Untitled Flashcards Set

Host role

Peer-to-peer

In a peer-to-peer network, each host can provide network resources to other hosts or access resources located on other hosts. Each host controls access to the resources located on it.

Advantages of peer-to-peer networks include:

• Easy implementation

• Inexpensive

Disadvantages of peer-to-peer networks include:

• Difficult to expand (not scalable)

• Difficult to support

• Lack centralized control

• No centralized storage

Client-server

In a client-server network, hosts have specific roles. For example, some hosts are assigned server roles, which allow them to provide network resources to other hosts. Other hosts are assigned client roles, which allow them to consume network resources.

Advantages of client-server networks include:

• Easy to expand (scalable)

• Easy to support

• Centralized services

• Easy to back up

Disadvantages of client-server networks include:

• Expensive server operating systems

• Extensive advanced planning required

Geography

Body area network (BAN)

A body area network is a very small network that consists of wearable or implanted devices such as a smart watch, fitness trackers, or medical implants.

Personal area network (PAN)

A personal area network is a very small network used for communication between personal devices.

For example, a PAN may include a pair of wireless earbuds and a smartphone. A PAN is limited to a few feet in range. A PAN is typically created using Bluetooth wireless technologies.

Local area network (LAN)

A local area network is a network in a small geographic area, like an office. A LAN typically uses wires to connect systems together.

Wireless local area network (WLAN)

A wireless LAN covers an area that is roughly the same size as a standard LAN. It uses radio signals to connect systems instead of wires.

Campus area network (CAN)

A campus area network , sometimes referred to as a corporate area network , is established when multiple LANs are connected within a limited area.

An example is a college campus or multiple buildings that are owned by the same organization.

Metropolitan area network (MAN)

A metropolitan area network is a network that covers an area as small as a few city blocks to as large as an entire metropolitan city. MANs are typically owned and managed by a city as a public utility.

Be aware that many IT professionals do not differentiate between a wide area network and a MAN, because both use most of the same network technologies.

Wide area network (WAN)

A wide area network is a group of LANs that are geographically isolated, but are connected to form a large internetwork.

Wireless mesh network (WMN)

A wireless mesh network is a group of wireless mesh nodes that communicate with one another to share the network connection across a large area.

WMNs provide the ability to stream voice, data, and video between arbitrary pairs of devices. Each device in the WMN uses the other devices in the WMN as relays to avoid the need for infrastructure.

Wireless wide area network (WWAN)

A wireless wide area network covers a large geographical area by connecting separate areas wirelessly. WLAN and WWAN both connect to the internet wirelessly, but they use different technologies to do it.

WWANs are often referred to as 4G, 5G, or LTE networks because they usually use cellular network technologies as connection types.

Management

Network

The term network often describes a computer system controlled by a single organization. This could be a local area network at a single location or a wide area network used by a single business or organization.

If two companies connect their internal networks to share data, you could call it one network. However, it is two networks, because each network is managed by a different company.

Subnet

A subnet is a portion of a network. All devices on the subnet share a common network address.

• All devices on the subnet share the same network address, but each has a unique host address.

• Each subnet in a larger network has a unique subnet address.

• Devices connected through hubs or switches are on the same subnet. Routers are used to connect multiple subnets.

Internetwork

An internetwork is a network with geographically dispersed WAN connections that connect multiple LANs.

Additionally, connecting two networks under different management is a form of internetworking because data must travel between two networks.

Storage attached network (SAN)

A special type of network that provides high-speed access to storage across the network. Specialized hardware is used to store and provide access to needed data.

Participation

Internet

The internet is a large, world-wide, public network. The network is public because virtually anyone can connect to it. Users or organizations make services freely available on the internet.

• Users and organizations connect to the internet through an internet service provider (ISP).

• The internet uses a set of communication protocols (TCP/IP) for providing services.

• Individuals and organizations can make services (such as a website) available to other users on the internet.

Intranet

An intranet is a private network that uses internet technologies. Services on an intranet are available only to hosts that are connected to the private network.

For example, a company might have a website that only employees can access.

Extranet

An extranet is a private network that uses internet technologies and makes its resources available to external trusted users.

For example, you might create a website on a private network that only users from a partner company can access.

File Transfer Protocol (FTP)

20,
21

FTP provides a generic method of transferring files. It can include usernames and passwords to provide file security. It allows file transfer between dissimilar computer systems.

FTP can transfer both binary and text files, including HTML, to another host. FTP URLs are preceded by ftp:// followed by the DNS name of the FTP server.

• Port 21 is used to transfer control information such as authentication and file information

• Port 20 is used to transfer the data.

Secure Shell (SSH)

22

SSH allows for secure interactive control of remote systems. All communication using SSH is encrypted and is typically used to remotely login to a network device, such as a switch.

SSH can also be used to securely transfer files.

Telnet

23

Telnet is used to remotely connect to another system. Be aware that all data is transmitted in cleartext. Because of this, Telnet is not used often.

Simple Mail Transfer Protocol (SMTP)

25

SMTP is used when sending email.

Domain Name System (DNS)

53

DNS provides address to name resolution. For example, it identifies the IP address for the name www.testout.com.

Dynamic Host Configuration Protocol (DHCP)

67,
68

DHCP is used to dynamically assign IP addressing information to network hosts when they come online.

• The client sends the DHCP request on port 67.

• The server sends the DHCP configuration on port 68.

Hypertext Transfer Protocol (HTTP)

80

HTTP is used by web browsers and web servers to exchange hypermedia (such as web pages) through the World Wide Web and intranets. HTTP uses no encryption, so it is not secure.

Post Office Protocol 3 (POP3)

110

POP3 is used to retrieve email from a remote server to a local client over an IP connection. With POP3, email messages are downloaded to the client.

Network Basic Input/Output System (NetBIOS) over TCP/IP (NetBT)

137, 139

NetBIOS is the term used to describe the combination of two protocols: NetBEUI and NetBIOS. NetBIOS was used in early Windows networks. Because NetBIOS is a non-routable protocol, it was often combined with IP to enable internetwork communications.

• Port 139 is used to establish the connection between two computers.

• Port 137 is used to transfer data during the session.

NetBIOS over TCP/IP is used to allow older computers and applications that rely on NetBIOS to communicate on a TCP/IP network.

Internet Message Access Protocol (IMAP)

143

IMAP is an email retrieval protocol designed to enable users to access their email from various locations without transferring messages or files between computers.

Messages remain on the remote mail server and are not automatically downloaded to a client system.

Simple Network Management Protocol (SNMP)

161,
162

SNMP is used to monitor and manage network devices. SNMP agents can be installed on network devices such as PCs, switches, firewalls, printers, and routers. These agents send data to an SNMP manager which is typically installed on a server.

The SNMP manager aggregates the information and displays an overview of the current network status. Thresholds can be configured which trigger alerts if exceeded.

• Port 161 is used by the SNMP manager to query agents

• Port 162 is used by agents to send alerts to the SNMP manager

Lightweight Directory Access Protocol (LDAP)

389

Network information such as usernames, passwords, computer accounts, group policies, and other user and device information are stored in a directory service such as Microsoft's Active Directory.

LDAP is the protocol used to access this information across the network. LDAP is an open-source, vendor neutral protocol. It can work with other directory services, not just Microsoft’s Active Directory.

Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)

443

Referred to as HTTP over SSL, HTTPS is a secure form of HTTP that uses TLS to encrypt all communication.

Server Message Block (SMB)/Common Internet File System (CIFS)

445

SMB enables the sharing of folders and printers on the network. Using SMB, remote users can access files in a shared folder on a server or workstation. Likewise, a remote user can send print jobs to a shared printer.

Microsoft uses SMB to implement CIFS to share data across a Windows-based network.

