Fritz ECSA is owner and chief executive officer of The Computer Network Defense Group in Owings Mills, Maryland, providing executive-level strategic and tactical information assurance a
Trang 2TEChNICAl EdITor
robert J Shimonski (MCSE) is an entrepreneur, a technology consultant, and
a published author with more than 20 years of experience in business and
technology Robert’s specialties include designing, deploying, and managing
networks, systems, virtualization, storage-based technologies, and security
analysis Robert also has many years of diverse experience deploying and
engineering mainframes and Linux- and Unix-based systems such as Red
Hat and Sun Solaris Robert has in-depth work-related experience with deep
practical knowledge of globally deployed Microsoft- and Cisco-based systems
and stays current on the latest industry trends Robert consults with
busi-ness clients to help forge their designs, as well as to optimize their networks
and keep them highly available, secure, and disaster-free
Robert was the technical editor and a contributing author to Sniffer
Pro Network Optimization & Troubleshooting Handbook, (ISBN:
978-1-931836-57-9, Syngress), the technical editor for Security+ Study Guide
and DVD Training System, (ISBN: 978-1-931836-72-2, Syngress), lead
author and technical editor for Network+ Study Guide & Practice Exams:
Exam N10-003, (ISBN: 978-1-931836-42-5, Syngress), and technical
edi-tor and a contributing author to Building DMZs for Enterprise Networks,
(ISBN: 978-1-931836-88-3, Syngress) Robert was most recently a
contrib-uting author to Microsoft Vista for IT Security Professionals, (ISBN:
978-1-59749-139-6), a contributing author to The Real MCTS/MCITP Configuring
Microsoft Windows Vista Client Exam 70-620 Prep Kit, (ISBN:
978-1-59749-233-1, Syngress), and technical reviewer for The Real MCTS/MCITP
Windows Server 2008 Configuring Active Directory Exam 70-640 Prep
Kit, (ISBN: 978-1-59749-235-5, Syngress) Robert can be found online at
www.shimonski.com
TEChNICAl rEvIEwEr
Naomi Alpern currently works for Microsoft as a consultant specializing in
unified communications She holds many Microsoft certifications,
includ-ing an MCSE and MCT, as well as additional industry certifications such as
Trang 3Citrix Certified Enterprise Administrator, Security+, Network+, and A+ Since the start of her technical career she has worked in many facets of the technology world, including IT administration, technical training, and, most recently, full-time consulting She likes to spend her free time reading cheesy horror and mystery novels when she isn’t browsing the Web She is also the mother of two fabulous boys, Darien and Justin, who mostly keep her running around like a headless chicken
CoNTrIBuTING AuThorS
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet specialist/
programmer with the Niagara Regional Police Service In addition to design-ing and maintaindesign-ing the Niagara Regional Police’s Web site (www.nrps.com) and intranet, he has also provided support and worked in the areas of pro-gramming, hardware, database administration, graphic design, and network administration In 2007, he was awarded a police commendation for his work on developing a system to track high-risk offenders and sexual offend-ers in the Niagara region As a part of an information technology team that provides support to a user base of more than 1,000 civilian and uniformed users, his theory is that when the users carry guns, you tend to be more motivated in solving their problems
Michael was the first computer forensic analyst in the Niagara Regional Police Service’s history, and for five years he performed computer forensic examinations on computers involved in criminal investigations The com-puters he examined for evidence were involved in a wide range of crimes, including homicides, fraud, and possession of child pornography In addition
to this, he successfully tracked numerous individuals electronically, in cases involving threatening e-mail He has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials
Michael has previously taught as an instructor for IT training courses on the Internet, Web development, programming, networking, and hardware repair He is also seasoned in providing and assisting in presentations on Internet safety and other topics related to computers and the Internet Despite this experience as a speaker, he still finds his wife won’t listen to him Michael also owns KnightWare, which provides computer-related ser-vices like Web page design, and Bookworms, which provides online sales of merchandise He has been a freelance writer for over a decade and has been published over three dozen times in numerous books and anthologies When
he isn’t writing or otherwise attached to a computer, he spends as much time as possible with the joys of his life: his lovely wife, Jennifer; darling
Trang 4daughter, Sara; adorable daughter, Emily; charming son, Jason; and beautiful
and talented daughter, Alicia
dustin l Fritz (ECSA) is owner and chief executive officer of The Computer
Network Defense Group in Owings Mills, Maryland, providing
executive-level strategic and tactical information assurance and systems security
consulting services He specializes in information operations conditions;
information assurance vulnerability management; risk and vulnerability
assessments; certification and accreditation; security awareness and
plan-ning; configuration management; and incident response team development
Dustin has over 10 years of information assurance and computer network
defense (CND) experience, with core foundations in creating enterprisewide
CND strategies for the Department of the Navy, realigning incident response
throughout the United States Pacific Fleet, and implementing the first ever
Information Operations Condition response team (IRT) Dustin’s
contribu-tions and outstanding achievements in network security have been
consis-tently recognized over the years by the United States Navy; most recently in
November 2007 for his actions in attaining 100 percent readiness for all
For-ward Deployed Naval Forces (FDNF) Dustin holds a bachelor’s of science in
information systems security from Westwood College in Denver, Colorado
He is an active member of the IEEE, Association of Information Technology
Professionals (AITP), and the Cyber Warfare Forum Initiative (CWFI) He
also does public speaking and mentoring, and he is the technical editor of
Syngress’s book titled Dissecting the Hack: The Forbidden Network.
He expresses his thanks to his wife for her continuous support, to Jayson
E Street for putting him in touch with Syngress, and to Gary Byrne and
Rachel Roumeliotis of Syngress – all whose help and support have made his
contribution to this book possible
Mohan Krishnamurthy Madwachar is the GM–Network Security at Almoayed
Group in Bahrain Mohan is a key contributor to Almoayed Group’s projects
division and plays an important role in the organization’s security initiatives
including network, information, and physical security Mohan has a strong
networking, security, and training background His tenure with companies
such as Schlumberger Omnes and Secure Network Solutions India adds to
his experience and expertise in implementing large and complex network
and security projects Mohan holds leading IT industry-standard and vendor
certifications in systems, networking, and security
Mohan would like to dedicate his contributions to this book to his beloved
wife, Pallavi
Trang 5Mohan has coauthored six books published by Syngress: Designing &
Building Enterprise DMZs (ISBN: 1597491004), Configuring Juniper Net-works NetScreen & SSG Firewalls (ISBN: 1597491187), How to Cheat at Securing Linux (ISBN: 1597492078), How to Cheat at Administering Office Communications Server 2007 (ISBN: 1597492126), Microsoft Forefront Security Administration Guide (ISBN: 1597492447), and The Real MCTS/ MCITP Windows Server 2008 Configuring Applications Infrastructure Exam 70-643 Prep Kit (ISBN: 1597492478) He also writes in newspaper columns
on various subjects and has contributed to leading content companies as a technical writer and a subject matter expert
Scott Sweitzer (CCNA, CCAI, MCSE, MCSA, MCITP, MCTS, MCP+I,
MCT, A+, Network+, Server+, INet+, HTI+, DHTI+) is a technical trainer with ComputerTraining.com He currently works with career-changing stu-dents, providing Microsoft training in Indianapolis, Indiana His specialties include Cisco routers and LAN switches, Microsoft Windows NT4-2008, virtualization, and Update services He also works with home technology integration projects
In addition, Scott is the owner of consulting companies MicrosoftITPros com and TrainingMicrosoft.net, where he works with the small and medi-um-sized business market Scott’s background also includes positions such
as a department chair of technology programs at Indiana Business College and systems engineer at the Systems House
Scott and his wife, Robin, and two daughters, Delaney and Emilee, cur-rently reside in a suburb of Indianapolis
Trang 6ExAM oBJECTIvES IN ThIS ChApTEr
loGICAl NETworKING TopoloGIES 14
phySICAl NETworKING ModElS 24
INTroduCTIoN
Networks have been around for many years, long before the first home
computer was ever designed or created Other forms of networking have
been around since the dawn of time Today, designing, planning,
imple-menting, deploying, and managing computer networks is somewhat of a
never-ending journey into technology as it develops and integrates,
stan-dardizes and grows It’s amazing to see where the computer networks are
today from just 15 years ago Now, more than ever, computer networks
are relied upon to produce not only data in the form of files or
connectiv-ity to a printer for printing, but also everything from surfing the Internet
securely to making a call from New York to Tianjin, works off of the
power of a network Wired to wireless, satellites in the sky to home PC
networks allow two computers in your home to share the Internet at the
same time This is all done through networking The wonderful world
of networking is colorful, exciting, and is growing each and every day
Routers, switches, and other infrastructure devices are deployed every
day from companies such as Cisco, Juniper, Nortel, and 3Com to name a
few So who deploys them? Who plans, designs, and leads the way for all
of this equipment to be planned, purchased, implemented, and managed?
