Chapter 1

workstation , server , desktop

Chapter 2
OS : General is Deny not limit (windows)
GPL (Global public license) or GNU allow you to identify the code ,which are fr
ee mean less expensive duhh (linux)
Windoe Exploer help
show the end user license and the OS verison number
shell, kernel
PATCHES
AUtomatic installtion
Prompt for permission
let you chose which patch to install it is a choice for user who
understand the impact a patch may have on the sytem
Manual
are often call service pack
Chapter 3
Cisco Hierarchical model
in order to devliver the message across the appropriate medium is call ENCAPSU
LATION
NETWORK STANDARD HELP PROVIDED CONSISTENT INTERCONNECTION ACROSS NETWORK AND S
IMIPLES NEW PRODUCT DEVELOPMENT
Physical configuration of the network:
Physical location of devices such as routers, switches, and hosts
How all devices are interconnected
Location and length of all cable runs
Hardware configuration of end devices such as hosts and servers
(more on hardware )
Logical configuration of the network:
Location and size of broadcast and collision domains
IP addressing scheme
Naming scheme
Sharing configuration
Permissions
(More on software )
Chapter 4
IP packet are also called datagram
point of presence ---A POP is the connection point between the ISP's network and
the particular geographical region that the POP is servicing.
network operation center
Digital Subscriber line access multiplexer DSLM CMTS
cable modem termination system ----- MODEM CONVERT DIGITAL TO ANALOG
Asy m metric ---- UP IS SLOWER THAN DOWN (use in home )
sy m metric ----- ALL THE SAME (Use in bussiness )
ISP that send information to one another all call backbone...
Optic fiber
Single mode user LED LASER upto 3 0 0 0 meter use for backbone
Muiltmode up to 2 0 0 0 meter and use LED
CLADING AND BUFFER IS TO REFLECT THE LIGHT....
EIA/Telecommunication I Assoication A is green infront B is orange in front
insulation displacement connector
Test the cable using Cable Tester, Certifier ,Multimeter
using low quality cables or connectors can cause signal degradation when using U
TP
PATCH PANEL USE RJ-45 AND ALLOW QUICJ REARRANGEMENT OF NETWORK CONNECTION
Coax use for cable and Statelite internet connectivity and allow many signal to
be combine to be transmitted
Cable Management Help to isolate problem and prevent physical Damage
CHAPTER 5
IP ADDRESS
CHAPTER 6
IMAP AND ICMP ARE DIFFERENT
FTP USES TCP NOT UDP bare that in mind
FTP 20 AND 21 21 FOR CONTROL TRAFFIC 20 actual file transder
immediate answer = SMS or instanst message
REMEMBER THE DIFFERENT BETWEEN OSI MODEL AND TCP/IP MODEL
Chapter 7
IR is RELEATIVLEY LOW ENERGY and cannot penetrate
through walls or other obstacles.
However, it is commonly used to connect and move data between Personal digital
asssiant
IR uses IR DA (Direct access )
Provided one on one access and use in Remote control + wireless mouse and keyboa
rd
WIRELESS IS CHEAP , EASY TO INSTALL, SCALABILITY ,MOBILITY ,AND EASE OF ADDING
BUT
CAN BE INTERFERENCE DUE TO USING UNLICENSE RF AND SECURITY
Radio Frequency can penetrate wall and
uses 802.11 B G N BLUETOOTH 2.4 GHZ and IEE 802.11a + N 5ghz
NOTED 802.11 TRANSMIT SAME FREQUENCY BUT WITH HIGHER POWER THAN BLUETOOTH THUS M
AKING IT LONGER RANGER
WIFI Alliance in charge of testing the WIFI network
The Wi-Fi logo on a device means that this equipment meets standards and should
interoperate with other devices of the same standard.
Bluetooth 802.15a WPAN and it one two many that one bluetooth is used to conn
ect to mutiple device .!!!
WIRELESS HAD 3 TYPES WwAN (CELLPHONE) , WPAN() WLAN ..
802.11 A uses 5ghz
Not compatibile with 2.4Ghz bg
Expensive to implement and very diffcuilt to find 11a compiant equipme
nt
RANGE IS LESS THAN 33% OF 2.4 GHZ STANDARD FOR 802.11
Max 54 OFDM
B uses 2.4 GHZ
Max Data transfer 11mbps
Range 46m (150ft) indoor 90m (300ft) outdoor
DSS
g uses 2.4GHZ
Max Data transder 54
Backward compatible with 802.11b
To help secure wireless transmissions including ENCRYPTION and AUTHENTICATED.
There are two basic form of WLAN installation AD-hoc and infrastructure
ADHoc :
THe simplest form of wireless network does not had an AP ...
All CLIENT ARE EQUAL AND CONNECT TWO CLIENT TOGEATHER THROUGHT PEER TO PEEER P
2P
AD -hoc use simiple
KNOW AS INDEPENDENT BASIC SERVICE SET IBSS
INFRASTRUCTURE MODE
Large network and need a single device that control communication in the
wireless cell
NORMALLY AN AP

INDIVIDUAL STA (STATION(CLIENT)) cant communicate directly with each oth
er
they need permission from AP

KNOW AS BASIC SERVER SET BSS or CELL.
BSS also know as independent basic service set IBSS
BSS is very small in order to expand it we need to connect BSS throuht a Distri
butuion System (DS)
know as ESS
Channels are created by DIVIDING UP the available
RF SPECTRUM.
Each channel is capable of carrying a different conversation.
This is similar to the way that multiple television channels
are transmitted across a single medium.
Wi-Fi uses CARRIER SENSE MULTIPLE ACCESS COLLISION AVOIDANCE
If a device requires use of a specific communication channel in a BSS,
it must ask permission from the AP. This is known as a REQUEST TO SEND (RTS).
If the channel is available, the AP will respond to the device with a CLEAR TO S
END (CTS) message
Indicating that the device may transmit on the channel.
A CTS is BROADCAST to all devices within the BSS. Therefore, all devices in th
e BSS
know that the requested channel is now in use.
AFTER SENDING
THE device that request will send a ACK to tell him that the channel can be rele
ase which the AP WILL ALSO BROADCAST TO THE REST
(After the two type of packet sending (sort of ) the AP will broadcast 1st from
AP than from STA )
In order for STA the client configuration must matchthat of the Ap
which are
SSID, (Think about your hotspot in the MRT while OTW to Chua Chu Kang
!!!)
security settings, (PSK ,EAP)
channel information
if the channel was manually set on the AP
THE WINDOW XP wireless client software is an example of popular wireless client
utility that incuded
as part of device OS
There is also a stand alone which offer enchanced functionally and that include
LINK INFORMATION
( The current strength and quality of a wireless single .)
PROFILES
(Allow configuration option such as channel and SSID to be specific for each wir
eless network)
SITE SURVEY .
(Process of evaluting a network solution to deliver the required coverage . data
range network capacity
roaming capability and QoS
OR
Enable the detection of all wireless network in the vicinity )
And you cant use both stand alone and the XP wireless client to
manage your network at the same time
SECURITY
Some of the more basic security measures include:
BASIC
Change default values for the SSID, usernames and passwords
Disable broadcast SSID
Configure MAC Address Filtering
Some of the more advanced security measures include:
ADVANCED
Configure encryption using WEP or WPA
Configure authentication
Configure traffic filtering
----------------------------------
Disable SSID broadcast (BASIC)
but people will still able to get into your netwrok throught
a well know default SSID OR get from device accessing your network.As SSID are
transmitted in
clear text
CHANGE THE DEFAULT SETTING OF THE NAME + password (BASIC)
Mac address Filtering (BASIC)
base on MAC ADDRESS WHO CAN SEND
--------------------------
Authentication (ADVANCE)
PSK ... Pre-shared Key (psk)
sends a random string of bytes to the client.
The client accepts the string, encrypts it (or scrambles it) based on the key,
and sends it back to the AP.
The AP gets the encrypted string and uses its key to decrypt (or unscramble) it.

if the decrypted string received from the client matches the original string sen
t to the client,
the client is allowed to connect.
PROVIDE A ONE WAY AUTHENTICATION HOST authenticate to the AP but not AP to the
HOST.
iT USES TKIP temporal key integrity protocol or CCMP AS
Extensible Authentication Protocol (EAP)
EAP provides mutual, or two-way, authentication as well as user authentication
-------------------------------------------------
WEP (encryptying NOT AUTHENTICATION)
Wired Equivalency Protocol OR PRIACY (WEP) is an advanced security feature that
encrypts network traffic
as it travels through the air.
WEP uses pre-configured keys to encrypt and decrypt data.
WEP is entered into 64,bit or 128 bit it even support 256
And all device must have the SAME WEP key enter.
WEP DOWNSIDE
since it uses static key ..attack can discover it through internet and once ex
tracted they can
access completly to all transmitted information
WPA
WIFI protected Access
use 64-256 bit
generate a dynamic key each time a client establish a connection .
WPA2 uses AES Advance Encryptuonn Standard or counter Mode cipher block chaini
ng message
Traffic filetring is done by the AP (ADVANCED)
the AP block undersiable traffic from entering or leaving the wireless network
it can be use to remove traffic from a specfic ip address or physical address
AUTHENTICATION AND MAC ADDRES FILTERING IS IN EFFECT
AUTHENTICATION IS IN USE
THEN MAC ADDRESS FILTERING IS OCCIR ONCE IT VERIFIFED THE AP
ADD THE HOST MAC ADDRESS INTO IT HOSTTABLE.
STEP TO PLAN
ASK QUESTION
How many users will access the WLAN?
What is the necessary coverage area?
What is the existing network structure? (Are they already using b or a standard)
What is the budget? (TCO)
The SSID is a CASE SENSTIVE., ALPHA-NUMERIC ( UR own SSID SINGTEL-9775) string
that is up to 32-characters.
It is sent in the header of all frames transmitted over the WLAN.
--The SSID is used to tell wireless devices which WLAN they belong to and with
which other devices they can communicate.
--All wireless devices in a WLAN must be configured with the same SSID in order
to communicate.
THROUGHT A WIRELESS LINK
using the unlicensed RF frequencies network 40KM apart
can be connected wireless
Chapter 8
Information theif and identity theif are different
Information is to steal data
Identity theif is to steal YOUR PERSONAL INFORMATION (CREDIT CARD) to act like y
ou.
ALONG WITH D OF S and Data loss
------------------------------------------
Security threat can be external and internal
External -- is the hacker(Had no permission ) work from outside to get your data
either through
Internet or wireless link and even dial up access server
Internal -- is someone (had the permission) work from inside to get your data .
They most likely know which data is vulnerable and valuable to get i
t
But not all are intentional some internal threat is due to somone ac
count
Account caught a virus .

MOST COMPANY SPEND A LOT OF RESOURCES DEFENDING EXTERNAL BUT MOST OF THE TIME
IS INTERNAL THREAT.cover (70%)
------------------------------------------------------------
They can use SOcial engineering to get information
SOCIAL Engineering is a term where someone had the ability of something or someo
ne
to influence the behavior of group of people ..

IT ALSO EXPLOIT THE FACT THAT USER ARE GENERALLY CONSIDER ONE OF THE WEAKEST LIN
K
AND THEY MOST COMMONLY USE THIS TECHNIQUE
PHISING ,PRETEXTING AND VISHING
PRETEXTING is a form of social engineering in which an individual lies
to obtain privileged data..Or they invented a scenario mostlu
done by phone
PHISING is an act of sending an email to a user calming that they
are from a legitmate source and tricking them to reveal their
username and password
Vishing Same as pHSING but through VOice over IP ...
-------------------------------------
Other an social they can use virus ,worm ,torjan horse
VIRUS -- is a programm that run and spread by modifying other progamm
e or file
IT CANT START BY ITSELF and it need to be activate (EXE, or
file)
ONCE ACTIVATED THEY CAN DO NOTHING THAN MAKING REPLICATE OF
THEMSELF AND SPREAD
THEY CAN CAUSE THE SYSTEM TO HALT BY USING UP MEMORY OR WORST ST
ILL DELETE AWAY
ALL YOUR FILE
through ( CD , DVD, USB)
WORM- -- Similar to virus but they do not need to be activate or att
ach to a file (REMEMBER SEND TO HOST NOT ON EXE FILE THEY DO NOT NEED IT)
They run indepenetly and use the network to spread a copy of i
tself..
They can run independently and not necessariy require activatio
n or human
intervention . SELF SPREADING WORM HAD FAR MORE EFFECT THAN SIN
GLE FILE
VIRUS
TROJAN HORSE--- use to bluff the user they are from a legimate source .
They can be harmless or can damage the content of the computer
hard drive or provide a back door access to hacker (internal thr
eat)
---------------------------------------------------------------------
Some time the goal of attack is to shut down normal opertaion of a network

They either accomplish this by flooding a system with traffic to prevent legitma
te traffic from flowing
or DISRUPT CONNECTION also know as DENIAL OF SERVICE
THE TWO COMMON ARE
SYNCRHONOUS flodding a packet send to a server for a client connection
HEY CONTAIN FACK OR INVAILD SOURCE IP ADDRESS AND THE SERVER BECOME OCCUPIED TO
HANDLE
THIS REQUEST
OR PING A PACKET GREATER THAN THE MAX SIDE 65,535 BYTE this may cause the recev
ing SYSTEM TO CASH.
They are also something call distributed denial of servce this is more sophitica
ted it to flood
the network with useless data..It operate on much larger scale and their attack
point are thousand
or hundred the attack point maybe on unsupecting computer that had been infected
by the
Distributed dential of service
------------------------------
Brute force
THe hacker use a fast compuer to try and guess password or decipher and encrypti
on code
they rtreid a large number of possibilites in rapid succession to gain access...
This can cause
dential of service due to excessive traffic to a specific resource or by locking
out user account
------------------------------------------------------------------
Note all attack do damage or prevent legitmate user from having access
Many threat are designed to collet information about user
THROUGHT
Spyware ...Is any program that gather personal information from your computer wi
thout your
permission or knowledge this is send to advertiser or other on the in
ternet and can include
password and account number
Tracking cookies -- are a form of sypware but are not alwasy bad theu are usee
to record information
about an internet user when they vist side..They care useful
or desirable as
it time saving MOST WEBSITE REQUIRE COOKIE LIKE (FACEBOOK)
Adware -- is a form of SPYWARE that are used to colect information about a user
base on a website
they vist.. Adware is commontly install by a user in exchange for a fr
ee product

Popup and pop under ---- are addintional advertising window that display when v
isting a website
unlike ADWARE they are NOT INTENTED to collect informa
tion
about the user and are typically assicoated only with the
website being visited
POPUP apprear infront
pop under apper behind
----------
Security policy is a document that detail system,phsyical,
and behaviroal constraint
eg
identifcation and AUthentication policites
(only authroized people can access)
password policties
(make sure they meet the requirment network)
accepetable use policies
(which programm can be use)
remote access policies
(how you remote control)
network maintenace procedures
(speic NOs and end user application update procedure)
incident handling procedures
(describe how the incident happen)
------------------------------------------
Software vulnerabilites -- Patches and update
Anti virus -- email checking
resident dynamic scanning
schedulded scan
Automatic updates
---------------------------------------------------
A Firewall is one of the most effective security tools available for protecting
internal network users from external threats.
A firewall resides between two or more networks and controls the traffic between
them as well as helps prevent unauthorized acces
(BASICALLY STOP UNAUTHORIZED ACCESS TO YOUR NETWORK)
Firewall products use various techniques for determining what is permitted or de
nied access to a network.
4 FILETRING PAUS PI
Packet (think os the network layer)
Filtering - Prevents or allows access based on
IP or MAC addresses.
Application Filtering - Prevents or allows access to specific application types
based on port numbers.
URL FILTERING- Prevents or allows access to websites based on specific URLs or k
eywords.
Stateful Packet Inspection (SPI NOT STI ARH) - Incoming packets must be legitima
te responses to requests from internal
hosts.
Unsolicited packets are blocked unless permi
tted specifically.
SPI can also include the capability to recog
nize and
filter out specific types of attacks such a
s DoS.
Firewall product come in various form
Appliance based firewall ---A APPLICATION BASE FIREWALL THAT IS BUILT IN TO DE
DICATED HARDWARE DEVICE

Server based firewall --- IT consit of a firewall application than run on N
OS such as unix,window or novel
integrated firewall --- is added as a functionality to an existed device
such a s router
personal firewall ---- Reside on host computer and ARE NOT DESIGNED FOR
LAN IMPLEMENTAION
MAY BE AVAILABLE BY DEFUALT FROM OS OR MAY BE IN
STALL FROM OUTSIDE VENDOR
--------------------------------------
By placing firewall between your network and the internet it can act as as a bor
der
devvice and all traffic can me monitor and control. This create a clear line of
defence
//SOMETHING LIKE AN IMMGRATION CHECK POINT
But however
They may be some external people that require internal resoucres A
DEMILITARIZED ZONE can be configured to accomplish this (IT USE FOR device tryi
ng to access the sever ,WEB ,FTP + DNS)
it is located between internal netwrok and external network
usually the internet..
They can be done by
Isolate a specifice static ip address
or port forwarding opening a port
that these port are use to accessible on the server
other port number is excluded...
------------------------------------------------
A single firewall configuration had 3 area (external network,internal and DMZ)
is require to monitor the traffic and determine what traffic should pass to the
DMZ
Two firewall configuration
Internal and external firewall with the DMZ located between them
External less restrictive and allow internet ser access to th service in the DMZ
Internal is more restrive
SINGLE CON
IS THAT IT HAD A SINGLE POINT OF FAILURE AND CAN ME OVERLOAD
THAT WHY TWO FIREWALL CONFIGURATION IS MORE SUITABLE FOR LARGE MORE COMPLEX NET
ORK
--------------------------------
They are many vulnerability tool for testing host and network security
These are know as security scanner and help identify area
where attack might occur and offer guidance on step can be taken
SOME FEATUE ARE
NO OF HOST AVILABLE ON NETWORK
THE SERVICE HOST ARE OFFERING
THE OS AND VERSION ON THE HOST
PACKET FILERS AND FIREWALL IN USE
-------------------------------------------------------------------------
Chapter 9
Troubleshoot is to identify the problem and correct the problem
1 step) Gather informationy

Gather information from the user experiencing the problem like
(end user experience , observed symptom and error messa
ge)
THEN
to the Device through log file or any recent changes made to equipment configura
tion
Other information also include the model and the manufactuer ...
----------------------------------------------------------------------
Troubleshoot structured included
TOP-DOWN --------STart from the top of the OSI layer model and work all the
way down
BOTTOM- UP -------- start from the bottom of the OSI layer model and work all
the way up
Divide- and -conquer--- start from the middle of the OSI layer and work either
way up or down
All thanks to these approaches it ideally suited for novice troubleshoot
ALL thoses advance or experience will bypass this structured apporaches and rely
on instinct
and experience such as trial and error or substitution.
-------------------------------------------
Substitution -- is assumed to be cause by specific hardware component
----------------------------------------------
NetStat show which active TCP connection are open and running .
------------------------------------------------------------
COnnectivity problem occur on both wireless and wired network
WHen trougbleshooting with both WIRED AND WIRELESS USE DIVIDE AND CONQUER METHOD
1) PING from a wireless client to the default gateway
(check if the wireless client is connecting as expected)
2 Ping from a wired client to the default gatewat
(check if the wired client is connectiing as expected)
3) Ping from the wireless cient to a wired client
(this verifies if the integrated router is functioning as expected)
----------------------------------
THe first step in troubleshoot is to examine the LED
3 type of LED are commoonly found on device
POWER , STATUS , ACTIVITY
Flashing green mean it working and data flowin
green mean it working but no data
AMber mean making changes but port working
NO COLOR MEAN NOT WORKING
------------------
If the device on the same network can ping but cant go outside their network
Check the oruter cable and the lED indicator alsomake sure the login name and pa
ssword matches
the one given by the iSP
---------------------------------------------
Good troubleshooting documentation should include: and are done when there is ma
jor changes and a network is install
(IT A BASELINE OR NORMAL NETWORK MESURE)
Final determined cause of the problem
Final problem resolution
Initial problem
Results of all steps taken, both successful and unsuccessful
Steps taken to isolate the problem
Preventative measures

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------