Remote Desktop Protocol (RDP)

3389

RDP is a proprietary Microsoft protocol that allows a user to view and use the graphical desktop of a remote computer system as if they were sitting in front of it.

Local input devices such as the mouse and keyboard can be used to perform tasks on the remote machine.

IPv4 address

An IPv4 address is:

• A 32-bit address that consists of four decimal numbers (ranging from 0-255), each separated by a dot (e.g., 192.168.1.50).

  • Each decimal number is known as an octet, as it consists of eight 1's and 0's.

  • The decimal values range from 0-255 because there are 256 (2 ⁸ ) combinations of 1's and 0's

• Composed of two components:

  • The host ID which is a unique value for each host

  • The network ID which identifies the network the host is on. All hosts on the network will have the same network ID

Subnet mask

The subnet mask also consists of four octets. Each octet is usually either a 0 or 255, but not always. The subnet mask is used to identify the octets in the IPv4 address that are the host ID and those that are the network ID.

255 represents the network ID and 0 represents the host ID. For example:

Default gateway

The default gateway is responsible for forwarding data packets to destinations outside of the network.

• For example, when a host requests a internet site, the request is sent to the gateway device which then forwards the request to the appropriate destination. When the requested data comes back, the gateway sends it to the requesting host device.

• The default gateway is typically a router that sits on the edge of the network.

The IPv4 configuration specifies the address of the default gateway.

DNS server address

On a network, including the internet, computers use IP addresses to identify each other and specify where data should go. However, it is much easier for users to use hostnames to identify websites or other network devices.

The DNS server is responsible converting hostnames to IP addresses. Part of the IPv4 configuration is specifying the address of the DNS server.

Static configuration

Each host must be manually configured. The main benefit of static configuration is that the IP configuration does not change. The host retains the IP address even if the device is shut down and rebooted. A static configuration is best used on devices that are accessed by other hosts, such as servers and network printers.

The drawbacks of using a static configuration include:

• Each device must be manually configured. This is very time consuming with larger networks.

• It is easy to accidentally enter in the wrong information such as the default gateway or an incorrect subnet mask.

• It is easy to duplicate addresses. Keep detailed documentation of IP address assignment.

Dynamic configuration

A dynamic configuration uses the Dynamic Host Configuration Protocol (DHCP). This method uses a server that is configured with the network's IP configuration information.

• When a new device connects to the network, it sends a broadcast message on the network looking for the DHCP server.

• The DHCP server then responds and provides the host with the IPv4 configuration.

Using DHCP makes the configuration process much easier as the process is automated once the server has been configured.

Many SOHO wireless routers have DHCP functionality and can serve as a DHCP server.

A

1.0.0.0 to 126.255.255.255

1–126
(00000001–01111110 binary)

255.0.0.0

16,777,216
(2 ²⁴ )

10.0.0.1 – 10.255.255.255

B

128.0.0.0 to 191.255.255.255

128–191
(10000000–10111111 binary)

255.255.0.0

65,536
(2 ¹⁶ )

172.16.0.0 – 172.31.255.255

C

192.0.0.0 to 223.255.255.255

192–223
(11000000–11011111 binary)

255.255.255.0

256
(2 ⁸ )

192.168.0.0 – 192.168.255.255

D

224.0.0.0 to 239.255.255.255

224–239
(11100000–11101111 binary)

N/A

N/A

Used for multicast

E

240.0.0.0 to 255.255.255.255

240–255
(11110000–11111111 binary)

N/A

N/A

Experimental/Research

Automatic Private IP Addressing (APIPA)
169.254.0.0

A feature that allows a device to automatically assign itself an IP address on the 169.254.0.0 network when a DHCP server or manual configuration is unavailable.

Loopback
127.0.0.1

This special address is also known as home or localhost. This address is reserved by each network interface card (NIC) and is used for testing purposes. Ping requests can be sent to this address and if returned means that the NIC is capable of sending and receiving data packets.

Broadcast
*.*.*.255

The last valid IP address on a network is reserved for broadcast functions. Any packet sent to this address is sent to all devices on the network subnet.

Network
*.*.*.0

The first valid IP address on the network is reserved for the network ID. This address is used for routing purposes to identify the network and is not usually assigned to a host.

Prefix

The first 64-bits make up the prefix.

• The prefix can be divided into various parts that identify things such as geographic region, the ISP, the network, and the subnet.

• The first 48-bits of the address define the site prefix. The site prefix defines the location of the address and is assigned by the local ISP.

• The next 16-bits make up the subnet ID. This defines the network the device is connected to.

• CIDR notation can be used to indicate the prefix-length. As with an IPv4 address, this shows which portion of the address used for the prefix (network address).

  • To indicate the prefix length, add a slash (/) followed by the prefix length.

  • Full quartets with trailing 0s in the prefix address can be omitted (e.g., 2001:0DB8:4898:DAFC::/64).

• Because addresses can be allocated based on physical location, the prefix generally identifies the location of the host. The prefix is often referred to as the global routing prefix.

Interface ID

The last 64-bits in the address is the interface ID. This is a unique identifier for each device, similar to a MAC address.

• Addresses are assigned to interfaces (network connections), not to the host. Technically, the interface ID is not a host address, but is often referred to as the host address.

• Interface IDs must be unique within a subnet, but the same interface ID can exist on multiple subnets.

To ensure that the interface ID is unique for every host on the network, IPv6 uses the Extended Unique Identifier 64 (EUI-64) format. Following are some details of the EUI-64 format:

• Since each device is hard-wired with a unique 48-bit hardware address called the MAC address, the EUI-64 format uses it to generate a unique interface ID.

• The EUI-64 format:

  1. Converts the MAC address to binary.

  2. Flips the 7 ^th bit from the left (from 1 to 0 or 0 to 1). This bit is called the universal/local (U/L) bit.

  3. Inserts the 16-bit hexadecimal value FFFE in the middle.

• For example, the address for a host with a MAC address of 20-0C-FB-BC-A0-07 would start with the following EUI-64 interface ID: 200C:FB FF:FE BC:A007

The interface ID can also be generated using a special algorithm that generates a completely randomized ID. This guarantees that each device will have a unique ID.

Unicast

Unicast addresses are assigned to a single interface for the purpose of allowing one host to send and receive data. Packets sent to a unicast address are delivered to the interface identified by that address.

There are three types of unicast IPv6 addresses:

Link-local

Link-local addresses (also known as local link addresses) are valid only on the current subnet. These addresses are similar to an APIPA IPv4 address. Details include:

• Link-local addresses have an FE80::/10 prefix. This includes any address beginning with FE8, FE9, FEA, or FEB.

• All nodes must have at least one link-local address, although each interface can have multiple addresses.

• Link-local addresses are used for automatic address configuration, for neighbor discovery, or for subnets that have no routers.

Do not use link-local IPv6 addressing on routed networks. Routers do not forward packets destined for link-local addresses to other subnets.

Unique local

Unique local addresses are private addresses used for communication within a site or between a limited number of sites. They are commonly used for network communications that do not cross a public network; they are the equivalent of private addressing in IPv4. Details include the following:

• Because unique local addresses are not registered with IANA, they cannot be used on a public network without address translation.

• Unique local addresses have an FC00::/7 prefix and include addresses beginning with FC or FD.

• Following the prefix, the next 40 bits are used for the Global ID. The Global ID is generated randomly, creating a high probability of uniqueness on the entire internet.

• Following the Global ID, the remaining 16 bits in the prefix are used for subnet information.

• Unique local addresses are likely to be globally unique, but they are not globally routable. Unique local addresses can be routed between sites by a local ISP.

The process for designing a network addressing scheme when using unique local addresses is similar to that used for global unicast addresses. The key difference is how the prefix is defined. Because the address range is not registered, a global routing prefix does not have to be requested from an ISP. Instead, each organization defines its own prefix.

