OBJECTIVES 3.1 Identify the basic capabilities (for ... · 3.1 Identify the basic capabilities (for example, client support, interoperability, authentication, file and print services,

3.1 Identify the basic capabilities (for example, client support, interoperability,authentication, file and print services, application support, and security) ofthe following server operating systems to access network resources:

UNIX/LINUX/MAC OS X SERVER

UNDERSTANDING THE OBJECTIVE

The term UNIX refers to proprietary network operating systems, developed by differentcompanies, that share similar kernels, directory structures, commands, and processingcharacteristics. Apple Computer’s version of UNIX is Mac OS X Server. Linux is an opensource UNIX-type of operating system that shares many characteristics with UNIX, but hasdistinct source code not derived from UNIX.

WHAT YOU REALLY NEED TO KNOW◆ A NOS (network operating system) is a software package that enables one

machine to act as a server in a client/server network.◆ NOSs perform file- and print-sharing functions, and also provide mail, remote con-

nectivity, security, network management, and Internet services.◆ UNIX is a general term for a group of proprietary NOSs that share similar kernels,

directory structures, commands, and processing characteristics, and that rely on theTCP/IP protocol. UNIX was first developed in the 1960s. Mac OS X Server is a propri-etary UNIX version developed by Apple Computer. Other proprietary versions havebeen developed by IBM (AIX), Sun Microsystems (Solaris), and Hewlett Packard (HPUX). The SCO Group owns the rights to the UNIX source code from which all UNIXversions are derived.

◆ The advantage to using a proprietary version of UNIX is its stability and vendorsupport. However, open source UNIX-type operating systems, such as Linux, arebecoming more popular and more easily supported.

◆ Linux shares many of the characteristics and commands of UNIX. Linus Torvalds ofFinland wrote the core of Linux in 1991, then enlisted the assistance of otherdevelopers to enhance his original work.

◆ UNIX and UNIX-type operating systems use a hierarchical file system with an upper-most level called root. Standard directories under the root include home, dev, usr,bin, var, and lib.The NOSs rely on a kernel, containing the core set of OSinstructions. They also use techniques for multiprocessing, thus supporting multipleprocessors, as well as multiple NICs and virtual memory.

◆ UNIX and UNIX-type servers can access FAT, NTFS, and HPFS file systems and shareddrives on Windows or NetWare servers. They can support multiple types of clients,including Microsoft and Novell network clients, because they use the standardTCP/IP protocol stack.

OBJECTIVES ON THE JOB

UNIX or Linux is found in many organizations.Often,UNIX-type systems are used for HTTP,Telnet, FTP, DNS, or other Internet-related services, and as robust database servers. Althoughsome have GUI interfaces, network administrators often still use the command-line interface.

34384_CPEG_03 2/17/2005 16:53:37 Page 168

O B J E C T I V E S

168 NETWORK+ COURSEPREP

PRACTICE TEST QUESTIONS

1. Which of the following is true about open source UNIX-type systems?a. They typically do not supply as many Internet services as proprietary versions of the software.b. They are less accepted in the marketplace for use with robust applications.c. They use a different file system than proprietary versions of the software.d. They typically do not come with the same amount of vendor support as proprietary versions.

2. What will typing man ls and pressing Enter at the command line of a UNIX-type server do?a. display the help text for the file list commandb. display the server’s error logc. display a list of users currently logged on to the systemd. display a list of available printers

3. What is the uppermost level of a UNIX-type file system called?a. branchb. leafc. rootd. tree

4. What protocol is native to the UNIX environment?a. IPX/SPXb. NetBEUIc. TCP/IPd. SNA

5. Which of the following is a popular use for a UNIX-type server, even in an environment dominatedby Windows Server 2003 or NetWare?

a. print serverb. graphics serverc. remote access serverd. HTTP server

6. Which of the following is a popular UNIX-type of open source operating system?a. Linuxb. VINESc. AIXd. AnyLAN

7. What is IBM’s proprietary version of UNIX called?a. IBXb. AIXc. SNAXd. INOS

34384_CPEG_03 2/17/2005 16:53:37 Page 169

169NETWORK+ COURSEPREP

3.1 Identify the basic capabilities (for example, client support, interoperability,authentication, file and print services, application support, and security) ofthe following server operating systems to access network resources(continued):

NETWARE


In 1983, Novell introduced its NetWare network operating system. NetWare quickly becamethe standard operating system for LANs and WANs, providing reliable file- and print-sharingservices for millions of users. Since then, Novell has refined NetWare to include support forTCP/IP, intranet services, a graphical user interface, and better integration with otheroperating systems.

WHAT YOU REALLY NEED TO KNOW◆ The original version of Novell NetWare was based on the IPX/SPX protocol. Novell

has expanded its compatibility with other protocols. NetWare versions 5.0 andhigher are based on the TCP/IP protocol. The current version is NetWare 6.5.

◆ Versions 4.x and higher of NetWare support multiple processors, multiple NICs,32-bit addressing, and can use both physical and virtual memory.

◆ NetWare’s kernel oversees all critical server functions. The program server.exe runsthe kernel from a DOS prompt and is run from the server’s autoexec.bat file.

◆ NetWare uses NLMs (NetWare loadable modules) to load necessary functions orapplications (such as the printer console) into memory on the server.

◆ In NetWare versions 4.x and lower, the server console, a text-based menu system, isthe network administrator’s main interface with the server. In NetWare 5.x orhigher, administrators may use a GUI interface called ConsoleOne.

◆ eDirectory, also known as the NDS (NetWare Directory Services), describes how anetwork’s volumes, resources, users, and groups are arranged. The terms “root,”“tree,” and “leaf” are used to describe different elements of eDirectory.

◆ A NetWare server can accept many different types of clients, including UNIX orLinux, Macintosh, Windows 9x, 2000, NT, and XP, and MS-DOS.


The NetWare NOS is favored by many veteran network administrators. To succeed as anetwork technician or administrator in a NetWare shop, you must be especially familiar withthe concepts of NDS, NWAdmin, protocols, and interconnecting with other NOSs.

34384_CPEG_03 2/17/2005 16:53:37 Page 170

O B J E C T I V E S



1. What protocol suite is selected by default when installing NetWare version 6.5?a. IPX/SPXb. NetBIOS/NetBEUIc. AppleTalkd. TCP/IP

2. From what file on a NetWare server is the server.exe program launched?a. config.sysb. autoexec.batc. server.batd. nlm.bat

3. On which protocol was the first version of NetWare based?a. TCP/IPb. NetBEUIc. SNAd. IPX/SPX

4. What program is used to administer eDirectory?a. GSNWb. iManagerc. NTFSd. NWConsole

5. A user is an example of what type of NDS object?a. rootb. branchc. leafd. stem

6. What is the main purpose of NLMs?a. to load applications or services into memory on the serverb. to install the NetWare operating system on the serverc. to connect NetWare servers with Windows NT serversd. to optimize memory usage on the server

7. What volume does NetWare create by default upon installation?a. SYSb. VOL1c. USERSd. DATA

34384_CPEG_03 2/17/2005 16:53:37 Page 171



WINDOWS


Some of the most popular network operating systems are MicrosoftWindows 2000 Server andWindows Server 2003.The Microsoft NOSs have grown in popularity due to their simple-to-use graphical user interface and their similarity to theWindows desktop operating systems.

WHAT YOU REALLY NEED TO KNOW◆ Windows Server 2003 relies on a GUI (graphical user interface), a pictorial represen-

tation of computer functions that makes it easy for the network administrator tomanage files, users, groups, security, printers, and so on.

◆ Windows Server 2003 uses 32-bit addressing, which helps to process instructionstwice as fast as 16-bit addressing and assigns each application its own 32-bitmemory area.

◆ Windows Server 2003 can use multiple processors, multiple NICs, and both physicaland virtual memory. To determine what components can be used in a Windows2000 server, refer to the Microsoft HCL (Hardware Compatibility List). The HCL listsall the computer components proven to be compatible with Windows 2000 Server.

◆ Windows Server 2003 uses Active Directory, its directory service, for organizing andmanaging objects on the network.

◆ Windows Server 2003 can support the following file systems: CDFS, FAT, FAT32, andNTFS. Microsoft developed the NTFS (New Technology File System) expressly forWindows NT, the precursor to Windows 2000. NTFS integrates reliability, compres-sion, speed, and the ability to handle large files. The main benefit to NTFS, how-ever, is its superior security. NTFS is the preferred file system for servers runningWindows Server 2003.

◆ A Windows Server 2003 server can communicate with almost any kind of client.Often, a network dominated by Windows Server 2003 servers uses Windows XP, NT,or 2000 workstations.