Each and every day technology grows more and more complicated, and it
evolves as we do
Network Fundamentals
Trang 7By the end of this chapter, you will have learned what a network is, and you will start to build upon the initial concepts you need to develop to become
a network technician, as well as to pass the Network+ exam In this chapter,
we cover a brief history on the development of networks, as well where they originated from and where they are heading We also cover the fundamental terminology you absolutely must know to perform your duties as a network technician and to pass the CompTIA Network+ exam
We cover network models such as centralized and decentralized, the differences between a local area network (LAN) and a wide area network (WAN) Network topologies such as bus, ring, mesh, and star are covered, as well as a discussion on wired and wireless networks
We then cover the Institute of Electrical and Electronics Engineers (IEEE), which is a standards committee aimed at making things in networking stan-dardized, and easier to support and maintain We cover in detail the most common standards, testable on the exam Finally, we cover Requests for Comments (RFCs), a common source for networking professionals to get the definitive source on networking knowledge So let us start from the very beginning, what exactly is a network anyway?
whAT IS A NETworK?
Even someone who’s new to computers has experienced the basic concept of networking; it is the difference between standing alone or being part of a group Networks are systems that are interconnected in some way and provide a method of communication If you think of your own experiences, you’ve prob-ably networked with groups of colleagues, and perhaps discussed how you’re planning on taking the Network+ exam Doing so provided a method of shar-ing information and possibly opened avenues to accessshar-ing important resources Computers are the same; they can be standalone, or part of a network
A computer network exists when two or more machines are connected together, thereby allowing them to share data, equipment, and other resources Using a combination of software and hardware the computers gain added functionality, including the ability to:
Transfer data between machines
■
■
Save and access files on the same hard disks or other storage devices
■
■
Share printers, scanners, modems, and other peripheral devices
■
■
Allow messages to be exchanged via e-mail, instant messaging, and
■
■
other technologies
Trang 8Although networks may provide similar functions, they can be as different
from one another as groups of people Networks are characterized by a
number of factors, which we’ll discuss later in this chapter and throughout
this book Some of the elements that will define your network and make it
different from others include:
Hardware, such as network interface cards (NIC) or network
■
■
adapters, that allow computers to transmit and receive data across
the network; or routers, switches, and hubs that passes the data to
other computers or networks
Media, which consists of cables or wireless technologies that carry
■
■
the data across the network
Protocols, which are sets of rules that control how the data is sent
■
■
between computers The most popular of these is the protocol used
on the Internet, Transmission Control Protocol/Internet Protocol
(TCP/IP), while other protocols used on networks include IPX/SPX
and AppleTalk
Topology, which is shape of the network It defines how the network
■
■
is designed and describes how computers are connected together
(discussed later in this chapter)
Network type, which defines the size of the network and its
■
■
scale within a geographical area (discussed later in this
chapter)
Network model, which determines the levels of security available to
■
■
the network, and the components needed to connect the computers
together (discussed later in this chapter)
Access, which determines who can use the network and how, and if
■
■
features of the network are available for private or public use
Network operating systems (NOS), such as Windows, NetWare, and
■
■
Linux A NOS may be used on a server, which is a computer that
provides services to numerous computers, and/or installed on
com-puters that are used by individual users of the network In some
cases, such as with Novell NetWare, additional software may need
to be installed on computers that use the server, who are referred to
as clients.
