A+ NETWORK+ SECURITY+ EXAMSIN A NUTSHELL phần 7 ppt

Microsoft renamed it as Routing and Remote Access Service RRAS in Windows 2000 Server and later operating systems.. A Remote Access Server is configured to provide connectivity to remote

purposes Most cable modems support bandwidths from 1.5 to 3 Mbps forInternet access The cable modem usually supports up to 10 Mbps data speeds forthe LAN The actual Internet access speed depends on the utilization of theshared cable signals in the area The available bandwidth is always shared withother users in the area and may vary from time to time In the periods of peakusage, the speed may be low compared to the periods when usage is low.

Both broadband and baseband are signaling technologies In simpleterms, the broadband technology supports transmission of multiplesignals, while the baseband technology supports transmission ofonly one signal at a time Most computer networks employ the base-band technology The broadband technology is used for cable TV

Plain Old Telephone System/Public Switched Telephone Network (POTS/PSTN)

POTS and PSTN are the traditional methods of Internet access These are dial-up

methods; the user has to dial the telephone number of the ISP to authenticate andget Internet connectivity The telephone line is connected to a modem that isfurther connected to a serial or USB port of the user’s computer Most computershave built-in modems that can be directly connected to the telephone line In casethe model is connected to an external port such as the serial or the USB port, itssoftware driver must also be installed

POTS and PSTN provide a maximum data transfer speed of 56 Kbps There areseveral ISPs that offer dial-up Internet access Depending on the area in which theuser lives, one must be careful while selecting the ISP Most ISPs provide addedfeatures, such as free email accounts and access to newsgroups, and some evenoffer small web site for the user

Satellite

In such areas where DSL or cable is not available, satellite Internet is the onlyoption for high-speed Internet access For this reason, it is commonly used inrural areas The signals travel from the ISP to a satellite and then from the satellite

to the user The data transmission speeds vary from 512 Kbps (upload) to 2 Mbps(download) Major drawbacks of satellite Internet access are that it is expensive,and it offers low transfer speeds compared to DSL and cable

Satellite Internet access suffers from propagation delays or latency problems.

Latency refers to the time taken for the signal to travel from the ISP to the satelliteand backto the user The signals have to travel to a satellite located in the geosta-tionary orbit that is about 35,000 Km away This means that the signals have totravel approximately 70,000 Km before they reach the user Latency also depends

on atmospheric conditions This might be a problem for businesses or home usersthat rely on real-time applications

Wireless

Wireless Internet access is used by portable devices such as laptop computers,

PDAs, mobile phones, and other handheld devices A wireless Internet service

provider (WISP) usually creates hotspots at airports, hotels, coffee shops and other

places where people are likely to visit and connect to the Internet The WISP

installs one or more wireless Access Points (APs) near the hotspot to share the

Internet connection Most of the newer handheld and portable devices include abuilt-in wireless adapter A wireless connection is automatically detected andconfigured in most cases Anyone who is in the close proximity of the AP canconnect to the Internet almost immediately

Remote Access Protocols and Services

Remote Access refers to connecting to and accessing the shared resources located

on the remote network All major network and desktop operating systems havebuilt-in support for remote access There are several different techniques to estab-lish remote access connections There are also a variety of standards and protocolsused for encryption and authentication to provide security for Remote AccessServices In this section, we will take a look at different remote access protocolsand services

Remote Access Service (RAS)

RAS is Microsoft’s implementation of remote access protocols and standards It isavailable on all Windows Server operating systems Microsoft renamed it as

Routing and Remote Access Service (RRAS) in Windows 2000 Server and later

operating systems A Remote Access Server is configured to provide connectivity

to remote clients that support remote access protocols This server acts as agateway for the organization’s internal network The Remote Access Serverauthenticates the remote clients before they are allowed access to resourceslocated on other internal servers

Serial Line Internet Protocol (SLIP)

SLIP is an older remote access protocol that provides point-to-point connectionsover TCP/IP using serial connections It was mainly used on Unix platforms.Security is a main concern with SLIP because all usernames and passwords aretransmitted in clear text It does not support any methods for encryption or secureauthentication Besides this, it does not ensure guaranteed delivery of databecause of the absence of any error detection, correction, or packet-sequencingmechanisms In most major networkoperating systems, Point-to-Point Protocol(PPP) has replaced SLIP

Point-to-Point Protocol (PPP)

PPP is the standard protocol for remote access due to its clear advantages overSLIP and added security features It is a protocol suite that includes several proto-cols It is a cross-platform protocol and works with all major operating systemenvironments, including Windows, Unix/Linux, NetWare, and Mac OS

PPP allows encryption of remote user credentials during the authenticationprocess It also allows administrators to select an appropriate LAN protocol foruse over the remote connection Administrators can choose from NetBEUI,NetBIOS, IPX/SPX, AppleTalk, or TCP/IP PPP supports several protocols for

authentication, such as PAP, SPAP, CHAP, MS-CHAP, and EAP The trator can configure multiple protocols, depending on the requirements of remoteclients.

adminis-PPP Over Ethernet (adminis-PPPoE) PPPoE is a combination of PPP and Ethernet protocols Itencapsulates the PPP information inside an Ethernet frame This enables multipleusers on a local Ethernet networkto share the remote connection through acommon device For example, multiple users can share the same Internet connec-tion through the cable modem simultaneously

Although all users on the Ethernet networkshare a single physical connection tothe remote network, PPPoE allows administrators to configure individual authen-tication for each user PPPoE also enables administrators to trackconnectionstatistics (such as the connection time) of individual users

Virtual Private Networking

As the name suggests, a Virtual Private Network (VPN) provides a secure means of

communication between remote users of an organization, between different tions of an organization, or between distinct organizations The communicationtakes place using a public network such as the Internet VPN provides a cost-effective way to provide connectivity to remote users of the organization Thistechnology saves costs for those organizations that have a large number of tele-commuting employees These employees can connect to internal resources of theorganization from anywhere because of the global availability of the Internet Allemployees need to do to connect to the organization’s networkis to simplyconnect to the local ISP VPN technologies employ secure authentication and datatransmission protocols that workby creating a tunnel in the publicly accessiblenetwork(Internet) The tunneling protocols encapsulate authentication and otherdata within other packets before transmitting over the Internet

loca-VPN is composed of the following components:

Used to transfer data from one point to another over the Internet

Encapsulating Protocols (tunneling protocols)

Used to wrap the original data before it is transmitted over the Internet.PPTP, L2TP, IPSec, and Secure Shell (SSH) are examples of encapsulatingprotocols

VPN can be implemented in one of the following ways:

Remote Access VPN

This is also known as Private Virtual Dial-up Network (PVDN) This type of

VPN provides remote access to remote users over the Internet The remoteuser is responsible for creating the tunnel and starting the communication.Remote Access VPN is a great solution for an organization that has a largenumber of users spread across different locations By using VPN technolo-gies, organizations can save on costs involved in having users directly dial in

to the organization’s internal network

Site-to-Site VPN

This is also called an Intranet and is established between different offices of

the same organization spread across multiple physical locations This can be

a very cost-effective solution because the organization does not have to tain dedicated WAN connections between physically separated locations.Software-based VPNs require proper planning and secure implementations,

main-as these are prone to the vulnerabilities of the operating system Hardwareimplementations are expensive but are generally more secure than their soft-ware counterparts

As noted earlier, VPN essentially depends on a tunneling protocol to successfullyand securely transmit data from one location to another using the Internet Thechoice of tunneling protocol depends on the solution chosen to implement aVPN The tunneling process is usually transparent to the end user, who only has

to provide appropriate credentials to gain access to internal resources of the nization The only requirement is that each end of the tunnel must be able tosupport the selected tunneling protocol Tunneling protocols are discussed later

orga-in this chapter

Remote Desktop Protocol (RDP)

RDP is used in Microsoft’s Windows networks to provide a connection to a serverrunning Microsoft Terminal Services With Terminal Services, clients connect andrun applications on the terminal server as if they are located on the localcomputer Terminal Services either run in Remote Administration Mode or inApplication Server Mode With Windows Server 2003 and later operatingsystems, the Remote Administration Mode has been replaced with the RemoteDesktop feature

Clients for Terminal Services include most versions of Windows and other ating systems such as Unix/Linux and MAC OS Windows XP Professional andWindows Server 2003 have built-in remote desktop clients RDP uses TCP portnumber 3389 by default

oper-Security Protocols

Networksecurity depends on effective use of security protocols A variety ofprotocols are available for implementing security in networks, and administratorsmust select appropriate protocols in order to provide a secure working environ-ment Some of the security protocols covered on the Network+ exam are covered

in this section

IP Security (IPSec)

Internet Protocol Security (IPSec) is a standardized frameworkused to secure IP

communications by encrypting and authenticating each IP packet in a datastream This protocol ensures confidentiality and authentication of IP packets sothat they can securely pass over a public network, such as the Internet IPSec isconsidered to be an “open standard” because it is not bound to a particular appli-cation, authentication method, or encryption algorithm

IPSec is implemented at the Networklayer (Layer 3) of the OSI model It is made

up of the following two components:

Authentication Header (AH)

The AH secures data or payload by signing each IP packet to maintain itsauthenticity and integrity

Encapsulating Security Payload (ESP)

The ESP protocol also ensures authenticity and integrity of data but addsconfidentiality to the data using encryption techniques

AH and ESP can either be used together or separately When AH and ESP areused together, the sender and receiver of data can be assured of complete secu-rity IPSec can be implemented in any of the following modes:

Transport mode

When implemented in transport mode, only the payload (the actual message

or data) inside the IP packet is encrypted during transmission The transportmode is generally implemented in host-to-host communications over VPNs

or inside a LAN

Tunnel mode

When implemented in tunnel mode, the entire IP packet is encrypted Theadded security comes at the cost of transmission speed Tunnel mode IPSec isimplemented in gateway-to-gateway VPNs

IPSec authentication As noted earlier, IPSec ensures authenticity, integrity, andconfidentially of data IPSec uses the Internet Key Exchange (IKE) mechanism toauthenticate the two ends of the tunnel by providing a secure exchange of sharedsecret keys before the transmission starts Both ends of the transmission use a

password known as a preshared key Both ends exchange a hashed version of the

preshared key during IKE transmissions Upon receipt of the hashed data, it isrecreated and compared A successful comparison is required to start thetransmission

IPSec can also be used for digital signatures A digital signature is a certificate

issued by a third-party Certificate Authority (CA) to provide authenticity and

non-repudiation Non-repudiation means that the sender cannot deny that he sent the

data and can be held responsible for the sent data or message

Point-to-Point Tunneling Protocol (PPTP)

PPTP is a popular tunneling protocol used to implement VPNs PPTP uses TCPport 1723, and It works by sending a regular PPP session using Generic Routing

Encapsulation (GRE) protocol PPTP is easy to configure and supports all majornetworkand desktop operating systems such as Windows, Unix/Linux, andMAC Due to its low administrative costs, PPTP is the choice of many administra-tors for VPNs that require medium security It is commonly used in Microsoftnetworks, as is Microsoft Point-to-Point Encryption (MPPE), which is used forencrypting data

Following are some of the limitations of PPTP:

• It cannot be used if the RAS servers are located behind a firewall

• It works only in IP networks

• When used alone, PPTP does not provide encryption for authentication data.Only the transmissions after the initial negotiations are encrypted

Layer 2 Tunneling Protocol (L2TP)

L2TP is another tunneling protocol that is widely supported by most vendors inthe IT industry It uses the Data Linklayer (Layer 2) of the OSI model to carrydata from one point of the tunnel to another over the Internet This protocol usesUDP port 1701 for transport L2TP offers combined benefits of the PPTP and theL2F (Layer 2 Forwarding) protocol from Cisco It was considered a majorimprovement over PPTP but still lacks encryption capabilities when used alone Acombination of L2TP and IPSec is generally used to provide secure transmissionsfor VPN connections L2TP/IPSec can be used behind firewalls, provided UDPport 1701 is opened for incoming and outgoing packets Besides this, both ends ofthe communications must support the L2TP/IPSec protocols

Some of the advantages of using a L2TP/IPSec combination over PPTP for menting VPNs include the following:

imple-• L2TP/IPSec requires two levels of authentication: computer or ware authentication, and user-level authentication

networkhard-• IPSec provides confidentiality, authentication, and integrity for each packet.This helps prevent replay attacks PPTP provides only data confidentiality

• IPSec establishes security associations during the transmission of the level authentication process This ensures that the authentication data is notsent unencrypted

user-• L2TP/IPSec supports use of RADIUS and TACACS+ for centralized cation, while PPTP does not

authenti-• L2TP/IPSec can be used on top of several protocols such as IP, IPX, and SNA,while PPTP can only be used with IP

Secure Socket Layer (SSL)

SSL is an encryption protocol popularly used for Internet-based transactions such

as online banking and e-commerce This protocol is based on public key tion mechanisms SSL provides end-to-end security for Internet communications

encryp-by using encryption In typical implementations, only the server component isrequired to use public keys for authentication For example, when you access asecure server on the Internet that uses SSL, the address of the web site begins with

When both the client and the server need to authenticate each other, the SSLcommunications start with the following steps:

• Both the client and the server negotiate the encryption algorithm

• The client and the server exchange session keys using public key-basedencryption

• The client and the server authenticate each other using certificates

• Communications start, and all traffic is encrypted using a symmetric cipher.The client and the server negotiate a common encryption algorithm and a hashingalgorithm For end-to-end security using SSL, a Public Key Infrastructure (PKI) isrequired Both the server and the client must be SSL-enabled to communicate over

a secure channel

Transport Layer Security (TSL) is the successor of Secure SocketLayer (SSL) but can be scaled down to the SSL mode for backward-compatibility

Wired Equivalent Privacy (WEP)

WEP is a security protocol used mainly for IEEE 802.11 wireless networks.Because wireless networks communicate using radio signals, they are susceptible

to eavesdropping Eavesdropping refers to the monitoring and capturing of signals

as they travel over networkmedia WEP is designed to provide a comparableprivacy (confidentiality) to a wired network When sending data over radiofrequencies, a WEP-enabled client adds a 40-bit secret key to the data while it is

passed through an encryption process The resulting data is called cipher text On

the receiving end, the data is decrypted using the secret key to recover the plaintext

Initial implementations of WEP used a 40-bit encryption key and were not ered very secure It was still better than not using WEP at all Soon, a number oftools appeared that could crackthe WEP keys A later version of WEP uses 128-bit encryption keys, which is more secure than the earlier version

consid-Wi-Fi Protected Access (WPA)

WPA is used for secure access to wireless networks, and it overcomes many nesses found in WEP It is backward-compatible with wireless devices thatsupport WEP, but use of large encryption keys makes it a better choice than WEP.The following are some of the features of WPA:

weak-• It provides enhanced data encryption security by using a Temporal Key rity Protocol (TKIP) TKIP scrambles encryption keys using a hashing algo-

Integ-rithm At the receiving end, the hash value of the key is passed through anintegrity checkto ensure that the key has not been tampered with duringtransmission

• WPA uses several variations of Extensible Authentication Protocol (EAP) andpublic key cryptography

WPA can also be used in personal mode or a preshared key mode Each user must

know and use a paraphrase to access the wireless network A paraphrase is a short

text message that is configured on all wireless devices In other words, it is thesecret key shared by all wireless devices on a network The preshared key mode isless secure than the standard mode but allows small offices or home networks tosecure wireless transmissions This is particularly useful for small organizations

that cannot afford the cost of implementing PKI.

802.1x

802.1x is a secure authentication protocol standard used in wired and wirelessnetworks to provide port-based access control This standard was mainly devel-oped to provide enhanced security to WLANs 802.1x provides secure point-to-point connection between a WAP and a host computer This protocol is based onExtensible Authentication Protocol (EAP) and is usually implemented in closedwireless networks to provide authentication The authentication process uses thefollowing two components:

When a user (the supplicant) wants access to a wireless network, the 802.1xprotocol sends the request to an access point (authenticator) After the communi-

cation begins, the supplicant is placed into an unauthorized state There is an

exchange of EAP messages between the authenticator and the supplicant, whereinthe authenticator requests the credentials of the supplicant After receiving thecredentials, the authentication request is sent to the authentication server, such asthe RADIUS server The authentication server either accepts the credentials of thesupplicant and grants access, or rejects it, thereby rejecting the connection

request If the connection is accepted, the user is placed into an authorized state.

Authentication Protocols

Authentication is the process of verifying the credentials of a user In the case of

remote access, the user connecting remotely must present one or more sets ofcredentials to get access to the Remote Access Server Once the Remote AccessServer authenticates the user, further access to networkresources is governed andlimited by the permissions set on the resources and are applicable to the remoteuser

The following are commonly used authentication protocols for remote access:

Challenge Handshake Authentication Protocol (CHAP)

The CHAP authentication protocol is very commonly used for remote access.When the remote linkis established, the user is sent a challenge text Theremote user responds with a shared secret in encrypted form using an MD5

hashing algorithm The user is authenticated only if the secret matches theone stored on the Remote Access Server CHAP periodically verifies the iden-tity of the user by sending challenge text at random times during theconnection.

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

MS-CHAP is Microsoft’s implementation of the CHAP authenticationprotocol used on Windows systems It is a password-based authenticationmechanism that is more secure than CHAP MS-CHAP is an earlier version ofMS-CHAPv2 that supports only one-way authentication MS-CHAPv2supports two-way authentication in which both client and server authenti-cate each other using encrypted passwords

Password Authentication Protocol (PAP)

PAP is the oldest and most basic form of authentication in which the name and password are transmitted in clear text over the dial-up network.The transmissions are unencrypted and insecure

Extensible Authentication Protocol (EAP)

EAP is the most secure of all authentication mechanisms It enables the use of

a variety of encryption methods for remote access, VPN, and wired and less LANs It supports the use of smart cards for secure authentication

wire-Shiva Password Authentication Protocol (SPAP)

SPAP is used for authentication to Shiva Remote Access Servers This protocol

is more secure than PAP but not as secure as CHAP, MS-CHAP, or EAP

Remote Authentication Dial-in User Service (RADIUS)

RADIUS is used to provide centralized authentication for remote users connecting

to the internal networkof an organization through simple dial-up, VPN, or less connection When a remote user needs access to the internal resources of anorganization, he must provide his credentials to the NetworkAccess Server(NAS) The NAS, in turn, sends the user’s credentials to the RADIUS server forauthentication If the RADIUS server authenticates the user, the connectionrequest is accepted; otherwise, it is refused

wire-A Rwire-ADIUS server can either workas a standalone server to authenticate allconnection requests coming from outside users, or it can be a part of a distrib-uted RADIUS setup Larger organizations deploy multiple RADIUS servers todistribute the authentication load among multiple RADIUS servers RADIUSservers support several popular protocols such as PAP, PPP, CHAP, and EAP.When a remote or wireless user sends a connection request, the RADIUS authen-tication process takes place as follows:

1 When the user attempts to connect to the RAS server, he is asked to supplyhis credentials, which in most cases are the username and password

2 The RAS server encrypts the credentials of the user and forwards the request

to the RADIUS server

3 The RADIUS server makes an attempt to verify the user’s credentials against

a database

4 If the user’s credentials match those stored in the centralized database, the

server responds with an access-accept message If the user’s credentials do not match the stored credentials, the server sends an access-reject message.