Global unicast

Global unicast addresses are assigned to individual interfaces that are globally unique. All IPv6 addresses that aren't specifically reserved for other purposes are defined as global unicast addresses.

The global routing prefix assigned to an organization by an ISP is typically 48 bits long (/48), but it could be as short as /32 or as long as /56, depending on the ISP. All subnet IDs within the same organization must begin with the same global routing prefix; they must be uniquely identified using the value in the subnet field.

Using this addressing scheme allows organizations to define a large number (2 ¹⁶ ) of IPv6 subnets. When designing an IPv6 network, you can define the following separate IPv6 subnets:

• Network segments separated by routers

• VLANs

• Point-to-point WAN links

Multicast

Multicast addresses represent a dynamic group of hosts. Packets sent to a multicast address are sent to all interfaces identified by that address. If you use different multicast addresses for different functions, only the devices that need to participate in a particular function will respond to the multicast; devices that do not need to participate in the function will ignore the multicast. Details include:

• All multicast addresses have an FF00::/8 prefix.

• Multicast addresses that are restricted to the local link have an FF02::/16 prefix. Packets starting with FF02 are not forwarded by routers.

• Multicast addresses with an FF01::/16 prefix are restricted to a single node.

The following are well-known multicast addresses:

• FF02::1 is for all nodes on the local link. This is the equivalent of the IPv4 subnet broadcast address. FF01::1 is for all interfaces on a node.

• FF02::2 is for all routers on the local link. FF01::2 is for all routers on node-local.

• FF02::1:2 is for all DHCP servers or DHCP relay agents on the local link. DHCP relay agents forward these packets to other subnets.

There are no broadcast addresses in IPv6. IPv6 uses multicast addresses instead of broadcast addresses.

Anycast

The anycast address is a unicast address that is assigned to more than one interface, typically belonging to different hosts. An anycast packet is routed to the nearest interface having that address (based on routing protocol decisions). Details include:

• An anycast address is the same as a unicast address. Assigning the same unicast address to more than one interface makes it an anycast address.

• A anycast address can be a link-local, unique local, or global unicast address.

• When assigning an anycast address to an interface, it must be explicitly identified as an anycast address to distinguish it from a unicast address.

• You can use anycast addresses to locate the nearest server of a specific type. For example, the nearest DNS or network time server.

Loopback

The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can verify that the TCP/IP protocol stack is properly installed on the host.

Files/folders

Providing and managing access to files and folders is one of the more common roles you can configure servers to handle.

• Files can be stored on the server in folders that are then shared to other users on the network.

• When sharing folders on the network, you can set permissions (such as read-only, write access, or full control) to manage user access. In some instances, it may be necessary to explicitly deny users access to certain folders.

• You can also configure access to network folders from outside the network if needed. You can use the File Transfer Protocol (FTP) for this or you can configure the Remote Web Access role on a Windows server to provide remote access to network folders.

Only folders can be shared and managed on the server, not individual files.

Printers

You can configure servers to manage network printers. When enabling the print server roles, you can configure the server to manage security settings, monitor printer usage, and provide access to internet printing.

Web site

Web sites have become an integral component of many organizations' business models. Maintaining its own web server gives an organization the ability to make changes and manage its site as needed. You can configure a web server to host an internal web site called an intranet.

• Microsoft servers use the Internet Information Services (IIS) web server platform.

• Linux servers use Apache which is open-source and the most widely used web server platform.

Security

All networks need to focus on security. The three components of network security are:

• Authentication to verify the user's identity.

• Authorization to verify that the user is allowed to access resources.

• Accounting to monitor and account for all activity.

System log files can be used to provide the accounting component. Whenever a significant event occurs on a network, a system log (syslog) file is generated.

• These syslog files contain pertinent information, such as what happened, who did it, when it happened, etc.

• A server should be configured as a central repository to gather and manage all syslog files that are generated across the network.

Root level

The root level is the highest level in the DNS hierarchy. The DNS root level is represented by a period at the end of the FQDN. When typing the FQDN into a web browser, the period is typically not included. The period is mainly used when defining DNS records on the server.

Top-level domain

The top-level domain (TLD) names have extensions such as com, edu, gov, org, etc.

Domain name

The domain name is unique to each organization. The DNS domain is referred to as distributed because this portion is unique to each organization or group. Each organization is responsible for maintaining its own namespace.

Hostname

This is the name of specific hosts on the network.

• On an internal network, an example of a hostname could be server1 or server2.

• On the internet, this is typically www. On a webserver, www is the name of the root folder that all website files are stored in.

A
(host address)

Maps an IPv4 (32-bit) DNS host name to an IP address. This is the most common resource record type.

AAAA
(quad-A)

Maps an IPv6 (128-bit) DNS host name to an IP address.

Pointer
(PTR)

Maps an IP address to a host name (by pointing to an A record).

Canonical Name
(CNAME)

Provides alternate names (or aliases) to hosts that already have a host record. For example:

Mail Exchange
(MX)

Identifies servers used for handling email

TXT

Stores plaintext notes in a DNS zone. This record type can be used to help prevent email spam and verify domain ownership.

Start of Authority
(SOA)

Stores all the administration information about the DNS zone. For example, the administrator's email address, TTL values, primary name server, etc., is recorded in this file.

SOA records are very important in the zone transfer process.

Name Server
(NS)

Defines the authoritative server for a specific domain. This record identifies all name servers that can perform name resolution for the zone.
Typically, there is an entry for the primary server and all secondary servers for the zone (all authoritative DNS servers).

DNS Service
(SRV)

Defines a host and port for a specific service such as voice over IP (VoIP). This allows clients to find services through DNS. Windows automatically creates these records as needed.

IP range

The IP range defines the range of IP addresses that the DHCP server can assign. When a new device connects to the network, the DHCP server will assign the next available address.

When you define the IP range, be aware that you can assign:

• All available addresses in the network.

• Specific ranges (e.g., 192.168.5.50 - 192.168.5.100). Specifying a limited number of addresses can help limit the number of connections to the network.

Subnet mask

The subnet mask defines the network ID and host ID. This must be defined.

Exclusions

Exclusions are IP addresses that the DHCP server will not assign.

• These addresses are typically used for devices such as servers, printers, routers, or other network devices that must have a static IP address.

• These IP addresses must be manually configured on each device.

It's important to remember that the exclusion addresses must fall within the configured IP range.

Reservations

Reservation IP addresses will also not be assigned by the DHCP server.

• Instead of manually configuring the IP information on each device that needs a static IP, you can assign reservations on the DHCP server using the device's MAC address.

• Whenever that device connects to the network, the DHCP server assigns it the reserved IP configuration.

DHCP lease time

An IP configuration is assigned to a device for a specified amount of time. This is the DHCP lease. Keep in mind:

• While a lease is active, that IP address cannot be reassigned, even if the device disconnects from the network.

• When the lease is half-way over, the device attempts to renew the lease if it's still connected to the network.

• A lease can be set for a few hours, days, weeks, or months.

• If the device stays connected to the network, you should probably set the lease to last for days. However, if clients are connecting to a guest network and are coming and going, you should probably set the lease to a short time so available addresses aren't tied up.

Default gateway

The default gateway defines where data packets that are leaving the network (e.g., internet packets), should go.

DNS server

If you are using a specific DNS server, define it in the scope.

WINS server

Most networks do not use WINS anymore, but if it is needed, you can define it in the DHCP scope.

DomainKeys Identified Mail (DKIM)

DKIM protects against spoofed emails by verifying the sender's domain address.

• A spoofed email looks like it comes from a legitimate user, but in fact comes from somewhere else.

• DKIM creates a DNS TXT file on the sender's email server. The recipient can check the DNS record to verify the sender's domain is legitimate.

• DKIM also creates a pair of encryption keys, one private key and one public key.

