A B C D E F G H I J K L M N O P Q R S T U V W X-Y-Z
2.4GHz band, 165
5GHz band, 165
6to4 tunneling, IPv6, 84
10BASE2, 214
10BASE5, 214
10BASE-T, 214
limitations of, 141
10GBASE-ER, 214
10GBASE-EW, 214
10GBASE-LR, 214
10GBASE-LW, 214
10GBASE-SR, 214
10GBASE-SW, 214
10GBASE-T, 214
100BASE-FX, 214
100BASE-TX, 214
100GBASE-ER4, 214
100GBASE-LR4, 214
100GBASE-SR10, 214
802.1Q, 159
802.1Q tag inside an Ethernet frame, 159
802.11, 215
characteristics of, 216
802.11a, 215
802.11ac, 216
802.11a-ht, 165
802.11b, 216
802.11g, 216
802.11g-ht, 165
802.11n, 216
1000BASE-LH, 214
1000BASE-LX, 214
1000BASE-T, 214
1000BASE-TX, 214
1000BASE-ZX, 214
AAA (authentication, authorization, and accounting), 13
AAA server, 268
acceptable use policies (AUP), 219
access control entries (ACEs), 196
access control lists (ACLs), 188, 196
access control models, 197-198
ACEs (access control entries), 196
ACLs (access control lists), 188, 196
misconfigured, 267
active mode, LACP, 146
AD (administrative distance), routing, 93
ad hoc WLAN topologies, 167
Address Resolution Protocol (ARP), 245
address types
IPv6, 78
global unicast addresses, 79
link-local unicast addresses, 79-80
addressing
IPv4 addressing, 64
private, 66
public, 66
IPv6 addressing. See IPv6 addressing
local addressing, 63
collision and broadcast domains, 63-64
MAC addresses, 63
administrative distance (AD), routing, 93
ADSL (asymmetric DSL), 27
Advanced Encryption Standard (AES), 190
advertisement request message, 161
AES (Advanced Encryption Standard), 190
AH (Authentication Header), 11
algorithms
Dijkstra Shortest Path First (SPF) algorithm, 95-96
amplified attacks, 178
amplitude, 163
analog modems, 1
ANDing process, 65
antennas, WLANs, 166
anti-malware software, 185
AP placement, wireless configuration issues, 258
wireless access points, 168
application-aware firewalls, 195
application layer
OSI model, 202
applications, misconfigured, 267
ARP (Address Resolution Protocol), 245
arp -a, 245
ARP inspection, 187
AS (autonomous system), 90
asset management, documentation, 122
asymmetric DSL (ADSL), 27
Asynchronous Transfer Mode (ATM), 59
enterprise WANs, 33
ATM (Asynchronous Transfer Mode), 59
enterprise WANs, 33
header fields, 33
attacks, 180. See also threats
brute force, 179
DoS (denial of service) attack, 177-178
man-in-the-middle, 179
packet abuse, 179
session hijacking, 179
smurf attacks, 178
social engineering, 180
spoofing, 179
VLAN hopping, 180
wireless attacks, 180
zero-day attacks, 180
AUP (acceptable use policies), 219
authentication
multifactor authentication, 189
PPP, 28
two-factor authentication, 189
authentication, authorization, and accounting (AAA), 13
Authentication Header (AH), 11
authentication issues, 268
authentication port-control auto command, 188
autonomous APs, wireless configuration issues, 258
autonomous system (AS), 90
backdoor access, 268
backup procedures, 123
backward explicit congestion notification (BECN), 33
bad connections, copper cable, 260
bad wiring, copper, 259
bandwidth, 125
metrics, 92
bandwidth saturation, wireless transmissions, 256
banner grabbing, 269
base10 numbering, 211
baseband, 210
baselines, documentation, 122
basic rate interface (BRI), 26
baud rate, 210
Bayonet Neill-Concelman (BNC) connectors, 41
BECN (backward explicit congestion notification), 33
behavior-based IDSs, 4
Bellman-Ford algorithm, 90
best-effort, QoS, 106
best practices, 223
cable management, 223
labeling, 224
power management, 224
rack systems, 224
wiring closets, 223
BGP (Border Gateway Protocol), 89
binary, 211
biometrics, 194
bit boundaries, 65
bit rate, 210
black hole VLAN, 157
blocking, STP, 153
Bluejacking, 180
Bluesnarfing, 180
Bluetooth, 57
BNC (Bayonet Neill-Concelman) connectors, 41
Border Gateway Protocol (BGP), 89
bottom-up approach, 236
bounce, wireless configuration issues, 257
BPDU (bridge protocol data unit), 152
BRI (basic rate interface), 26
bridge protocol data unit (BPDU), 152
bridges
wireless bridges, 170
bring-your-own-device (BYOD), 219
broadband, 210
broadband modems, 2
broadcast addresses, subnetting, 69-70
broadcast transmission, 67
brute force attacks, 179
buffer overflow, 178
business continuity, 183
BYOD (bring-your-own-device), 219
cable crimpers, 46
cable management, best practices, 223
cable placement
copper cable, 260
physical layer issues, 263
cable testers, 253
cables
copper, 37
plenum, 39
PVC cables, 39
fiber-optic cables, 43
cabling properties, Ethernet, 214
calculating network addresses, 65-66
CANs (campus area networks), 58
CAPWAP (Control and Provisioning of Wireless Access Points), 169
Carrier Sense Multiple Access with Collision Detection (CSMA/CD), 209
catalyst switch configuration commands, 144-145
CCMP, 190
CCTVs (closed-circuit TVs), 194
CDP (Cisco Discovery Protocol), 264
cells, ATM, 33
cellular technologies, 30
central office (CO), 26
certificates, receiving after exam, 277
certification options, 277-278
certified examination score report, 275
chain of custody, 198
Challenge Handshake Authentication Protocol (CHAP), 28, 189
channel service unit/data service unit (CSU/DSU), 272
wireless installation, 171-172
CHAP (Challenge Handshake Authentication Protocol), 28, 189
characteristics of 802.11, 216
CIDR (classless interdomain routing), route aggregation, 97
CIR (committed information rate), 32
circuit switching, 23
versus packet switching, 24
Cisco catalyst switch configuration commands, 144
Cisco Discovery Protocol (CDP), 264
Cisco Systems, 277
Cisco Unified Communications, 102
Cisco Unified Communications Manager (CUCM), 102
Cisco Unified Communications Manager Express (CME), 102
Cisco Unified Communications Manager IM and Presence, 102
Cisco Unity Connection, 102, 104
Cisco wireless control system heat map, 172
class of service (CoS), 106
classful routing protocols, 91
classification, DiffServ QoS, 106
classless interdomain routing (CIDR)
route aggregation, 97
classless routing protocols, 91
client mode, VTP (VLAN Trunking Protocol), 160
client-server network, 55
client-to-site VPNs, 10
clients, network devices, 1
closed-circuit TVs (CCTVs), 194
cloud/server-based anti-malware, 185
CME (Cisco Unified Communications Manager Express), 102
CNAME, 18
CO (central office), 26
coarse wavelength-division multiplexing (CSDM), 30
collisions, TCP/IP network access layer, 209
nbtstat, 250
show mac-address-table, 252
command switches
arp, 246
netstat, 247
pathping, 245
ping, 243
tracert, 242
commands
arp -a, 245
catalyst switch configuration commands, 144-145
nbtstat, 250
netstat -a, 132
show cdp neighbors detail, 264
show interface, 126
show interface gigabitethernet 0/0, 126
show mac-address-table, 252
traceroute, 271
committed information rate (CIR), 32
community cloud, 112
company security policies, WANs, 272
comparing
circuit switching and packet switching, 24
RADIUS and TACACS+, 13
static and default routing, 87-88
compliance, network segmentation, 138
components
of ISDN, 27
of MPLS (Multiprotocol Label Switching), 34
computer room security, 193
configuration, firewalls, 196-197
configurations
link aggregation, 146
EtherChannel, 147
Link Aggregation Control Protocol (LACP) modes, 146-147
port mirroring, 148
security configuration issues, 267-268
switch configurations, 143-145
wireless configuration issues, 257-258
configuring
EtherChannel, 147
EUI-64, 81
SLAAC (stateless address autoconfiguration), 82
congestion avoidance, QoS, 107
congestion management, DiffServ, 106
connection establishment, TCP, 230
connection termination, TCP, 230
connectionless protocol, 231
connectors
copper, 40
registered jack connectors, 40-41
RS-232, 41
fiber-optic, 44
content caching, proxy servers, 5
content filters, proxy servers, 5
content virtualization, medianets, 60
context-aware firewalls, 195
Control and Provisioning of Wireless Access Points (CAPWAP), 169
controllers, wireless LAN controllers, 169
conventions for writing
convergence
STP, 153
converters, media converters, 45
copper, 37
cables, 37
connectors, 40
registered jack connectors, 40-41
RS-232, 41
plenum, 39
PVC cables, 39
copper line drivers, 272
CoS (class of service), 106
cost, metrics, 92
CPE (customer premises equipment), 34, 271
WANs, 272
CPU usage, 125
crosstalk, copper cable, 260
cRTP (RTP header compression), 107
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 209
CSU/DSU (channel service unit/data service unit), 272
CUCM (Cisco Unified Communications Manager), 102-105
CUCUM, 103
customer premises equipment (CPE), 34, 271
WANs, 272
CWDM (coarse wavelength-division multiplexing), 30
-d switch, 242
DAS (directly attached storage), 112
MAC sublayer, 213
data flow through layers, 203-204
data integrity, 189
data-link connection identifiers (DLCI), 32
data link layer, OSI model, 202
data link layer issues, networks, 264
Data Over Cable Service Interface Specification (DOCSIS), 215
data rates, OCx (Optical Carrier), 30
data transport, 198
data VLAN, 157
DCSs (distributed control systems), 59
DDoS (distributed DoS), 178
DE (discard eligibility) bit, 33
decimal, 211
dedicated leased lines, 31
terminating, 32
default VLAN, 157
delay, 105
metrics, 92
demarc, 26
demarcation point, 272
demilitarized zone (DMZ), 196
denial of service (DoS), 268
dense wavelength-division multiplexing (DWDM), 30
density, APs (access points), 166
description, syslog, 131
design, network design. See network design
design considerations for networks, layers 1, 2, and 3, 118-119
destination NAT (DNAT), 19
device hardening, 185
configuring switch port security, 186-188
data integrity, 189
disabling unused network services, 186
hashing, 189
secure protocols, 186
wireless security, 190
device saturation, wireless transmission, 256
devices, WLANs, 167
wireless access points, 168
wireless bridges, 170
wireless LAN controllers, 169
DHCP (Dynamic Host Configuration Protocol), 15-17
misconfigured, 265
port numbers, 233
DHCP snooping, 187
dialup, home and small office networks, 25-26
differentiated service code point (DSCP), 106
differentiated services, QoS, 106-107
dig, 240
Digital Subscriber Line (DSL), 27-28
Dijkstra Shortest Path First (SPF) algorithm, 95-96
Direct Sequence Spread Spectrum (DSSS), 164
directly attached storage (DAS), 112
disabling unused network services, 186
disaster recovery, 183
discard eligibility (DE) bit, 33
discovering neighbors, 264
distance limitations, copper cable, 260
distance vector, routing protocols, 90
distributed control system (DCS), 59
distributed DoS (DDoS), 178
divide-and-conquer approach, 236
DLCI (data-link connection identifiers), 32
DMZ (demilitarized zone), 196
DMZ devices, 197
DNAT (destination NAT), 19
DNS (Domain Name System), 17-18
misconfigured, 265
port numbers, 232
record types, 18
DNS issues, WANs, 271
DOCSIS (Data Over Cable Service Interface Specification), 215
documentation
network design, 119
asset management, 122
baselines, 122
policies, 122
procedures, 123
standard business documents, 220
documenting troubleshooting actions, 237
domain configurations, troubleshooting, 267
Domain Name System (DNS), 17-18
misconfigured, 265
record types, 18
door access controls, 194
DORA (Discover, Offer, Request, and Acknowledge), 16
DoS (denial of service), 268
DoS (denial of service) attack, 177-178
downgrading, 139
driver updates, 139
drops, 105
DSCP (differentiated service code point), 106
DSL (Digital Subscriber Line)
home and small office networks, 27-28
speeds, 27
DSSS (Direct Sequence Spread Spectrum), 164
dual-stack, IPv6, 83
duplex mismatch, 264
DWDM (dense wavelength-division multiplexing), 30
Dynamic Host Configuration Protocol (DHCP), 15-17
dynamic NAT, 19
dynamic routing metrics, 92
dynamic routing versus static routing, 87-88
dynamic routing protocols, 90-91
-e switch, 249
E1 circuits, 31
E3 circuits, 31
EAP (Extensible Authentication Protocol), 189
edge and access control, 198
edge label switch router (ELSR), 34
ediscovery, 198
EGP (Exterior Gateway Protocol), 89-90
EIA (Electronics Industry Alliance), 215
EIGRP (Enhanced Interior Gateway Routing Protocol), 89
electrical safety, 220
electromagnetic interference (EMI), 263
Electronics Industry Alliance (EIA), 215
electrostatic discharge (ESD), 220
ELSR (edge label switch router), 34
email usage policy, 122
emergency procedures, 221
EMI (electromagnetic interference), 263
encapsulating FC frames, 114
Encapsulating Security Payload (ESP), 11
end-to-end communication, TCP/IP network access layer, 210-211
end-user awareness, 183
Enhanced Interior Gateway Routing Protocol (EIGRP), 89
enterprise WANs, 32
ATM (Asynchronous Transfer Mode), 33
Metro Ethernet, 35
MPLS (Multiprotocol Label Switching), 34
environmental factors, wireless transmissions, 256
environmental monitoring, 127
error detection, PPP, 28
error recovery, 227
escalating issues, 237
ESD (electrostatic discharge), 220
ESP (Encapsulating Security Payload), 11
EtherChannel, 146
configuring, 147
Ethernet, standards, 213
TIA/EIA 568A and 568B standards, 214-215
Ethernet cabling properties, 214
Ethernet frames, encapsulating, 114
Ethernet switches, 142
EUI-64, 80
IPv6, 81
evil twins, 180
exam day, 275
exams, re-taking, 278
extended star topologies, 51
Extensible Authentication Protocol (EAP), 189
Exterior Gateway Protocol (EGP), 89-90
facility, syslog, 131
failed exams, retaking, 278
far-end crosstalk (FEXT), 260
fault detection, 125
FC frames, encapsulating, 114
FCoE (fibre channel over Ethernet), 101, 113-114
FDDI (Fiber Distributed Data Interface), 50
FDM (frequency-division multiplexing), 210
feature changes and updates, 139
FECN (forward explicit congestion notification), 33
FEXT (far-end crosstalk), 260
FHRPs (first-hop redundancy protocols), 98-99
FHSS (Frequency-Hopping Spread Spectrum), 164
Fiber Distributed Data Interface (FDDI), 50
fiber-optic cables, 43
fiber-optic connectors, 44
fibre channel, 113
fibre channel over Ethernet (FCoE), 101, 113-114
fire extinguishers, 221
fire suppression, 221
misconfigured, 267
placement and configuration, 196-197
FireWire, 57
firmware updates, 139
first-hop redundancy protocol (FHRP), 98-99
first responders, security breaches, 198
fixed switches, 142
fixed systems, fire suppression, 221
Flexible NetFlow, 133
flow control, TCP, 229
forensics concepts, 198
forensics report, 198
forward explicit congestion notification (FECN), 33
forwarding STP, 153
four-post racks, 224
FQDN (fully qualified domain name), 17
fraggle attacks, 178
Frame Relay, 59
packet switching, 23
free-standing racks, 224
frequency bands, WLANs (wireless installation), 171-172
frequency-division multiplexing (FDM), 210
Frequency-Hopping Spread Spectrum (FHSS), 164
frequency-shift keying (FSK), 164
friendly DoS, 178
FSK (frequency-shift keying), 164
FTP, port numbers, 232
F-type connectors, 42
fully qualified domain name (FQDN), 17
gateway, 102
VoIP, 15
Gateway Load Balancing Protocol (GLBP), 99
GBIC (gigabit interface converter), 260
Generic Routing Encapsulation (GRE), 12
IPv6, 85
get-bulk-request, 128
get-next-request, 128
get-request, 128
get-response, 128
gigabit interface converter (GBIC), 260
GLBP (Gateway Load Balancing Protocol), 99
global unicast addresses, IPv6, 79
global unicast configuration options, 80
Graziani’s 3-1-4 rule for remembering global unicast address structure, 79
GRE (Generic Routing Encapsulation), 12
IPv6, 85
guest networks, 198
H.323, port numbers, 233
hardening devices, 185
configuring switch port security, 186-188
data integrity, 189
disabling unused network services, 186
hashing, 189
secure protocols, 186
wireless security, 190
hardware and software tools, 252-253
hardware failure
physical layer issues, 263
hardware firewalls, 195
hash-based message authentication code (HMAC), 190
hashing, 189
HBA (host bus adapter), 113
header fields, ATM (Asynchronous Transfer Mode), 33
headers, 228
hextets, 76
HFC (hybrid fiber and coaxial) network, 215
HIDS (host-based IDSs), 4
HMAC (hash-based message authentication code), 190
hold-down timers, 94
home and small office networks, 25
DSL (Digital Subscriber Line), 27-28
PPP (Point-to-Point Protocol), 28
home networks, 58
honeynets, 138
honeypot, network segmentation, 138
hop count, 92
host-based anti-malware, 185
host-based firewalls, 195
host-based IDSs (HIDS), 4
host bus adapter (HBA), 113
host ranges, subnetting, 69-70
Hot Standby Router Protocol (HSRP), 99
HSRP (Hot Standby Router Protocol), 99
ht (high throughput), 165
HTTP, port numbers, 233
HTTP requests, 207
HTTP responses, 207
HTTPS (Hypertext Transfer Protocol Secure), 186
port numbers, 233
hub-and-spoke topologies, 52-53
hubs, network devices, 1
HVAC (heating, ventilation, and air-conditioning), procedures, 221
hybrid cloud, 112
hybrid topologies, 52
Hypertext Transfer Protocol Secure (HTTPS), 186
hypervisors, 108
identifying, 109
IaaS (Infrastructure as a Service), 111
ICA (Independent Computing Architecture), 14
ICS (industrial control system), 59
identifying
hypervisors, 109
IDF (intermediate distribution frame), 223
IDS (intrusion detection systems), 3-4
IEEE 1901.5-2013, 214
IGP (Interior Gateway Protocols), 90
IGRP (Interior Gateway Routing Protocol), 89
IKE (Internet Key Exchange), VPNs, 11-12
IMAP (Internet Message Access Protocol), port numbers, 233
IMP (Instant Messaging and Presence), 105
implementing
preventative measures, 237
solutions when troubleshooting, 237
incompatibilities, wireless configuration issues, 257
incorrect VLAN assignment, 264
Independent Computing Architecture (ICA), 14
industrial control system (ICS), 59
industrial networks, 59
Infrared (IR), 57
Infrastructure as a Service (IaaS), 111
infrastructure WLAN topologies, 167
INID (intelligent network interface device), 272
inside global, NAT, 19
inside local, NAT, 19
INSIDE zone devices, 197
insider threats, 180
instability, MAC database instability, 152
installation safety, 220
installing WLANs. See wireless installation
Integrated Service Digital Network (ISDN), 23
integrated services, QoS, 106
intelligent network interface device (INID), 272
interface errors
physical layer issues, 263
WANs, 271
interface monitoring, 126
interference
WANs, 272
wireless transmissions, 255
interior environmental obstacles, wireless transmission issues, 256
Interior Gateway Protocols (IGP), 90
Interior Gateway Routing Protocol (IGRP), 89
intermediate distribution frames (IDFs), 223
Intermediate System-to-Intermediate System (IS-IS), 89
Internet Key Exchange (IKE), VPNs, 11-12
Internet layer, TCP/IP, 203, 208
Internet Small Computer System Interface (iSCSI), 114-115
Internet usage policies, 122
Inter-Switch link (ISL), 159
intrusion detection systems (IDS), 3-4
intrusion prevention systems (IPS), 3-4
IP addressing
misconfigured IP addressing, 265
ip arp inspection trust, 187
ip dhcp snooping limit rate 5, 187
IP routes, missing, 265
ipconfig, 239
IPS (intrusion prevention systems), 3-4
IPsec (IP Security), 186
IPv4 addressing, 64
private, 66
public, 66
IPv6 addressing
address types, 78
global unicast addresses, 79
link-local unicast addresses, 79-80
EUI-64, 81
SLAAC (stateless address autoconfiguration), 82
conventions for writing, 76-77
migrating
dual-stack, 83
ipv6 unicast-routing, 82
IPv6 Unnumbered, 80
IR (Infrared), 57
ISATAP, tunneling (IPv6), 85
iSCSI (Internet Small Computer System Interface), 114-115
ISDN (Integrated Service Digital Network), 23
components of, 27
home and small office networks, 26-27
IS-IS (Intermediate System-to-Intermediate System), 89
ISL (Inter-Switch link), 159
ISM bands (industrial, scientific, and medical), 165
jamming, 269
jitter, 105
Kerberos, 189
key fobs, 194
keypad/cipher locks, 194
L2F (Layer 2 Forwarding), 12
L2TP (Layer 2 Tunneling Protocol), 12
label switch router (LSR), 34
labeling, best practices, 224
LACP (Link Aggregation Control Protocol), 146
LANs (local area networks), 57-58
LAN switches, 143
latency, 273
Layer 2 Forwarding (L2F), 12
Layer 2 Tunneling Protocol (L2TP), 12
layers
TCP/IP, 203
LDAP (Lightweight Directory Access Protocol), port numbers, 233
legacy systems, network segmentation, 138
LFI (link fragmentation and interleaving), 107
light meter, 253
Lightweight Access Point Protocol (LWAPP), 169
Lightweight Directory Access Protocol (LDAP), port numbers, 233
limitations of 10BASE-T, 141
line of sight, 273
link aggregation, 146
EtherChannel, configuring, 147
LACP (Link Aggregation Control Protocol) modes, 146-147
Link Aggregation Control Protocol (LACP), 146
link efficiency, 107
link fragmentation and interleaving (LFI), 107
Link Layer Discovery Protocol (LLDP), 264
link-local unicast addresses, IPv6, 79-80
link-state advertisements (LSA), 95
link-state database (LSDB), 95
link-state routing protocols, 91, 94
Dijkstra Shortest Path First (SPF) algorithm, 95-96
LSDB (link-state database), 95
LLC (Logical Link Control) sublayer, 213
LLDP (Link Layer Discovery Protocol), 264
load, metrics, 92
load balancing, network segmentation, 138
local AAA authentication, 145
local addressing, 63
collision and broadcast domains, 63-64
MAC addresses, 63
local area networks (LANs), 57-58
local group configurations, troubleshooting, 267
local loop, 25
Logical Link Control (LLC) sublayer, 213
logical topology diagrams, 120
looking glass sites, 253
loopbacks, 272
looped link detection, PPP, 28
loops, routing loop prevention, 94
loss of Internet connectivity, WANs, 271
LSA (link-state advertisements), 95
LSDB (link-state database), 95
LSR (label switch router), 34
LWAPP (Lightweight Access Point Protocol), 169
MAC address filtering, 188
MAC address OUI, 269
MAC (Media Access Control) addresses, 142
local addressing, 63
static, 188
switch forwarding, 143
MAC database instability, 152
MAC sublayer, 213
main distribution frames (MDF), 223
major updates, 139
malicious employees, 180
malicious users, 268
malware, 268
anti-malware software, 185
MAM (mobile application management), 219
MAN (metropolitan area network), 35, 59
man-in-the-middle attacks, 179
managed switches, 142
management, medianets, 60
Management Information Base (MIB), 127-130
management VLANs, 157
mantraps, 194
manual tunneling, IPv6, 84
marking DiffServ QoS, 106
master service agreement (MSA), 220
material safety data sheet (MSDS), 220
MDF (main distribution frames), 223
MDIX (medium dependent interface crossover), 259
MDM (mobile device management), 219
media, network devices, 1
Media Access Control (MAC) sublayer, 213
media converters, 45
Media Gateway Control Protocol (MGCP), port numbers, 233
medianets, 60
medium dependent interface crossover (MDIX), 259
memorandum of understanding (MOU), 220
memory usage, 125
mesh WLAN topologies, 167
message format, syslog, 131-132
message types, SNMP (Simple Network Management Protocol), 127-128
metrics, dynamic routing metrics, 92
Metro Ethernet, 35
metropolitan area network (MAN), 35, 59
MGCP (Media Gateway Control Protocol), port numbers, 233
MIB (Management Information Base), 127
SNMP (Simple Network Management), 128-130
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), 28, 189
migrating IPv6
dual-stack, 83
MIMO (multiple-input and multiple-output), 166
wireless configuration issues, 258
minor updates, 139
Miredo, 85
misconfigured ACLs/applications, 267
misconfigured DHCP, 265
misconfigured DNS, 265
misconfigured firewalls, 267
misconfigured IP addressing, 265
mismatched channels, wireless transmissions, 255
missing IP routes, 265
MMF (multimode fiber), 43
MNEMONIC, syslog, 131
mobile application management (MAM), 219
mobile device management (MDM), 219
mobile device policies, 122
mobility, medianets, 60
modems
analog modems, 1
broadband modems, 2
modes
LACP (Link Aggregation Control Protocol), 146-147
VTP (VLAN Trunking Protocol), 160
modular switches, 142
modulation, 209
MOU (memorandum of understanding), 220
MPLS (Multiprotocol Label Switching), 34, 59
MSA (master service agreement), 220
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), 28, 189
MSDS (material safety data sheet), 220
MTU (maximum transmission unit), 264
black hole, 264
MU (multiuser), 166
multicast transmission, IPv4, 67
multifactor authentication, 189
multilayer switches, network devices, 1
multilink interface, PPP, 28
multimeters, 252
multimode fiber (MMF), 43
multiple frame transmission, 152
multiple-input and multiple-output (MIMO), 166
Multiprotocol Label Switching (MPLS), 34, 59
multiuser, 166
MUMIMO (multiuser multiple-input and multiple-output), 166
MX (mail exchange), 18
NAC (Network Access Control), 123
NAS (network attached storage), 112-113
NAT (Network Address Translation), 18-20, 66
National Institute of Standards and Technology (NIST), 111
native VLAN, 157
nbtstat -r, 250
near-end crosstalk (NEXT), 260
Near Field Communication (NFC), 57, 194
Nessus Home Vulnerability Scanner, 182
NetBIOS, port numbers, 232
collector functions, 134
netstat -a command, 132
netstat -e, 249
netstat -n, 248
netstat -r, 249
Network Access Control (NAC), 123
network access layer, TCP/IP, 203, 208
collisions, 209
end-to-end communication, 210-211
transmission techniques, 209-210
Network Address Translation (NAT), 18-20, 66
network addresses, calculating, 65-66
network admission procedures, 123
network attached storage (NAS), 112-113
network-based anti-malware, 185
network-based firewalls, 195
network-based IDSs (NIDS), 4
network closets, 193
network design, 117
considerations for layers 1, 2, and 3, 118-119
documentation, 119
asset management, 122
baselines, 122
policies, 122
procedures, 123
wireless considerations, 119
network devices, 1
analog modems, 1
AP (access point), 2
broadband modems, 2
clients, 1
hubs, 1
IDS (intrusion detection systems), 3-4
IPS (intrusion prevention systems), 3-4
media, 1
multilayer switches, 1
packet shapers, 6
proxy servers, 5
routers, 1
servers, 1
switches, 1
VPN concentrators, 6
network diagrams, documentation, 120-121
network infrastructures, 57
CANs (campus area networks), 58
industrial networks, 59
LANs (local area networks), 57-58
MANs (metropolitan area networks), 59
medianets, 60
PANs (personal area networks), 57
WANs (wide area networks), 59
network interface unit (NIU), 272
network issues
data link layer issues, 264
network layer issues, 265
physical layer issues, 263-264
network layer, OSI model, 202
network layer issues, 265
network management system (NMS), 127
data flow through layers, 203-204
OSI model, 201
TCP/IP model, 201
layers and protocols, 203
packet sniffers, 133
SNMP (Simple Network Management Protocol), 127
versions, 128
syslog, 130
operations, 130
network monitoring procedures, 123
Network News Transport Protocol (NNTP), port numbers, 233
network operating system (NOS), 55
network policies, 219
network termination 1 (NT1), 27
Network Time Protocol (NTP), 233
network topologies, 49
client-server, 55
extended star, 51
star, 51
network usage policies, 122
networking device virtualization, 109-110
networks, WAN link options, 24
dedicated leased lines, 31
home and small office networks, 25-29
SONET (Synchronous Optical Network), 30
NEXT (near-end crosstalk), 260
NFC (Near Field Communication), 57, 194
NIC teaming misconfiguration, 264
NIDS (network-based IDSs), 4
NIST (National Institute of Standards and Technology), 111
NIU (network interface unit), 272
NMS (network management system), 127
NNTP (Network News Transport Protocol), port numbers, 233
non-persistent agents, 197
NOS (network operating system), 55
nslookup tool, 265
NT1 (network termination 1), 27
NTP (Network Time Protocol), port numbers, 233
numbering systems, TCP/IP, 211
octal numbering systems, 211
OCx (Optical Carrier), 30
OFDM (Orthogonal Frequency-division Multiplexing), 165
offboarding, 122
omnidirectional antenna, 166
on mode, LACP, 146
onboarding, 122
one-way satellite system, 29
open, copper cable, 259
open networks, wireless configuration issues, 257
open ports, 181
Open Shortest Path First (OSPF), 89
operating systems, unpatched, 268
operations
RSTP, 155
syslog, 130
VTP (VLAN Trunking Protocol), 160-161
Optical Carrier (OCx), 30
optical time domain reflectometer (OTDR), 47
Organizationally Unique Identifier (OUI), 63, 269
Orthogonal Frequency-division Multiplexing (OFDM), 165
OS updates, 139
OSI model, 201
OSPF (Open Shortest Path First), 89, 95
OUI (Organizationally Unique Identifier), 63, 269
outside global, NAT, 19
outside local, NAT, 19
OUTSIDE zone devices, 197
overlapping channels, wireless transmissions, 255
ownership policies, 122
PaaS (Platform as a Service), 111
packet abuse, 179
packet shapers, 6
packet sniffers, 133
versus circuit switching, 24
PAgP (Port Aggregation Protocol), 146
PANs (personal area networks), 57
PAP (Password Authentication Protocol), 28, 188
partial mesh topologies, 54-55
passive mode, LACP, 146
Password Authentication Protocol (PAP), 28, 188
PAT (Port Address Translation), 19-20
PBX (Private Branch Exchange), 15, 102
penetration testing, 182
performance optimization, network segmentation, 138
perimeter security, 193
permanent DoS, 178
persistent agents, 197
personal area networks (PANs), 57
personal software policies, 122
phase, 163
phase-shift keying (PSK), 164
physical layer, OSI model, 202
physical layer issues, networks, 263-264
physical topology diagrams, 120
pin positions, 214
ping -6, 239
ping6, 239
ping of death, 178
placement of firewalls, 196-197
plans of action, establishing, 236
Platform as a Service (PaaS), 111
PLCs (programmable logic controllers), 59
plenum, 39
POD (point of demarcation), 272
PoE (Power over Ethernet), 142
point of demarcation (POD), 272
point-to-multipoint topologies, 53
Point-to-Point Protocol (PPP), 28
Point-to-Point Tunneling Protocol (PPTP), 12
poison reverse, 94
policies
AUP (acceptable use policies), 219
company security policies (WANs), 272
documentation, 122
network policies, 219
security policies, 219
policing QoS, 107
polyvinyl chloride (PVC), 39
POP3, port numbers, 233
Port Address Translation (PAT), 19-20
Port Aggregation Protocol (PAgP), 146
port costs, STP, 154
port mirroring, configurations, 148
port roles
STP, 155
packet sniffers, 133
port states, 155
ports
open ports, 181
source ports, 231
positive acknowledgement, 229
post-exam information, receiving your certificate, 277
posture assessment, 197
power anomalies, physical layer issues, 263
power failures, physical layer issues, 263
power levels, wireless configuration issues, 257
power management, 224
power monitoring, 127
Power over Ethernet (PoE), 142
powered ports, 142
PPP (Point-to-Point Protocol), home and small office networks, 28
PPTP (Point-to-Point Tunneling Protocol), 12
prefixes, writing for IPv6, 77
presentation layer, OSI model, 202
preventative measures, implementing, 237
preventing routing loops, 94
PRI (primary rate interface), 26
private, IPv4 addressing, 66
Private Branch Exchange (PBX), 15, 102
private cloud, 111
private networks, network segmentation, 138
problems, identifying, 235-236
procedures
documentation, 123
emergency procedures, 221
fire suppression, 221
HVAC (heating, ventilation, and air-conditioning), 221
for security breaches, 198
procedures for adding new users, 123
procedures for reporting violations, 123
programmable logic controllers (PLCs), 59
protocol analyzer, 253
protocol weaknesses, 179
protocols
BGP (Border Gateway Protocol), 89
CHAP (Challenge Handshake Authentication Protocol), 28, 189
classful routing protocols, 91
classless routing protocols, 91
DHCP (Dynamic Host Configuration Protocol), 15-17
distance vector routing protocols, 90
EAP (Extensible Authentication Protocol), 189
EGP (Exterior Gateway Protocol), 89-90
EIGRP (Enhanced Interior Gateway Routing Protocol), 89
GLBP (Gateway Load Balancing Protocol), 99
GRE (Generic Routing Encapsulation), 12
HSRP (Hot Standby Router Protocol), 99
HTTPS (Hypertext Transfer Protocol Secure), 186
ICA (Independent Computing Architecture), 14
IGP (Interior Gateway Protocols), 90
IGRP (Interior Gateway Routing Protocol), 89
IPsec, 186
IS-IS (Intermediate System-to-Intermediate System), 89
Kerberos, 189
L2F (Layer 2 Forwarding), 12
L2TP (Layer 2 Tunneling Protocol), 12
link-state routing, 94
Dijkstra Shortest Path First (SPF) algorithm, 95-96
LSDB (link-state database), 95
link-state routing protocols, 91
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), 28, 189
OSPF (Open Shortest Path First), 89
PAP (Password Authentication Protocol), 28, 188
PPTP (Point-to-Point Tunneling Protocol), 12
RADIUS, 13
RDP (Remote Desktop Protocol), 14
RIP (Routing Information Protocol), 89
RIPng (Routing Information Protocol next generation), 89
RIPv2 (Routing Information Protocol version 2), 89
routing protocols, 88
RTP (Real-time Transport Protocol), 15
secure protocols, 186
SFTP (Secure File Transfer Protocol), 186
SIP (Session Initiation Protocol), 15
SNMPv3 (Simple Network Management Protocol version 3), 186
SSL (Secure Sockets Layer), 12, 186
TACACS+, 13
TCP (Transmission Control Protocol), 227
connection establishment, 230
connection termination, 230
flow control, 229
headers, 228
TCP/IP model, 203
Telnet, 14
TLS (Transport Layer Security), 12, 186
UDP (User Datagram Protocol), 227, 231
headers, 228
unsecure protocols, 181
VRRP (Virtual Router Redundancy Protocol), 99
proximity readers, 194
proxy servers, 5
pruning, VTP (VLAN Trunking Protocol), 161-162
PSK (phase-shift keying), 164
PSTN (public switched telephone network), 25, 103
PTR records, 18
public cloud, 112
public IP addressing, IPv4 addressing, 66
public networks, network segmentation, 138
Public Switched Telephone Network (PSTN), 25, 103
punch down tool, 46
PVC (polyvinyl chloride), 39
QAM (quadrature amplitude modulation), 164
QoE (quality of experience), medianets, 60
QoS (Quality of Service), 101, 105-106
quadrature amplitude modulation (QAM), 164
quality of experience (QoE), medianets, 60
Quality of Service. See QoS
quarantine networks, 197
R reference point, 27
-r switch, 249
rack systems, best practices, 224
radio frequency (RF), vulnerabilities, 181
radio frequency interference (RFI), 263
radio waves, 163
RADIUS (Remote Authentication Dial-In User Service), 13, 268
rain fade, 273
Rapid STP (RSTP), 151
RAS (remote access service), 14
RDP (Remote Desktop Protocol), 14
port numbers, 233
read-only (ro), 128
read-write (rw), 128
Real-Time Streaming Protocol (RTSP), port numbers, 233
Real-time Transport Protocol (RTP), 15, 102
Recommended Standard 232 (RS-232), 41
record types, DNS (Domain Name System), 18
redundant switched topology, 152
reflected DoS (DDoS), 178
registered jack connectors, 40-41
reliability, metrics, 92
remote access service (RAS), 14
AAA (authentication, authorization, and accounting), 13
Remote Authentication Dial-In User Service (RADIUS), 13, 268
Remote Desktop Protocol (RDP), 14
port numbers, 233
remote terminal units (RTU), 59
re-taking exams, 278
reverse proxy, 5
RFI (radio frequency interference), 263
RF (radio frequency), vulnerabilities, 181
RG-6, 40
RG-58, 40
RG-59, 40
SONET, 31
RIP (Routing Information Protocol), 89
metrics, 92
RIPng (Routing Information Protocol next generation), 89
RIPv2 (Routing Information Protocol version 2), 89
risk, DoS (denial of service) attack, 177-178
RJ-11 (type 11 registered jack), 40
RJ-45 (type 45 registered jack), 40
RJ-48C (type 48C registered jack), 40
ro (read-only), 128
rogue access points, wireless configuration issues, 257
rogue AP, 180
rollover cables, 39
round trip timer (RTT), 241
route poisoning, 94
route redistribution, 90
router configurations, WANs, 272
routers
network devices, 1
routing, administrative distance (AD), 93
Routing Information Protocol (RIP), 89
Routing Information Protocol next generation (RIPng), 89
Routing Information Protocol version 2 (RIPv2), 89
routing loop prevention, 94
routing protocols, 88
AS (autonomous system), 90
classful routing protocols, 91
classless routing protocols, 91
distance vector, 90
link-state routing protocols, 91
route redistribution, 90
RS-232, 41
rsh (remote shell), port numbers, 232
RSTP (Rapid STP), 151
operations, 155
port states, 155
RTP (Real-time Transport Protocol), 15, 102
port numbers, 233
RTP header compression (cRTP), 107
RTSP (Real-Time Streaming Protocol), port numbers, 233
RTT (round trip timer), 241
RTU (remote terminal units), 59
rw (read-write), 128
SaaS (Software as a Service), 111
same service set identifier (SSID), 171
sampling size, 210
SAN (storage area network), 112
DAS (directly attached storage), 112
fibre channel, 113
fibre channel over Ethernet (FCoE), 113-114
iSCSI (Internet Small Computer System Interface), 114-115
NAS (network attached storage), 112-113
satellites, 29
WANs, 273
SCADA (Supervisory Control and Data Acquisition), 59
SCADA systems, network segmentation, 138
SCCP (Skinny Client Control Protocol), 103
score report, 275
scores, certified score report, 275
SCP, port numbers, 232
SDN (software-defined networking), 110
SDSL (symmetric DSL), 27
Secure File Transfer Protocol (SFTP), 186
secure protocols, 186
Secure Sockets Layer (SSL), 12, 186
security
access control models, 197-198
placement and configuration, 196-197
medianets, 60
network segmentation, 138
switch port security, configuring, 186-188
vulnerabilities, 181
wireless security, 190
security breaches, procedures for, 198
security configuration issues, 267-268
security guards, 194
Security Information and Event Management (SIEM), 126
security levels, syslog, 130-131
security monitoring, 125
security policies, 219
security procedures, 123
seq no, syslong, 131
server mode, VTP (VLAN Trunking Protocol), 160
server rail racks, 224
server virtualization, 108-109
servers
network devices, 1
proxy servers, 5
service level agreement (SLA), 220, 272
session control, medianets, 60
Session Initiation Protocol (SIP), 15, 102
port numbers, 233
session layer, OSI model, 202
sessions hijacking, 179
set-request, 128
severity, syslog, 131
SFP (small form-factor pluggable), 260
SFTP (Secure File Transfer Protocol), 186
port numbers, 232
shaping QoS, 107
shielded twisted-pair (STP), 37
shipworm, 85
short, copper cable, 259
Shortest Path Bridging (SPB), 156
show cdp neighbors detail, 264
show interface command, 126
show interface gigabitethernet 0/0, 126
show ip route, 92
show mac-address-table, 240, 252
SIEM (Security Information and Event Management), 126
signal loss, wireless transmissions, 255
signal-to-noise ratio, wireless transmissions, 255
signature-based IDSs, 4
Simple Network Management Protocol. See SNMP
Simple Network Management Protocol version 3 (SNMPv3), 186
Simple Network Time Protocol (SNTP), port numbers, 233
simultaneous wired/wireless connections, physical layer issues, 264
single-mode fiber (SMF), 43
single point of failure, 183
single sign-on, 189
SIP (Session Initiation Protocol), 15, 102
port numbers, 233
site surveys, WLANs, 172
site-to-site VPNs, 9
Skinny Client Control Protocol (SCCP), 103
SLA (service level agreement), 220, 272
SLAAC (Stateless Address Autoconfiguration), 80-82
small form-factor pluggable (SFP), 260
SMB (Server Message Block), port numbers, 232
SMF (single-mode fiber), 43
SMTP (Simple Mail Transfer Protocol), port numbers, 233
smurf attack, 178
SNAT (Static NAT), 19
snips, 46
SNMP (Simple Network Management Protocol), 127
MIB (Management Information), 128-130
port numbers, 233
versions, 128
SNMP Trap, port numbers, 233
SNMPGET, 129
SNMPv1, 128
SNMPv2c, 128
SNTP (Simple Network Time Protocol), port numbers, 233
SOA (start of authority) record, 18
social engineering, 180
software, patches/updates, 139
Software as a Service (SaaS), 111
software-defined networking (SDN), 110
software firewalls, 195
software procedures, 123
solutions, 237
SONET (Synchronous Optical Network), 30
SOW (statement of work), 220
spanning tree port states, 154
Spanning Tree Protocol (STP), 151, 264
SPB (Shortest Path Bridging), 92, 156
speed mismatch, 264
speed spectrum, 164
speed test sites, 253
speeds, DSL, 27
SPF (Dijkstra Shortest Path First) algorithm, 95-96
SPI (stateful packet inspection) firewalls, 195
split horizon, 94
split horizons, WANs, 271
split pairs, copper cable, 260
spoofing, 179
spread spectrum, 164
port numbers, 232
SSID (same service set identifier), 171
SSL (Secure Sockets Layer), 12, 186
S/T reference point, 27
standard business documents, 220
standards, Ethernet, 213
TIA/EIA 568A and 568B standards, 214-215
star bus topologies, 52
star topologies, 51
stateful inspection firewalls, 195
stateful packet inspection (SPI) firewalls, 195
Stateless Address Autoconfiguration (SLAAC), 80
IPv6, 82
stateless firewalls, 195
statement of work (SOW), 220
static MAC addresses, 188
Static NAT (SNAT), 19
static routes, 88
static routing versus dynamic routing, 87-88
storage area networks (SANs), 112
DAS (directly attached storage), 112
fibre channel, 113
fibre channel over Ethernet (FCoE), 113-114
iSCSI (Internet Small Computer System Interface), 114-115
NAS (network attached storage), 112-113
storage space, 125
STP (shielded twisted-pair), 37, 152
port costs, 154
port roles, 155
port states, 155
STP (Spanning Tree Protocol), 151, 264
STP convergence, 153
structure, IPv4 addressing, 64-65
stub networks, 88
study resources, WLANs, 175-176
subnet multipliers, 69
subnetting, 68
determining how many bits to borrow, 68-69
determining subnet masks, 69
determining subnet multiplier, 69
listing subnets, host ranges and broadcast addresses, 69-70
subset advertisement message, 161
summary advertisement message, 161
Supervisory Control And Data Acquisition (SCADA), 59
surveys, wireless site surveys (WLANs), 172
switch forwarding, MAC addresses, 143
switch port security, configuring, 186-188
switch types, 142
switches
-e, 249
Ethernet switches, 142
evolving from bridges, 141-142
LAN switches, 143
multilayer switches, 1
network devices, 1
powered, 142
-r, 249
unpowered ports, 142
virtual switches, 109
switching,
evolution to, 141
from bridges to switches, 141-142
switch types, 142
switching loops, 264
switchport port-security, 188
switchport port-security mac-address sticky, 188
symmetric DSL (SDSL), 27
Synchronous Optical Network (SONET), 30
syslog, 130
operations, 130
T1 circuits, 31
T3 circuits, 31
TA (terminal adapter), 27
TACACS (Terminal Access Controller Access-Control System), 268
TACACS+ (Terminal Access Controller Access-Control System Plus), 13
TCP (Transmission Control Protocol), 227
connection establishment, 230
connection termination, 230
flow control, 229
headers, 228
TCP SYN flood, 178
TCP/IP
application layer, 207
Internet layer, 208
network access layer, 208
collisions, 209
end-to-end communication, 210-211
transmission techniques, 209-210
numbering systems, 211
TCP/IP models, 201
data flow through layers, 203
TCP/IP Transport Layer, 227
TDM (time-division multiplexing), 209
TE1 (terminal endpoint 1), 27
TE2 (terminal endpoint 2), 27
telco, 25
Telecommunications Electronics Material Protected from Emanating Spurious, 181
Telecommunications Industry Association (TIA), 215
Telnet, 14
port numbers, 232
TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious), 181
Temporal Key Integral Protocol (TKIP), 190
Teredo (RFC 4380), 85
Terminal Access Controller Access-Control System (TACACS), 268
Terminal Access Controller Access-Control System Plus (TACACS+), 13
terminal adapter (TA), 27
terminal endpoint 1 (TE1), 27
terminal endpoint 2 (TE2), 27
terminating dedicated leased lines, 32
testing troubleshooting theories, 236
testing labs, network segmentation, 138
TFTP (Trivial File Transfer Protocol), port numbers, 232
theories, 236
thick Aps, wireless configuration issues, 258
threats, 180. See also attacks
insider threats, 180
malicious employees, 180
protocol weaknesses, 179
TIA (Telecommunications Industry Association), 215
TIA/EIA 568A standards, Ethernet, 214-215
TIA/EIA 568B standards, Ethernet, 214-215
time-division multiplexing (TDM), 209
Time to Live (TTL) field, 94
timestamp, syslog, 131
tip and ring, 26
TKIP (Temporal Key Integral Protocol), 190
TLS (Transport Layer Security), 12, 186
Token Ring, 50
toner probe, 253
tools
nbtstat, 250
show mac-address-table, 252
hardware and software tools, 252-253
top-down approach, 236
topologies
redundant switched topology, 152
VoIP network topology, 15
WLANs, 167
ToS (type of service), 106
traceroute -6, 239
traceroute6, 239
tracert -6, 239
traffic conditioners, 107
training, end-user awareness, 183
transition strategies, IPv6 addressing, 76
Transmission Control Protocol (TCP), 227
headers, 228
transmission methods (WLANs), 164-165
transmission techniques, TCP/IP network access layer, 209-210
Transparent Interconnection of Lots of Links (TRILL), 156
transparent mode, VTP (VLAN Trunking Protocol), 160
transport layer
OSI model, 202
Transport Layer Security (TLS), 12, 186
trap, 128
triggered updates, 94
TRILL (Transparent Interconnection of Lots of Links), 156
Trivial File Transfer Protocol (TFTP), port numbers, 232
troubleshooting, 235
documenting findings, actions, and outcomes, 237
establishing plans of action, 236
establishing theories, 236
implementing solutions, 237
security configuration issues, 267-268
testing theories, 236
verifying solutions/implementing preventative measures, 237
wireless configuration issues, 257-258
wireless transmission issues, 255-256
interior environmental obstacles, 256
TTL (Time to Live) field, 94
twisted-pair cabling, copper, 37-39
two-factor authentication, 189
two-post racks, 224
two-way satellite system, 29
Tx/Rx reverse, copper cable, 259
Type 1 Bare Metal Hypervisor Approach, 108
Type 2 hosted hypervisor, 108
Type 2 hypervisors, 108
type 11 registered jack (RJ-11), 40
type 45 registered jack (RJ-45), 40
type 48C registered jack (RJ-48C), 40
type of service (ToS), 106
types of switches, 142
U reference point, 27
UC (unified communications), 14-15
UDP (User Datagram Protocol), 227, 231
headers, 228
unencrypted channels, 181
unicast transmission, 66
unidirectional antennas, 166
unified communications, 101-103
PSTN (public switched telephone network), 103
QoS. See QoS
virtualization, 107
networking device virtualization, 109-110
server virtualization, 108-109
software-defined networking, 110
unified communications (UC), 14-15
Unified Threat Management (UTM) firewalls, 195
uninterruptible power supplies (UPS), 263
universal serial bus (USB), 57
unmanaged switches, 142
unpatched firmware, 268
unpowered ports, switches, 142
unsecure protocols, 181
unshielded twisted-pair (UTP), 37-38
untested updates, wireless configuration issues, 257
unused network services, disabling, 186
upgrading, 139
UPS (uninterruptible power supplies), 263
USB (universal serial bus), 57
user account policies, 122
User Datagram Protocol (UDP), 227, 231
headers, 228
UTM (Unified Threat Management) firewalls, 195
UTP (unshielded twisted-pair), 37-38
variable-length subnet masking (VLSM), 91
VCs (virtual circuits), 32
VDSL (very high bit-rate DSL), 27
verifying solutions, 237
versions, SNMP (Simple Network Management Protocol), 128
very high bit-rate DSL (VDSL), 27
video monitoring, 194
video teleconferencing (VTC), 60
virtual circuits (VCs), 32
virtual local area networks. See VLANs
virtual private networks. See VPNs
Virtual Router Redundancy Protocol (VRRP), 99
virtual switches, 109
virtualization, 107
cloud computing. See cloud computing
networking device virtualization, 109-110
server virtualization, 108-109
software-defined networking, 110
VLAN (virtual local area network), 156
black hole VLAN, 157
data VLAN, 157
default VLAN, 157
management VLANs, 157
native VLAN, 157
voice VLAN, 158
VLAN assignments, 187
VLAN hopping, 180
VLAN Trunking Protocol (VTP), 159-160
modes, 160
VLSM (variable-length subnet masking), 71-73, 91
voice over IP. See VoIP
Voice VLANs, 158
VoIP network topology, 15
VPN concentrators, 6
VPNs (virtual private networks), 9
client-to-site VPNs, 10
IKE (Internet Key Exchange), 11-12
IPsec (Internet Protocol Security), 11-12
protocols, 12
site-to-site VPNs, 9
VRRP (Virtual Router Redundancy Protocol), 99
VTC (video teleconferencing), 60
VTP (VLAN Trunking Protocol), 159-160
modes, 160
vulnerabilities, 181
vulnerability assessments, 182
vulnerability patches, 139
vulnerability scanning, 182
WAN (wide area network), 59
common issues, 271
company security policies, 272
CPE (customer premises equipment), 272
DNS issues, 271
interface errors, 271
interference, 272
loss of Internet connectivity, 271
router configurations, 272
satellites, 273
split horizons, 271
WAN link options, 24
dedicated leased lines, 31
enterprise WANs, 32
ATM (Asynchronous Transfer Mode), 33
Metro Ethernet, 35
MPLS (Multiprotocol Label Switching), 34
home and small office networks, 25
DSL (Digital Subscriber Line), 27-28
PPP (Point-to-Point Protocol), 28
SONET (Synchronous Optical Network), 30
wireless, 29
cellular technologies, 30
satellites, 29
WiMAX, 30
war chalking, 180
war driving, 180
wavelength, 210
WEP (Wired Equivalent Privacy), 190
WEP/WPA attacks, 180
Wi-Fi analyzer, 253
Wi-Fi Protect Setup (WPS) attacks, 180
Wi-Fi Protected Access (WPA), 190
wide area networks (WANs), 59
WiMAX (Worldwide Interoperability for Microwave Access), 30
windowing, 229
wire strippers, 45
Wired Equivalent Privacy (WEP), 190
wired standards, Ethernet, 213-214
wireless access points, 168
wireless attacks, 180
wireless bridges, 170
wireless configuration issues, 257-258
wireless design considerations for networks, 119
wireless installation, WLANs, 170
channels and frequency bands, 171-172
wireless router configuration, 172-175
wireless site surveys, 172
wireless LAN. See WLANs
wireless LAN controllers (WLC), 169
wireless monitoring, 125
wireless networks, 29
cellular technologies, 30
satellites, 29
WiMAX, 30
wireless router configuration, WLANs (wireless installation), 172-175
wireless security, 190
wireless site surveys, WLANs (wireless installation), 172
wireless standards, 256
wireless transmission issues, 255-256
WLANs (wireless LANs), 163
antennas, 166
devices, 167
wireless access points, 168
wireless bridges, 170
wireless LAN controllers, 169
topologies, 167
wireless installation, 170
channels and frequency bands, 171-172
wireless router configuration, 172-175
wireless site surveys, 172
WLC (wireless LAN controllers), 169
Worldwide Interoperability for Microwave Access (WiMAX), 30
WPA (Wi-Fi Protected Access), 190
WPA Enterprise, 190
WPA Personal, 190
WPS (Wi-Fi Protected Setup) attacks, 180
writing
wrong antenna type, wireless configuration issues, 257
wrong encryption, wireless configuration issues, 257
wrong SSID, wireless configuration issues, 257
zero-day attacks, 180