5 The RAS server acts upon receipt of access-accept or access-reject messagesand grants or denies a connection to the remote user appropriately

6 If the connection is granted, the RADIUS server may also be configured toautomatically assign an IP address to the remote client

Kerberos

Kerberos is a cross-platform authentication protocol used for mutual tion of users and services in a secure manner Kerberos v5 is the current version ofthis protocol The protocol ensures the integrity of data as it is transmitted overthe network It is widely used in all other major operating systems, such as Unixand Cisco IOS The authentication process is the same in all operating systemenvironments

authentica-Kerberos protocol is build upon Symmetric Key Cryptography and requires atrusted third party Kerberos works in a Key Distribution Center (KDC)—which is

usually a network server—used to issue secure encrypted keys and tokens (tickets)

to authenticate a user or a service The tickets carry a timestamp and expire assoon as the user or the service logs off The following steps are carried out tocomplete the authentication process:

1 The client presents its credentials to the KDC for authentication by means ofusername and password, smart card, or biometrics

2 The KDC issues a Ticket Granting Ticket (TGT) to the client The TGT is associated with an access token that remains active until the time client is

logged on The TGT is cached locally and is used later if the session remainsactive

3 When the client needs to access the resource server, it presents the cachedTGT to the KDC The KDC grants a session ticket to the client

4 The client presents the session ticket to the resource server, and the client isgranted access to the resources on the resource server

The TGT remains active for the entire active session Kerberos is heavily dent on synchronization of clocks on the clients and servers Session ticketsgranted by the KDC to the client must be presented to the server within the estab-lished time limits; otherwise, they may be discarded

depen-Network Implementation

This section of the Study Guide focuses on the implementation of the network.Implementing a networkis certainly not the job of a single networktechnician oradministrator It involves several steps that start from planning Making a goodnetworkimplementation plan requires that the responsible team of administra-tors considers all aspects of implementation, such as the organization’srequirements, choice of networkoperating system, application support, securityissues, and disaster recovery plans

A single administrator cannot be expected to have the required knowledge andskills in all areas of network implementation But, at the same time, each member

of the team is expected to have a basic knowledge of essential components of thenetwork You will need to have a basic understanding of different network oper-ating systems and their interoperability issues You will also need to know thetools required for networkinstallation and troubleshooting You must be aware ofthe security issues and how the firewalls and proxy servers can be used to securenetworkresources Finally, a disaster recovery plan must be in place to recoverfrom unforeseen situations, such as fire or floods

Network Operating Systems (NOS)

NOS provides the basic frameworkfor all computing requirements in a largenetwork The NOS used these days includes features such as file and printservices, authentication, remote access, web services, security, and client configu-ration Most vendors provide methods to integrate their NOS with otheroperating systems In this section, we will discuss some basic features of networkoperating systems and their interoperability

Linux/Unix

Linux is an open source operating system and is freely distributed With severalvendors distributing Linux code, there are many different variations of this oper-ating system—each offering different features Some of the common distributionsare Red Hat, Mandrake, SuSe, and Debian Linux is based on Unix code, andmost of the features available in Unix operating systems are also available inLinux

Authentication Linux/Unix users must supply a username and password to logonto an authentication server A list of users is kept in text files on the authentica-tion server, and the credentials supplied by users are verified from this file, which

is called /etc/passwd (and /etc/shadow) Linux also supports other authentication

mechanisms such as Kerberos, RADIUS, and LDAP On most Linux

distribu-tions, a Pluggable Authentication Module (PAM) provides an interface for

authentication PAM is a set of libraries that provides a consistent interface tomost authentication protocols

File and print services Linux servers have several features to support file and printsharing Linux uses NetworkFile System (NFS) and Virtual File System (VFS) tomanage files and folders Both NFS and VFS provide file shares to clients Oncethe share has been established, the shared files appear to be located on the localsystem Samba is used on Linux operating systems, in order to provide file access

to Windows clients Samba provides Server Message Blockfunctionality in order

to share folders and printers with Windows clients

The Linux filesystem allows administrators to control access to files and ries by assigning rights The following are some of the basic user rights:

directo-Read

Allows users to list, open, and read files

Allows users to execute (run) files.

Printing services in Linux/Unix operating systems are provided by the Line PrinterDaemon (LPD) A Linux/Unix server should have LPD services running in order

to share printers Newer versions of Linux/Unix use Common Unix PrintingSystem (CUPS), which has extended print services functionality

Application support Nearly all server applications written for the Linux operatingsystem platform are third-party applications In fact, Linux itself is an open sourceoperating system Most vendors of Linux bundle some basic applications with theoperating system The number of freely available Linux applications is muchhigher than that available for Windows and NetWare This is because there areplenty of Linux code developers who consistently provide these applications andmake them freely available

Security When configured appropriately, Linux is quite a secure operating system.Linux servers are commonly used for email, web services, and as firewalls inmedium and large networks Access to shared resources and network services onLinux servers is controlled through user permissions Each object has an associ-

ated Access Control List (ACL) that governs the users’ actions Linux ACLs are stored in text files such as hosts.allow and hosts.deny.

Users are required to authenticate to a Linux/Unix server before they can accesslocal resources This authentication is often performed by a username/passwordcombination When file permissions are configured on Linux servers, administra-tors have a variety of options to control access, depending on the requirements ofthe organization

This account has full control over all other user accounts, file permissions,and system configurations There must be at least one administrator account

on every MAC OS X server

File and print services MAC OS X supports Hierarchical File System Plus (HFS+).

HFS was originally started with MAC OS 4 and continued until MAC OS 8.1 Itsupports several advanced features (much like its competitor NTFS in Windows),such as file-level permissions, hiding file extensions, and diskquotas Journaling isone of the commonly talked about features of HFS+, which keeps a log of harddiskactivities In case there is a system crash, the journal can help the systemrecover lost files

In order to provide interoperability with other operating systems, MAC OS Xsupports other filesystems such as FAT and FAT32, NTFS (Windows NT andlater), UDF (Universal DiskFormat, used on DVDs), and ISO9660 (used on CD-ROMs) It is important to note that MAC OS X has only read-only support forNTFS

MAC OS X also supports the following file sharing protocols:

• Network Filing System (NFS) for Linux/Unix platforms

• Server Message Blocks (SMB) and Common Internet Filing System (CIFS) forWindows operating systems This functionality is achieved through Samba,which is installed on MAC OS X server by default

• Apple Filing Protocol (AFP), the native protocol under the MAC TCP/IP tocol suite

pro-Security Following the initial installation, a MAC OS X server is fairly secure Thefirst account created on the server is the administrator account Each file or folder

in MAC OS X has associated sets of permissions These permissions control thelevel of access for users and groups The creator of a file or folder is known as theowner of the object Users are collected to form groups A special group named

Everyone contains all users.

NetWare

NetWare was the operating system of choice for many organizations untilWindows and Linux started to gain massive popularity NetWare DirectoryServices (NDS) posed tough competition for Windows server operating systems.Microsoft came up with Active Directory services in Windows 2000 Server NDS

is a centralized database of networkobjects NetWare is a full-featured networkoperating system, and several networkservices such as DHCP, DNS, web, andFTP are bundled with the package It also supports strong authentication andsecurity mechanisms besides a large number of third-party applications

Authentication Like other operating systems, NetWare requires users to providecredentials—usually username and password—to get access to the resourceslocated across the network A user must supply the following pieces of informa-tion to log on to the network:

• Name of the directory tree

The Directory Context and tree names can sometimes be too complex for a user

to remember To get around this problem, it is a common practice to configurethe user’s desktop with context and tree names

File and print services NetWare filesystems workby providing users access to hard

diskpartitions, known as volumes Clients can map their diskdrives to server disk

volumes on which they have appropriate rights File permissions on NetWareservers are assigned through the use of a complex set of rights, as described in thefollowing list:

Allows users to change permissions on the file

NetWare supports Novell Distributed Print Services (NDPS) for printing support

from NetWare version 6 This version also introduced iPrint, which allows users

to locate shared printers across the network by clicking a graphical network map.Application support The NetWare operating system includes many built-in applica-tions for common networkservices, such as the DNS, DHCP, and web server Forthe most part, NetWare depends on third-party applications The support forNetWare applications is not as much as for Windows applications This is due tothe fact that NetWare has been losing market share in the recent past to itscompetitors, Windows and Linux There are still a plenty of applications avail-able for the NetWare platform

Security Access to resources in NetWare is controlled through NetWare DirectoryServices Appropriate permissions must be configured for users and groups whoneed to access shared resources, such as files, folders, and printers, located onNetWare servers User permissions in the NetWare environment are known as

rights The eDirectory remains the centralized place for storing all objects in the

network Objects are stored in containers, and configuring appropriate user rightscontrols access to container objects NetWare also allows administrators to lockthe console of servers when it is not in use A command-line utility named

scrsaver is used for this purpose.

Windows 2000 Server and Windows Server 2003

Windows 2000 Server introduced the concept of Active Directory, which is acentralized database that stores information about all objects, such as computers,users, groups, file shares, or printers This enables administrators to control theentire networkfrom a single point Another benefit is that information aboutnetworkservices and resources is not duplicated Active Directory-based

Windows networks operate in domains A domain refers to the logical part of the

Active Directory database Administrators implement group policies that can beapplied to the entire domain, or they implement smaller administrative units

called organizational units (OUs).