  • The public key is sent along with the email to digitally sign the email.

  • The private key is kept on the email server, so the receiver is able validate the sender's identity.

Sender Policy Frameworks (SPF)

SPF is also used to protect against spoofed emails. Instead of using encryption keys, a SPF record is created in the sender's DNS server. The SPF contains:

• The SPF version being used.

• The IPs that are authorized to send emails for the domain.

• Any other third-party domains that are authorized to send emails for the domain.

• An all tag at the end which indicates the policy that should be applied when the receiving server detects a server that is not part of the SPF record.

The recipient can check the SPF record and verify the IP address of the domain the email comes from. If the IP address matches the DNS records, the email is marked as safe. If the IP address does not match the DNS records, the email is flagged and blocked.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC combines the protections of both DKIM and SPF to protect users from malicious emails. DKIM:

• Verifies the email sender.

• Tells the recipient what to do if neither authentication method passes.

• Allows the recipient to tell the sender about messages that pass or fail DMARC authentication.

Round robin

The most basic algorithm. Using this algorithm, the servers handle network requests in sequential order. The load balancer does not monitor each server's current load, as it assumes the servers can handle each request in the same amount of time.

This can still lead to a server getting overwhelmed.

Weighted round robin

This algorithm works the same as the round robin, but takes the server's power into consideration. A more powerful server is sent more traffic than less powerful servers.

Least connections

The least connections algorithm looks at the active connections each server is handling and sends the network traffic to the server that currently has the lowest number of connections. This algorithm:

• Treats each network request equally.

• Does not take into account that some requests require more time.

• Does not take into account the power of each server.

For example, if a request comes in that will take a long time to process, the load balancer can't take this into consideration. It might direct that traffic to the next server in line, but that server might already be dealing with another request. This can cause that server to get backed up and slow down the network.

Weighted least connections

This algorithm distributes traffic based on the active connections and the processing power of each server.

Source IP hash

This algorithm creates a hash key based on the source and destination IP addresses. The hash key is assigned to a server and all requests for the remainder of the active session are handled by that same server.

Firewall

The firewall is responsible for monitoring and controlling all incoming and outgoing traffic. The firewall controls the flow of data based on rules that have been configured by the network administrator.

Most firewalls are configured to detect the type of traffic; the source and destination addresses; and ports.

Intrusion prevention system (IPS)

The intrusion prevention system monitors all network traffic looking for anything out of the ordinary. When malicious or suspicious packets are detected, the IPS blocks the packets and notifies the network security team so further action can be taken.

Anti-malware

Many UTM appliances use anti-malware software to detect and prevent malware from infecting the network.

Malware can include viruses, spyware, ransomware, and other malicious software. It should be blocked from the network. Malware programs can devastate a network by destroying, stealing, or blocking access to critical data and infrastructure.

Content filtering

Similar to the proxy server, the UTM can monitor HTTP requests and block unauthorized web sites. The rules are configured by the network administrator.

Devices

IoT devices are built with sensors that capture data. These sensors can be included in cameras, GPS systems, temperature reading equipment, and heart monitoring equipment.

The sensors in the device collect data and send it to the cloud.

Gateway system

In order to send data to the cloud, IoT devices need a connection. The gateway acts as the bridge between the device and the cloud.

Data storage

Once the data reaches the cloud, it is processed and analyzed by software. Examples include the temperature reading is checked, trespassers are detected on the security camera video feed, and location is determined on a GPS device.

After the received data is processed completely, the result or conclusion is sent to the device application server and interface.

Remote control

App notifications, emails, and text messages make the information gathered by the device available to the user. Action by the device can be started as follows:

• Predefined rules setup by the user cause the device to take action automatically.

• A user uses an app or other interface to start an action. The user may or may not be prompted by the device.

Edge technology

The edge technology layer includes all the hardware parts in the IoT system such as sensors, RFID tags, readers, etc. This sensor hardware collects the data for the IoT device.

These sensors can convert the sensory information they capture into data for analysis.

Access gateway

The access gateway layer is where all the data gathered at the edge layer is collected and compressed to an optimal size for analysis.

This is also the point when the data is converted to a digital form. In addition, this layer takes care of message routing, message identification, and subscribing.

Internet

The internet layer is the main bridge between two endpoints in an IoT system. It connects devices to other devices, the cloud, the gateway, and backend data sharing.

The internet layer sends the data to the middleware layer. Some systems may conduct advanced analytics and pre-processing during this stage.

Middleware

The middleware layer includes the processes that happen in the cloud such as:

• In-depth processing

• Data management

• Device management

• Data aggregation

• Data filtering

• Device information discovery

• Access control

• Revision for feedback

This layer acts as the interface between the hardware and application layers; that’s why it’s called the middleware layer.

Once all the quality standards and requirements are met, the processed and analyzed data is ready to be sent back to the device.

Application

The application layer is the top layer in the IoT architecture. Its primary responsibility is to deliver the analyzed and processed data to the end user.

The user checks the data and may send commands to the devices or sensors. The process then restarts from the beginning.

Wi-Fi

Wi-Fi is very commonly implemented in wireless local area networking and allows many types of devices to communicate with each other.

Wi-Fi Direct uses peer-to-peer communication without a set wireless access point.

Bluetooth Low Energy (BLE)

Bluetooth Low Energy, also known as Bluetooth Smart, is a wireless, personal area network protocol. It supports low-power, long-use IoT needs. It can be used in such sectors as healthcare, security, entertainment, and fitness.

Zigbee

Zigbee is one of the most common short-range IoT communication protocols. Zigbee has the following characteristics:

• Is open standard, which means anyone can develop and customize it as needed.

• Has a maximum distance of 60 feet between each hop.

• Allows an unlimited number of hops from a device to the hub.

• Operates at the 2.4 GHz frequency.

Z-Wave

Z-Wave is the other most common short range IoT communication protocol. Z-Wave has the following characteristics:

• Is closed standard, which means devices must meet specific requirements to be able to use it.

• Has a maximum distance of 250 feet between each hop.

• Can travel only four hops from a device to the hub.

• Operates at the 908.42 MHz frequency.

Many control hubs work with both Zigbee and Z-Wave.

Application-specific integrated circuit (ASIC)

The application-specific integrated circuit chip is created to perform a single function. ASIC chips:

• Are typically custom designed.

• Are used by a company in a single product.

• Have an expensive and time-consuming development process.

• Offer high performance with low power consumption.

System-on-chip (SoC)

A system-on-chip incorporates all components on the board, including:

• Processor

• Memory

• Peripheral functions

Field-programmable gate array (FPGA)

A field-programmable gate array is physically setup like an ASIC or SoC, but the programming is configured by the end-user. ASIC and SoC chips have the instructions hard coded into them and cannot be changed.

Programmable logic controller (PLC)

A PLC is a specialized controller that can be programmed to perform specific tasks. Multiple PLCs can be combined and configured to work together to carry out complex tasks.

Supervisory control and data acquisition (SCADA)

SCADA controllers can monitor and control PLC systems. They gather data and adjust the system based on the data acquired from sensors.

Human-machine interface (HMI)

The HMI can be either a touch-screen control panel or software running on a computer system. The HMI allows the operator to make configuration changes in the system.

Distributed control system (DCS)

A DCS is a customized all-in-one package that contains the needed PLCs, SCADA controller, and HMI. These are typically custom designed for specific needs.

Modbus

Modbus is a special network protocol that controller systems use to communicate with each other. Modbus originally ran through a serial interface but has evolved to work over Ethernet and TCP/IP.

Frequency

5 GHz

2.4 GHz

2.4 GHz

2.4 GHz or
5 GHz

5 GHz

2.4 GHz or 5 GHz

Maximum speed

54 Mbps

11 Mbps

54 Mbps

600 Mbps

3.46 Gbps

14 Gbps

Maximum distance

100 ft.

