability for Microwave Access
windows, OSI, 37, 37–38Windows Internet Naming Service (WINS),
131, 166Windows Update, 437–438, 438WINS. See Windows Internet Naming Servicewire crimper, 586Wired Equivalent Privacy (WEP), 357,
364–365, 607cracking, 422WAP, 360
wireless access points (WAP), 347–348, 348configuration, 359–362DHCP, 365installing, 355
wireless antennas, 349–351
137550bindex.indd 751 12/20/11 4:22 PM
752 wireless local area network (WLAN) – zones
wireless local area network (WLAN), 337–373history, 339IEEE 802.11, 340–347ipconfig, 522
wireless networks, 335–373ad hoc mode, 351–352, 352authentication, 357components, 347–351infrastructure mode, 352–353, 353installing, 351–362security, 362–368security threats, 421–424signal degradation, 354–355switches, troubleshooting, 609transmission media, 497–498troubleshooting, 607–609
wireless NICs, 348, 349, 355–359, 357wireless WAN, 503–504wire-map testers, 578–579Wireshark, 570–571wiring. See also cables
EIA/TIA, 640schematics, 639–642security policy, 432–433
standards, 72–78WAN, 495–496
WLAN. See wireless local area networkWLAN Association (WLANA), 338workgroups, 3workstations, 5, 7, 604World Wide Interoperability for Microwave
Access (WiMAX), 503, 504worms, 421WPA. See Wi-Fi Protected Access
XxDSL, 500–501
ZZimmerman, Phil, 389zones
firewalls, 466–467security, 476, 477, 478
137550bindex.indd 752 12/20/11 4:22 PM