Other software and services, such as whether the network provides
■
■
access to internal Web sites, e-mail, databases, and so forth
Trang 9As you can imagine, these factors influence the design of networks, so they aren’t consistently the same Networks may use different protocols, topologies, and other elements that make them unique This means that you can look at two networks in two different homes or businesses, and they can be completely different from one another
Despite this, there are similarities that will exist between different net-works In all cases, a computer is configured to use the network (either by configuring its operating system (OS) or installing client software) and has a device capable of transmitting and receiving data, such as a network adapter
or modem Using a protocol like TCP/IP, it communicates with other com-puters, and sends data over media (i.e cables or wireless) to a device (i.e hub, router, or switch) that will send the data to its destination (i.e another computer or device, such as a printer) Although the specifics may vary greatly, the basic aspects of a network remain the same
what Is an Internetwork?
Just as computers can be connected together, so can networks An internet-work exists when two or more netinternet-works that are connected together By con-necting networks together, different businesses or locations can share data between their systems
Internetworks are particularly important in organizations where sharing data is vital to its ability to function or operate effectively For example, the police may have a network of computers in their cars, which connects to a
hEAd oF ThE ClASS…
putting Things in perspective
Many people who are new to networks may find the
concepts overwhelming and difficult to process in their
own mind A good way of putting these concepts into
perspective is to compare it to something that’s already
familiar This not only makes it easier to understand,
but also provides mental cues that make it easier to
remember.
With networking, you might compare it to making a
telephone call A phone is a device that’s used to
trans-mit and receive information like a network adapter
When a call is made, you enter a number that uniquely
identifies whomever you want to communicate with
On a TCP/IP network, this is called an Internet Protocol
(IP) address This information is sent over a telephone network and routed to the person you’re calling, just
as a computer network sends data over various media and uses routers to ensure the correct computer gets the data being exchanged Once you connect with the person you’re calling, you use rules to communicate (such as not talking at the same time, or saying “Hello” and “Goodbye” to indicate the beginning and end of a conversation), just as networked computers use pro-tocols to communicate and control how data is sent Just as you don’t consider what’s involved when you pick up a phone and call someone, many of the issues related to networking either aren’t considered or are invisible to users.
Trang 10network of computers located in police stations If you’re pulled over by the
police, the officer may check your license plate number on the computer in
his or her car This computer would connect to a server used by the network
of cars, and then pass along the request to a server on a different network
that’s used by other members of the organization, such as a records
depart-ment If additional information was requested, the request might also be
sent to networks belonging to state/provincial or federal police By
internet-working these different systems, the police can determine if the car is
sto-len, if it was used to commit a crime, or if the owner is wanted or believed
dangerous
As you’ve probably guessed from the name, the largest internetwork is the
Internet The Internet originated as a Department of Defense (DOD) project
in 1969, when the cold war was still going on between the West and the
for-mer Union of Soviet Socialist Republics (USSR) Under the direction of the
DOD’s Advanced Research Projects Agency (ARPA), the goal was to create a
network that could withstand a nuclear attack If any part of ARPANet was
destroyed, the other parts of it would continue to function Initially
connect-ing four universities (University of California Los Angeles (UCLA), Stanford
Research Institute, University of California Santa Barbara, and University
of Utah), it allowed researchers and government to exchange information
and quickly grew to include other organizations Using the TCP/IP protocol
suite that ARPA developed, additional computers and networks were added
over the years, until finally in 1990, ARPANet was disbanded and removed
from the Internet Today, hundreds of millions of computers and networks
connect to the Internet, making it a fundamental method of communication
and data exchange
Internetworks and the Internet aren’t to be confused with intranets
Intra-nets use the same technologies and features of the Internet, such as
Inter-net browsers, Web sites, and so on This allows users of a Inter-network to view
documents, distribute data, share employee information, access shared
data-bases, online programs, and other components that are needed or wanted by
an organization The major difference between an intranet and the Internet
is that an intranet is used internally Although the Internet allows the public
to view Web pages and other resources, intranets are private and available to
employees of a company
A Brief history on Networking and Communications
Although the Network+ exam won’t quiz you on the history, it is
never-theless important to understand past achievements and how we’ve reached
our present state of technology The history of networking and
communica-tions is rich and complex, stretching over a hundred years in the past, with