150 ft.

150 ft.

300 ft.

300 ft.

300 ft.

Channels
(non-overlapped)

23 (12)

11 (3)

11 (3)

2.4 GHz:
11 (3 or 1)
5 GHz:
23 (12 or 6)

Depends on configuration

Depends on configuration

Backwards compatibility

N/A

None

802.11b

802.11a/b/g, depending on implementation

802.11b/g/n

802.11b/g/n/ac

Multiple-Input, Multiple-Output
(MIMO)

MIMO increases bandwidth by using multiple antennas for both the transmitter and receiver.

• A system is described by the number of sending and receiving antennas. The 802.11n specifications allow up to four sending and four receiving antennas.

• MIMO relies on beamforming to deliver better speeds. Beamforming focuses the signal to a specific receiving device which results in a higher quality signal.

Multi-User MIMO
(MU-MIMO)

MU-MIMO is an enhancement to MIMO that allows multiple users to use the same channel.

In addition to adding MU-MIMO, 802.11ac doubled the number of MIMO radio streams from four to eight.

Channel bonding

Channel bonding combines two, non-overlapping 20 MHz channels into a single 40 MHz channel. This results in slightly more than double the bandwidth.

• The 5 GHz range has a total of 23 channels, with 12 non-overlapping. This allows for a maximum of six non-overlapping bonded (combined) channels.

• The 2.4 GHz range has a total of 11 channels, with three non-overlapping. This allows for a maximum of one non-overlapping bonded channel. For this reason, channel bonding is typically not practical for the 2.4 GHz range.

Pre-shared key
(PSK)

This is probably the most commonly used access method. A pre-shared key is a passphrase a user enters to access the wireless network.

Wi-Fi Protected Setup
(WPS)

Wi-Fi Protected Setup works only on a network that uses a PSK and an appropriate encryption protocol, such as Wi-Fi Protected Access 2 (WPA2) or Wi-Fi Protected Access 3 (WPA3). WPS allows a device to securely connect to a wireless network without entering the PSK. To connect to a device:

• You first press the button on the access point that initiates a search for devices in range.

• The connecting device may have a WPS button that will automatically join it to the access point.

• If there is no button, you enter (on the device) the eight-digit pin unique to the access point.

Some devices and access points can also use NFC during the WPS process to connect to each other.

Open network

An open network has no authentication. It allows anyone to connect to the network. This access method should be used only in public places that want to offer free wireless access.

Captive portal

Many open networks implement a captive portal.

• After a device connects to the wireless network but before it can access the internet, the user is redirected to a captive portal page.

• The user might be prompted to agree to the terms and conditions of using the network or even asked to pay a fee before being granted internet access.

802.1x

Enterprise level networks need a high level of security. Many enterprise networks use the 802.1x protocol to authenticate users to the wireless network.

802.1x is a standard for local area networks created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA). This standard is often labeled IEEE 802.1x.

On a wired network, user authentication activates the port the user is connected to. If the user activation fails, the port remains off. You implement the 802.1x protocol in a wireless network by enabling a virtual port when the user is authenticated. There are three components in a wireless 802.1x setup:

1. Supplicant – The wireless client.

2. Authenticator – This device responsible for handling the communications between the supplicant and authentication server.

3. Authentication server – The server that contains the centralized database for user authentication.

802.1x implementations on wireless networks often use Remote Authentication Dial-In Service (RADIUS). RADIUS was developed in 1991. It was originally used to authenticate users to the remote network over a dial-up network. RADIUS is known as a triple-A protocol. This means it provides authentication, authorization, and accounting management.

When using 802.1x authentication for wireless networks with RADIUS, keep in mind:

• A RADIUS server is required to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information.

• A PKI is required for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate.

• The wireless access point is a RADIUS client.

• The wireless access point forwards the wireless device's credentials to the RADIUS server for authentication.

• A RADIUS federation is multiple RADIUS servers that communicate with each other after establishing a trust relationship. These servers may be on different networks and could span multiple organizations.

WPA2

WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was introduced in 2004 and is still heavily used in today's networks. There are two version of WPA2 available:

• WPA2-Personal – Also known as WPA2-PSK. This version uses a pre-shared key (passphrase) to protect the network.

• WPA2-PSK uses Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code (AES-CCMP) to encrypt all data. AES is the encryption algorithm. AES-CCMP uses a 128-bit key and a 128-bit block size.

  • When a device connects to the access point, a 4-way handshake occurs to authenticate the device.

    • The process uses the pre-shared key and SSID to generate a session key during this process.

    • The handshake does have some vulnerabilities that a hacker can use to intercept the data and perform offline password attacks against.

  • WPA2-Enterprise – This version uses a RADIUS server to authenticate users to the network.

WPA3

WPA3 was introduced in 2018 to address the vulnerabilities inherent in the WPA2 handshake and to support newer technologies. Instead of using the pre-shared key, WPA3 implements the Simultaneous Authentication of Equals (SAE) standard.

• SAE uses a 128-bit key and perfect forward secrecy to authenticate users.

• Perfect forward secrecy is a cryptography method that generates a new key for every transmission. This makes the handshake much more secure from hackers. If any portion of the handshake is intercepted, the key is still unable to be cracked.

Temporal Key Integrity Protocol
(TKIP)

TKIP was used with the WPA and WPA2 wireless security standards. TKIP was developed to address the security flaws that were prevalent in the Wired Equivalent Privacy (WEP) wireless security standard.

WEP uses the same session key for the entire session. This makes it extremely easy to crack, allowing an attacker to intercept all data. With TKIP, each packet has a unique encryption key. TKIP accomplishes this by mixing:

• A base key.

• The MAC address of the wireless access point.

• A packet serial number.

  • The serial number is changed for each packet which results in a new encryption key for each packet.

  • The encryption key for each packet is 128-bits and is based on the Rivest Cipher 4 (RC4) encryption algorithm.

TKIP is known to have vulnerabilities and is no longer considered secure and should not be used on modern wireless networks.

Advanced Encryption Standard (AES)

AES is based on the Rijndael algorithm.

• AES keys can be either 128, 192, or 256 bits and encrypts data in 128-bit chunks.

• AES is typically combined with the Counter Mode with Cipher Block Chaining Message Authentication (CCMP) to enhance the security of the wireless network.

• AES is considered one of the strongest encryption protocols and is used in more than just wireless networks.

Remote Authentication Dial-In Service (RADIUS)

RADIUS is an open standard protocol used to authenticate users onto a network. RADIUS:

• Is an open standard and can be used by any manufacturer.

• Sends a user's credentials over UDP.

• Encrypts only the password. The username is sent in cleartext.

• Uses port 1812 for authentication and authorization.

• Uses port 1813 for accounting.

Terminal Access Controller Access-Control System (TACACS+)

TACACS+ was developed by Cisco to address security concerns in RADIUS. TACACS+:

• Is used only on Cisco devices.

• Sends a user's credentials over TCP.

• Encrypts all data packets including username and password.

• Uses port 49 for all communications.

Kerberos

Kerberos was developed at MIT and is a key component of Windows Active Directory. Kerberos has three main components:

• Client

• Authentication server (typically the Active Directory server)

• Trusted Key Distribution Center (KDC)

When a user attempts to login to the network, the following process occurs:

1. The user's credentials are sent to the authentication server.

2. The authentication server validates the user's credentials, and sends back a session key and a ticket granting ticket.

3. The user sends the session key and ticket granting ticket to the KDC. The KDC sends back a ticket that authenticates the user for the session.

Using tickets, Kerberos allows clients and servers to authenticate with each other seamlessly throughout the network.

1.0

Operates at a range of 10 meters and speeds up to 1 Mbps.