The servers that run the Active Directory services and store the Active Directory

database are called domain controllers In large networks, multiple domain

controllers are installed to provide fault tolerance, load balancing, and mance Servers that run other networkservices except Active Directory service are

perfor-called member servers File servers, web servers, and DHCP and RRAS servers are

some examples of member servers in Active Directory-based Windows networks

It is important to note that all domain controllers in an ActiveDirectory networkare peers and store read/write copies of thedirectory database This is different from Windows NT networkswhere only Primary Domain Controllers (PDC) stored the Read/Write copy of the directory database and Backup Domain Control-lers (BDC) existed for fault tolerance

Authentication Windows networks operate in an Active Directory domain Usersare required to log onto the domain only once in order to get access to all networkresources located on different networkservers Most of the servers runningnetworkservices (such as database servers, mail servers, routing and RemoteAccess Servers, and DNS servers) rely on Active Directory to authenticate users.Windows 2000 Server and Windows Server 2003 use Kerberos authenticationprotocol by default Other authentication protocols, such as NT LAN Manager(NTLM), are also supported for backward-compatibility with legacy Windowsclients For remote access, Windows supports PAP, CHAP, MS-CHAP, and EAPprotocols Use of biometric devices and smart cards requires special hardware.These devices also need advanced administrative skills to implement

File and print services In Windows operating systems, files and printers are sharedamong various users This taskis performed by a service called File and PrintSharing for Microsoft Networks This service is installed by default on allWindows server and desktop operating systems Administrators create shared

folders on file servers and configure permissions for users and groups Groups are

a collection of users with similar job functions Users are put into groups andgroups are assigned permissions to shared files and printers

To keep tight control on shared resource access, Windows systems enable istrators to configure two types of permissions: Share permissions and NTFSpermissions Share permissions provide an outer layer of control, while NTFSpermissions provide more granular control on file and folder access Thefollowing is a list of standard NTFS Permissions:

admin-Full Control

Grants the user all rights on the resource

Modify

Allows a user to change the contents of the file

Read and Execute

Allows a user to read the file and execute (run) it

List Folder Contents

Allows the user to list the files and subfolders inside a folder

Read

Allows a user to read a file

Write

Allows a user to write files to a folder

When a user is a member of multiple groups, the permissions assigned to him indifferent groups are combined When both share permissions and NTFS permis-sions are configured on a folder, the most restrictive of both permissions becomeseffective

NTFS permissions are available only on those diskpartitions that

are formatted using NTFS These permissions cannot be

config-ured on disks formatted with the FAT filesystem

Printers are usually installed on print servers When a printer is shared on aWindows server, it allows administrators to add appropriate drivers for Windowsclients such as Windows XP, Windows NT, Windows 98, etc This ensures thatWindows clients always use the correct version of the printer driver

Application support The Windows operating systems have the largest market share(it is believed to have about 90 percent) This is the reason that this operatingsystem provides support for a majority of software applications Microsoft itselfprovides a large number of applications for its operating systems Besides this, itsupports several third-party applications Essential networkservices—such as

DNS, DHCP, Internet Information Server (IIS), and Routing and Remote Access(RRAS)—are built into the Windows Server operating system Windows alsocomes with limited networkmonitoring tools to fine-tune the networkperformance.

Security As noted earlier, Windows uses the Kerberos authentication protocol bydefault Windows servers provide file- and folder-level security using the NTFS.Files can be stored and transmitted over the networkin encrypted form Windowssupports use of IP Security (IPSec) for secure transmission of data inside the LAN

or over a WAN For stronger security requirements, Windows has built-insupport for digital certificates to provide encryption, authentication, data integ-rity, and non-repudiation

Client support Windows Server operating systems have strong support forWindows-based desktop operating systems such as Windows XP and Windows

2000 Professional Microsoft always provides support for its legacy operatingsystems such as Windows NT Workstation, Windows ME, Windows 98, andWindows 95 On some older versions of Windows, additional software might beneeded to get full benefits of the new Active Directory features

Interoperability of operating systems Windows servers come with built-in support forUnix/Linux, MAC OS X, and NetWare desktop clients File and Print Services forMacintosh, Client Service for NetWare, etc., are some of the examples ofWindows support for other operating systems The following is a summary ofinteroperability of common operating systems:

Windows and NetWare

In older Windows desktop operating systems, Client Services for NetWare(CSNW) is installed on Windows clients to enable them to directly connect

to NetWare Servers On Windows servers, the Gateway Service for NetWare(GSNW) is used to provide Windows clients connectivity to NetWare Serversthrough Windows servers In Windows Server 2003 platforms, the WindowsServices for NetWare is available for free download from Microsoft’s web site

to provide connectivity to NetWare networks

Windows and Unix/Linux

Windows and Unix/Linux operating systems are integrated using standard

TCP/IP file transfer protocols such as FTP Clients do not need any

addi-tional software or service to interact with Unix/Linux servers On someversions of Unix and Linux, Windows Services for Unix can be used forlimited interoperability

Linux and NetWare

Most of the interoperability between Linux and NetWare servers is obtainedthrough standard TCP/IP protocols, since both operating systems supportTCP/IP Some older versions of Linux support the IPX/SPX protocol forlimited interaction with NetWare servers NetWare, on the other hand,provides several utilities in its eDirectory to interoperate with Linux servers

Network Wiring Tools

As a networktechnician, you might be required to use a number of tools fornetworkinstallation, testing, and maintenance Some of these tools are used forpreparing cables, while others are used for testing and locating cable faults Onthe Network+ exam, you must be able to identify an appropriate tool for a givennetwork task This section takes a look at some of the common network installa-tion and testing tools

Wire crimpers

A wire crimper, or a crimping tool, is used to cut cable to length and attach a

suit-able connector to it For example, you must use a crimping tool to cut a UTPcable, strip its sleeve, and then attach an RJ-45 connector to it before you canconnect the cable to a networking device Each type of cable requires a differentcrimping tool Some vendors also make crimping tools that can be used for morethan one type of cable and connector

The wire crimper looks just like a special type of pliers All you need to do is stripthe wires off their sleeves, align and insert them properly into the connectorhousing, and then press the crimping tool A clicksound indicates that the wirehas been attached to the connector You need crimping tools only if you need tomake your own cables You must know the pin configuration for connectors Forexample, connections for a UTP straight cable are different from connections for acrossover cable It is a good idea to have connection details handy You shouldalso test each piece of cable before using it on the network Untested cables cancause connectivity problems at a later stage

Punchdown tools

A punchdown tool is used to attach wires to a patch panel The patch panel is

usually a small box where all networkor telephone cables are terminated Eachindividual wire in the UTP cable is punched down to a single connection pointinside the patch panel The patch panel is usually mounted on a wall

The connector where the cable wires are attached is known as an insulation displacement connector (IDC) To use a punchdown tool, just push the wires

inside appropriate slots, place the tool on top of the wires, and slightly push itdown to fix the wires in the slots

Media testers/certifiers

Media testers, or cable testers, are used to test whether the cable is working

prop-erly Several different types of methods exist for testing cables A small multimeter

is perhaps the simplest tool for testing continuity in cables Cable continuity fies that wires are not broken It is very helpful in testing the continuity of acoaxial cable For a UTP cable, you need to test continuity for each individualwire Copper-based media testers rely on electrical signals to test the cables If theelectrical current passes through the cable without a break, the cable is consid-ered to be good

veri-Fiber optic cables are tested using optical cable testers These testers use lightsignals to test the cable instead of using electrical signals Optical cables are prone

to breakages that can prevent light signals from reaching the other end A break in

an optical cable is easy to determine, but very hard to find A special tester called

the Optical Time Domain Reflectometer (OTDR) is used to pinpoint the correct

location of the breakin an optical cable OTDR is an expensive instrument and ismostly used by professional fiber optic network installers

Tone generators

Tone generators and tone locators are devices that help find cable faults by means

of audio signals The tone generator creates an audio tone (beep) and sends it overthe cable A tone locator is attached to the other end of the cable to checkwhetherthe tone reaches there Using a tone generator is a time-consuming process, and ittakes two persons to use the device Testing cables with a tone generator is also

known as the fox and hound method The tone generator must be attached to each

individual wire separately

Loopback connectors

Loopbackconnectors/adapters are used to test the functionality of a specific port

on a networkdevice These are small connectors that are wired in such a way thatthe outgoing transmission pins are connected backto the incoming receiving pins.Loopbackconnectors are often used with RJ-45, serial, and parallel ports Theyare used with special software that sends and receives data signals to verify thatthe port being tested is correctly transmitting and receiving data

Components of Network Security

In this section, we will cover the main components of networksecurity Networksecurity is achieved through the use of both software applications and hardwaredevices It is possible that you will encounter one or more types of security mecha-nisms in medium- to large-scale networks As a network technician, you areexpected to have some basic knowledge of essential components of network secu-rity The components tested on the Network+ exam include firewalls, proxyservers, virtual LANs, intranets, and extranets

Firewalls

A firewall is a hardware device or a software application that sits between theinternal networkof the organization and the external networkin order to protectthe internal networkfrom communicating with outside networks A properlyconfigured firewall blocks all unauthorized access to the internal network It alsoprevents internal users from accessing potentially harmful external networks Thethree common firewall technologies are:

• Packet filtering firewalls

• Application layer firewalls

• Stateful inspection firewalls

These firewalls are discussed in the following sections

Packet filtering firewalls Packet filtering firewalls inspect the contents of each IPpacket entering the firewall device, and, based on predefined and configuredrules, allows or blocks packets inside the network These firewalls permit or block

access to specific ports or IP addresses, and they workon two basic policies: Allow

by Default and Deny by Default In the Allow by Default policy, all traffic is allowed to enter the networkexcept the specifically denied traffic In the Deny by Default policy, all traffic entering the firewall is blocked except the one specifi- cally allowed Deny by Default is considered to be the best firewall policy, as only

authorized traffic is allowed to enter the networkusing specified port numbers or

IP addresses

Packet filtering firewalls use one of the following criteria for allowing or denyingnetwork traffic:

IP addresses

Firewalls can be configured to use the source IP addresses or the destination

IP address in order to allow or blockcertain traffic For example, you canpermit external networktraffic coming only from a specific IP address Alter-natively, you can allow only certain internal clients to access the Internetbased on their IP addresses

Port number

The services and protocols in the TCP/IP protocol suite are associated withport numbers Firewalls and proxy servers can also be configured to allow orblock network traffic on the basis of port numbers

Besides this, packet filtering firewalls can be configured to allow or block trafficbased on protocol ID and/or MAC address Remember that packet filtering fire-walls workat the Networklayer (Layer 3) of the OSI model One of the benefits ofthese firewalls is its easy configuration, because a packet is either allowed orblocked This technique also does not cause any delays in transmissions Thereare certain limitations also The firewall can inspect the header of the packet butdoes not read the contents of the packet Another drawback is that if a certainapplication opens a port dynamically and does not close it, the open port remains

as a security risk to the network

Application layer firewalls Application layer firewalls workat the Application layer

(Layer 7) of the OSI model They are also known as Application firewalls or cation layer gateways This technology is more advanced than packet filtering, as

Appli-it examines the entire packet to allow or deny traffic Proxy servers use this nology to provide Application-layer filtering to clients Application-layer packetinspection allows firewalls to examine the entire IP packet and, based on config-ured rules, allow only intended traffic through them

tech-One of the major drawbacks of application layer firewalls is that they are muchslower than packet filtering firewalls Every IP packet is broken at the firewall,inspected against a complex set of rules, and re-assembled before it is allowed topass For example, if the firewall finds signatures of a virus in a packet, it canblockit Although this technique allows for more rigorous inspection of networktraffic, it comes at the cost of more administration and speed

Stateful inspection firewalls Stateful inspection firewalls workby actively monitoringand inspecting the state of the networktraffic, and by keeping trackof all thetraffic that passes through the networkmedia This technology overcomes thedrawbacks of both packet filtering and application layer firewalls It isprogrammed to distinguish between legitimate packets for different types ofconnections, and only those packets are allowed that match a known connectionstate This technology does not breakor reconstruct IP packets and hence is fasterthan Application layer technology.

Using this technology, a firewall can monitor the networktraffic and dynamicallyopen or close ports on the device on a need basis, as the communication states ofcommon applications are known to the firewall For example, if legitimate HTTPtraffic enters the firewall, it can dynamically open port 80 and then close it whenthe traffic has been allowed This is in contrast to packet filtering where theadministrator would have to permanently keep port 80 open on the firewall

For the Network+ exam, you will need to know how firewallswork, and what type of firewall is suitable for a given situation Ifspeed is a concern, and you need to permanently allow or denyaccess to certain IP addresses or ports, packet filtering is bestsuited If inspection of packets is required at the Application level,you will need an application layer firewall Similarly, if the ques-tion asks you about monitoring of network traffic or communica-tion states, select stateful inspection firewall

Proxy servers

Proxy servers are special networkservers that allow networkusers to connect tothe Internet in a secure manner Unlike Network Address Translation (NAT) andInternet Connection Sharing (ICS), which provide Internet connectivity withlimited features, proxy servers offer a wide range of features for better administra-tion of client activities and secure computing Some of the key features of a proxyserver are as follows:

• It allows better utilization of available Internet connection bandwidth

• It stores web pages locally to improve performance by reducing responsetimes

• It helps reduce the costs involved in implementing an Internet connectivitysolution

• It helps track user activities while surfing web sites

• It keeps the internal network secure from the Internet by hiding the internal

IP addressing scheme

• It helps in implementing security for Internet connectivity

A proxy server offers significant improvement in performance for Internet access

due to its caching capabilities Caching refers to the function of a server to locally

store web pages as networkusers access them The next time a user needs toaccess the same page, it is quickly displayed on the user’s computer instead ofhaving to download it again from the Internet This feature not only reduces wait

times but also helps conserve available Internet connection bandwidth In smallernetworks, proxy server applications can also be configured as firewalls to providesecurity to the internal network

Virtual Local Area Network (VLAN)

VLAN is not a physical segment of a network, but a virtual or logical grouping ofnetworkdevices that share common security requirements Computers connected

to a single VLAN behave as if they are in a single networksegment, but physicallythey may be connected to separate segments Administrators create VLANs usingsoftware applications The advantage of VLANs is that even if the computers aremoved from one physical networksegment to another; they remain on the sameVLAN A VLAN is thus a mechanism to create logical segments inside a physicalnetwork comprised of multiple physical segments

In large Ethernet networks, collisions are a main problem Collisions occur when a

large number of devices attempt to start transmitting signals on the same networkmedia Networkbandwidth gets congested with a large number of collisions.VLANs help reduce these collisions by creating separate broadcast domains It isalso a method to provide security at the Data Linklayer (Layer 2) of the OSImodel

Networkswitches that support VLAN protocols (known as VLAN-aware devices)

are mainly used to create VLANs Cisco switches, for example, use the IEEE 802.1Q standard and Inter-Switch Link(ISL) protocol for creating VLANs They also

use VLAN Trunking Protocol (VTP), which is proprietary to Cisco, to create VLAN Trunks A Trunk is defined as the point-to-point linkbetween one switch

to another VLAN Trunks allow the creation of VLAN domains that help in

administration of VLANs The following are some of the other characteristics ofVLANs:

• VLANs are created on the basis of groups and memberships VLAN ships can be port-based, protocol-based, or MAC address-based

member-• Each VLAN functions like a separate physical network segment so far as work traffic is concerned

net-• A VLAN can span multiple physical network segments or multiple switches

• A Trunk carries network traffic between each switch that is a part of a VLAN.Intranet Intranet refers to a private internal network An intranet typically refers to

an internetworkthat extends the local boundaries of the networkand extendsconnectivity to company employees at remote locations through a public networksuch as the Internet Intranet is usually a private part of the web site of an organi-zation that is accessible only by authorized employees of the organization.Intranets use strong authentication methods to provide secure access When theintranet traffic passes through the Internet, a “tunnel” is created in the Internetusing tunneling protocols such as PPTP or L2TP The L2TP protocol is used withIPSec to provide an additional layer of security for the transmission of data.Remote Access Service (RAS) and Virtual Private Network(VPN) are examples ofIntranets

The following are some of the important security considerations when menting intranets:

imple-• Make sure the firewalls are configured properly with rules to allow onlyintended traffic and block all unwanted or malicious traffic

• Make sure that only authorized administrators have physical access to ure and maintain firewalls and servers for the intranet

config-• Make sure to regularly monitor security logs on firewalls and servers It is agood habit to conduct frequent security audits of intranet equipment

• Implement L2TP and IPSec protocols for additional security when the net uses VPN using the Internet

intra-• Make sure to keep all servers updated with the latest service packs, securitypatches, and antivirus software Virus scanners should be used regularly

• Educate users on secure computing habits; this is one of the best defensesagainst outside attacks Users must lock their workstations when not in use.Extranet Extranets allow external clients to access internal networkresources of anorganization through the use of VPNs or RAS Extranets may also be imple-mented to allow two or more partner organizations to connect their networks.Users who require access to internal resources of an organization are required touse strong authentication mechanisms to ensure security of the network Thesame is true when employees of partner organizations attempt to access resourcesoutside their internal network Extranets should be implemented with the samelevel of security as that used for implementing intranets It is always good to useauthentication, access control and authorization methods, and encryption fortransferring data between employees of different companies Aside from this, only

a handful of employees should be granted access to only the data they requirefrom networks of other organizations

Make sure that you understand the difference between Internet, intranet, and extranet All of these methods can be used to provide

secure remote access Intranets and extranets are typically mented as VPNs

imple-Implementing Network Security

Regardless of the networkoperating system used on the network, there are someessential components of networksecurity that the administrators must under-stand in order to effectively implement security in a network Networkadministrators are expected to have a basic understanding of the differentmethods available, how they work, and where they can be implemented

Port blocking/filtering

Port blocking, or port filtering, is the process of blocking unwanted traffic to enter

a secure network Port filtering is configured on firewalls and proxy servers toblockspecific port numbers For example, if you do not want any FTP traffic toenter the internal network, you may block port number 21 at the firewall

Blocking a specific port at the firewall thus stops all external traffic destined forthe specific port at the firewall itself

TCP/IP port numbers fall in the following three categories:

• Well-known port numbers range from 0 to 1,023

• User ports (registered ports) range from 1,024 to 46,151

• Dynamic private ports range from 46,152 to 65,535

For the Network+ exam, you will need to know the port numbers used by variousnetworkprotocols and services Refer to Table 8-15 to review a list of protocols,services, and their associated port numbers

Authentication

In the context of computer security, authentication is the method of verifying theidentity of a person or an application that wants access to a system, object, orresource For example, if a user wants to access a networkdomain, then theauthentication or the digital identity of the user is usually verified by the user-name and password supplied by the user These are also known as user

credentials If the username and password match the ones stored in the security

database of the computer, the user is allowed access

Authentication can be a one-way or a two-way process In one-way

authentica-tion, only one of the entities verifies the identity of the other, while in a two-wayauthentication, both entities verify the identity of each other before a securecommunication channel is established

