are a way to create communication boundaries on the network BY DEFAULT one VLAN cannot communicate with systems in another VLAN.
makes the request for the internet resource on behalf of the user and commonly the company will filter and log what web sites users have visited
is more secure cable type because it does not carry and electrical signal, but instead carries data as pulses of light.
TCP and UDP
are considered layer-4 (transport) protocols.
protocol in the TCP/IP protocol suite that is responsible for error and status reporting (PING and Tracert use ICMP), ICMP type 8 is used by the echo request message, and ICMP type 0 is used by echo reply.
is a layer 3 protocol of the OSI model responsible for logical addressing and routing.
uses TCP port 80
uses TCP port 443
POP3 & IMAP4
are the internet protocols for reading email
is the Internet protocol for sending email.
used two ports 20 and 21 (20) is responsible for transferring the data between two host in a FTP session. (21) carries the FTP commands from one system to another.
uses a 32 bit addressing scheme
is a 128 bit address scheme that uses a hexadecimal address format.
Wired Equivalent Privacy. 64-bit or 128-bit key size, Cryptographic vulnerabilities found in 2001, WEP is no longer used
WPA (WiFi Protected Access)
Short-term workaround after WEP, Used RC4 cipher as a TKIP (Temporal Key Integrity Protocol), TKIP has its own vulnerabilities
WPA2 (WiFi Protected Access2)
Replaced TKIP with CCMP (Counter Mode with Cipher Block Chaining, Message Authentication Code Protocol), Replaced RC4 with AES (Advanced Encryption Standard), WPA2 is the latest and most secure wireless encryption method
Adds 802.1x, RADIUS server authentication
Extensible Authentication Protocol. An authentication framework, WPA and WPA2 use five EAP types as authentication
Authentication to a network. Common on wireless networks. Access table recognizes a lack of authentication and redirects your web access to a captive portal page.Username / password, and additional authentication factors.Once proper authentication is provided, the web session continues until the captive portal removes your access
One of the most common and included on most access points. Signal is evenly distributed on all sides. Omni=all. Good choice for most environments. You need coverage in all directions. No ability to focus the signal. A different antenna will be required for that
Focus the signal - Increased distances. Send and receive in a single direction. Focused transmission and listening. Antenna performance is measured in dBDouble power every 3dB of gain.Yagi antenna - Very directional and high gain. Parabolic antenna - Focus the signal to a single point
MAC (Media Access Control) filtering
Access is controlled through the physical hardware address. It’s easy to find a working MAC addresses through wireless LAN analysis. MAC addresses can be spoofed. Security through obscurity
SSID (Service Set Identifier) Management
The SSID is the name of the wireless networki.e., LINKSYS, DEFAULT, NETGEAR. Change the SSID to something appropriate for its use. The SSID broadcasts can be disabled. You can still determine the SSID through wireless network analysis. Security through obscurity
Temporal Key Integrity Protocol (TKIP)
Created when WEP was broken and needed a stopgap to make 802.11 stronger. Mixed the keys --> Combines the secret root key with the IV. Adds sequence counter --> Prevents replay attacks. 64-bit Message Integrity Check --> Protects against tampering. Used in WPA (Wi-Fi Protected Access) prior to the creation of WPA2
CCMP (Counter Mode with Cipher Block Chaining)
Message Authentication Code Protocol. Replaced TKIP when WPA2 was published. A more advanced security protocol--> Based on AES and uses a 128-bit key and a 128-bit block size. Requires additional computing resources. Data confidentiality --> Only authorized parties can access the information. Authentication --> Provides proof of genuineness of the user. Access control --> Allow or disallow access to the network
Sample the existing wireless spectrum. Identify existing access points. Work around existing frequencies - layout and plan for interference. Plan for ongoing site surveys - things will certainly change
VPN over Wireless Networks
Wireless from your local coffee shop - no encryption. Everyone around the coffee shop can see your traffic. Exceptionally easy to capture your data. Some of your data might be encrypted with HTTPS. Maybe. Protect all of your traffic with a VPN tunnel
Pages linking here (main versions and versions by same user)