◆ To communicate with a NetWare server running IPX/SPX, a Windows Server 2003server must have the GSNW (Gateway Services for NetWare) installed in addition tothe IPX/SPX protocols. To communicate with a UNIX server, a Windows Server 2003server need only have the TCP/IP protocols and services installed.


Many organizations run the Windows Server 2003 network operating system, even if theirnetwork is dominated by other NOSs. Windows Server 2003 is a popular system for Webservices (those running Internet Information Services), as well as file and print services.

34384_CPEG_03 2/17/2005 16:53:37 Page 172

O B J E C T I V E S



1. What server resource does the Windows Server 2003 NOS use for virtual memory?a. hard diskb. RAMc. CPUd. system board

2. What protocol must be installed for a Windows Server 2003 server to communicate with a UNIX-type server?

a. NetBEUIb. IPX/SPXc. TCP/IPd. SNA

3. What is the name of the Windows Server 2003 directory service?a. Windows Directory Serviceb. Active Directoryc. Hierarchical Directoriesd. Managed Directory Service

4. What is the main advantage of assigning each application its own 32-bit memory area?a. The application is less likely to freeze up.b. The application is less likely to interfere with other applications.c. The application executes with priority over other applications.d. The application can be executed from multiple workstations.

5. Which of the following file systems must be present on a Windows Server 2003 server so it cancommunicate with Macintosh workstations?

a. NTFSb. CDFSc. HPFSd. FAT

6. What resource can you use to determine whether your server’s NIC works with the Windows Server2003 NOS?

a. the server resource kitb. the Hardware Compatibility Listc. the Microsoft NT users forumd. the emergency repair disk

7. Which of the following must a Windows Server 2003 server have installed to communicate with aNetWare server running IPX/SPX?

a. IntraNetWareb. eDirectoryc. NDS for 2000d. Gateway Services for NetWare

34384_CPEG_03 2/17/2005 16:53:38 Page 173



APPLESHARE IP (INTERNET PROTOCOL)


ASIP (AppleShare IP) is proprietary software developed by Apple Computer, Inc., to providenetworking services to Macintosh OS users.

WHAT YOU REALLY NEED TO KNOW◆ The AppleShare IP software is a group of applications that functions over an

underlying Macintosh operating system. Therefore, it is not a true network operat-ing system in the sense that UNIX or Windows Server 2003 are NOSs. ASIP offersfile, print, Web, DNS, and mail services similar to most other NOSs. However, ASIPdoes not provide OS core functions, such as preemptive multitasking. ASIP wasdeveloped for businesses and institutions involved in art or education that oftenuse mostly Apple Macintosh computers.

◆ AppleShare was originally developed as a LAN file-sharing solution based on theAppleTalk suite of protocols. It became AppleShare IP at version 5 when it fullysupported AppleShare over IP networking. The latest version, AppleShare IP 6.3.3,still supports AppleTalk, but is optimized to support the TCP/IP suite of protocols.

◆ Essentially, ASIP takes AppleTalk packets and wraps them in TCP/IP, in effect tunnel-ing AppleTalk over an IP network. It supports common TCP/IP protocols, such asPOPv3, IMAPv4, SMTP, FTP, and HTTP, but does not support SSL or centralizedaccount databases. The backbone of AppleTalk (and thus ASIP) is the AFP (Apple-Talk Filing Protocol), which resides in the Application and Presentation layers andprovides most of the file-sharing functionality. AFP relies on lower-layer protocolsto handle session, flow monitoring, and transport duties.

◆ AppleShare IP provides client support for Macintosh, Windows, and Linux clients. Itincludes built-in SMB support for Windows file serving. Although ASIP can theoreti-cally support 500 users, host 50 Web sites, support 10 network printers, and sup-port 10,000 e-mail clients, in reality it is considered a workgroup networkingsolution.

◆ Mac OS X has replaced AppleShare IP and Apple Computer no longer offers directsupport for ASIP. However, many support groups and vendors still provide user sup-port and ASIP product information.


You will probably never need to build a network based on AppleShare IP, but you may needto troubleshoot one. AppleShare IP might still be appropriate for an inexpensive homenetwork using Macintosh computers that requires simple configuration and low maintenance.

34384_CPEG_03 2/17/2005 16:53:38 Page 174

O B J E C T I V E S



1. Which of the following protocols is not supported by AppleShare IP?a. SMTPb. SSLc. POPv3d. FTP

2. Which of the following does not offer preemptive multitasking functionality?a. UNIXb. Linuxc. Mac OS X Serverd. AppleShare IP

3. On which main file transfer protocol does AppleShare IP rely?a. FTPb. HTTPc. AFPd. SMTP

4. Which of the following environments is most likely to use an AppleShare IP-based network?a. an online retailerb. a regional insurance company with seven locations and 4500 employeesc. an elementary school with 150 students and eight teachersd. a home network with Linux and Windows PCs

5. AppleShare IP is a routable protocol. True or False?

6. What is the underlying protocol suite of AppleShare IP?a. AppleTalkb. NetBEUIc. TCP/IPd. IPX/SPX

7. What is the term used to describe the AppleShare IP’s transit of AppleTalk packets over a TCP/IPnetwork?

a. surfingb. tunnelingc. expeditingd. maneuvering

34384_CPEG_03 2/17/2005 16:53:38 Page 175


3.2 Identify the basic capabilities needed for client workstations to connect toand use network resources (for example, media, network protocols, and peerand server services):

UNIX/LINUX


A UNIX or Linux client is very similar to a UNIX or Linux server. Both rely on theTCP/IPprotocol, both require user name and password authentication to log on, and both assign read,write, or execute permissions according to files and groups.

WHAT YOU REALLY NEED TO KNOW◆ UNIX-type systems, including Linux, may be implemented as clients or as servers.

Unlike Windows 2000, in which the server and client operating systems vary consid-erably, the difference between a UNIX-type server and a UNIX-type client lies onlyin the set of optional packages included during installation. A UNIX-type systemconfigured as a server has the necessary software to enable sharing of resources,such as print queues, file systems, and processor time. A UNIX-type client typicallydoes not have these resource-sharing services installed.

◆ UNIX-type systems rely on the TCP/IP protocol. If necessary, they can also run otherprotocols, such as IPX/SPX or AppleTalk.

◆ UNIX-type clients require users to log on with a user name and password. UNIX-type clients use 56-bit DES encrypted passwords.

◆ During installation, you must supply a root password. After installation has com-pleted, you are prompted to log on to the system as root, using the password youspecified.

◆ Files and directories on a UNIX-type client are available only to those users whoare logged on to the client and who have sufficient rights to access those files.

◆ Each file and directory on a UNIX-type client can be assigned read, write, andexecute rights. Such rights can be associated with individual users, groups, or allusers.

◆ Samba is a software program that runs on UNIX-type systems and allows them tosupply file- and printer-sharing services to Windows-based clients. Samba is freelyavailable under the same license as the Linux operating system.

◆ UNIX-type clients can connect to networks via any of the common media types,such as twisted-pair or coaxial cable, fiber-optic cable, or through wireless accesspoints.


It is important to have a plan for securing resources on clients and servers before beginning toconfigure the systems. For instance, on shared UNIX-type client workstations, you may createseparate data directories for each user’s files and assign permissions so that only the directory’sowner can access the directory’s contents.

34384_CPEG_03 2/17/2005 16:53:38 Page 176

O B J E C T I V E S



1. After you install a UNIX or Linux client according to the operating system’s default options, whatprotocol will the client attempt to use to connect to the network?

a. NetBEUIb. TCP/IPc. Sambad. SNA

2. What command would you use to add a new user called “morton” to a UNIX or Linux client?a. chmod –a morton

b. usadd morton

c. useradd morton

d. chmod +add morton

3. What command will enable you to view all the users currently logged on to a UNIX or Linuxsystem?

a. nslookup

b. who

c. whois

d. ifconfig

4. Assuming you have rights to read the contents of a UNIX-type client’s directory, what commandwould you use to do so?

a. hup files

b. list files

c. listdir

d. ls

5. If you wanted to learn more about the command that allows you to change the file and directoryprivileges on a UNIX-type client, what would you type at the shell prompt?

a. help config

b. mkdir /?

c. chdir -?

d. man chmod

6. What is one primary difference between the UNIX-type client operating system and the UNIX-typeserver operating system?

a. The server operating system is capable of multiprocessing, whereas the client operating sys-tem is not.

b. The client operating system typically doesn’t have services such as print queue sharinginstalled.

c. The server operating system can support multiple users, whereas the client operating systemcannot.

d. The client operating system installs multiple Network layer protocols by default.

7. To be able to use FTP on a Linux client, you must first install the FTP software. True or False?

34384_CPEG_03 2/17/2005 16:53:38 Page 177


3.2 Identify the basic capabilities needed for client workstations to connect toand use network resources (for example, media, network protocols, and peerand server services) (continued):

WINDOWS


Users interact with a Windows client via a graphical user interface. A Windows client cansupport many types of protocols, including TCP/IP, NetBEUI, IPX/SPX, and AppleTalk.Windows 2000 Professional and XP require local users to log on to the client by supplying auser name and password.

WHAT YOU REALLY NEED TO KNOW◆ Windows operating systems vary considerably, not only between different versions

of the operating system, but also between client and server software within eachversion.

◆ By default, Windows 98, NT, Me, 2000, and XP operating systems rely on the TCP/IPprotocol. All of the Windows operating systems can also run other protocols, suchas IPX/SPX or AppleTalk.

◆ Windows clients can connect to servers running a version of Windows NOS as wellas NetWare, UNIX, Linux, Mac OS X, and AppleShare IP servers.

◆ During installation of the Windows XP client operating system, you must supply anAdministrator password. After installation has completed, you are prompted to logon to the system as Administrator, using the password you specified.

◆ Local access to files and directories on Windows XP clients is available only to thoseusers who are logged on to the client and who have sufficient rights to accessthose files.

◆ Each file and directory on such clients can be assigned full control, modify, readand execute, list folder contents, read, or write rights. Such rights can be associ-ated with individual users, groups, or all users.

◆ Files and directories on Windows 9x and Windows Me clients are not secured byassigning rights to users and groups. Other means (such as encryption) must beused to secure files on these versions of the Windows client operating system.

◆ Windows clients can connect to networks via any of the common media types, suchas twisted-pair or coaxial cable, fiber-optic cable, or through wireless access points.


Windows clients are popular choices for many organizations because they are well supported andwell understood.When working with Windows clients, be certain to understand the significantdifferences between multiple versions, including Windows 9x, NT, Me, 2000, and XP.

34384_CPEG_03 2/17/2005 16:53:39 Page 178

O B J E C T I V E S



1. On which of the following Windows clients are you most likely to use NetBEUI?a. Windows 2000 Professionalb. Windows XPc. Windows 3.1d. Windows 98

2. What is the name of the account that is created when you install Windows XP on a workstation?a. Rootb. adminc. Masterd. Administrator

3. For a Windows XP client to log on to a NetWare 4.11 server running IPX/SPX, which of the follow-ing must be installed on the client? (Choose all that apply.)

a. NWLink IPX/SPX protocolb. Client for NetWare Networksc. TCP/IPd. NDS eDirectory

4. Assuming all OS updates and service packs have been installed, which of the following is the mostsecure client operating system?

a. Windows NT workstationb. Windows 95c. Windows 98d. Windows XP

5. What would be the best way to secure files on your Windows 98 workstation so that only youcould read them?

a. Modify the local file-sharing properties so that only your user account has access to the files.b. Encrypt the files.c. Assign file scan rights only to those files.d. Compress the files and put them in an unnamed folder.

6. Which of the following would a Windows XP computer require to log on to a UNIX-type server?a. TCP/IPb. IPX/SPXc. NetBEUId. Samba

7. What dialog box would allow you to share a folder in Windows XP?a. the folder’s Properties dialog boxb. the My Network Places dialog boxc. the network adapter Properties dialog boxd. the System Properties dialog box

34384_CPEG_03 2/17/2005 16:53:39 Page 179


3.2 Identify the basic capabilities needed for client workstations to connect toand use network resources (for example, media, network protocols, and peerand server services) (continued):

MACINTOSH


Macintosh clients can connect to Windows, NetWare, UNIX, Linux, Macintosh, and Apple-Share IP servers using TCP/IP protocols.

WHAT YOU REALLY NEED TO KNOW◆ Network connections for a Macintosh client can be viewed and enabled by select-

ing the Chooser option from the Apple menu.◆ Older Macintosh clients used LocalTalk on AppleTalk networks. However, modern

Macintosh clients rely on TCP/IP to connect to a network, whether they are directlyconnected to a LAN or dial in to a remote access server.

◆ The original version of TCP/IP used on Macintosh clients is called MacTCP. However,Mac OS 7.6 and later use a newer TCP/IP version for Macintosh clients, called OpenTransport, by default.

◆ Open Transport provides support for DHCP, IP Multicast, and the use of multiple,simultaneous TCP connections. Open Transport has two components, AppleTalk andTCP/IP, each managed and configured through a separate Control Panel.

◆ In the TCP/IP Control Panel, you can specify whether the client uses DHCP. You canalso specify the client’s host and domain name, subnet mask, IP address (if staticaddressing is used), name server, and the gateway (or router) address. Using the“Connect via” drop-down list in the TCP/IP Control Panel, you can choose whetherthe client will connect to the network via Ethernet or AppleTalk.

◆ If you choose AppleTalk as the network type, you are prompted to indicate thezone to which your Macintosh client belongs.

◆ Using TCP/IP, Macintosh clients can connect to Windows, NetWare, UNIX, Linux, andMacintosh servers.

◆ Mac OS X supports multiple encryption techniques, including Kerberos and SSL. Italso supports file-based permissions (similar to those on a UNIX-type client) thatcan be tailored according to user or group and allow users to fully encrypt all orpart of their Macintosh hard disks.

◆ Macintosh clients can connect to networks via any of the common media types,such as twisted-pair or coaxial cable, fiber-optic cable, or through wireless accesspoints.


Macintosh clients are popular among educational and creative organizations (such as adver-tising agencies).Their TCP/IP configuration is similar to that of a Windows or UNIX-typeclient.

34384_CPEG_03 2/17/2005 16:53:39 Page 180

O B J E C T I V E S



1. What version of TCP/IP was standard on Macintosh clients prior to Mac OS 7.6?a. AppleTalkb. MacTCPc. Open Transportd. NWLink

2. What option would you choose to configure your Macintosh workstation to use DHCP rather thanstatic IP addressing?

a. Apple, TCP/IP Control Panel, Configure “Using DHCP”b. Apple, Chooser, Network Properties, TCP/IP Controls, DHCPc. Apple, Chooser, Networks, Protocols, TCP/IP, Use DHCPd. Apple, TCP/IP Control Panel, IP Addressing tab, Use DHCP

3. What network type would you probably choose for a Macintosh client that is connecting to a Net-Ware 6.5 server?

a. AppleTalkb. LocalTalkc. Ethernetd. Token Ring

4. To what does the router address prompt in the Macintosh TCP/IP Control Panel refer?a. the client’s core Internet routerb. the client’s IP gatewayc. the client’s closest routerd. the client’s closest connectivity device of any type

5. What is one advantage of Open Transport over MacTCP?a. It can connect to Windows servers as well as UNIX and Macintosh servers.b. It uses less temporary memory.c. It offers the option of running over LocalTalk or Ethernet.d. It supports DHCP.

6. Setting file and directory permissions on a Macintosh client running OS X would be very similar tosetting file and directory permissions on what other OS?

a. Windows XPb. Windows 2000 Serverc. NetWare 6.5d. UNIX

7. If you don’t want people to be able to read the contents of your Macintosh hard disk, even if theysat down at your computer, what type of security technique should you use?

a. Kerberosb. SSLc. IPSecd. encrypt the hard disk data

34384_CPEG_03 2/17/2005 16:53:39 Page 181


3.3 Identify the appropriate tool for a given wiring task (for example, wirecrimper, media tester/certifier, punch-down tool, or tone generator).


To ensure connectivity and optimal network performance, cables must be constructed andinstalled properly. Many tools are available to ensure that these two conditions are met.

WHAT YOU REALLY NEED TO KNOW◆ It is important to follow the manufacturer’s guidelines and the TIA/EIA structured

cabling standards for making and installing cable to ensure proper connectivity.◆ Many network problems can be traced to poor cable installation techniques, such

as improper crimping of an RJ-45 connector, which may cause failure to transmit orreceive data (or both).

◆ Installing the wrong grade of cable may cause your network to fail or render itmore susceptible to damage (for example, using inexpensive twisted-pair cable inareas that might be susceptible to fire damage).

◆ A crimper (or crimping tool) is used to terminate wires in a connector, such as anRJ-45 plug.

◆ Basic cable checkers determine whether cabling can provide connectivity. Theyapply a small voltage to each conductor at one end of the cable, and then checkwhether that voltage is detectable at the other end.

◆ A cable tester performs the same continuity and fault tests as a cable checker, butcan also measure the cable length, distance to a fault, attenuation, resistance, andcrosstalk, and issue pass/fail ratings for different cabling standards.

◆ A multimeter is a simple instrument that can measure electrical circuit characteris-tics, including impedance, resistance, and voltage. It might be used to verify cablecontinuity or the presence of noise on a wire.

◆ A TDR (time domain reflectometer) is a high-end performance tester for determin-ing cable and connector imperfections.

◆ OTDRs (optical time domain reflectometers) issue a light-based signal over a fiber-optic cable. Based on the type of return light signal, the OTDR can gauge thelength of the fiber, attenuation, and location of faulty splices, breaks, connectors,or bends.

◆ A tone generator is an electronic device that issues a signal on a cable. A tonelocator emits a tone when it detects electrical activity. By placing the tone genera-tor at one end of a wire and attaching a tone locator to the other end, you canverify the location of the wire’s termination.


Before leaving the area in which you were working, clean it up. For instance, if you created anew patch cable in a telecommunications room, remove the debris created while splicing thecable.

34384_CPEG_03 2/17/2005 16:53:39 Page 182

O B J E C T I V E S



1. Which of the following tools could determine the location of a faulty splice in a fiber-optic link?a. cable checkerb. multimeterc. TDRd. OTDR

2. What tool is used to terminate wires in an RJ-11 plug?a. crimperb. pliersc. wire stripperd. Allen wrench

3. Which of the following tools could issue a pass/fail rating for a CAT 5 cable?a. cable checkerb. cable testerc. multimeterd. tone generator

4. If a patch cable allows a workstation to receive data, but not to transmit data, which of the follow-ing could be at fault? (Choose all that apply.)

a. The cable may not have the proper plenum rating.b. The cable may not have a sufficiently high twist ratio for the network on which it is being

used.c. The wires responsible for data transmission may not be properly terminated in one of the

patch cable’s connectors.d. The transmit wire pair may be physically damaged.

5. Which of the following can be used to determine the location of a particular wire in a bundleof wires?

a. cable checkerb. cable testerc. multimeterd. tone generator

6. What organization has established standards for structured cabling?a. IEEEb. TIA/EIAc. IETFd. ISO

7. Which of the following can test whether a UTP cable is transmitting an electrical signal? (Chooseall that apply.)

a. multimeterb. cable checkerc. TDRd. OTDR

34384_CPEG_03 2/17/2005 16:53:39 Page 183


3.4 Given a remote connectivity scenario comprised of a protocol, anauthentication scheme, and physical connectivity, configure the connection.Includes connection to the following servers:

UNIX/LINUX/MAC OS X SERVER


Remote connectivity is a network service that allows a user to connect with a LAN orWANby logging on from a geographically remote computer. This is a powerful feature of aUNIX-type operating system.

WHAT YOU REALLY NEED TO KNOW◆ Remote access between a UNIX-type server and a client can be achieved in several

ways, such as terminal services, remote control, dial-up networking, Web portals,and VPNs (virtual private networks).

◆ The Telnet protocol is one of the most basic, easiest, and least secure methods usedfor remote connectivity. Telnet commands entered at the command line provide aconnection for information exchange that is not secure because all information istransmitted in clear text.

◆ A more secure method of information exchange, the SSH (Secure Shell) protocol,provides similar functionality to Telnet, but offers encryption for greater security.With Telnet and SSH, the remote client and the server must be configured toaccept requests.

◆ To log on to a server named server1.xyzcompany.com using Telnet, type telnet

server1.xyzcompany.com at the command line. On connecting, the serverrequests logon authentication (user name, password) just as if logon was takingplace on a local machine.

◆ Logging on using SSH requires a user name and password. At the command line,type ssh -1 janesmith server1.xyzcompany.com. Following host verification,a password prompt is displayed to complete the logon.

◆ Another common type of remote access involves DUN via a modem connection to aserver through the PSTN. The modem and the networking client software must beproperly installed and configured.

◆ UNIX-type dial-up networking connections rely on TCP/IP network protocols andeither the SLIP or PPP protocols.

◆ To connect to a UNIX-type remote access server from a UNIX-type client, run thenetcfg command at the command line. This launches the network configurationtool, which you can use to establish a PPP interface, specify dial-up numbers, andselect an authentication method, such as PAP, along with a user name andpassword. PPP is not usually required for broadband connections.


As UNIX-type client and server operating systems become more popular, it is important toknow how to access and troubleshoot their various remote access utilities.

34384_CPEG_03 2/17/2005 16:53:40 Page 184

O B J E C T I V E S



1. What is the main difference between remote access using Telnet and SSH?a. Telnet is faster.b. SSH offers a graphical user interface.c. Telnet is newer and offers many more commands.d. SSH is more secure.

2. What command launches the network configuration tool in UNIX-type systems?a. nctool

b. toolup

c. netcfg

d. configtl

3. Which WAN technology is normally used by a dial-up networking connection for the local loop?a. PSTNb. T1c. ISDNd. FDDI

4. Which protocol is necessary to ensure proper dial-up networking connectivity?a. FTPb. PPPc. DUNd. Telnet

5. In which scenario would it be appropriate to establish a dial-up networking connection?a. A technician needs to transfer a large database from a workstation, through a LAN closet, to

the main server room.b. A LAN user needs to connect to the Internet through a company T1 line.c. A traveling salesperson needs to connect to the Internet through a hotel’s broadband

connection.d. A traveling salesperson in her hotel room needs to check her e-mail on the company’s mail

server.

6. Suppose a person with the user name jjones wants to connect to server svr9 at acme.com using theSSH protocol. What should she enter at the command line?

a. ssh svr9.acme.com

b. ssh -1 jjones svr9.acme.com

c. ssh -1 svr9.acme.com jjones

d. ssh jjones svr9.acme.com

7. What is the standard suite of protocols used by UNIX-type servers and clients to communicateremotely?

a. TCP/IPb. IPX/SPXc. NetBEUId. NetBIOS

34384_CPEG_03 2/17/2005 16:53:40 Page 185


3.4 Given a remote connectivity scenario comprised of a protocol, anauthentication scheme, and physical connectivity, configure the connection.Includes connection to the following servers (continued):

NETWARE


The Novell NetWare NOS operates and manages resources just like any other contemporaryNOS.However,unlikeWindows,UNIX,Linux,or Macintosh,NetWare does not have a clientversion.Therefore, remote connectivity to NetWare takes place from workstations configuredwith Windows or some other client OS.

WHAT YOU REALLY NEED TO KNOW◆ The latest version of NetWare, version 6.5, runs the TCP/IP suite of protocols by

default, making it compatible with the many methods available for remoteconnectivity. The Novell proprietary IPX/SPX protocol suite is also available.

◆ BorderManager is a group of software applications intended to provide centralizedserver management for all forms of connectivity to NetWare servers, includingremote dial-up and VPN client access. Depending on how the communicationserver is configured, it may or may not work in tandem with a network RADIUSserver.

◆ To establish a dial-up connection from a remote Windows XP workstation to a Net-Ware network server, administrators can use the New Connection Wizard inWindows.

◆ Before you can establish a connection to a NetWare server, make sure theWindows-based client is running Microsoft Client for NetWare Networks software.When a new dial-up connection is configured, NetWare authentication automati-cally prompts the user for the NDS user name and password.

◆ Typically, the remote client would use an IP or IPX asynchronous point-to-point link(PPP or PPPoE) for connection to the NetWare server. The link treats the remoteclient like any other local node on the network.

◆ For clients requiring VPN connectivity, a Novell VPN client has to be installed towork with the BorderManager server software. This allows clients that already havebroadband access to the Internet to gain secure, remote access to network data.The same network user name and password is required, but VPN allows for fasterthroughput.


Understanding how to configure connections between clients and servers running multipleoperating systems is an important aspect of a network administrator’s everyday life. Asnetworks grow, a mix of systems is inevitable and learning to deal with the mix is critical.

34384_CPEG_03 2/17/2005 16:53:40 Page 186

O B J E C T I V E S



1. What is the latest version of the NetWare server?a. version 4.1b. version 5.0c. version 6.0d. version 6.5

2. What is the name of the software that NetWare uses to manage server connectivity?a. NetManagerb. BorderManagerc. GatewayManagerd. ConnectManager

3. What software is required to connect a Windows XP client to a NetWare server?a. Client for NetWare Networksb. Client for Microsoft Networksc. NetWare Managerd. Client Manager

4. Which of the following clients, if properly configured, can connect to a NetWare server? Select themost correct answer.

a. Windowsb. Linuxc. Macintoshd. all of the above

5. Which suite of protocols is proprietary to Novell NetWare?a. TCP/IPb. NetBEUIc. NetBIOSd. IPX/SPX

6. Which Windows XP tool would you use to set up a new remote connection to a NetWare server?a. the Add/Remove Programs dialog boxb. the Add New Hardware dialog boxc. the New Connection Wizardd. the Network Setup Wizard

7. Which protocol establishes and maintains the dial-up connection between a client and a NetWareserver?

a. PPPb. FTPc. HTTPd. POP

34384_CPEG_03 2/17/2005 16:53:40 Page 187



WINDOWS


Many utilities, software programs, protocols, and hardware combinations are used to establisha remote connection.The modem on the client must be properly installed and configured.ForWindows clients, the DUN (dial-up networking) software must be configured; then, the DUNsoftware and the TCP/IP protocol must be bound to both TCP/IP and the Client forMicrosoft Networks.

WHAT YOU REALLY NEED TO KNOW◆ The most common type of remote access involves dial-up networking. DUN typi-

cally refers to a modem connection to a server through the PSTN. It is also thename of the utility that Microsoft provides with its operating systems to achievethis type of connectivity. To use dial-up networking, the modem and the network-ing client software must be properly installed and configured.

◆ Nearly all dial-up networking connections rely on TCP/IP network protocols. MostWindows-based clients use PPP.

◆ To connect to a Windows-based remote access server from a Windows workstation,the Client for Microsoft Networks and the TCP/IP protocol must be installed. Also,the dial-up networking utility must be installed and bound to TCP/IP and the Clientfor Microsoft Networks.

◆ Settings you can identify through the DUN connection properties include the servertype, network and remote access protocols that will be transmitted, whether datamust be encrypted, IP address, and default gateway. Most modern dial-up connec-tions rely on DHCP to assign IP addresses.

◆ If incomplete or incorrect information is entered into this configuration, a sessioncan be established, but the client might be unable to send or receive data. If theclient is dialing in to an ISP’s server, the ISP must provide client configurationinformation.

◆ A remote access server is a combination of software and hardware that provides acentral access point for multiple users to dial in to a LAN or WAN.

◆ Different software and hardware combinations can provide remote connectivity.One example is the Windows Server 2003 RRAS (Routing and Remote Accessservice).


Knowing how to establish and troubleshoot a dial-up networking connection is a basic skillrelated to knowing how to establish and troubleshoot any other connection to the LAN. Becertain to verify that a proper Physical layer connection exists, that the appropriate protocolsand clients have been correctly bound to the hardware, and that the dial-up networkingsoftware and address settings are correct.

34384_CPEG_03 2/17/2005 16:53:40 Page 188

O B J E C T I V E S



1. Which of the following must be specified by an ISP for its clients to establish DUN connections toits remote access server?

a. default gateway addressb. TCP/IP versionc. maximum modem port speedd. modem IRQ

2. Suppose you want a Windows XP machine to send and receive data via DUN to a Windows Server2003 server running RRAS and TCP/IP. To which of the following should the DUN software bebound? (Choose all that apply.)

a. TCP/IPb. IPX/SPXc. Client for NetWare Networksd. Client for Microsoft Networks

3. Which menu option would you choose to create a DUN connection on a Windows XP workstation?a. Network Connections, Create a New Connectionb. Control Panel, Modems, Generalc. Dial-Up Networking, Make New Connectiond. My Network Places, Dial-Up Networking, Properties

4. What does the first “R” in Windows Server 2003 RRAS stand for?a. remoteb. redundantc. resourced. routing

5. After you have created a dial-up networking connection on a Windows XP workstation, how wouldyou indicate that PPP should be used?

a. Start, My Network Places, Connection properties, Network, Protocol Typeb. Start, My Network Places, View network connections, Connection properties, Networkingc. Start, My Network Places, Dial-up Connections, Options, Security, Protocold. Start, Control Panel, Dial-up networking, Server type

6. Which of the following transmission systems are commonly used for dial-up networking? (Chooseall that apply.)

a. ISDNb. PSTNc. T1d. SONET

7. Which two of the following can be supported through the Windows DUN connection?a. SNAb. IPXc. IPd. DLC

34384_CPEG_03 2/17/2005 16:53:41 Page 189



APPLESHARE IP (INTERNET PROTOCOL)


A server running AppleShare IP software can offer remote connectivity to a range of clients,including Macintosh,Windows, and UNIX-type systems.

WHAT YOU REALLY NEED TO KNOW◆ AppleShare IP works with the AppleTalk protocol stack and with the TCP/IP suite of

protocols to offer connectivity services to remote clients. ASIP also supports SMBfile transfer protocols.

◆ The AppleShare IP mail server provides mail service for AppleTalk and TCP/IP-basedclient mail applications. Users log on to the mail server to send and receive e-mail,and the mail server communicates with other mail servers to deliver mail to theappropriate mail server. The ASIP mail server supports IMAP, POP, and SMTP, as wellas a number of other protocols and Internet standards.

◆ ARAP (Apple Remote Access Protocol) provides dial-up access to AppleTalk-basednetworks such as those managed by AppleShare IP servers. After connecting, theremote Macintosh client functions like any other local node on the network, withaccess to services such as file and print sharing.

◆ To configure a dial-up connection on a Mac OS X client, open the Apple menu,select System Preferences, and then select the Network icon. In modem settings,select PPP. Under the PPP settings, enter the name of the dial-up provider and tele-phone number, user name, and password. Also select the option that allows auto-matic connection when starting TCP/IP applications.

◆ By using the LAN TunnelBuilder utility, a Macintosh client VPN connection can alsobe set up via DSL or broadband cable. TunnelBuilder setup automatically selectsPPP server even if DHCP is being used to connect to the VPN server.


You’re not likely to encounter AppleShare IP unless your network supports only Macintoshclients, or a legacy Macintosh base that is in transition to PCs.

34384_CPEG_03 2/17/2005 16:53:41 Page 190

O B J E C T I V E S



1. Which protocol provides a Macintosh client remote dial-up access to an AppleShare IP server?a. ARPb. PAPc. RARPd. ARAP

2. Which utility can a Macintosh client use to establish a VPN connection to an AppleShare IP server?a. TunnelBuilderb. VPConnectc. AppleVPNd. MacVP

3. Which suite of protocols forms the basic building block for AppleShare IP?a. TCP/IPb. NetBEUIc. AppleTalkd. IPX/SPX

4. Which suite of protocols does AppleShare IP use as the transport mechanism to move data betweena remote client and the server?

a. TCP/IPb. NetBEUIc. AppleTalkd. IPX/SPX

5. Which of the following protocols does the AppleShare IP mail server support?a. SNTPb. SMTPc. IMAPd. ICMP

6. Where would a user with a Mac OS X client begin to set up a dial-up connection to an AppleShareIP server?

a. at the Mac command line by typing ifconfig

b. by bringing up My Network Placesc. by opening a terminal window and typing netcfg

d. by selecting System Preferences from the Apple menu

7. When setting up a dial-up connection on Mac OS X, which protocol should you select?a. PPTPb. PPPoEc. PPPd. CHAP

34384_CPEG_03 2/17/2005 16:53:41 Page 191


3.5 Identify the purpose, benefits, and characteristics of using a firewall.


Firewalls are combinations of hardware and software that operate at the Network andTransport layers of the OSI Model to filter traffic coming in and going out of a network.Firewalls most often run on router hardware, though they can also work on PCs.

WHAT YOU REALLY NEED TO KNOW◆ A firewall is typically a combination of a device (a router or a PC) and specialized

software that selectively filters or blocks traffic between networks. It can be placedbetween two interconnected private networks or between a private network and apublic network.

◆ The simplest form of a firewall is a packet-filtering firewall, which is a router thatoperates at the Network and Transport layers of the OSI Model, examining thedata headers to determine whether each packet is authorized to continue to itsdestination. Packet-filtering firewalls are also called screening firewalls.

◆ More sophisticated firewalls, such as the Windows Server 2003 ISA Server (InternetSecurity and Acceleration Server), go beyond just filtering packets. They protectagainst viruses, worms, Trojan horses, and many forms of intrusion hacking, andalso perform application and e-mail filtering. They carry out stateful packet inspec-tions (examining data based on protocol and connection state), which is a moresecure form of packet filtering.

◆ Firewalls must be tailored to your network’s needs by being configured to acceptor deny certain types of traffic. Some of the criteria a firewall can use to acceptor deny data include source and destination IP addresses or ports (such as TCP/UDPconnection ports, FTP, Telnet, SNMP, and RealAudio); TCP, UDP, or ICMP protocol;whether a packet is the first packet in a new data stream or a subsequentpacket; whether the packet is inbound or outbound to or from a private network;and whether the packet came from or is destined for an application on your pri-vate network.

◆ Packet-filtering routers, which work at the Network layer, cannot distinguish whichuser is trying to get through the firewall, nor can they determine whether thatuser is authorized to do so.


It can take weeks to configure a firewall properly so that it is not so strict that it preventsauthorized users from transmitting and receiving necessary data, and not so lenient that yourisk security breaches.Also plan to create exceptions to the rules.

34384_CPEG_03 2/17/2005 16:53:41 Page 192

O B J E C T I V E S



1. On which two of the following devices could a firewall run?a. serverb. printerc. hubd. router

2. At which layer of the OSI Model does a firewall perform packet filtering?a. Applicationb. Physicalc. Networkd. Transport

3. Which two of the following criteria could be used to filter traffic on a firewall?a. IP addressb. logon IDc. passwordd. destination port

4. Which of the following types of networks necessarily uses more than one firewall?a. WANb. VPNc. LANd. MAN

5. Which of the following protocols can be interpreted by a firewall?a. SNAb. DLCc. TCP/IPd. NetBEUI

6. Before a firewall can effectively filter unwanted traffic anywhere on a network, it must be.

a. placed between a private and public networkb. configured according to an organization’s security needsc. combined with a proxy serverd. attached to a switch on the internal LAN

7. A type of firewall that masks the IP addresses of internal devices by replacing them with its own iscalled a .

a. gatewayb. proxyc. packet-filtering firewalld. screening firewall

34384_CPEG_03 2/17/2005 16:53:41 Page 193


3.6 Identify the purpose, benefits, and characteristics of using a proxy service.


A proxy service is one that acts on behalf of another service.Typically, a proxy server is used innetworking at the border between an internal LAN and an outside WAN (such as theInternet). A proxy server can filter outgoing and incoming requests for data, cache frequentlyused Web pages, and obscure the specific IP addresses of devices on an internal LAN. Proxyservers are typically used in conjunction with a firewall.

WHAT YOU REALLY NEED TO KNOW◆ In networking, the term proxy means a device or service that acts on behalf of

another device or service.◆ Using a proxy for a server or network device can improve security and the perfor-

mance of servers, or simplify addressing on a local network. Proxy servers usuallywork on a network together with a firewall.

◆ Proxy servers situated between internal LAN clients and the Internet can improveperformance by caching requests and saving them on local disks for futureretrieval. This saves subsequent clients who request the same data from having toconnect to a remote host on the Internet, thus expediting the retrieval.

◆ A proxy device may determine what type of traffic can be exchanged between cli-ents on an internal LAN and the Internet. The proxy may filter requests to theInternet, for example, or allow only specific IP addresses to send traffic throughwhile denying transmission attempts from other IP addresses. The proxy may alsoblock certain resource-consuming files, such as streaming video, from beingdownloaded.

◆ A proxy server also acts as a way to obscure internal IP addresses. After a clientsends its data to the proxy server, the proxy server repackages the data frames thatmake up the message so that, rather than the workstation’s IP address being thesource, the proxy server inserts its own IP address as the source.

◆ A proxy server may also allow or deny transmission requests depending on thetype of protocol. For instance, a proxy server can prevent outside clients fromreaching a server’s FTP service, but allow outside clients to access its HTTP service.

◆ If a network uses a proxy server for Web access, each client’s browser must be con-figured to point to the proxy server. All major Internet browser programs contain aspace for the proxy server’s IP address in their properties or preferences options.


To use a proxy server, clients must be configured to point to the server.This is accomplishedby entering a parameter into the client’s Web browser. All network operating systems cansupply some type of proxy server software, either as part of their program or as an add-onprogram.

34384_CPEG_03 2/17/2005 16:53:41 Page 194

O B J E C T I V E S



1. How does a proxy server improve Web performance for clients on a private LAN?a. It expedites incoming data to clients because it replaces client IP addresses.b. It enables incoming requests to bypass the firewall.c. It holds Web requests in a cache so that subsequent requests for those pages can be fulfilled

locally.d. It enables users to save frequently used bookmarks in a shared location.

2. Which of the following can a proxy server use as criteria to filter incoming traffic? (Choose all thatapply.)

a. IP addressb. MAC addressc. protocold. TTL

3. Which of the following IP ranges is most likely to be found on a small, private network that uses aproxy server to share limited IP addresses?

a. 10.09.1.1–10.10.1.254b. 124.89.33.1–124.89.33.230c. 222.45.112.1–222.45.113.1d. 188.30.10.1–188.30.10.10

4. Which of the following is a potential disadvantage to Web caching? (Choose all that apply.)a. It takes more time to initially retrieve the Web pages for the cache.b. It requires clients to configure an additional parameter in their Web browsers.c. It does not guarantee that the cached Web pages are the most current.d. It is difficult to configure.

5. If a client on a local LAN uses an IP address of 100.100.10.2 and the LAN’s proxy server uses an IPaddress of 205.66.127.88, what will the remote host regard as the client’s IP address when the cli-ent connects to a remote host on the Internet?

a. 100.100.10.2b. 100.100.10.1c. 205.66.127.1d. 205.66.127.88

6. What device is usually found near a proxy server on the network?a. modemb. firewallc. switchd. protocol analyzer

7. Where in Netscape could you enter the IP address of a proxy server?a. Edit, Preferences, Advanced, Proxiesb. Tools, Internet Options, Proxy Serverc. Tools, Internet Options, Connections, Settingsd. Edit, Preferences, Advanced, Cache

34384_CPEG_03 2/17/2005 16:54:47 Page 195


3.7 Given a connectivity scenario, determine the impact on network functionalityof a particular security implementation (for example, port blocking/filtering,authentication, and encryption).


Security is a necessary part of network management. However, with each new accessrestriction, a network administrator risks limiting authorized access to resources and reducingnetwork performance.

WHAT YOU REALLY NEED TO KNOW◆ Nearly all data security measures affect network performance and access to net-

work resources. Firewalls add another device through which data must travel, aswell as another potential point of failure in the network. Authentication takes afew extra seconds of a user’s time. Encryption adds time to the process of assem-bling and disassembling data frames.

◆ To improve network security, a network administrator could disable—or block—certain well known ports, such as the FTP ports (20 and 21) in a device’s config-uration. Blocking ports prevents any user from connecting to and completing atransmission through those ports. This technique is a useful way to further guardagainst unauthorized access to the network.

◆ One danger of blocking ports is that the administrator may accidentally also blockcommunication for authorized users as well. This can be avoided by assigning alter-nate ports, specifying access restrictions (for example, according to source address)for certain ports, or separating private and public network devices.

◆ Authentication is the process of verifying a user’s validity and authority on asystem; it generally takes place during the logon process and, when properly con-figured, helps keep a network secure. When improperly configured, the authentica-tion process can restrict authorized access. (For example, if you inadvertently limitthe time of day an authorized user can log on to the network, the user won’t beable to log on.)

◆ Encryption is the use of an algorithm to scramble data into a format that can beread only by reversing the algorithm—that is, by decrypting the data. The purposeof encryption is to keep information private. Many forms of encryption exist, withsome being more secure than others.

◆ Encryption can limit authorized access if the recipient of encrypted data does nothave the proper software, system, credentials, or configuration to decrypt the data.


The benefits of security measures must be weighed against their impact on authorizednetwork access and network performance. For example, if you have secured the perimeter ofa private LAN from outside access, you may decide that your need for data encryption withinthe organization is insignificant and forego encryption in favor of faster data transmission.

34384_CPEG_03 2/17/2005 16:53:42 Page 196

O B J E C T I V E S



1. Which of the following security measures would slow transmissions between two workstations onthe same segment? (Choose all that apply.)

a. private key encryptionb. firewallc. NOS authenticationd. public key encryption

2. Which of the following would potentially prevent authorized users from accessing their LANresources while traveling?

a. private key encryptionb. firewallc. NOS authenticationd. public key encryption

3. What port(s) should you block to prevent insecure FTP transmissions from going to or from yourWeb server? (Choose all that apply.)

a. 20b. 21c. 22d. 23

4. What is the name of the most highly privileged account on a UNIX or Linux system?a. treeb. adminc. rootd. master

5. When using a firewall to guard a private LAN from Internet-based intrusion, how can you still allowauthorized users to access the network from home?

a. Open access to all the router’s ports.b. Allow access to select ports based on incoming IP address.c. Allow some users to bypass the firewall.d. Apply time of day restrictions to some of the firewall’s ports.

6. What pieces of information do all modern NOSs require for authentication?a. user name and passwordb. first name, last name, and date of birthc. user name, IP address, and passwordd. last name, IP address, and location

7. Ensuring that authorized users have appropriate access to the resources they need is part of aneffective security policy. True or False?

34384_CPEG_03 2/17/2005 16:53:42 Page 197


3.8 Identify the main characteristics of VLANs (Virtual Local Area Networks).


A VLAN (virtual local area network) is a network of nodes logically created by configuringports on a switch or multiple switches.VLANs are useful for isolating traffic, either with theaim of improving performance or increasing data privacy.

WHAT YOU REALLY NEED TO KNOW◆ A VLAN is a logically separate network within a network.◆ To create a VLAN, you use a switch (or switches) to group a number of the switch’s

ports into a broadcast domain. The ports do not have to reside on the same switchor even on the same network segment.

◆ A broadcast domain (also known as a collision domain) is a combination of deviceports that make up a Layer 2 segment and must be connected by a Layer 3 device,such as a router or Layer 3 switch.

◆ A VLAN can include servers, workstations, printers, routers, or any other networkdevice you can connect to a switch.

◆ One great advantage of VLANs is their ability to link geographically distant usersand create small workgroups from large LANs.

◆ VLANs are also helpful if you are interested in keeping one workgroup’s networktraffic separate from another workgroup’s network traffic for improved security orperformance.

◆ To create a VLAN, you must configure the switch properly. In addition to identify-ing the ports that belong to each logical network, you can specify security param-eters, filtering instructions (if the switch should not forward any frames from acertain segment, for example), performance requirements for certain users, andnetwork management options.

◆ In setting up a VLAN, you are not merely including a certain group of nodes—youare also excluding another group. As a result, you can potentially cut a group offfrom the rest of the network. VLAN implementation requires careful planning toensure that all the groups of users who need to communicate can do so after theVLAN is in operation.


If you are charged with designing a network or installing switches, you should researchVLANsfurther. Some trade publications (and many switch manufacturers) have toutedVLANs as themost advanced approach to networking—and the wave of the future.

34384_CPEG_03 2/17/2005 16:53:42 Page 198

O B J E C T I V E S



1. What connectivity device is used to create VLANs?a. hubb. routerc. switchd. gateway

2. Why couldn’t bridges be used to create VLANs?a. because they cannot interpret Layer 3 informationb. because they do not contain multiple portsc. because they do not work with the Ethernet network access methodd. because they cannot determine the MAC addresses of connected nodes

3. Which of the following parameters can you specify for a VLAN when configuring a switch? (Chooseall that apply.)

a. performance requirements for certain nodesb. the method of signaling required by certain nodesc. security parametersd. filtering instructions based on segment

4. What is one potential pitfall when creating VLANs?a. You could inadvertently forget to assign a port to a node, thus disabling all traffic on that

node’s segment.b. You could inadvertently assign one node to more than one port, thus disabling traffic to and

from that node.c. You could inadvertently connect a segment to itself, thus causing a loop in traffic.d. You could inadvertently cut off network access to some nodes.

5. Which of the following nodes could belong to a single broadcast domain? (Choose all that apply.)a. workstationb. routerc. serverd. printer

6. For two workstations to belong to the same VLAN, they must connect to the same switch. True orFalse?

7. In which of the following situations would a VLAN be most useful and appropriate?a. an office of eight users connected via a peer-to-peer LAN for file and printer sharingb. a start-up company of 18 computer scientists using a Gigabit Ethernet LAN to share data and

programsc. a university WAN dedicated to offering long-distance education to all studentsd. a pharmaceutical company’s headquarters with 530 employees from various departments

connected to a Fast Ethernet LAN

34384_CPEG_03 2/17/2005 16:53:42 Page 199


3.9 Identify the main characteristics and purpose of extranets and intranets.


An intranet is a network or part of a network with restricted access that uses browser-basedInternet technologies to exchange information within an organization. An extranet is anextension of an organization’s intranet that provides authorized users access to resources (suchas the Internet) outside of the organization.

WHAT YOU REALLY NEED TO KNOW◆ An intranet is usually a LAN that has been set up within an organization to permit

limited browser-based display and exchange of private information.◆ Users of an intranet access resources just as if they were traversing the Internet

with their Web browser. The difference is that the resources are being accessedfrom the organization’s local Web server, without any transmissions leaving theprotection of the corporate firewall.

◆ A corporate intranet operates on the same principles and uses the same technolo-gies as an Internet site. In large organizations, the intranet site is usually run froman internal Web server providing HTTP-related services, as well as FTP, e-mail ser-vices, document management, and workgroup collaboration. Companies that areconcerned with the security and integrity of their intranet will likely use a separateserver that is not connected to its Internet Web server.

◆ The extent of an organization’s intranet is defined by its security policies, whichallow access only to authorized users who belong to the organization. An intranetmay be accessible only through a LAN, or it may extend across a VPN or an organi-zation’s private WAN.

◆ An extranet is an extension of an intranet that allows for the exchange of infor-mation within an organization and with certain authorized users outside of thatorganization. For instance, a company might grant extranet access to contractors orconsultants, or it might permit its employees to access corporate files from home.In some cases, an extranet consists of connected intranets from two or morecompanies.

◆ As with an intranet, an extranet relies on Internet protocols. It can offer somesecurity features similar to an intranet, including user authentication and dataencryption. However, because extranet signals travel over the Internet, they aremore vulnerable to security breaches than are intranet signals.

◆ A VPN that operates over the Internet is virtually identical in function to an intra-net or an extranet.


Setting up a corporate intranet or extranet is similar to setting up an InternetWeb site.Becausethe intranet operates behind the corporate firewall, security issues are often dealt with simplyby maintaining the firewall.

34384_CPEG_03 2/17/2005 16:53:43 Page 200

O B J E C T I V E S



1. What is the main difference between an intranet and the Internet?a. An intranet does not offer as much security as the Internet.b. E-mail cannot be sent over an intranet.c. Internet access is browser-based, whereas intranet access is not.d. The Internet allows public access, whereas an intranet allows only private access.

2. What is the main difference between an intranet and an extranet?a. An intranet does not offer as much security as an extranet.b. E-mail cannot be sent over an intranet, but can be sent over an extranet.c. Extranet access is browser-based, whereas intranet access is not.d. An extranet allows wider user access than does an intranet.

3. Which of the following services might be provided by a corporate intranet? (Choose all that apply.)a. provide product pricing information to a buyerb. have employees update their personal informationc. provide information on corporate HR policiesd. sell corporate products to employees

4. What is the core suite of protocols on which an intranet is most likely based?a. AppleTalkb. NetBEUIc. TCP/IPd. IPX/SPX

5. Which one of these statements is true?a. An intranet might be considered an extension of an extranet.b. An extranet might be considered an extension of an intranet.c. An intranet is confined to a LAN.d. An extranet is the same as the Internet.

6. Which software application is most likely to be used to access intranet information?a. Notepadb. Microsoft Wordc. Adobe Acrobatd. Internet Explorer

7. What is an alternative strategy to setting up a private corporate intranet with a Web server?a. Use the Internet to provide the same services.b. Set up a virtual private network.c. Use third-party WAN services.d. Use another company’s extranet.

34384_CPEG_03 2/17/2005 16:53:43 Page 201


3.10 Identify the purpose, benefits, and characteristics of using antivirus software.


Antivirus software protects a computer’s operating system and programs from the intrusion ofmalicious software.

WHAT YOU REALLY NEED TO KNOW◆ The term virus refers generically to a variety of software, including true viruses,

Trojan horses, worms, and other unwanted software invaders. A true virus is aprogram that replicates itself with the intent of infecting more computers. ATrojan horse is a harmful program that disguises itself as benign software. A wormis a program designed to travel between computers and may carry a virus alongwith it.

◆ Antivirus software resides on a computer’s hard drive and acts as a sentinel todetect, isolate, and remove any malicious incoming virus. The antivirus softwarecan also be used to remove any virus that may have already invaded a hard drive.

◆ Antivirus software is generally installed on all network workstations and on serversthat may encounter virus-carrying files. Updates are automatically distributed andinstalled to all computers from a central server, which receives periodic automaticupdates from the antivirus software vendor.

◆ Implementing antivirus software on servers can slow server operations. To find theright balance between sufficient protection and minimal impact on performance, acareful examination of a network’s vulnerabilities and performance requirements isnecessary.

◆ Antivirus programs can detect viruses even if they are disguised using encryptionand polymorphism. They do this by performing virus signature scanning, heuristicscanning, integrity checking, and by monitoring unexpected file changes or virus-like behavior.

◆ Signature scanning compares a file’s content with known unique viruses, identify-ing characteristics stored in a database. The signature database is frequently auto-matically updated, often daily, by the antivirus software supplier.

◆ Heuristic scanning attempts to detect viruses through predictable virus-likebehavior. It is less effective than signature scanning and often results in many falsealarms.

◆ Integrity checking involves comparing current file and disk characteristics againstan archived version of these characteristics to discover any changes. The most com-mon example of integrity checking involves using a checksum.


Virus protection involves choosing and installing the most appropriate antivirus software,monitoring the network, continually updating the antivirus program, and educating users.

34384_CPEG_03 2/17/2005 16:53:43 Page 202

O B J E C T I V E S



1. Where on a computer does antivirus software reside?a. on a floppy diskb. in EPROMc. in RAMd. on a hard drive

2. Generally, where should antivirus software be installed on a network?a. only on workstations that connect to the Internetb. only on file serversc. on all workstations, but not on serversd. on all workstations and on vulnerable servers

3. What is antivirus software?a. software designed to protect installed programs against malicious programsb. software embedded in applications like Microsoft Word to help them scan for virusesc. software that is a standalone operating system to protect hardware from virusesd. software that reports virus information to users so that they can shut their computer off

4. What might be one effect of installing antivirus software on a server?a. periodic rebootingb. slower performancec. erratic performanced. faster performance

5. How does virus signature scanning work?a. The virus code is scanned to find the name of its originator.b. The virus code is scanned to overwrite any malicious code it might contain.c. The virus code is scanned to compare its characteristics against known characteristics.d. The virus code is scanned to rewrite and thus neutralize its malicious code.

6. What is one adverse effect of heuristic scanning?a. It can destroy some good code.b. It can cause virus false alarms.c. It can erase parts of the hard drive.d. It leaves behind many temp files.

7. What does integrity checking do?a. It looks for differences between a file and an archived version of that file.b. It looks for virus files and compares them to archived versions of virus files.c. It checks to see if files are fragmented on the hard drive.d. It checks virus files to see if they can be broken up and neutralized.

34384_CPEG_03 2/17/2005 16:53:43 Page 203


3.11 Identify the purpose and characteristics of fault tolerance.


Fault tolerance is the capacity for a system to withstand faults. On a network, fault tolerancetakes on many forms, including link and component redundancy, alternate power supply,redundant backups, mirroring, clustering, and disk striping.

WHAT YOU REALLY NEED TO KNOW◆ Fault tolerance allows a system to continue performing despite an unexpected

malfunction. A fault is the malfunction of one component of a system that canresult in a failure, or a deviation from a specified level of system performance for agiven period of time.

◆ A network administrator must prevent faults from becoming failures by addressingnetwork locations in which one fault could immobilize the entire network.

◆ Redundancy is the use of duplicate components on a network. Link redundancyuses duplicate links between network components. The aim of redundancy strate-gies is to eliminate single points of failure. Networks often also includeredundant power sources, server hard disks, and NICs.

◆ Power redundancy is implemented through a battery-based UPS (uninterruptiblepower supply) or a power generator that substitutes for line power during apower outage. A standby UPS supplies power with only momentary interruption,whereas an online UPS is always on and supplies instantaneous backup power.Generators provide long-term power during an outage.

◆ Server and disk mirroring are fault-tolerance techniques in which one server ordisk (usually two disks) duplicates the data storage of another identical device. Asimple implementation of disk mirroring on a server is also known as RAID (redun-dant array of inexpensive disks) Level 1.

◆ RAID Level 0 is the simplest implementation of disk striping in which data is writ-ten in 64-K blocks equally across all disks (or partitions) in the array. Disk stripingalone does not provide true redundancy because a disk failure will make datainaccessible.

◆ RAID Level 3 involves disk striping with a special type of ECC (error correctioncode) known as parity error correction code. It writes parity information to asingle disk.

◆ RAID Level 5 is the most common, highly fault-tolerant technique, in which dataand parity error checking are written across several disks.


RAID Level 5 is the most common network fault tolerance technique.You should understandhow your server handles RAID and what kind of hardware it requires.Consider having RAIDcomponents installed by the manufacturer to ensure that you get RAID components that arecompatible with your hardware.

34384_CPEG_03 2/17/2005 16:53:43 Page 204

O B J E C T I V E S



1. Which of the following is the least expensive method of ensuring availability on a network of 100nodes?

a. using redundant NICs on all serversb. using redundant fiber links to the ISPc. using a SONET ring to connect to the local telecommunications facilityd. leasing off-site facilities for data backup storage

2. Which of the following will definitely render a network unusable?a. failureb. faultc. redundancyd. security breach

3. Which of the following components should be redundant in a fault-tolerant network?a. the servers’ NICsb. the root passwordc. the NOS software installationd. the SYS volume

4. What is the aim of fault tolerance?a. to eliminate faultsb. to ensure that faults don’t result in failuresc. to address the least severe faultsd. to create potential faults for testing purposes

5. Which of the following could be a single point of failure for an entire network? (Choose all thatapply.)

a. a serverb. a routerc. a hubd. a workstation

6. Which of the following statements is true about mirroring?a. Mirrored servers must connect to the network at the same speed.b. Mirrored servers must have identical NICs.c. Mirrored servers must be in the same computer room.d. Mirrored servers must use the same backup scheme.

7. Which of the following is most likely to be implemented on a modern network?a. RAID Level 0b. RAID Level 1c. RAID Level 3d. RAID Level 5

34384_CPEG_03 2/17/2005 16:53:44 Page 205


3.12 Identify the purpose and characteristics of disaster recovery.


Network disaster recovery allows an organization to regain computer system functionalityafter a debilitating disaster.

WHAT YOU REALLY NEED TO KNOW◆ Disaster recovery is the process of restoring critical functionality and data after a

networkwide system catastrophe that affects more than a single system or a lim-ited group of users.

◆ Planning for disaster recovery must account for even the very remotest possibilities.A disaster recovery plan should address computers and other essential corporateinfrastructure. It should designate a coordinator and should consider the worst-casescenarios, such as a catastrophic hurricane, a flood, a terrorist attack, or an elec-tronic subterfuge.

◆ A disaster recovery plan should also address what might happen if your typical net-working staff isn’t available. The plan should outline multiple contingencies andspecify alternative sites that can be used to supply temporary functionality.

◆ The computer systems part of a disaster recovery plan should address the followingissues:- Contact names, roles, and responsibilities for emergency coordinators and rel-

evant other staff.- Details on which data and servers are backed up, the most appropriate backup

media, how frequently backups occur, where backups are kept (off-site andsecure), and how backed-up data can be readily recovered in full.

- Details on network topology, redundancy, and agreements with national servicecarriers, in case vendors fall prey to the same disaster. This may include installa-tion of hot spares for disks, or maintaining a supply of cold spares that can beinstalled to replace failed units.

- Strategies for regularly testing the disaster recovery plan.- A plan for managing the crisis, including regular communications with employees

and customers if regular communications line become unavailable.- Disaster recovery contingencies are divided into three categories: cold site, warm

site, and hot site. They differ in their degree of readiness to regain networkfunctionality. A cold site has the appropriate equipment to rebuild a network,but lacks updates, configuration, or connectivity. A warm site has the appropriateequipment, but is only partially updated, configured, and connected. A hot site isready to assume fully functional network status with very little or no downtime.


Having a comprehensive disaster recovery plan lessens the risk of losing critical data in case ofextreme situations. It makes potential customers and your insurance providers look morefavorably on your organization.

34384_CPEG_03 2/17/2005 16:53:44 Page 206

O B J E C T I V E S



1. Which of the following details should be recorded in a disaster recovery plan? (Choose all thatapply.)

a. where backup tapes are storedb. home telephone number of the network administratorc. what type of disaster might occurd. how the plan will be tested

2. Which of the following are disasters that would be addressed by a disaster recovery plan?a. a vendor going out of businessb. a hurricane demolishing the organization’s headquartersc. a riot in a nearby cityd. a hacker gaining access to your Web server

3. Which of the following would be the person most likely to coordinate an organization’s computersystems disaster recovery effort?

a. help desk technicianb. company CFOc. database programmerd. IT manager

4. What is the difference between a hot site and a cold site?a. A hot site is geographically closer to the disaster site.b. A hot site will be immediately functional when disaster strikes, whereas a cold site will require

time and resources to become fully functional.c. A hot site will be close to all major transportation routes, whereas a cold site will not be as

accessible.d. A hot site will be staffed by the best technicians, whereas a cold site will be staffed by tempo-

rary help.

5. Why would it be necessary to include details about an organization’s service agreements with tele-communications carriers in a disaster recovery plan?

a. They will have to supply the organization with new equipment.b. The carriers may also be affected by the disaster and may owe the organization compensation

for downtime.c. The agreements may change as a result of the disaster.d. The carriers may decide to void their agreement after the disaster.

6. The computer systems part of a good disaster recovery plan should assign duties to the IT Depart-ment personnel only. True or False?

7. A disaster recovery plan should contain several different approaches for recovering from a disaster.True or False?

34384_CPEG_03 2/17/2005 16:53:44 Page 207


Documents

OBJECTIVES 3.1 Identify the basic capabilities (for ... · 3.1 Identify the basic capabilities (for example, client support, interoperability, authentication, file and print services,