User credentials supplied by the user during the authentication process can betransmitted either in clear text or in encrypted form Some applications, such asFile Transfer Protocol (FTP) and Telnet, transmit usernames and passwords inclear text User credentials transmitted in clear text are considered security risks,

as anyone monitoring the networktransmissions can easily capture these tials and misuse them

creden-Mutual Authentication Mutual Authentication, or Two-way Authentication, is a

process during which both parties authenticate each other before the tion linkcan be established In case the communication is to be set up between aclient and a server, both the client and server would authenticate one anotherusing a mutually acceptable authentication protocol This ensures that both theclient and the server can verify each other’s identity In a typical setup, the process

communica-is carried out in the background without any user intervention

Username/Password The combination of username and password is one of the mostcommon methods of authenticating users in a computer network Almost allnetworkoperating systems implement some kind of authentication mechanismwherein users can simply use a locally created username and password to getaccess to the networkand shared resources within the network These includeMicrosoft’s Windows, Unix, Netware OS, MAC OS X, and Linux

Many organizations document and implement password policies that control howusers can create and manage their passwords in order to secure network

resources If any user does not follow these policies, her user account may belocked until the administrator manually unlocks it The following is an example of

a strong password policy:

• Passwords must be at least seven characters long

• Passwords must contain a combination of upper- and lowercase characters,numbers, and special characters

• Passwords must not contain the full or part of the first or last name of theuser

• Passwords must not contain anything with personal identity, such as days, Social Security numbers, names of hometowns, or names of pets

birth-• Users must change their passwords every six weeks

• Users must not reuse old passwords

With a properly enforced password policy, an organization can attain improvedsecurity for its network resources

Biometrics

Biometrics refers to the authentication technology used to verify the identity of auser by measuring and analyzing the physical and behavioral characteristics of aperson This is done with the help of advanced biometric devices, which can read

or measure and analyze fingerprints, scan the eye retina and facial patterns, and/

or measure body temperature Handwriting and voice patterns are also commonlyused as biometrics Biometric authentication provides the highest level of authen-ticity about a person, which is much more reliable than a simple username andpassword combination It is nearly impossible to impersonate a person whenbiometric authentication is used for authentication

Multifactor In computer authentication using secure methods, a factor is a piece of

information that is present to prove the identity of a user In a multifactor tication mechanism, any of the following types of factors may be utilized:

authen-• A something you know factor, such as your password or PIN.

• A something you have factor, such as your hardware token or a smart card.

• A something you are factor, such as your fingerprints, your eye retina, or

other biometrics that can be used for identity

• A something you do factor, such as your handwriting or your voice patterns.

Multifactor authentication is considered to be acceptably secure because itemploys multiple factors to verify the identity of the user or service requestingauthentication For example, when withdrawing money from a bank’s ATM, you

need a debit card, which is a something you have factor You will also need to know the correct PIN to complete the transaction, which is a something you know

factor

Encryption

The terms cryptography and encryption are used interchangeably Encryption is

the process of applying a procedure known as an algorithm to plain text toproduce an unreadable text This unreadable text can only be read if someone hasthe key to decrypt the message and convert it back to plain text For all others, theencrypted text remains useless The following are some of the concepts behindusing encryption in network transmissions

Confidentiality

Confidentiality means that only the intended recipient can decrypt themessage and read its contents The main idea behind encryption is to ensureconfidentiality of messages that travel from one computer to another

Integrity

Integrity of a message ensures that the message has not been intercepted,modified, or altered while it traveled from one point to another In cryptog-raphy, most asymmetric encryption algorithms have built-in mechanisms toensure message integrity

Digital signatures

Digital signatures are used to provide data integrity and non-repudiation ofdata These ensure that the data sent was not intercepted or modified on itsway from the source to the destination

Authentication

Authentication refers to identity verification Symmetric encryption rithms do not provide authentication mechanisms Asymmetric algorithmshave built-in mechanisms to provide authenticity of the messages or data

algo-Non-repudiation

Non-repudiation ensures that the sender of the message cannot deny that hehas sent the digitally signed message Once again, digital signatures are used

to ensure non-repudiation, besides providing the integrity of the message

Types of malicious codes

Malicious code, or Malware, is a software application that is designed to infiltrate

a user’s computer without his knowledge or permission Malware includesviruses, Trojan horses, worms, and applications such as adware, spyware, botnets,

or loggers The following are the main categories of malware:

Viruses and worms

These applications are written to infect a system without any obviouscommercial gains

Trojan horses, rootkits, and back doors

These applications are written to infect the target system and conceal theidentity of the attacker These applications often appear interesting andworthwhile to the user, and he is likely to install it

Spyware, botnets, and adware

These applications are written specifically to gather information about theactive user on the system in order to gain some kind of commercial profit.These applications often appear as pop-up windows on the user’s computer

Viruses

A computer virus is a self-replicating application that inserts itself into otherexecutables on the computer and spreads itself using the executable A computervirus is essentially a malware that is created for the sole purpose of destroying a

user’s data The executable file in which the virus inserts itself is called the virus host A virus needs an executable file to spread itself In order to let the virus work

or infect a computer, it must first load into the memory of a system, and thesystem then must follow the instruction code written in the virus program

A computer virus can travel from one computer to another infecting everycomputer on its way, just like a real-life infection A virus can infect data stored

on floppy disks, hard disks, and even on network storage devices Remember thatthe infected program must be executed before the virus can spread to other parts

of the system or data

The following are different types of viruses:

Boot sector virus

A boot sector, or bootstrap virus, is that which infects the first sector on the

hard disk The first sector of the hard disk is used for booting or starting upthe computer If this sector is infected with a virus, the virus becomes active

as soon as the computer is started

Parasitic virus

A parasitic virus infects an executable file or an application on a computer.The infected file actually remains intact, but when the file is run, the virusruns first

Worms

A worm is a computer virus that does not infect any particular executable orapplication but resides in the computer’s active memory This virus usually keepsscanning the networkfor vulnerabilities and then replicates itself onto othercomputers using those security holes The effects of worms are not easily notice-able until entire system or networkresources appear to have been consumed bythe virus

The most common type of worm is the email virus, which uses email addressesfrom the user’s address book to spread itself

Trojan horses

A Trojan horse, or simply a Trojan, is a malicious program that is embedded

inside a legitimate application The application appears to be very useful, esting, and harmless to the user until it is executed Trojans are different fromother computer viruses in that they must be executed by the victim user who fallsfor the interesting “software.”

Most of the modern Trojans contain code that is basically used to gather tion about the user These Trojans fall into the category of spyware and appear as

informa-a pop-up window on informa-a user’s computer screen The sole purpose of these Trojinforma-ans

is to somehow trickthe user into executing the application so that the code canexecute Some Trojans are written to allow the user’s computer to be controlledremotely by the attacker or to collect personal information stored on yourcomputer

The main difference between a virus and a Trojan is that viruses are

self-replicating programs, while Trojans need some action on the

part of the user If the user does not fall into the trap of the Trojan,

it does not execute

To protect computers from Trojan horses, the following precautions can be taken:

• Keep your operating system updated with the latest service packs, securitypatches, and hotfixes offered by the manufacturer

• Install antivirus software on your system and keep it updated

• Use email settings so that attachments contained in incoming mail do notopen automatically Some Trojans come embedded within email attach-ments

• Do not use peer-to-peer sharing networks, such as Kazaa or Limewire Thesenetworks are generally unprotected from Trojans and other viruses

Some of the well-known Trojans include BackOrifice (and BackOrifice 2000),Beast Trojan, NetBus, SubSeven, and Downloader EV

Logic bombs

A logic bomb is a specially written malicious code that resides in a particularsystem and waits for some condition to be met or for an event before it triggersitself For example, a virus may wait for a specific date or time to trigger itself Aprogrammer may have a special code written to delete all data and other files fromhis system as soon as he leaves the company The action may trigger as soon asthe administrator deletes or disables the programmer’s account from the network.Another programmer may write a code that waits for a specific date such as April1st (the April Fools’ day) to trigger it

Fault Tolerance and Disaster Recovery

Fault tolerance refers to the ability of a system to continue functioning in theevent of the failure of a component Every component of the networkneeds someform of fault tolerance so that the networkdowntime can be reduced due to fail-ures of server components such as disks and power supplies, network links, anddata loss due to user error or disasters In this section, we will discuss some basicmethods used to provide fault tolerance

Disk fault tolerance

Hard disks are the main storage devices used in servers and desktops Preventing

hardware usually comes equipped with redundant diskarrays to prevent data lossdue to diskfailures Diskfault tolerance is achieved by using Redundant Array ofInexpensive Disks (RAID) Different RAID configurations provide varying levels

of data protection and performance A RAID solution can be implemented eitherthrough the networkoperating system or thorough dedicated server hardware.Software-based RAID solutions are inexpensive but are not as efficient as hard-ware-based RAID solutions Depending on the requirements of an organizationand the allowed budget, the following types of RAID solutions can beimplemented

RAID-1 RAID-1 is one of the most commonly used diskfault tolerance solutions

It is also known as disk mirroring RAID-1 requires exactly two hard disks, equal

in size and preferably of the same make and model RAID-1 provides fault ance by writing duplicate data to both disks simultaneously In case one of thedisks fails, data is available from the second disk and the server can continue func-tioning To provide a complete fault tolerant RAID-1 solution, both hard disks areconnected to separate controllers This ensures that the server will continueworking even if the disk controller fails This type of RAID-1 solution is known as

toler-disk duplexing.