2.0

Operates at a range up to 30 meters and speeds up to 1 Mbps. A special mode called Enhanced Data Rate (EDR) enables transfer rates up to 3 Mbps.

3.0

Operates at a range up to 30 meters and speeds up to 1 Mbps. A special mode known as High Speed (HS) allows the Bluetooth device to use a nearby 802.11 link to achieve speeds up to 24 Mbps.

4.0

Operates at a range up to 60 meters and speeds up to 1 Mbps (24 Mbps when using High Speed mode).

• Version 4.0 introduced the Bluetooth Low Energy (BLE) standard.

• BLE reduces the power consumption of Bluetooth devices.

5.0

Operates at a range up to 240 meters and speeds up to 2 Mbps (48 Mbps when using High Speed mode).

• Bluetooth 5 improves the performance of BLE devices.

• It also introduced the dual audio feature which allows audio to play simultaneously on two connected devices.

Change default username and password

Wireless routers are shipped with a default username and password. This default login information is readily available on the internet, so change it before you do anything else. Always use a strong password.

You cannot change the default username on all routers, but you can always change the password.

Update firmware

Often a firmware update is available, even for new routers. Firmware updates address bugs, security vulnerabilities, and may add new features. Always keep the firmware up to date.

Physically place the router

When physically placing the wireless router, ensure that all areas have needed coverage. Each building is unique and placement depends on a variety of factors including size, building materials, and other wireless devices that might cause conflicts.

Anyone with physical access to the router can make configuration changes and gain access to the network. To prevent this, limit physical access to the router. For example, place the router and other networking equipment in a locked closet.

Service Set Identifier (SSID)

The SSID is the unique name for the wireless network. Wireless routers have a default SSID that should be changed. Keep the following in mind when setting the SSID:

• The name cannot be the same as any other network in the area.

• The SSID has a maximum length of 32 characters.

• SSIDs are case sensitive.

• The SSID should not contain any personal or identifiable information.

• Special characters (spaces, dashes, periods, etc.) are allowed, but can cause issues with some connecting devices. It is best not to use special characters.

SSID suppression (cloaking) disables the SSID broadcast. With broadcasting disabled, the user must manually enter the SSID for a device to connect to the network. This means the SSID doesn't display in the list of available networks).

Even with the broadcast disabled, it's relatively easy to identify the SSID of a network by using readily available applications. Because of this, SSID suppression should not be the only form of protection.

Configure the wireless protocol

Many access points support multiple wireless protocols. Configure the wireless router to use only the protocols needed for devices on the network. When using mixed mode (more than one protocol), most access points throttle all clients to the slowest protocol speeds being used.

Configure the wireless channel

The channel identifies the portion of the wireless frequency the access point and connected devices use.

• Select a channel that does not conflict with other access points or devices in the area.

• Many access points have an automatic channel feature that detects other access points and automatically selects the channel with the least amount of traffic.

Authentication and encryption

Authentication allows only authorized devices to connect. Encryption protects wireless communications from eavesdropping.

• Most SOHO networks use WPA2 or WPA3.

• For WPA2, use a strong shared secret (passphrase).

• Use WPA3 if all devices on the network support it.

Disable guest access

Guest access allows anyone to access the network connection, but be sure to configure it to restrict access to the internal network. Disable guest access unless the wireless network is configured for public access.

Network Address Translation (NAT)

Small networks use a single public IP address to connect to the internet. All devices on the private network share this IP address. Network address translation (NAT) is a protocol that allows multiple computers to share a single public IP address on the internet.

• The internet is classified as a public network. All devices on the public network must have a registered IP address. This address is assigned by the ISP and is used by the WAN port on the wireless router.

• A SOHO network is classified as a private network. All devices on the private network use private IP addresses internally, but share the public IP address when accessing the internet.

• The private network can use addresses in the following ranges that have been reserved for private use (i.e., they will not be used by hosts on the internet).

  • 10.0.0.0 - 10.255.255.255

  • 172.16.0.0 - 172.31.255.255

  • 192.168.0.0 - 192.168.255.255

• A NAT router associates a port number with each private IP address. Communications with the private hosts from the internet are sent to the public IP address and the associated port number. Port assignments are made automatically by the NAT router.

Security settings

Security settings you might need to configure include:

• A basic firewall on the router provides an additional level of security for the private network.

  • Any unused ports should be closed to prevent a potential attacker from gaining access through an open port.

  • If necessary, configure exceptions to allow specific traffic through the firewall.

• Some applications use specific ports for traffic.

  • You can configure port forwarding to allow any traffic coming in on the specified port(s) to be routed to a specific IP address of an internal device.

  • You should enable port forwarding only when transferring data. To help keep the network secure, disable port forwarding when it is not in use.

• Some networks might have a resource (such as a web server) that is open to external users.

  • You should enable and configure a screened subnet (previously referred to as the demilitarized zone or DMZ) for resources open to external users.

  • Configuring a screened subnet on a SOHO router causes all incoming port traffic to be forwarded to the specified screened subnet host.

  • Because this can open the network to a variety of external threats, use the screened subnet only when necessary.

• Content filtering – Most SOHO routers provide content filtering and parental controls that prevent hosts from accessing specific websites or using a specific internet service, such as chat, torrent, or gaming applications.

• IP filtering – You can configure the router to explicitly allow or deny specific IP addresses access to the network.

• MAC address filtering - You can configure the router to explicitly allow or deny specific MAC addresses to connect to the network. This is considered a very weak form of security and should not be used.

Universal Plug and Play (UPnP)

UPnP allows devices like printers, webcams, gaming consoles, and similar devices to discover devices and automatically connect.

• You can configure these devices to automatically open needed ports to allow connections to the internet as needed.

• While this does make using these devices much easier, it is a security concern since these devices can accidentally create a hole in the wireless networks.

• If this service is not needed, disable it to help keep the network safe.

Quality of Service (QoS)

Most SOHO routers provide basic QoS functionality. When enabled, QoS prioritizes certain network communications over others. For example, VoIP network traffic is given higher priority and more bandwidth than HTTP (web browser) traffic.

Wi-Fi Protected Setup (WPS)

The WPS security protocol makes it easier for WPS-enabled devices (e.g., a wireless printer) to connect to the wireless network.

• WPS can use several methods for connecting devices, including the PIN method and the push button method.

• Both the access point and the wireless device must support the method used to connect devices.

Private network

The Private network location is for use on networks where all other users and devices are known and trusted. With the Private network location:

• Network discovery is enabled. This means computers and devices on the network can see and connect to each other.

• Files and printers can be easily shared between connected devices.

• The Windows firewall is automatically configured to allow certain types of network communication through.

This is the least secure network and should be used only on trusted networks.

Public network

The Public network location is for use on unknown or public networks (e.g., a coffee shop or other public Wi-Fi network). With the Public network location:

• Network discovery is disabled. This means devices on the network can't see each other and communicate.

• Network sharing (such as printers and files) is disabled.

• The Windows firewall configuration blocks almost all inbound and most outbound communications. For applications to communicate, you must manually allow them through the firewall.

The Public network profile should be used when connecting to any unknown network location, such as a hotel's Wi-Fi network.

Domain network

The Domain network profile is automatically selected when the device is a member of an Active Directory domain. The network administrator configures these network settings and applies them to the local machine.

Wireless access
point (WAP)

The wireless access point provides access to a wireless network.

Patch panel

All network ports in a building terminate at a patch panel.

• Ethernet cables are punched down and terminated on the backside of the patch panel.

• The front of the patch panel consists of RJ-45 ports.

• An Ethernet cable provides the connection between a device connected to the network port and the switch.

Router

The router is an advanced networking device that connects two networks together. When network traffic needs to leave the internal network, it is sent to the router and then forwarded onto its destination. All external traffic flows through the router.

Hub

A hub uses Ethernet cables to connect client devices together.

• Hubs broadcast incoming data to all connected devices.

• The hub relies on the client devices to determine if the packet is meant for them or not.

• This excess network traffic can cause collisions and security issues.

Switch

A switch also connects client devices together using Ethernet cables. However, switches send data packets only to the intended recipient.

• When a new device connects to the switch, the device's MAC address is added to a table.

• When a switch processes data packets, the switch reads the packet header to determine the device that the data is meant for and forwards it only to that device.

There are two types of switches available:

• Managed switches—allow the administrator to login and set options such as VLANs, Quality of Service (QoS), network traffic monitoring, etc.

• Unmanaged switches—plug in and start working. There is no option to login and make configuration changes.

Virtual local area network (VLAN)

A VLAN is a virtual network that is created on a switch by assigning specific ports to be a part of a broadcast domain. This allows a large network to be separated into multiple smaller networks which can increase the efficiency and security of the network.

Firewall

The firewall is responsible for monitoring all incoming and outgoing network traffic. The firewall blocks or allows the traffic based on the configuration. A firewall can be configured to block data based on the port, type of traffic, or even the content in the data packet.

802.3af

Type 1

Standard PoE

A or B

15.4 watts

12.95 watts

VoIP Phones, sensors, low powered devices

802.3at

Type 2

PoE+

A or B

30 watts

25 watts

Biometric sensors, tablets

802.3bt

Type 3

PoE++

A, B, or 4-Pair

60 watts

51 watts

Videoconferencing equipment

802.3bt

Type 4

Higher-power PoE

4-Pair only

100 watts

71 watts

Laptops, TVs, high power devices

Cable

A cable TV company uses the existing coaxial cable infrastructure to provide cable internet.

• A cable modem (router) connects the computer to the cable network for sending networking signals.

• The same cable line carries networking and cable TV signals; although, in some cases a separate line is installed for internet access.

• Cable internet speeds can vary greatly, but often range from a few Mbps to a gigabit per second (Gbps).

• Cable internet speeds are typically asymmetrical which means that the upload and download speeds are different.

• Cable internet speeds have a high download rate but a slower upload rate.

• Cable internet bandwidth is shared by all users in a geographical area. During peak internet usage hours, speeds can fall below the advertised rate.

Digital subscriber line (DSL)

DSL provides broadband digital data transmission over existing telephone lines.

• DSL divides the telephone line into multiple channels by using a technique called multiplexing.

  • Multiplexing uses a modem that allows two simultaneous signals on the same phone line.

  • The first channel is used for standard telephone voice communications. It uses frequency ranges less than 4 kHz.

  • The second channel is used for DSL communications. It uses frequency ranges 4 kHz and above.

• Filters installed on the analog voice line block the digital signal. Otherwise, the user would experience poor phone quality. When connecting a DSL filter, connect the filter to the wall jack and then use a UTP cable to connect the filter to your phone.

• Two DSL standards are typically available:

  • Asymmetric DSL (ADSL) has different upload and download speeds.

  • Symmetric DSL (SDSL) has the same upload and download speed. SDSL is more expensive than ADSL

• The distance from the DSL hub affects DSL speeds. DSL subscribers should be within three miles of a hub to receive service. The further away the client is, the slower the speed.

Fiber

Fiber optic internet is one of the faster options available because it uses light to transfer data.

• Fiber internet connections use fiber optic cables and connect using a modem.

• Internal devices connect using RJ-45 connections.

• Fiber optic speeds are symmetrical. This results in less latency and better performance.

• Fiber optic internet cannot use existing copper lines.

  • This means that new fiber infrastructure must be installed before fiber internet can be offered.

  • Installing a new fiber optic infrastructure is costly and requires a lot of planning.

Satellite

Satellite networking uses radio signals sent and received from a satellite. Satellite internet can be accessed anywhere as long as there’s a clear line of sight to the sky. This makes satellite internet great for remote locations that have no other internet options.

The two categories of satellite networking are geostationary satellites (GEOs) and low earth orbit satellites (LEOs).

A geostationary satellite:

• Uses a transmitter with an antenna (dish) directed skywards to a satellite.

• Requires line of sight to the satellite. Dish placement is crucial.

• Is affected by mild atmospheric and weather conditions. Fog, rain, or snow can disrupt service.

• Can have a long delay time (latency) between requests and downloads.

• Can be a portable solution for cars or trucks with an attached satellite dish.

• Provides nearly 100% global coverage.

A low earth orbit satellite:

• Is closer to the Earth than a GEO.

• Orbits at a distance of about 1200 miles above the Earth.

• Is simpler and cheaper to make than a GEO.

• Provides fast, accurate communication and service.

• Has a limited coverage area. More satellites are required to cover the same area as a GEO satellite covers.

Cellular

Cellular networking uses the cellular phone infrastructure for internet access.

• Mobile phones with digital data plans use cellular signals to connect to the internet.

• Devices can connect to a cellular internet connection in a variety of ways:

  • Many smart phones use a technique known as tethering to provide cellular internet to another device. Tethering typically requires you to connect the smart phone using a USB cable.

  • A mobile hotspot is a cellular device that provides internet access by creating a small Wi-Fi network to which multiple devices can connect. Most smart phones have built-in mobile hotspot functionality.

  • Some mobile devices (e.g., notebook computers and tablets) have integrated cellular antennas.

  • USB cellular adapters can connect to most mobile devices to provide cellular access.

• The main benefit of cellular internet is mobility. Users can often be moving (in a train, vehicle, etc.) and still have internet access without manually having to reconnect.

• Internet access is limited to areas with cell phone coverage. The service provider's network dictates the coverage area.

Cellular networks used for voice and data include the following types:

• 2G networks were the first to offer digital data services. 2G data speeds are slow (14.4 Kbps) and were used mainly for text messaging, not internet connectivity.

  • 2.5G was an evolution that supported speeds up to 144 Kbps.

  • EDGE (also called 2.75G) networks are an intermediary between 2G and 3G networks.

  • EDGE is the first cellular technology to be internet compatible, with speeds between 400 and 1,000 Kbps.

• 3G offers simultaneous voice and data. The maximum theoretical speed for stationary users is quoted at 42 Mbps.

• 4G LTE offers theoretical maximum speeds up to 300 Mbps.

• 5G offers theoretical maximum speeds of up to 10 Gbps.

Wireless internet service provider (WISP)

WISP is similar to satellite internet. However, instead of antennas directed to a satellite in orbit, they are pointed at a large antenna on land. The antennas use radio signals (typically microwaves) to transmit and receive data.

WISP provides a high-speed internet connection, such as fiber internet. WISP:

• Is installed in a central location.

• Uses a single, large antenna to provide connections for all subscribers in an area.

• Requires a direct line of site between two fixed antennas.

• Provides internet access without cables or lines connecting to each subscriber's location.

• Can provide internet to remote areas by installing a single antenna.

ipconfig (Windows)

The ipconfig command displays the device's current IP configuration information for each network adapter. Use the ipconfig command as follows:

• ipconfig—shows the IP address, subnet mask, and default gateway

• ipconfig /all—shows detailed IP configuration information including the MAC address, DHCP information, DNS server, and more.

• ipconfig /release—clears the current IP configuration obtained from a DHCP server.

• ipconfig /renew—attempts to request a new IP configuration from a DHCP server.

• ipconfig /displaydns—displays the contents of the local DNS cache.

• ipconfig /flushdns—clears the DNS cache.

ip (Linux)

The ip command in Linux replaces the ifconfig command. ip is a very powerful command line utility that you can use to manage IP configurations, network interface controllers, and routing rules.

When using the ip command, you specify an object and a subcommand with the object. Objects include:

• Address—IP addresses and ranges.

• Link—network adapter.

• Route—the rules that manage the routing of traffic.

For example, to view a network adapter's IP configuration, use the following command.

ip addr

Displays the current networking information.

• ip addr or ip addr show
  Shows the addresses assigned to all the network interfaces.

• Common ip addr show parameters include the following:

  • inet shows the IPv4 address with the subnet mask in CIDR notation.

  • brd shows the broadcast address.

  • up or down shows the interface status.

  • inet6 shows the IPv6 IP address.

  • interface name show the networking information for the specified interface.
    Example: ip addr show enp2s1

ifconfig
(Linux/macOS)

ifconfig is used on Linux and macOS systems and displays the installed network interfaces and the current configuration settings for each interface, including the MAC address, IP address, broadcast address, and subnet address. Use the ifconfig command as follows:

• Use ifconfig -a to display all the interfaces which are currently available, even if the interface is down.

• Use ifconfig [interface_name] down to disable the specified network interface.

• Use ifconfig [interface_name] up to enable the specified network interface.

Use the following utilities to display additional networking information not provided by ifconfig:

• The hostname command displays the system's hostname.

• The route command displays the default gateway configuration settings.

On Linux systems, the iwconfig command is used to display information about wireless network interfaces.

ifdown interface

Stops a network interface.

ifdown ens192

ifup interface

Starts a network interface.

ifup ens192

ip link set interface down
ip link set interface up

Stops and starts the specified interface.

Examples:

ip link set ens32 down

hostname (Windows and Linux)

The hostname command in Windows displays the current device's name.

In Linux, the hostname command displays the current device's name. You can also use it with the following options:

• -s displays the short version of the hostname.

• -b forces the computer to use the default hostname of localhost.

• -d displays the DNS domain name.

• -f displays the FQDN of the device.

• -i displays the current IP address.

You can also use the hostname command to temporarily or permanently change the device's hostname.

ping (Windows and Linux)

You can use the ping command to test connectivity between two devices. Ping sends an ICMP echo request/reply packet to a remote host. A response from the remote host indicates that both hosts are correctly configured and a connection exists between them.

You can use ping in both Windows and Linux systems.

• In a Windows machine, ping sends 4 packets by default.

• In a Linux machine, ping keeps sending packets until the user manually stops the command (Ctrl + c).

You can use the following switches with ping in Windows:

• -n specifies the number of ICMP packets sent.

• -l sets the size of the packets.

• -4 forces ping to use IPv4.

• -6 forces ping to use IPv6.

• -t sends continuous pings until manually stopped.

• -a resolves the IP address to a hostname.

You can use the following switches with ping in Linux:

• -c sets the number of ICMP packets to be sent.

• -i sets the interval between sent packets.

• -f sends packets as quickly as the network allows.

• -q displays only a summary of the ping results.

tracert (Windows)/
traceroute (Linux)

tracert is similar to the ping utility because it tests connectivity between devices; tracert also shows the path between the two devices.

Responses from each hop on the route are measured three times to accurately report how long the packet takes to reach the specific host and then return.

• tracert is used in Windows machines.

• traceroute is used in Linux based machines.

pathping (Windows)

The pathping utility performs the same function as tracert, but also shows information such as the network latency and packet loss for each hop.

This is useful for determining if a device in the path is slowing traffic or dropping packets.

netstat

You can use netstat in both Windows and Linux to display the following information.

• Active TCP or UDP connections.

• Open ports on the computer and the programs using those ports.

• Local routing table.

nslookup (Windows)/
dig (Linux)

nslookup or dig resolves (looks up) the IP address of a specified hostname. It also displays additional name resolution information, such as the DNS server used for the lookup request.

You can also use the dig command to modify DNS settings.

net (Windows)

You can use the net utility in Windows to manage and modify almost any aspect of the network. You use the net utility in conjunction with a second command. Two commands commonly used with the net utility are:

• use—configures or modifies a connection to a shared network resource, such as a shared folder.

• user—adds, removes, or modifies a user account.

Slow speeds

When troubleshooting slow speeds, determine what is running slow. If a specific resource is experiencing slow speeds, direct your troubleshooting efforts at that resource. If all network speeds are running slow, then check the following.

• Verify that the network infrastructure supports the network speed. For example, if the network is designed to operate at speeds up to 1 Gbps, but the switch can handle only 100 Mbps, the entire network will run at 100 Mbps.

• Check for malware or other unwanted software running on the network. Many malware programs are designed to use up as much network bandwidth as possible. This will result in very slow network speeds.

• Make sure the network adapter drivers are up to date.

• In the properties of the network adapter, make sure full-duplex mode, not half-duplex, is set.

  • In full-duplex mode, the network adapter can send and receive data simultaneously.

  • In half-duplex mode, the network adapter can only transmit or receive data at a time, not both simultaneously.

High latency

Latency is the amount of time it takes to send a network request and receive a response back. High latency results in a delayed response and can cause issues with different network services.

A common cause for high latency is port flapping. Port flapping occurs when a port on the network switch continuously turns off and on three or more times per second for at least 10 seconds. If port flapping is occurring, perform the following.

1. Reseat the network cable.

2. Move the network cable to another port on the switch.

3. Replace the network cable.

4. Escalate the problem to the network engineer if the issue persists.

Limited connectivity

Limited network connectivity indicates that a particular network resource cannot be accessed. When troubleshooting a limited network connectivity issue, start with the local device and work to other devices until you find the problem.

After verifying all hardware is working properly, perform the following steps to troubleshoot network connectivity issues.

1. Ping the localhost (also known as the loopback) address 127.0.0.1. This is an IP address that is reserved on all network adapters. If the ping request is successfully sent and received, the TCP/IP protocol is installed and working properly.

2. Ping the device's IP address. If this ping request is successful, the IP configuration is correct and the network adapter is operating properly.

3. Ping the local network's gateway. If successful, the device can communicate across the local network.

4. Ping an external resource, such as a web server. If successful, the device can communicate outside of the network.

An improper IP configuration can lead to limited network connectivity. Use the ipconfig utility to see the current IP configuration. Verify that all settings are valid for the network.

• If the IPv4 address starts with 169.254, the device is unable to reach a DHCP server.

• This address is known as an Automatic Private IP Address (APIPA) address. It indicates an issue with the DHCP server. In this case, you must manually set the IP configuration.

DNS issues will often lead to limited network connectivity.

• A remote device that can be pinged using the IP address, but not the hostname signifies an issue with DNS.

• You should verify the DNS server information is set correctly on the local device. If it is, the issue is likely the DNS server. You must escalate the issue.

Quality of Service (QoS)

Quality of Service (QoS) assigns priority to different types of network traffic.

• Network switches and routers can determine the type of traffic based on the information contained in the packet headers.

• You can configure QoS settings to give priority to VoIP traffic over other network traffic. This helps ensure that there will be enough bandwidth available for VoIP traffic.

High latency

Latency is the amount of time it takes to send a network request and receive a response back.

• High latency causes VoIP callers to talk over each other because the delay between the user speaking and the other user hearing what is said can be a few seconds.

• Experts advise that 150 milliseconds one way is the maximum level of latency that is acceptable in VoIP systems.

• The lower the latency, the better the VoIP quality will be.

• When a VoIP server is hosted in the cloud, network latency may increase due to internet latency.

Jitter

Jitter is the variation in the latency of VoIP packets. The goal is to have a steady stream of data packets during a VoIP call.

• Latency fluctuation during a call can cause unusual sound effects (minor pauses, jumps, choppiness).

• When troubleshooting jitter, first check QoS settings.

• You can configure VoIP endpoints with jitter buffers.

  • Jitter buffers add delays and can introduce latency issues.

  • Identify and correct the sources of jitter before considering jitter buffers.

Common causes of jitter include:

• Network congestion.

• Using a wireless network for VoIP communication.

• Bad hardware.