Documente Academic
Documente Profesional
Documente Cultură
com
Terms
Standards
Components
Antenna Site – ISP’s site with sending and receiving satellite dishes.
Headend – Master site where signals are received, processed, formatted,
and distributed. Secured and generally unstaffed.
Transportation Network – Network that connects the headed to the
antenna site. Might be microwave, coaxial, or fiber.
Distribution Network – Either trunk and feeder coaxial cables or more
often hybrid fiber-coaxial. This is the backbone of the network.
Node – Performs optical-to-RF conversion of CATV signals. Allows
CCNA4.com
DOCSIS Standards
DOCSIS Components
DSL Technology
DSL Features/Limitations
POTS Coexistence – Due to the frequencies used, DSL can send data
signals through existing telephone cabling without requiring any additional
wiring to carry both voice and data traffic. All that is required is some kind
of filtering for analog devices such as non-VoIP phones and fax machines.
Dedicated Medium – Unlike Cable modems, DSL is not shared
bandwidth and while speeds may be lower in some locations, they will be
consistent.
Distance Limitations – As distance between the subscriber and the local
CO increases, speed and quality decrease. The most common DSL
technology, ADSL, has a limit of 18,000ft. Load coils are often used on
telephone lines to amplify signals to cross longer distances. The
presence of a load coil on a line will not allow DSL signals to pass
properly.
Older Home Wiring – Older buildings may have low quality wiring that is
subject to interference from AM radio waves or EMI.
CCNA4.com
DSL Terminology
DSL Variants
ADSL Modulation
PPP Process –
1. Each end of the PPP link sends LCP packets to configure and
test the layer 2 connection.
2. After the link has been established, PPP must send NCP
packets to choose and configure network layer protocols (such as
IP).
3. Once the layer 3 protocol has been configured, traffic from each
layer 3 protocol can be sent.
4. The link remains configured and ready for communication until it
receives explicit LCP or NCP packets telling it to close or some
external event or timeout occurs. PPP can handle multiple
protocols at once.
MPLS
MPLS Terminology
MPLS Components
IPsec Overview
IPsec Features
IPsec Protocols
ensure that data has not been tampered with. Uses Message Digest 5
(MD5) and Secure Hash Algorithm (SHA-1).
IPsec Modes
Tunnel Mode – The entire packet is encapsulated with a new header and
only the IP addresses of the tunnel endpoints are protected.
Failover Strategies
Easy VPN Remote – the remote or “client” end of the Easy VPN
connection. This is the “easy” part of Easy VPN since it does not
require a static IP address or complicated configuration on this end.
Easy VPN Server – The “HQ” end of the VPN, which is more difficult
to configure and requires further configuration. The VPN server
provides the client addresses as well as all other dhcp settings along
with the VPN tunnel.
Device Hardening
Router Vulnerabilities
Services
SDM Security Audit Wizard – Displays a list of these vulnerabilities with the
option to disable them, as well as allows the user to configure inside and
outside interfaces for firewall purposes.
SDM One-Step Lockdown Wizard – Tool in SDM similar to the auto secure
command in the CLI.
Passwords – Set strong, complex passwords and also use ACL’s to restrict
access to management interfaces. A password policy including minimum
length, expiration, etc should be implemented.
Login Limitations – Lock out users after a certain number of failed login
attempts and/or log the failure. You can also configure a delay, or quiet mode
which will allow access from an ACL only when it is locked.
Password Encryption – use the “enable secret” over the “enable” password
as it is encrypted with MD5 and very difficult to decrypt and remember that
the enable password, console, aux, and vty passwords are all initially stored
in clear text. Use the “service password encryption” command to encrypt all
current plaintext passwords, but remember that this uses a weak encryption
algorithm. Individual logins with a “secret” password are a better choice.
Multiple Privilege Levels – Use built-in privilege levels from 1-15 to give
individual users only the access they require or map commands to specific
levels.
Role-Based CLI – Enable different “views” for different users so that only the
commands they are authorized to use will show up as available.
The “Duh” Stuff – Configure a legally secure banner on all devices,
physically secure all devices, set minimum password lengths, remember that
telnet and tftp are cleartext, etc.
information must be on the same server. Does not limit what commands a
user can issue on a network device, only gives access or does not.
TACACS+ - Uses TCP for greater reliability and scalability. Entire body of
packets are encrypted, separate servers can handle authentication and
authorization, provides multiprotocol support, allows admins to specify
commands or privilege modes available to users. Designed by Cisco for
Cisco equipment.
IDS – Sits outside the path of active network traffic and has copies of the
traffic sent to it. It creates alerts whenever it determines that a series of
packets may be a threat. It can actively configure other devices to block or
quarantine these packets, but cannot itself block any packets.
IPS – Sits directly in the path of active network traffic and can both alert and
block packets itself and stop an attack.
Types of IPS/IDS –