The following are some key features of RAID-1:

• It is an inexpensive, entry-level diskfault tolerance solution because it needsonly two disks

• It offers good read performance There is no advantage for write mance because the data has to be written to two disks simultaneously

perfor-• Disk utilization is 50 percent because only one of the disks is used at a time

• No special software is required to implement a RAID-1 solution Most work operating systems have built-in support for implementing RAID-1

net-• Diskcontrollers can also be made fault tolerant by attaching each diskto aseparate controller

Figure 8-22 shows a RAID-1 disk configuration

Figure 8-22 RAID-1 disk configuration

Block 3 Block 1

Disk 2 Block 4 Block 2

=

RAID-5 RAID-5 is also known as Disk Striping with Parity RAID-5 volumes

consist of a minimum of three hard disks In this configuration, the data is written

to the disks, along with parity information, which is distributed among all pating disks Whenever there is a disk failure, the data stored on the failed disk isrebuilt using the parity information An equivalent of one diskis used for writingparity information This means that if you have five 80 GB hard disks (total of 400GB) in a RAID-5 implementation, you will only be able to use diskspace equal tofour hard disks (320 GB)

partici-Most server hardware comes equipped with a built-in RAID-5 solution It is alsopossible to build a RAID-5 solution using the networkoperating system Hard-ware-based RAID-5 solutions provide better reliability and performance levelsthan those implemented using the operating system For example, in a server withhotswap capability, a spare disk will automatically take over a failed disk, and theprocess will be transparent to the users

The following are some key features of RAID-5:

• An equivalent of one full disk space is used up for writing parity information

• RAID-5 offers good disk read performance but poor write performance

• Hardware-based RAID-5 solutions are expensive The cost of the serverdepends on the number of disks installed and whether or not hot-swapping isincluded in the solution

• An inexpensive RAID-5 solution can be implemented using the networkoperating system

Figure 8-23 shows a RAID-5 disk configuration

Server fault tolerance

Now we know that data stored on hard disks can be protected from loss by usingfault-tolerant diskarrays A hard diskis only one of the components of a networkserver The server can also breakdown due to some other reason, such as failure

of the processor, memory, networkadapter, or some other critical component It

is important to implement some sort of server fault tolerance also This ensuresthat if one of the critical servers fails, another is ready to take over to continueproviding access to applications, data, and networkservices Both stand-by

Figure 8-23 RAID-5 disk configuration

Parity Block 2a

Disk 3 Block 3c

Parity

Block 4b Parity

Disk 4 Block 4c

Block 4a Block 1c

Block 1a

Disk 2 Parity

Block 1b

Stand-by servers The stand-by server configuration consists of a minimum of two

identical servers: a primary server and a secondary server The secondary server is configured identically to the primary server—this is known as fail-over configura- tion The secondary server monitors the heartbeats of the primary server in order

to detect failures As soon as it detects that the primary server has failed, it takesover the responsibilities of the primary server

The advantage of configuring stand-by servers is that an additional server isalways available to continue essential networkservices The disadvantage of thisapproach is that the secondary server remains unutilized until the primary serverhas failed In other words, the server hardware utilization is only 50 percent,which may not be affordable for some organizations

Server clustering Server clustering provides fault tolerance as well as high ability for organizations that can afford to install multiple servers for criticalnetworkservices Servers are grouped to form a cluster Applications are installed

avail-on the servers and, in case of failure of a single server in the cluster, other serverstake over the functions of the failed server This process remains transparent tonetworkusers The only disadvantage of server clustering is the cost of implemen-tation, which may not be within the budget of some organizations

Power supply When planning for a fault-tolerant system, it is important to considerthe role of redundant power supplies Redundant power supplies provide an alter-nate source of power to servers and other networkdevices Some types of serverhardware have built-in redundant power supplies External redundancy can beimplemented by using uninterruptible power supply (UPS) systems

The following are some key benefits of using UPS systems:

• They protect against loss of data due to sudden power failure

• They provide time to save necessary files and shut down the server properly

in case of a power failure

• They protect expensive hardware from power threats such as spikes, surges,and sags

Power problems vary in intensity and in consistency The damage from a badpower source can cause significant losses to an organization due to hardware AUPS system provides protection from the following types of power problems:

Link redundancy Linkredundancy refers to providing secondary connectivity tions to server hardware This ensures that if the primary networkconnection islost for some reason, a secondary connection is always available to take over to

solu-prevent interruptions in networkservices This is accomplished by adapter teaming, which is a process that not only provides fault tolerance but also offers

improved performance and effective utilization of available network bandwidth

The following are some of the key benefits of using adapter teaming to providelink redundancy:

Adapter fault tolerance

This solution requires two networkadapters One of the adapters is ured as primary and the other as secondary In case the primary adapter fails,the secondary adapter takes over

config-Adapter load balancing

This solution not only provides fault tolerance but also improved mance So long as both adapters are working, they share the processing loadamong themselves When one of the adapters fails, the second takes over

perfor-Link aggregation

This refers to effective utilization of available networkbandwidth Forexample, two 100 Mbps networkadapters can provide a total of 200 Mbpsbandwidth

Disaster recovery

Disasters can come at any time and in any form It may be in a fire, flood, terroristattack, or some other unknown form A disaster recovery plan should take intoaccount all possible kinds of internal and external threats It is important to makenecessary plans to protect the critical data from any such events in order to let theorganization recover in a minimum amount of time and resume its business assoon as possible Data-backup methods, secure recovery of data, and a welldesigned and documented disaster recovery and business continuity plan should

be in place Do not wait for a real disaster to occur

Data backup

Data backup is one of the fundamental elements of a disaster recovery plan.Backed-up data is copied to another media such as magnetic tapes or compactdisks (CDs or DVDs), which are safely and securely stored at an offsite location.The administrators must decide what data to backup and at what frequency,depending on the volume of the backup data and the requirements of an organiza-tion Commonly used backup methods include the following:

Full backup

This method backs up all the data in a single backup job The backed-up dataincludes systems files, applications, and all user data on a computer Full

backup changes the archive bit on files to indicate that it has been backed up.

It takes longer to complete the backup process, but the data can be restoredfaster as only a single backup set is required

Incremental backup

This method backs up all the data that has changed after the last full or mental backup was taken It uses the archive bits and changes them after thebackup process is complete It takes the least amount of time to complete thebackup process but is the slowest method when data needs to be restored.The last full backup tape and all incremental tapes after the full backup arerequired to completely restore data

incre-Differential backup

This method backs up all the data that has changed after the last full backup

It does not change the archive bits, and thus does not disturb any scheduledincremental backups Since it does not use the archive bits, if differentialbackup is taken more than once after a full backup, the differential backuptapes will contain duplicate data When restoring data, only the last fullbackup tape and the differential backup tape is required It is faster to restorethan the incremental backup

Make sure that you understand different backup types, the tion of the archive bit, and the pros and cons of each backup type.The difference between copy backup and full backup is commonlyasked in the Network+ exam because both make a full backup ofthe system Remember that a copy backup does not use or changethe archive bit, while the full backup does both Similarly, the dif-ference between incremental and differential backup types isanother common exam question

func-Tape rotation Magnetic tapes are the most popular media used for backups Inorder to reduce the cost involved in purchasing new tapes for every backup, mostorganizations reuse the tapes after a certain amount of time and according to apre-set tape rotation plan A commonly used tape rotation plan is known as

Grandfather-Father-Son (GFS) Backup tapes are categorized into daily, weekly,

and monthly sets With this rotation scheme, a full backup is taken every weekand differential or incremental backups are taken every day The daily and weeklytapes are stored offsite at the end of the week, and new tapes are used the nextweek Additionally, another full backup is taken at the end of the month

When the month changes, the tapes used for the first weekin the previous monthare reused, followed by the tapes used in the second weekand so on In the GFS

rotation scheme, the daily tape set is known as son, the weekly tape set is known

as father, and the monthly full backup tape set is known as grandfather It is

important to note that the grandfather tape set is not reused as it contains all fileschanged during a particular month

Offsite storage It is important that the tapes be stored at a safe and secure offsite tion Offsite storage helps protect critical data stored on tapes in the event of adisaster If backup tapes are not stored offsite, they are vulnerable to destructionalong with other equipment when a disaster strikes Organizations may store tapes

loca-at another locloca-ation or can engage a third-party professional organizloca-ation for thepurpose It is important that administrators make an assessment that the safety andsecurity requirements are fulfilled if offsite storage is managed by a third party

Secure recovery.The secure recovery of data is a part of the backup process Datamay need to be recovered from backup tapes even when a small incident such asaccidental deletion of files happens or when a virus application corrupts files Thedamage may occur on a single system or on multiple systems across the network.Also, administrators should not forget that the organization might be subject tooutside malicious activity by professional hackers The worst-case scenario is adisaster that requires administrators to carefully make a disaster recovery plan anddefine procedures for secure and quick restoration of data

The safety of backup tapes is of prime concern This includes protecting the tapesfrom physical damage and theft of the stored data Aside from this, proceduresand guidelines must be in place to describe how the data can be restored withminimal delays Large organizations usually have dedicated backup operators whoare proficient in backup and restoration functions Offsite storage is an excellentway to secure tapes Large organizations can also have alternate sites, which can

be used to resume business in case of a disaster

Hot and cold spares Most organizations keep spare parts for critical servers in order

to prevent delays in restoring a failed system Hot and cold spares are part ofdisaster recovery plans of the organization In case a server component such as thehard diskor a power supply fails, networktechnicians or administrators canquickly replace the failed part to restore the functioning of the server

Hot spares

Refer to spare components that are installed inside critical servers and readilytake over a failed component These spares do not need any action from theadministrator The hot spare automatically takes charge of the failed compo-nent almost immediately, and the functioning of the server is not affected at all

Cold spares

Refer to spare components that are installed inside a critical server but must

be configured manually by an administrator

Hot swapping

Refers to the ability of a server to allow replacement of a failed component(usually a hard diskin the diskarray) while the server is powered on Themost common use of hot swapping is in hard diskarrays used in fault-tolerant RAID systems Unlike hot spares, hot swapping requires manualreplacement by an administrator

Cold swapping

Refers to servers that do not support the replacement of failed componentswhile they are powered on A technician or an administrator must fully powerdown the server and manually replace the failed component Cold-swappedcomponents are usually not installed in the system and are stored outside of it

Most of the server hardware that provides critical networkservices or is critical tothe functioning of the business is equipped with hot spares In organizationswhere server downtimes are not acceptable, hot spares are a necessity.

Hot, warm, and cold sites Alternate sites are critical to all organizations that do not

want any delay in restoration of data after a disaster strikes An alternate site is a

temporary facility away from the original location of the organization that enablesadministrators to restore a working network in a minimum amount of time sothat the organization can resume its business Alternate sites can be classified intothe following types:

Hot site

A hot site is equipped with the necessary hardware, software, networkdevices, and telephone lines It allows organizations to resume business activ-ities almost immediately The equipment is fully configured, data is replicated

to servers at the site in real time, and, in case of a disaster, the organizationcan resume business with minimal delays

Warm site

A warm site normally is equipped with the necessary hardware, software,networkdevices, and telephone lines Unlike a hot site, this site is not fullyconfigured and does not store a working copy of data Hardware and soft-ware must be configured and data must be restored from backup tape sets Ittakes administrators a little while before this site can be made functional

Cold site

A cold site requires the maximum amount of time to be set up and madefunctional It contains only partial hardware, software, and networkdevicesthat are not configured This site needs to be built from scratch to make itfully functional

Network Support

The term network support refers to providing networkservices to end users It

involves tasks such as installation, maintenance, and troubleshooting Networkand system administrators, helpdeskstaff and networktechnicians worktogether

to provide maximum availability and seamless operations of networkservices.The objective is to minimize interruptions in regular workdue to networkdown-times This section covers a study of troubleshooting utilities and techniques forsupporting computer networks

Troubleshooting Utilities

Networktroubleshooting is an essential part of the responsibilities of a networktechnician A network technician is expected to have knowledge and skills to useappropriate troubleshooting utilities to diagnose problems and find solutions.This section provides an overview of commonly used troubleshooting utilitiesavailable for troubleshooting network connectivity problems

tracert/traceroute

The tracert or traceroute utility is used to trace the route to from one host to

another in a TCP/IP network All major operating systems include this utility inone form or another The name of the utility might differ, but the purpose is thesame: to find out the path between two TCP/IP hosts The output format of this

utility differs from one operating system to another It uses the Internet Control Message Protocol (ICMP) echo packets to trace the route to a specific destination

host and reports back the results at every hop on the path

The syntax of the traceroute command in different operating systems is as follows:

• Windows operating systems:tracert <Hostname> or tracert <IPAddress>

• Unix/Linux and MAC OS:traceroute <Hostname> or traceroute <IPAddress>

• NetWare:iptrace

The traceroute utility offers very useful information when diagnosing connectivity

problems It provides the IP address of every router (hop) that it passes throughand reports the time it takes from one hop to another This is helpful in diag-nosing the exact location of the network bottleneck or congestion

The following example shows the output of the tracert utility when used to trace the route to the web site www.oreilly.com:

C:\ >tracert www.oreilly.com

Tracing route to www.oreilly.com [208.201.239.37]

over a maximum of 30 hops:

It is easy to interpret the results of the tracert utility The first column shows the

hop number, which is the networkdevice that responds to the ICMP echorequest The next three columns show the roundtrip time in milliseconds that thepacket takes The next column shows the hostname and the IP address of theresponding device

In some situations, the networkis congested This is shown asRequest Timed Out

in the output This may be due to a misconfigured router at the seventh hop Butthe trace continues to the next hop until it reaches the destination Once the

problem device is identified, you may use some other utility, such as ping, to

pinpoint the source of the issue

The following is an example of an unsuccessful attempt to trace route to the web

site comptia.org Notice that after tracing the route up to 13 hops, the ICMP echo request is being timed out In other words, the tracert utility has failed to get a

response from the next hop device

C:\ >tracert comptia.org

Tracing route to comptia.org [208.252.144.4]

over a maximum of 30 hops:

14 * * * Request timed out.

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

tivity, the ping command can also be used to test whether the name resolution is

working

Pinging www.l.google.com [72.14.207.99] with 32 bytes of data:

Reply from 72.14.207.99: bytes=32 time=20ms TTL=246

Reply from 72.14.207.99: bytes=32 time=24ms TTL=246

Reply from 72.14.207.99: bytes=32 time=19ms TTL=246

Reply from 72.14.207.99: bytes=32 time=22ms TTL=246

Ping statistics for 72.14.207.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 24ms, Average = 21ms

ping command parameters The ping command supports a number of parameters for

increased functionality Some of the common parameters and their functions arelisted in Table 8-20

Understanding ping output messages When you use the ping utility to diagnose

networkproblems, you must be able to interpret the output correctly in order tofind out the exact cause of the problem The following are some of the commonoutput messages that you must be able to understand:

Request Timed Out

A Request Timed Out message indicates that the echo request message did not

get any response from the destination host The destination device might not

be connected to the network, be powered down, or configured correctly Itmay also mean that the destination host does not exist, and you might be

using an incorrect address with the ping command Some intermediate device

on the path may also not be functioning The code that follows is an example

of this message

Pinging 192.168.0.2 with 32 bytes of data:

Request timed out.

Table 8-20 ping command parameters

ping –a Resolves and displays the given IP address to the hostname.

ping –n Count Specifies the number of echo requests to be sent By default, four messages are

sent in Windows OS.

ping –r Count Specifies that the count hops be recorded The Count must be a number

between 1 and 9.

ping –s Count Specifies that the timestamp be used to record echo request messages The

Count must be a number between 1 and 4.

ping –i TTL Specifies the Time-To-Live (TTL) value for echo request messages For Windows

operating systems, the value of TTL must be less than 255.

ping –t This parameter forces the ping command to continue sending echo messages

until manually stopped.

ping –w Timeout Specifies the timeout value in milliseconds for each echo reply.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 192.168.0.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Destination Host Unreachable

The Destination Host Unreachable error message appears in the ping output when the host you are trying to ping is not found Checkthat the local host is

correctly configured with the IP address of the default gateway The following

is an example of this error message Note that the ping statistics are similar to

the Request Timed Out message.

Pinging 192.168.0.2 with 32 bytes of data:

Destination host unreachable.

Destination host unreachable.

Destination host unreachable.

Destination host unreachable.

Ping statistics for 192.168.0.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Unknown Host

The Unknown Host error message means that the specified hostname could

not be resolved This problem is associated with the DNS Checkthat theDNS server address is correctly configured on the local host and the DNSserver is online and connected to the network This may also mean that the

HOSTS file is not correctly configured on the local host In this situation, you might need to use another utility, such as nslookup or dig, to find out the

exact problem The following is an example of this message:

on the network On Windows operating systems, you can use the ping –i

command to increase the TTL value to a maximum of 255 The following is

an example of this message:

Reply from 192.168.0.2: TTL Expired in transit.

Troubleshooting with ping ping is one of the most frequently used troubleshooting

utilities, which is available in all implementations of the TCP/IP networks When

diagnosing a connectivity problem with ping, the following steps should be taken:

1 ping the local loopbackaddress 127.0.0.1 A successful ping to this address

verifies that the TCP/IP is correctly installed and working on the local host Ifthe request times out, you might need to reinstall the TCP/IP on the localhost

2 ping the IP address configured on the networkinterface of the local host If

this is successful, the TCP/IP is correctly installed and configured on thenetworkinterface If the request times out, the interface might not becorrectly bound to TCP/IP, or it may not be using a correct driver

3 ping the IP address of another host on the local networksegment If this is

successful, the local host can connect to other hosts on the local segment Ifthe request times out, you might need to checkthe networkconnections onthe local host, or on the hub or switch

4 ping the IP address of the default gateway configured on the local host If this

is successful, the local host can connect to remote hosts located in othernetworksegments If this command fails, verify that the default gateway iscorrectly configured and that it is operational on the network

5 Finally, when the ping to the default gateway is successful, you can try to ping

the IP address of a remote host

If these steps do not resolve the problem, you might have to use other TCP/IPdiagnostic utilities

arp

The arp is used to resolve an IP address to the MAC address The arp is a

command-line utility that can be used to diagnose address resolution problems.Hosts on TCP/IP networks use IP addresses to communicate to each other IPaddresses are further resolved to their MAC addresses in order to deliver IPpackets to the correct host These MAC addresses are temporarily stored on thelocal host in the ARP cache The ARP cache is a table that maps recently resolved

IP addresses and their corresponding MAC addresses It is periodically refreshedwith newer entries, and older entries are deleted Whenever a host needs to send apacket to another host, it first checks its local ARP cache before sending a broad-cast message on the local network

There are two types of entries in the ARP cache: dynamic and static The dynamic

entries are created automatically as the local host resolves IP addresses The static

entries are added manually using the arp –s command You can checkthe ARP cache of the local computer anytime by using the arp –a command the arp –g

command Here is an output of this command on a Windows XP computer: