SlideShare une entreprise Scribd logo

Iscw Cram Sheet

C
CCNAResources

Iscw Cram Sheet

TechnologieBusiness
1  sur  14
Télécharger pour lire hors ligne
CCNA4.com ISCW Cram Sheet Cable Modem Technology Terms Broadband – Using multiple frequencies to send information to make better use of bandwidth, uses Frequency-Division Multiplexing to combine several “channels” or frequencies into a larger pipe of bandwidth CATV – Community Antenna Television – TV in general Coaxial Cable – Cable used for cable TV and modem service Tap – A device that splits one cable drop into several ports, usually 2, 4, or 8 Amplifier – A device that magnifies an input signal Hybrid Fiber-coaxial – A cable network in which most or all of the backbone and trunk connections are fiber connecting to coaxial drops. Downstream – An RF signal headed from the ISP to the Subscriber. Upstream – An RF signal headed from the Subscriber to the ISP. Standards NTSC – National Television Standards Committee – governs analog TV systems in North America using a 6-Mhz modulated signal. PAL – Phase Alternating Line – A color coding system used in Europe, Asia, Africa, Australia, Brazil, and Argentina. Uses 6, 7, or 8-Mhz modulated signal. SECAM – Systeme Electronic Couleur avec Memoire – Analog color TV system used in France and some Eastern European countries. Uses an 8-Mhz modulated signal. Components Antenna Site – ISP’s site with sending and receiving satellite dishes. Headend – Master site where signals are received, processed, formatted, and distributed. Secured and generally unstaffed. Transportation Network – Network that connects the headed to the antenna site. Might be microwave, coaxial, or fiber. Distribution Network – Either trunk and feeder coaxial cables or more often hybrid fiber-coaxial. This is the backbone of the network. Node – Performs optical-to-RF conversion of CATV signals. Allows
CCNA4.com networks to use fiber. Subscriber Drop – Connects the subscriber to the feeder portion of the distribution network. In many cable networks, this is the ONLY part of the network that is actually coax. DOCSIS Standards Physical Layer (Layer1) – Definition of data signals to be used by cable operators. Channel widths are 200kHz, 400kHz, 800kHz, 1.6MHz, and 6.4MHz. Also defines how signals are modulated. MAC Layer (Layer 2) – Definition of an access method depending on DOCSIS version. Time Division Multiple Access for versions 1.0, 1.1, and 2.0 or Synchronous Code Division Multiple Access for version 2.0. The DOCSIS MAC protocol uses a request/grant system, so there are very few collisions. DOCSIS 3.0 – Allows “channel bonding”, similar to adding channels to a fractional T1 to allow greater bandwidth. DOCSIS Components CMTS – Cable Modem Termination System – Usually resides in the headend. Modulates the signal to the Cable Modem (CM) and demodulates the cable modem’s response. Cable Modem (CM) – A CPE device that terminates as well as performs modulation and demodulation of signals. Speeds range from 1.5 to 6Mbps. “Back Office” Services – TFTP, DHCP, ToD (Time of Day for log timestamping) and other maintenance tools. Cable Modem Provisioning Steps Downstream Setup – When the modem is powered up, it scans and locks the downstream path for the RF channel allocated so that layer 1 and 2 can be established. Upstream Setup – The cable modem listens to management messages broadcast down the downstream path that gives information on how and when to communicate on the upstream path. This information is used to establish layers 1 and 2 for the upstream path. Layer 1 and 2 Establishment – Physical and Data Link Layers are established between the CM and CMTS. IP Address Allocation – The CM requests the DOCSIS config file from the tftp server. This ASCII “binary” file has the parameters given by the ISP including maximum downstream and upstream rates, maximum
CCNA4.com upstream burst rate, class of service or baseline privacy, MIBs, and others. This config file can be loaded via tftp or manually configured on the cable modem. Register QoS with CMTS – The CM negotiates traffic types and QoS settings with the CMTS, in accordance with the customer’s plan. IP Network Initialization – Once layers 1, 2, and 3 are established and the CM has pulled a config via tftp, the CM can provide routing and NAT functions for clients behind it at the subscriber site. To establish layer 3, the CM requests an IP address, subnet mask, default gateway, tftp server, dhcp relay agent, the complete name of the DOCSIS config file, address of the ToD server, and the syslog server address, all from the dhcp server on the ISP side. Once it has this information, it first requests its clock to be set to the ToD server’s correct time, then it can request the DOCSIS config from the tftp server. Cable Modem Features/Limitations Shared Medium – Cable modems can provide very fast download speeds, but are a shared medium, meaning that those speeds may not be achievable when the local network is in heavy use. In addition, upload speeds are limited. DSL Technology DSL Features/Limitations POTS Coexistence – Due to the frequencies used, DSL can send data signals through existing telephone cabling without requiring any additional wiring to carry both voice and data traffic. All that is required is some kind of filtering for analog devices such as non-VoIP phones and fax machines. Dedicated Medium – Unlike Cable modems, DSL is not shared bandwidth and while speeds may be lower in some locations, they will be consistent. Distance Limitations – As distance between the subscriber and the local CO increases, speed and quality decrease. The most common DSL technology, ADSL, has a limit of 18,000ft. Load coils are often used on telephone lines to amplify signals to cross longer distances. The presence of a load coil on a line will not allow DSL signals to pass properly. Older Home Wiring – Older buildings may have low quality wiring that is subject to interference from AM radio waves or EMI.
CCNA4.com DSL Terminology Amplitude – Peak height or depth of a wave peak or valley, in relation to the horizontal axis of a graph, during one cycle of the wave. ATU-C – ADSL Transmission Unit –central office – a subscriber-facing DSL modem in the provider’s CO. ATU-R – ADSL Transmission Unit-remote – a provider-facing DSL modem in the subscriber home. Could be a DLS-capable router or DSL modem. DSLAM – A single chassis containing multiple ATU-C units. Frequency – Number of cycles of a waveform over a given time. Frequency = speed / wavelength Line Code – Technique used to represent digital signals by an amplitude- discreet and time-discreet signal that allows a receiving device to synchronize to the phase of signals transmitted. Maximum Data Rate – Maximum transmission speed possible for a particular version of DSL. Microfilter – Filters used to connect analog devices to a home network which has DSL service. Filters out everything except the 0 – 4 kHz range of frequencies (analog voice range). Modulation – Process of varying a periodic waveform in order to use that signal to convey a message. Nature – The relationship between downstream and upstream speeds (asynchronous or synchronous). Network Interface Device – The CPE device providing the termination point of the local loop. Phase – A measure of the relative position over time of two waveforms with identical frequency. Splitter – A passive device used to separate DSL traffic from voice traffic. Today, microfilters usually replace splitters at the CPE side of the local loop. Wavelength – Distance between repeating units of a wave pattern. Wavelength = Frequency / speed DSL Variants Asymmetrical DSL (ADSL) – Different speeds for upload and download, generally download speeds are higher. Typical for home use. Symmetrical DSL (SDSL) – Identical transmission speeds for upload and download. Asymmetric DSL Types
CCNA4.com ADSL – Maximum distance of 18,000 feet. Maximum download speed – 1.5 – 8Mbps and upload of 16kbps – 1Mbps. G.Lite ADSL – Splitterless ADSL. Max download 1.5Mbps, max upload 512kbps. No splitters required. RADSL (rate-adaptive DSL) – Nonstandard version of ADSL that adjusts speed to compensate for quality of phone line. Has longer maximum distances than ADSL, but ADSL does also have the ability to adapt speeds. VDSL (very-high-bit-rate DSL) – Speeds of 13-55Mbps over distances up to 4500 feet on short loops. Cisco Long Reach Ethernet (LRE) is based on VDSL technologies. Limited availability for this. Symmetric DSL Types SDSL (symmetric DSL) – provides upload and download of 128kbps – 2.32Mbps. 768kbps is most typical. Distance limit is 21,000 feet. G.SHDSL (symmetric high-data-rate DSL) – Longer distance of 26,000 feet. Speeds from 192kbps to 2.3Mbps. Best suited to data-only implementations. HDSL (high-data-rate DSL) – Rates up to 768kbps in each direction, 1.544Mbps. Basically T1 or E1 over DSL. Does not allow standard phone service over the same wiring. HDSL2 (second-generations HDSL) – Allows 1.5Mbps rates while still coexisting with voice using either ATM or other technology over the same wire pair. IDSL (ISDN DSL) – Supports downstream and upstream rates of up to 144kbps in the same channel types as traditional ISDN, but in an “always- on” service rather than dialup style service. Does not coexist with traditional voice. ADSL Modulation CAP (Carrierless Amplitude Phase) – Single-carrier modulation type that divides the available space into 3 bands. Range 0 to 4kHz is used for POTS, range 25 to 160kHz is used for upstream data, and range 240kHz to 1.1MHz is used for downstream data. Only used in legacy implementations because it does not perform as well. DMT (Discrete Multi-Tone) - Uses multiple independent subchannels with a larger channel (RF range), which can be brought up or taken down dynamically with no effect whatsoever on other existing channels. Most ADSL equipment now uses DMT to divide a single upstream or downstream channel into 256 equally sized channels.
CCNA4.com Data Transmission Over ADSL Layer 2 – Once DSL reaches the DSLAM, it reaches an ATM network. The DSLAM is an ATM router with DSL interface cards. Layer 3 – Data can be encapsulated in 3 ways: RFC1483/2684 bridging (multiprotocol data encapsulation or AAL5SNAP over ATM), PPP over Ethernet, or PPP over ATM. RFC 1483/2684 Bridging – Simpliest technology with least configuration at CPE end. DSL router acts only as a bridge, but has lack of features, security, and scalability. PPP – PPP enables authentication as well as higher layer protocols versus bridging. Each packet is encapsulated with a 16-bit protocol identifier. The packet contains: LCP (Link Control Protocol) information which negotiates things like packet size, type of authentication, and other link parameters, NCP (Network Control Protocol) information which contains information about higher layer protocols, such as routing, and Data Frames, which contain the actual user data. PPP Process – 1. Each end of the PPP link sends LCP packets to configure and test the layer 2 connection. 2. After the link has been established, PPP must send NCP packets to choose and configure network layer protocols (such as IP). 3. Once the layer 3 protocol has been configured, traffic from each layer 3 protocol can be sent. 4. The link remains configured and ready for communication until it receives explicit LCP or NCP packets telling it to close or some external event or timeout occurs. PPP can handle multiple protocols at once. PPPoE (Point-to-Point Protocol over Ethernet) - Uses PAP or CHAP to authenticate a connection. Each PPP session must learn the address of the remote peer to create a unique session identifier. This is done by a discovery protocol, which adds 2 additional phases: Discovery Phase - 1. PPPoE client sends a PADI (PPPoE Active Discovery Initiation) packet as a broadcast requesting service. 2. The router responds with a PADO (PPPoE Active Discovery
CCNA4.com Offer) packet describing the offered services in a unicast packet directly to the MAC address of the client. 3. The PPPoE client responds directly to the server with a unicast PADR (PPPoE Active Discovery Request) packet to move on to the session phase. 4. The router sends the client a PPPoE Active Discovery Session- Confirmation which contains a session-ID and confirms they can move to the Session phase. (If this all sounds a lot like dhcp, it is!) Session Phase- This is the phase where authentication takes place, as well as any other configured LCP options. In order to accomplish authentication and the negotiation of session variables, there are usually 3 options: 1. Placing a DSL-capable router at the subscriber’s home – In this case, PPP is terminated on the provider’s equipment at the subscriber’s home. 2. Placing a non-DSL-capable router at the subscriber’s home – Here an external DSL modem must be placed in addition to the router. PPP is still terminated on the provider’s router at the subscriber’s home. 3. Placing an External DSL Modem at the subscriber’s home – here a simple DSL modem terminates the physical DSL connection. PPP is terminated either on the hosts using PPPoE software or on a router provided by the subscriber. MPLS MPLS Terminology Label – Short, fixed-length identifier used to identify a group of networks Label Stack – A set of labels attached to a packet header. Label Swap – Basic forwarding operation. Incoming label is looked at to determine outgoing label, encapsulation, port, and others. LSH (Label-switched Hop) – A hop between two MPLS nodes. All forwarding done by labels. LSP (Label-switched Path) – A path through one or more LSR’s at followed by a packet in a particular FEC. LSR (Label Switching Router) – An MPLS node that is capable of forwarding label switched packets. MPLS Domain – A contiguous set of LSR’s in one routing or administrative domain.
CCNA4.com MPLS edge node – An MPLS node that connects to a neighboring node outside of its MPLS domain. MPLS Egress Node – An MPLS node that handles traffic leaving an MPLS domain. MPLS Ingress Node – An MPLS node that handles traffic entering an MPLS domain. MPLS Label – A label that is carried in a packet header and identifies the packet’s FEC. MPLS Node – A node running MPLS. Optionally can also forward native layer 3 packets. FEC (Forwarding Equivalence Classes) – Roughly corresponds to a packet’s “next hop” within the MPLS domain. 2 packets with different destinations can share a FEC at a router if they both have the next hop. They will share a FEC until they reach a router at which they must exit through different interfaces. Packets sorted into the same FEC at one router may later be sorted into separate FEC’s at a later router. PHP (Penultimate Hop Pop) – An LSR immediately before the destination edge LSR pops the label before sending it to the edge LSR. This saves time because the edge router then needs only to look at the network layer routing rather than first looking at and popping the label. Router Switching Modes Process Switching – Slowest and most resource-intensive method. Each packet has to be looked up in the routing table individually. Cache-driven Switching – Once one packet is looked up in the routing table, the destination is stored in memory for subsequent packets. Topology-driven Switching – A FIB (Forwarding Information Base) is created and used for high-speed switching operations at layer 3 (CEF – Cisco Express Forwarding). The FIB acts as a shorthand reference so that the router can bypass the routing table and use its adjacency table, simply knowing which adjacent neighbor is next in the packet’s path is enough. Can take up a lot of processing and memory if the routing table is large. MPLS Components LDP (Label Distribution Protocol) – Functions much like a routing protocol for sending Label information. RSVP (Resource Reservation Protocol) – Used by MPLS to allow reservation of bandwidth within the MPLS network for voice or other sensitive traffic.
CCNA4.com LFIB (Label Forwarding Information Base) – Stores label information gained from LDP and/or routing protocols. Essentially Label routing table. Part of the data plane. P Router – Router inside the provider network that does not have customer routers as neighbors. PE Router – Provider Edge router that interacts directly with CE routers. CE Router – Customer Edge router that interacts directly with PE routers. LIB (Label Information Base) – Part of the control plane, provides the database for LDP which maps IP addresses with local and next-hop labels. FIB (Forwarding Information Base) – Part of the data plane, stores database used for forwarding unlabeled IP packets created from a regular routing protocol. (IP routing table.) Each MPLS router creates its own LIB, FIB, and LFIB. IPsec Overview IPsec Features Data Confidentiality – Data is kept private between endpoints of the VPN using encryption, such as DES, 3DES, or AES. (Optional, but common) Data Integrity – Guarantee that data has not been altered since it was sent. Provided by a hash algorithm, such as SHA or MD5. Data Origin Authentication – Ensures that the sender and receiver are who they say they are. Provided by IKE by ISAKMP or Oakley protocols. Anti-replay – ensures that no packets are duplicated and helps prevent a man-in-the-middle style attack. (Optional but common.) Provided by AH using a hashing algorithm such as SHA or MD5. IPsec Protocols IKE (Internet Key Exchange) – Provides the framework for exchanging security parameters and authentication keys securely over the internet in phase 1. ESP (Encapsulating Security Payload) – Provides the framework for encryption, integrity, authentication, and anti-replay. Uses Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). AH (Authentication Header) – provides the framework for data integrity, authentication, and anti-replay. Generally used today in combination with ESP since it does not provide for encryption. Uses hash algorithms to
CCNA4.com ensure that data has not been tampered with. Uses Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1). IPsec Modes Transport – Ipsec headers are inserted in an IP packet to route traffic over a tunnel. The original IP header is unprotected and visible to points between the endpoints. Only the transport layer and above are protected. Tunnel Mode – The entire packet is encapsulated with a new header and only the IP addresses of the tunnel endpoints are protected. Internet Key Exchange (IKE) IKE Phase 1 – Mandatory IKE phase. A bidirectional SA (Security Association) is established between IPSec peers. May also perform peer authentication. Two modes available here, Main Mode (site-to-site tunnels) and Aggressive Mode (Easy VPN). IKE Phase 1.5 – Optional IKE phase. Provides additional layer of authentication called Xauth or Extended Authentication. Xauth forces the user to authenticate before the connection is granted. IKE Phase 2 – Second mandatory IKE phase. Implements unidirectional SA’s between IPsec endpoints so that keys are not shared. Uses IKE quick mode. GRE Over IPsec Characteristics GRE – packets are encapsulated, however few security features are provided. However, it allows routing protocols to travel over the tunnel, unlike IPsec. Most often today, the two are combined to allow an encrypted tunnel which also allows multicast and routing protocols to travel over it. Creates high packet overhead. IPsec High Availability Options Failover Strategies Stateless – Redundant IPsec tunnels are used to provide primary and backup paths. The state of the tunnels is not known, but traffic is sent across the backup tunnel if the end-to-end path has failed. Uses DPD (Dead Peer Detection), and IGP (interior gateway protocol) within GRE over IPsec, or HSRP (Hot Standby Routing Protocols). Stateful – Redundant equipment is employed, generally identical, that
CCNA4.com communicate with each other to determine which one is the current best device. Uses either HSRP or SSO (Stateful Switchover). Easy VPN Components Easy VPN Components Easy VPN Remote – the remote or “client” end of the Easy VPN connection. This is the “easy” part of Easy VPN since it does not require a static IP address or complicated configuration on this end. Easy VPN Server – The “HQ” end of the VPN, which is more difficult to configure and requires further configuration. The VPN server provides the client addresses as well as all other dhcp settings along with the VPN tunnel. Device Hardening Router Vulnerabilities Services Unnecessary Services and Interfaces – The largest category of vulnerabilities. Includes TCP and UDP small services and other services enabled by default that are generally not necessary. Management Services – Includes SNMP and DNS. These services should be disabled on any external interfaces or any on which they are not specifically required. Path Integrity Mechanisms – ICMP redirects, IP source routing. These can give an attacker information about a network that is used for transferring config files and IOS images to a router, but not good for an attacker to use. Disable these on all outside interfaces and on any interface that they are not necessary on. Probes and Scans – Includes Finger and some ICMP features. These can also be used for reconnaissance and should be disabled unless needed. Terminal Access Security – IP identification service and TCP keepalives. Can be used for DoS attacks or to gather information. Again, disable unless needed. Gratuitous and Proxy ARP – Can be used to launch DoS attacks. Both are enabled by default but it is not likely they will be needed in modern networks unless your router is acting as a layer 2 bridge.
CCNA4.com AutoSecure – command-line tool that automatically disables all these vulnerabilities, enables firewall inspection and CEF, implements logging and NTP, restricts access to SSH and prevents TCP SYN-flooding attacks as well as configures a security banner and prompts for secure passwords…all with just the auto secure command. SDM Security Audit Wizard – Displays a list of these vulnerabilities with the option to disable them, as well as allows the user to configure inside and outside interfaces for firewall purposes. SDM One-Step Lockdown Wizard – Tool in SDM similar to the auto secure command in the CLI. Securing Administrative Access Passwords – Set strong, complex passwords and also use ACL’s to restrict access to management interfaces. A password policy including minimum length, expiration, etc should be implemented. Login Limitations – Lock out users after a certain number of failed login attempts and/or log the failure. You can also configure a delay, or quiet mode which will allow access from an ACL only when it is locked. Password Encryption – use the “enable secret” over the “enable” password as it is encrypted with MD5 and very difficult to decrypt and remember that the enable password, console, aux, and vty passwords are all initially stored in clear text. Use the “service password encryption” command to encrypt all current plaintext passwords, but remember that this uses a weak encryption algorithm. Individual logins with a “secret” password are a better choice. Multiple Privilege Levels – Use built-in privilege levels from 1-15 to give individual users only the access they require or map commands to specific levels. Role-Based CLI – Enable different “views” for different users so that only the commands they are authorized to use will show up as available. The “Duh” Stuff – Configure a legally secure banner on all devices, physically secure all devices, set minimum password lengths, remember that telnet and tftp are cleartext, etc. AAA to Secure and Scale Access TACACS+ vs. Radius Radius – Multi-vendor solution that allows centralized management of Authentication, Authorization, and Accounting for multiple platforms. Uses combines authentication and authorization into a single request, so this
CCNA4.com information must be on the same server. Does not limit what commands a user can issue on a network device, only gives access or does not. TACACS+ - Uses TCP for greater reliability and scalability. Entire body of packets are encrypted, separate servers can handle authentication and authorization, provides multiprotocol support, allows admins to specify commands or privilege modes available to users. Designed by Cisco for Cisco equipment. IOS Firewall Features – Beyond Static ACLs Stateful Packet Filtering – Allows a firewall to be knowledgable of the “state” of a connection, opening ports as needed and closing them once they are finished so that ports do not need to be constantly left open or manually closed. Generally only connections initiated from the inside interface are allowed to open connections to the outside. Proxy Firewalls – Stand between an inside host and the outside and make requests on behalf of the inside host. The inside host is never directly exposed. Common for web traffic so that it can be monitored and filtered. To the outside, all requests appear to come from the proxy firewall. IDS and IPS IDS – Sits outside the path of active network traffic and has copies of the traffic sent to it. It creates alerts whenever it determines that a series of packets may be a threat. It can actively configure other devices to block or quarantine these packets, but cannot itself block any packets. IPS – Sits directly in the path of active network traffic and can both alert and block packets itself and stop an attack. HIPS or HIDS – A software-based IDS or IPS system protecting a single server or host. NIPS or NIDS – Network-based IDS or IPS. Types of IPS/IDS – Signature-based – Cisco’s preferred solution. Uses attack signatures that identify known patterns of attacks that are constantly updated and then downloaded to the device. Can have problems detecting zero-day attacks. Policy-based – Use algorithms to identify traffic that strays outside set norms or that meets certain patterns of malicious traffic. Additional
CCNA4.com policies can be configured. Anomaly-Based – Used by MARS and others, system “learns” what normal network behavior “looks” like and then is able to alert or take action when network behavior differs from that pattern. Works well in smaller networks, but can be difficult to define “normal” in larger networks.

Recommandé

Ieee 802.11.n
Ieee 802.11.nIeee 802.11.n
Ieee 802.11.nHari Krishnan
 
How cable modems work
How cable modems workHow cable modems work
How cable modems workRaxTonProduction
 
Wifi wimax
Wifi wimaxWifi wimax
Wifi wimaxMETHODIST COLLEGE OF ENGG & TECH
 
WAN (wide area network)
WAN (wide area network)WAN (wide area network)
WAN (wide area network)Netwax Lab
 
2g 3g
2g 3g2g 3g
2g 3gMETHODIST COLLEGE OF ENGG & TECH
 
Chapter 3 1-network_design_with_internet_tools - Network Design
Chapter 3 1-network_design_with_internet_tools - Network DesignChapter 3 1-network_design_with_internet_tools - Network Design
Chapter 3 1-network_design_with_internet_tools - Network Designnakomuri
 
Network communication
Network communicationNetwork communication
Network communicationMd. Mujahiduzzaman
 
802.11n Technology - Presented by Meru Networks and DTC
802.11n Technology - Presented by Meru Networks and DTC802.11n Technology - Presented by Meru Networks and DTC
802.11n Technology - Presented by Meru Networks and DTCDigitalTelecom
 

Recommandé

Ieee 802.11.n
Ieee 802.11.nIeee 802.11.n
Ieee 802.11.nHari Krishnan
 
How cable modems work
How cable modems workHow cable modems work
How cable modems workRaxTonProduction
 
Wifi wimax
Wifi wimaxWifi wimax
Wifi wimaxMETHODIST COLLEGE OF ENGG & TECH
 
WAN (wide area network)
WAN (wide area network)WAN (wide area network)
WAN (wide area network)Netwax Lab
 
2g 3g
2g 3g2g 3g
2g 3gMETHODIST COLLEGE OF ENGG & TECH
 
Chapter 3 1-network_design_with_internet_tools - Network Design
Chapter 3 1-network_design_with_internet_tools - Network DesignChapter 3 1-network_design_with_internet_tools - Network Design
Chapter 3 1-network_design_with_internet_tools - Network Designnakomuri
 
Network communication
Network communicationNetwork communication
Network communicationMd. Mujahiduzzaman
 
802.11n Technology - Presented by Meru Networks and DTC
802.11n Technology - Presented by Meru Networks and DTC802.11n Technology - Presented by Meru Networks and DTC
802.11n Technology - Presented by Meru Networks and DTCDigitalTelecom
 
An enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAXAn enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAXIRJET Journal
 
Operation and design hfc
Operation and design hfcOperation and design hfc
Operation and design hfcMinh Tiệp HP
 
Chapter3
Chapter3Chapter3
Chapter3Suchit Aher
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 
Chapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network DesignChapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network Designnakomuri
 
Digital network lecturer7
Digital network lecturer7Digital network lecturer7
Digital network lecturer7Jumaan Ally Mohamed
 
Access network
Access networkAccess network
Access networkBala V
 
Lect3
Lect3Lect3
Lect3tt_aljobory
 
IEEE 802.11
IEEE 802.11IEEE 802.11
IEEE 802.11Abhishek Pachisia
 
Digital network lecturer1
Digital network lecturer1Digital network lecturer1
Digital network lecturer1Jumaan Ally Mohamed
 
Mini-Fiber Node Technology
Mini-Fiber Node TechnologyMini-Fiber Node Technology
Mini-Fiber Node TechnologyXiaolin Lu
 
LTE Long Term Evolution
LTE Long Term EvolutionLTE Long Term Evolution
LTE Long Term Evolutionajus ady
 
3320 optical networks
3320 optical networks3320 optical networks
3320 optical networksMahmoud Abd Elrahman
 
Fixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_pptFixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_pptSagnik Mukherjee
 
gsm-network-optimization
gsm-network-optimizationgsm-network-optimization
gsm-network-optimizationMuhammad Yahya
 
Wireless lecture1
Wireless lecture1Wireless lecture1
Wireless lecture1Mohammed Hussein
 
Gsm optimization
Gsm optimizationGsm optimization
Gsm optimizationAhmed Ramadan
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)Ankur Kumar
 
IEEE 802.11ac Standard
IEEE 802.11ac StandardIEEE 802.11ac Standard
IEEE 802.11ac StandardHarsh Kishore Mishra
 
Introduction to communication system lecture4
Introduction to communication system lecture4Introduction to communication system lecture4
Introduction to communication system lecture4Jumaan Ally Mohamed
 
Wide Area Network (WAN)
Wide Area Network (WAN)Wide Area Network (WAN)
Wide Area Network (WAN)Claisse Martinez
 
Dsl technology report
Dsl technology reportDsl technology report
Dsl technology reportAnant Pratap Singh
 

Contenu connexe

Tendances

An enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAXAn enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAXIRJET Journal
 
Operation and design hfc
Operation and design hfcOperation and design hfc
Operation and design hfcMinh Tiệp HP
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 
Chapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network DesignChapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network Designnakomuri
 
Access network
Access networkAccess network
Access networkBala V
 
Mini-Fiber Node Technology
Mini-Fiber Node TechnologyMini-Fiber Node Technology
Mini-Fiber Node TechnologyXiaolin Lu
 
LTE Long Term Evolution
LTE Long Term EvolutionLTE Long Term Evolution
LTE Long Term Evolutionajus ady
 
Fixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_pptFixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_pptSagnik Mukherjee
 
gsm-network-optimization
gsm-network-optimizationgsm-network-optimization
gsm-network-optimizationMuhammad Yahya
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)Ankur Kumar
 
Introduction to communication system lecture4
Introduction to communication system lecture4Introduction to communication system lecture4
Introduction to communication system lecture4Jumaan Ally Mohamed
 

Tendances (20)

An enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAXAn enhanced technique for PAPR reduction in mobile WIMAX
An enhanced technique for PAPR reduction in mobile WIMAX
 
Operation and design hfc
Operation and design hfcOperation and design hfc
Operation and design hfc
 
Chapter3
Chapter3Chapter3
Chapter3
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
 
Chapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network DesignChapter 3 2-remote_network_design - Network Design
Chapter 3 2-remote_network_design - Network Design
 
Digital network lecturer7
Digital network lecturer7Digital network lecturer7
Digital network lecturer7
 
Access network
Access networkAccess network
Access network
 
Lect3
Lect3Lect3
Lect3
 
IEEE 802.11
IEEE 802.11IEEE 802.11
IEEE 802.11
 
Digital network lecturer1
Digital network lecturer1Digital network lecturer1
Digital network lecturer1
 
Mini-Fiber Node Technology
Mini-Fiber Node TechnologyMini-Fiber Node Technology
Mini-Fiber Node Technology
 
LTE Long Term Evolution
LTE Long Term EvolutionLTE Long Term Evolution
LTE Long Term Evolution
 
3320 optical networks
3320 optical networks3320 optical networks
3320 optical networks
 
Fixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_pptFixed Access_SAGNIK MUKHERJEE_001210701013_ppt
Fixed Access_SAGNIK MUKHERJEE_001210701013_ppt
 
gsm-network-optimization
gsm-network-optimizationgsm-network-optimization
gsm-network-optimization
 
Wireless lecture1
Wireless lecture1Wireless lecture1
Wireless lecture1
 
Gsm optimization
Gsm optimizationGsm optimization
Gsm optimization
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)
 
IEEE 802.11ac Standard
IEEE 802.11ac StandardIEEE 802.11ac Standard
IEEE 802.11ac Standard
 
Introduction to communication system lecture4
Introduction to communication system lecture4Introduction to communication system lecture4
Introduction to communication system lecture4
 

Similaire à Iscw Cram Sheet

Telecommunications
TelecommunicationsTelecommunications
TelecommunicationsAlisha Dash
 
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan ProfArshadAbbas
 
Communication Networks basics and very important topic
Communication Networks basics and very important topicCommunication Networks basics and very important topic
Communication Networks basics and very important topicKAUSHIKKADIUM
 
broadbandtechnology-150820172138-lva1-app6892 (1).pdf
broadbandtechnology-150820172138-lva1-app6892 (1).pdfbroadbandtechnology-150820172138-lva1-app6892 (1).pdf
broadbandtechnology-150820172138-lva1-app6892 (1).pdfJaydeepPrajapati33
 
01 coms 525 tcpip - networking concepts review
01 coms 525 tcpip - networking concepts review01 coms 525 tcpip - networking concepts review
01 coms 525 tcpip - networking concepts reviewPalanivel Kuppusamy
 
Unit 1 network models & typical examples(part b)
Unit 1 network models & typical examples(part b)Unit 1 network models & typical examples(part b)
Unit 1 network models & typical examples(part b)Vishal kakade
 
educational content educational content educational content
educational content educational content educational contenteducational content educational content educational content
educational content educational content educational contentOlajide Kuku
 
Educational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentEducational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentOlajide Kuku
 
Wireless mobile communication
Wireless mobile communicationWireless mobile communication
Wireless mobile communicationBurhan Ahmed
 
C:\fakepath\adsl
C:\fakepath\adslC:\fakepath\adsl
C:\fakepath\adslmj791122
 
C:\fakepath\adsl
C:\fakepath\adslC:\fakepath\adsl
C:\fakepath\adslmj791122
 
Chapter 02 - Wan Router
Chapter 02 - Wan RouterChapter 02 - Wan Router
Chapter 02 - Wan Routerphanleson
 

Similaire à Iscw Cram Sheet (20)

Wide Area Network (WAN)
Wide Area Network (WAN)Wide Area Network (WAN)
Wide Area Network (WAN)
 
Dsl technology report
Dsl technology reportDsl technology report
Dsl technology report
 
Telecommunications
TelecommunicationsTelecommunications
Telecommunications
 
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan
Lectures On Wireless Communication By Professor Dr Arshad Abbas Khan
 
Communication Networks basics and very important topic
Communication Networks basics and very important topicCommunication Networks basics and very important topic
Communication Networks basics and very important topic
 
Broadband technology
Broadband technologyBroadband technology
Broadband technology
 
broadbandtechnology-150820172138-lva1-app6892 (1).pdf
broadbandtechnology-150820172138-lva1-app6892 (1).pdfbroadbandtechnology-150820172138-lva1-app6892 (1).pdf
broadbandtechnology-150820172138-lva1-app6892 (1).pdf
 
01 coms 525 tcpip - networking concepts review
01 coms 525 tcpip - networking concepts review01 coms 525 tcpip - networking concepts review
01 coms 525 tcpip - networking concepts review
 
Lecture8
Lecture8Lecture8
Lecture8
 
Unit 1 network models & typical examples(part b)
Unit 1 network models & typical examples(part b)Unit 1 network models & typical examples(part b)
Unit 1 network models & typical examples(part b)
 
educational content educational content educational content
educational content educational content educational contenteducational content educational content educational content
educational content educational content educational content
 
Educational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentEducational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-Content
 
Cdpd
CdpdCdpd
Cdpd
 
Wireless mobile communication
Wireless mobile communicationWireless mobile communication
Wireless mobile communication
 
Adsl
AdslAdsl
Adsl
 
Adsl
AdslAdsl
Adsl
 
C:\fakepath\adsl
C:\fakepath\adslC:\fakepath\adsl
C:\fakepath\adsl
 
Adsl
AdslAdsl
Adsl
 
C:\fakepath\adsl
C:\fakepath\adslC:\fakepath\adsl
C:\fakepath\adsl
 
Chapter 02 - Wan Router
Chapter 02 - Wan RouterChapter 02 - Wan Router
Chapter 02 - Wan Router
 

Plus de CCNAResources

Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)CCNAResources
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study GuideCCNAResources
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study GuideCCNAResources
 
Subneting And Summarization
Subneting And SummarizationSubneting And Summarization
Subneting And SummarizationCCNAResources
 
Subneting And Summarization
Subneting And SummarizationSubneting And Summarization
Subneting And SummarizationCCNAResources
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Quick Guide Layer 2 Switching
Quick Guide Layer 2 SwitchingQuick Guide Layer 2 Switching
Quick Guide Layer 2 SwitchingCCNAResources
 
Quick Guide Ip Routing
Quick Guide Ip RoutingQuick Guide Ip Routing
Quick Guide Ip RoutingCCNAResources
 
Ccna Wireless Resources
Ccna Wireless ResourcesCcna Wireless Resources
Ccna Wireless ResourcesCCNAResources
 
Ccna Quick Notes –VLANs
Ccna Quick Notes –VLANsCcna Quick Notes –VLANs
Ccna Quick Notes –VLANsCCNAResources
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 MinutesCCNAResources
 
Lab08 Rip Routing (Ccna4.Com)
Lab08 Rip Routing (Ccna4.Com)Lab08 Rip Routing (Ccna4.Com)
Lab08 Rip Routing (Ccna4.Com)CCNAResources
 
Lab09 Rip Routing (Ccna4.Com)
Lab09 Rip Routing (Ccna4.Com)Lab09 Rip Routing (Ccna4.Com)
Lab09 Rip Routing (Ccna4.Com)CCNAResources
 
Eigrp Summary (Ccna4.Com)
Eigrp Summary (Ccna4.Com)Eigrp Summary (Ccna4.Com)
Eigrp Summary (Ccna4.Com)CCNAResources
 

Plus de CCNAResources (17)

Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study Guide
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
Ccna Wireless Study Guide
Ccna Wireless Study GuideCcna Wireless Study Guide
Ccna Wireless Study Guide
 
Subneting And Summarization
Subneting And SummarizationSubneting And Summarization
Subneting And Summarization
 
Subneting And Summarization
Subneting And SummarizationSubneting And Summarization
Subneting And Summarization
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
 
Quick Guide VLANs
Quick Guide VLANsQuick Guide VLANs
Quick Guide VLANs
 
Quick Guide Layer 2 Switching
Quick Guide Layer 2 SwitchingQuick Guide Layer 2 Switching
Quick Guide Layer 2 Switching
 
Quick Guide Ip Routing
Quick Guide Ip RoutingQuick Guide Ip Routing
Quick Guide Ip Routing
 
Ccna Wireless Resources
Ccna Wireless ResourcesCcna Wireless Resources
Ccna Wireless Resources
 
Ccna Quick Notes –VLANs
Ccna Quick Notes –VLANsCcna Quick Notes –VLANs
Ccna Quick Notes –VLANs
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
 
Lab08 Rip Routing (Ccna4.Com)
Lab08 Rip Routing (Ccna4.Com)Lab08 Rip Routing (Ccna4.Com)
Lab08 Rip Routing (Ccna4.Com)
 
Lab09 Rip Routing (Ccna4.Com)
Lab09 Rip Routing (Ccna4.Com)Lab09 Rip Routing (Ccna4.Com)
Lab09 Rip Routing (Ccna4.Com)
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
Eigrp Summary (Ccna4.Com)
Eigrp Summary (Ccna4.Com)Eigrp Summary (Ccna4.Com)
Eigrp Summary (Ccna4.Com)
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Dernier (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Iscw Cram Sheet

  • 1. CCNA4.com ISCW Cram Sheet Cable Modem Technology Terms Broadband – Using multiple frequencies to send information to make better use of bandwidth, uses Frequency-Division Multiplexing to combine several “channels” or frequencies into a larger pipe of bandwidth CATV – Community Antenna Television – TV in general Coaxial Cable – Cable used for cable TV and modem service Tap – A device that splits one cable drop into several ports, usually 2, 4, or 8 Amplifier – A device that magnifies an input signal Hybrid Fiber-coaxial – A cable network in which most or all of the backbone and trunk connections are fiber connecting to coaxial drops. Downstream – An RF signal headed from the ISP to the Subscriber. Upstream – An RF signal headed from the Subscriber to the ISP. Standards NTSC – National Television Standards Committee – governs analog TV systems in North America using a 6-Mhz modulated signal. PAL – Phase Alternating Line – A color coding system used in Europe, Asia, Africa, Australia, Brazil, and Argentina. Uses 6, 7, or 8-Mhz modulated signal. SECAM – Systeme Electronic Couleur avec Memoire – Analog color TV system used in France and some Eastern European countries. Uses an 8-Mhz modulated signal. Components Antenna Site – ISP’s site with sending and receiving satellite dishes. Headend – Master site where signals are received, processed, formatted, and distributed. Secured and generally unstaffed. Transportation Network – Network that connects the headed to the antenna site. Might be microwave, coaxial, or fiber. Distribution Network – Either trunk and feeder coaxial cables or more often hybrid fiber-coaxial. This is the backbone of the network. Node – Performs optical-to-RF conversion of CATV signals. Allows
  • 2. CCNA4.com networks to use fiber. Subscriber Drop – Connects the subscriber to the feeder portion of the distribution network. In many cable networks, this is the ONLY part of the network that is actually coax. DOCSIS Standards Physical Layer (Layer1) – Definition of data signals to be used by cable operators. Channel widths are 200kHz, 400kHz, 800kHz, 1.6MHz, and 6.4MHz. Also defines how signals are modulated. MAC Layer (Layer 2) – Definition of an access method depending on DOCSIS version. Time Division Multiple Access for versions 1.0, 1.1, and 2.0 or Synchronous Code Division Multiple Access for version 2.0. The DOCSIS MAC protocol uses a request/grant system, so there are very few collisions. DOCSIS 3.0 – Allows “channel bonding”, similar to adding channels to a fractional T1 to allow greater bandwidth. DOCSIS Components CMTS – Cable Modem Termination System – Usually resides in the headend. Modulates the signal to the Cable Modem (CM) and demodulates the cable modem’s response. Cable Modem (CM) – A CPE device that terminates as well as performs modulation and demodulation of signals. Speeds range from 1.5 to 6Mbps. “Back Office” Services – TFTP, DHCP, ToD (Time of Day for log timestamping) and other maintenance tools. Cable Modem Provisioning Steps Downstream Setup – When the modem is powered up, it scans and locks the downstream path for the RF channel allocated so that layer 1 and 2 can be established. Upstream Setup – The cable modem listens to management messages broadcast down the downstream path that gives information on how and when to communicate on the upstream path. This information is used to establish layers 1 and 2 for the upstream path. Layer 1 and 2 Establishment – Physical and Data Link Layers are established between the CM and CMTS. IP Address Allocation – The CM requests the DOCSIS config file from the tftp server. This ASCII “binary” file has the parameters given by the ISP including maximum downstream and upstream rates, maximum
  • 3. CCNA4.com upstream burst rate, class of service or baseline privacy, MIBs, and others. This config file can be loaded via tftp or manually configured on the cable modem. Register QoS with CMTS – The CM negotiates traffic types and QoS settings with the CMTS, in accordance with the customer’s plan. IP Network Initialization – Once layers 1, 2, and 3 are established and the CM has pulled a config via tftp, the CM can provide routing and NAT functions for clients behind it at the subscriber site. To establish layer 3, the CM requests an IP address, subnet mask, default gateway, tftp server, dhcp relay agent, the complete name of the DOCSIS config file, address of the ToD server, and the syslog server address, all from the dhcp server on the ISP side. Once it has this information, it first requests its clock to be set to the ToD server’s correct time, then it can request the DOCSIS config from the tftp server. Cable Modem Features/Limitations Shared Medium – Cable modems can provide very fast download speeds, but are a shared medium, meaning that those speeds may not be achievable when the local network is in heavy use. In addition, upload speeds are limited. DSL Technology DSL Features/Limitations POTS Coexistence – Due to the frequencies used, DSL can send data signals through existing telephone cabling without requiring any additional wiring to carry both voice and data traffic. All that is required is some kind of filtering for analog devices such as non-VoIP phones and fax machines. Dedicated Medium – Unlike Cable modems, DSL is not shared bandwidth and while speeds may be lower in some locations, they will be consistent. Distance Limitations – As distance between the subscriber and the local CO increases, speed and quality decrease. The most common DSL technology, ADSL, has a limit of 18,000ft. Load coils are often used on telephone lines to amplify signals to cross longer distances. The presence of a load coil on a line will not allow DSL signals to pass properly. Older Home Wiring – Older buildings may have low quality wiring that is subject to interference from AM radio waves or EMI.
  • 4. CCNA4.com DSL Terminology Amplitude – Peak height or depth of a wave peak or valley, in relation to the horizontal axis of a graph, during one cycle of the wave. ATU-C – ADSL Transmission Unit –central office – a subscriber-facing DSL modem in the provider’s CO. ATU-R – ADSL Transmission Unit-remote – a provider-facing DSL modem in the subscriber home. Could be a DLS-capable router or DSL modem. DSLAM – A single chassis containing multiple ATU-C units. Frequency – Number of cycles of a waveform over a given time. Frequency = speed / wavelength Line Code – Technique used to represent digital signals by an amplitude- discreet and time-discreet signal that allows a receiving device to synchronize to the phase of signals transmitted. Maximum Data Rate – Maximum transmission speed possible for a particular version of DSL. Microfilter – Filters used to connect analog devices to a home network which has DSL service. Filters out everything except the 0 – 4 kHz range of frequencies (analog voice range). Modulation – Process of varying a periodic waveform in order to use that signal to convey a message. Nature – The relationship between downstream and upstream speeds (asynchronous or synchronous). Network Interface Device – The CPE device providing the termination point of the local loop. Phase – A measure of the relative position over time of two waveforms with identical frequency. Splitter – A passive device used to separate DSL traffic from voice traffic. Today, microfilters usually replace splitters at the CPE side of the local loop. Wavelength – Distance between repeating units of a wave pattern. Wavelength = Frequency / speed DSL Variants Asymmetrical DSL (ADSL) – Different speeds for upload and download, generally download speeds are higher. Typical for home use. Symmetrical DSL (SDSL) – Identical transmission speeds for upload and download. Asymmetric DSL Types
  • 5. CCNA4.com ADSL – Maximum distance of 18,000 feet. Maximum download speed – 1.5 – 8Mbps and upload of 16kbps – 1Mbps. G.Lite ADSL – Splitterless ADSL. Max download 1.5Mbps, max upload 512kbps. No splitters required. RADSL (rate-adaptive DSL) – Nonstandard version of ADSL that adjusts speed to compensate for quality of phone line. Has longer maximum distances than ADSL, but ADSL does also have the ability to adapt speeds. VDSL (very-high-bit-rate DSL) – Speeds of 13-55Mbps over distances up to 4500 feet on short loops. Cisco Long Reach Ethernet (LRE) is based on VDSL technologies. Limited availability for this. Symmetric DSL Types SDSL (symmetric DSL) – provides upload and download of 128kbps – 2.32Mbps. 768kbps is most typical. Distance limit is 21,000 feet. G.SHDSL (symmetric high-data-rate DSL) – Longer distance of 26,000 feet. Speeds from 192kbps to 2.3Mbps. Best suited to data-only implementations. HDSL (high-data-rate DSL) – Rates up to 768kbps in each direction, 1.544Mbps. Basically T1 or E1 over DSL. Does not allow standard phone service over the same wiring. HDSL2 (second-generations HDSL) – Allows 1.5Mbps rates while still coexisting with voice using either ATM or other technology over the same wire pair. IDSL (ISDN DSL) – Supports downstream and upstream rates of up to 144kbps in the same channel types as traditional ISDN, but in an “always- on” service rather than dialup style service. Does not coexist with traditional voice. ADSL Modulation CAP (Carrierless Amplitude Phase) – Single-carrier modulation type that divides the available space into 3 bands. Range 0 to 4kHz is used for POTS, range 25 to 160kHz is used for upstream data, and range 240kHz to 1.1MHz is used for downstream data. Only used in legacy implementations because it does not perform as well. DMT (Discrete Multi-Tone) - Uses multiple independent subchannels with a larger channel (RF range), which can be brought up or taken down dynamically with no effect whatsoever on other existing channels. Most ADSL equipment now uses DMT to divide a single upstream or downstream channel into 256 equally sized channels.
  • 6. CCNA4.com Data Transmission Over ADSL Layer 2 – Once DSL reaches the DSLAM, it reaches an ATM network. The DSLAM is an ATM router with DSL interface cards. Layer 3 – Data can be encapsulated in 3 ways: RFC1483/2684 bridging (multiprotocol data encapsulation or AAL5SNAP over ATM), PPP over Ethernet, or PPP over ATM. RFC 1483/2684 Bridging – Simpliest technology with least configuration at CPE end. DSL router acts only as a bridge, but has lack of features, security, and scalability. PPP – PPP enables authentication as well as higher layer protocols versus bridging. Each packet is encapsulated with a 16-bit protocol identifier. The packet contains: LCP (Link Control Protocol) information which negotiates things like packet size, type of authentication, and other link parameters, NCP (Network Control Protocol) information which contains information about higher layer protocols, such as routing, and Data Frames, which contain the actual user data. PPP Process – 1. Each end of the PPP link sends LCP packets to configure and test the layer 2 connection. 2. After the link has been established, PPP must send NCP packets to choose and configure network layer protocols (such as IP). 3. Once the layer 3 protocol has been configured, traffic from each layer 3 protocol can be sent. 4. The link remains configured and ready for communication until it receives explicit LCP or NCP packets telling it to close or some external event or timeout occurs. PPP can handle multiple protocols at once. PPPoE (Point-to-Point Protocol over Ethernet) - Uses PAP or CHAP to authenticate a connection. Each PPP session must learn the address of the remote peer to create a unique session identifier. This is done by a discovery protocol, which adds 2 additional phases: Discovery Phase - 1. PPPoE client sends a PADI (PPPoE Active Discovery Initiation) packet as a broadcast requesting service. 2. The router responds with a PADO (PPPoE Active Discovery
  • 7. CCNA4.com Offer) packet describing the offered services in a unicast packet directly to the MAC address of the client. 3. The PPPoE client responds directly to the server with a unicast PADR (PPPoE Active Discovery Request) packet to move on to the session phase. 4. The router sends the client a PPPoE Active Discovery Session- Confirmation which contains a session-ID and confirms they can move to the Session phase. (If this all sounds a lot like dhcp, it is!) Session Phase- This is the phase where authentication takes place, as well as any other configured LCP options. In order to accomplish authentication and the negotiation of session variables, there are usually 3 options: 1. Placing a DSL-capable router at the subscriber’s home – In this case, PPP is terminated on the provider’s equipment at the subscriber’s home. 2. Placing a non-DSL-capable router at the subscriber’s home – Here an external DSL modem must be placed in addition to the router. PPP is still terminated on the provider’s router at the subscriber’s home. 3. Placing an External DSL Modem at the subscriber’s home – here a simple DSL modem terminates the physical DSL connection. PPP is terminated either on the hosts using PPPoE software or on a router provided by the subscriber. MPLS MPLS Terminology Label – Short, fixed-length identifier used to identify a group of networks Label Stack – A set of labels attached to a packet header. Label Swap – Basic forwarding operation. Incoming label is looked at to determine outgoing label, encapsulation, port, and others. LSH (Label-switched Hop) – A hop between two MPLS nodes. All forwarding done by labels. LSP (Label-switched Path) – A path through one or more LSR’s at followed by a packet in a particular FEC. LSR (Label Switching Router) – An MPLS node that is capable of forwarding label switched packets. MPLS Domain – A contiguous set of LSR’s in one routing or administrative domain.
  • 8. CCNA4.com MPLS edge node – An MPLS node that connects to a neighboring node outside of its MPLS domain. MPLS Egress Node – An MPLS node that handles traffic leaving an MPLS domain. MPLS Ingress Node – An MPLS node that handles traffic entering an MPLS domain. MPLS Label – A label that is carried in a packet header and identifies the packet’s FEC. MPLS Node – A node running MPLS. Optionally can also forward native layer 3 packets. FEC (Forwarding Equivalence Classes) – Roughly corresponds to a packet’s “next hop” within the MPLS domain. 2 packets with different destinations can share a FEC at a router if they both have the next hop. They will share a FEC until they reach a router at which they must exit through different interfaces. Packets sorted into the same FEC at one router may later be sorted into separate FEC’s at a later router. PHP (Penultimate Hop Pop) – An LSR immediately before the destination edge LSR pops the label before sending it to the edge LSR. This saves time because the edge router then needs only to look at the network layer routing rather than first looking at and popping the label. Router Switching Modes Process Switching – Slowest and most resource-intensive method. Each packet has to be looked up in the routing table individually. Cache-driven Switching – Once one packet is looked up in the routing table, the destination is stored in memory for subsequent packets. Topology-driven Switching – A FIB (Forwarding Information Base) is created and used for high-speed switching operations at layer 3 (CEF – Cisco Express Forwarding). The FIB acts as a shorthand reference so that the router can bypass the routing table and use its adjacency table, simply knowing which adjacent neighbor is next in the packet’s path is enough. Can take up a lot of processing and memory if the routing table is large. MPLS Components LDP (Label Distribution Protocol) – Functions much like a routing protocol for sending Label information. RSVP (Resource Reservation Protocol) – Used by MPLS to allow reservation of bandwidth within the MPLS network for voice or other sensitive traffic.
  • 9. CCNA4.com LFIB (Label Forwarding Information Base) – Stores label information gained from LDP and/or routing protocols. Essentially Label routing table. Part of the data plane. P Router – Router inside the provider network that does not have customer routers as neighbors. PE Router – Provider Edge router that interacts directly with CE routers. CE Router – Customer Edge router that interacts directly with PE routers. LIB (Label Information Base) – Part of the control plane, provides the database for LDP which maps IP addresses with local and next-hop labels. FIB (Forwarding Information Base) – Part of the data plane, stores database used for forwarding unlabeled IP packets created from a regular routing protocol. (IP routing table.) Each MPLS router creates its own LIB, FIB, and LFIB. IPsec Overview IPsec Features Data Confidentiality – Data is kept private between endpoints of the VPN using encryption, such as DES, 3DES, or AES. (Optional, but common) Data Integrity – Guarantee that data has not been altered since it was sent. Provided by a hash algorithm, such as SHA or MD5. Data Origin Authentication – Ensures that the sender and receiver are who they say they are. Provided by IKE by ISAKMP or Oakley protocols. Anti-replay – ensures that no packets are duplicated and helps prevent a man-in-the-middle style attack. (Optional but common.) Provided by AH using a hashing algorithm such as SHA or MD5. IPsec Protocols IKE (Internet Key Exchange) – Provides the framework for exchanging security parameters and authentication keys securely over the internet in phase 1. ESP (Encapsulating Security Payload) – Provides the framework for encryption, integrity, authentication, and anti-replay. Uses Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). AH (Authentication Header) – provides the framework for data integrity, authentication, and anti-replay. Generally used today in combination with ESP since it does not provide for encryption. Uses hash algorithms to
  • 10. CCNA4.com ensure that data has not been tampered with. Uses Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1). IPsec Modes Transport – Ipsec headers are inserted in an IP packet to route traffic over a tunnel. The original IP header is unprotected and visible to points between the endpoints. Only the transport layer and above are protected. Tunnel Mode – The entire packet is encapsulated with a new header and only the IP addresses of the tunnel endpoints are protected. Internet Key Exchange (IKE) IKE Phase 1 – Mandatory IKE phase. A bidirectional SA (Security Association) is established between IPSec peers. May also perform peer authentication. Two modes available here, Main Mode (site-to-site tunnels) and Aggressive Mode (Easy VPN). IKE Phase 1.5 – Optional IKE phase. Provides additional layer of authentication called Xauth or Extended Authentication. Xauth forces the user to authenticate before the connection is granted. IKE Phase 2 – Second mandatory IKE phase. Implements unidirectional SA’s between IPsec endpoints so that keys are not shared. Uses IKE quick mode. GRE Over IPsec Characteristics GRE – packets are encapsulated, however few security features are provided. However, it allows routing protocols to travel over the tunnel, unlike IPsec. Most often today, the two are combined to allow an encrypted tunnel which also allows multicast and routing protocols to travel over it. Creates high packet overhead. IPsec High Availability Options Failover Strategies Stateless – Redundant IPsec tunnels are used to provide primary and backup paths. The state of the tunnels is not known, but traffic is sent across the backup tunnel if the end-to-end path has failed. Uses DPD (Dead Peer Detection), and IGP (interior gateway protocol) within GRE over IPsec, or HSRP (Hot Standby Routing Protocols). Stateful – Redundant equipment is employed, generally identical, that
  • 11. CCNA4.com communicate with each other to determine which one is the current best device. Uses either HSRP or SSO (Stateful Switchover). Easy VPN Components Easy VPN Components Easy VPN Remote – the remote or “client” end of the Easy VPN connection. This is the “easy” part of Easy VPN since it does not require a static IP address or complicated configuration on this end. Easy VPN Server – The “HQ” end of the VPN, which is more difficult to configure and requires further configuration. The VPN server provides the client addresses as well as all other dhcp settings along with the VPN tunnel. Device Hardening Router Vulnerabilities Services Unnecessary Services and Interfaces – The largest category of vulnerabilities. Includes TCP and UDP small services and other services enabled by default that are generally not necessary. Management Services – Includes SNMP and DNS. These services should be disabled on any external interfaces or any on which they are not specifically required. Path Integrity Mechanisms – ICMP redirects, IP source routing. These can give an attacker information about a network that is used for transferring config files and IOS images to a router, but not good for an attacker to use. Disable these on all outside interfaces and on any interface that they are not necessary on. Probes and Scans – Includes Finger and some ICMP features. These can also be used for reconnaissance and should be disabled unless needed. Terminal Access Security – IP identification service and TCP keepalives. Can be used for DoS attacks or to gather information. Again, disable unless needed. Gratuitous and Proxy ARP – Can be used to launch DoS attacks. Both are enabled by default but it is not likely they will be needed in modern networks unless your router is acting as a layer 2 bridge.
  • 12. CCNA4.com AutoSecure – command-line tool that automatically disables all these vulnerabilities, enables firewall inspection and CEF, implements logging and NTP, restricts access to SSH and prevents TCP SYN-flooding attacks as well as configures a security banner and prompts for secure passwords…all with just the auto secure command. SDM Security Audit Wizard – Displays a list of these vulnerabilities with the option to disable them, as well as allows the user to configure inside and outside interfaces for firewall purposes. SDM One-Step Lockdown Wizard – Tool in SDM similar to the auto secure command in the CLI. Securing Administrative Access Passwords – Set strong, complex passwords and also use ACL’s to restrict access to management interfaces. A password policy including minimum length, expiration, etc should be implemented. Login Limitations – Lock out users after a certain number of failed login attempts and/or log the failure. You can also configure a delay, or quiet mode which will allow access from an ACL only when it is locked. Password Encryption – use the “enable secret” over the “enable” password as it is encrypted with MD5 and very difficult to decrypt and remember that the enable password, console, aux, and vty passwords are all initially stored in clear text. Use the “service password encryption” command to encrypt all current plaintext passwords, but remember that this uses a weak encryption algorithm. Individual logins with a “secret” password are a better choice. Multiple Privilege Levels – Use built-in privilege levels from 1-15 to give individual users only the access they require or map commands to specific levels. Role-Based CLI – Enable different “views” for different users so that only the commands they are authorized to use will show up as available. The “Duh” Stuff – Configure a legally secure banner on all devices, physically secure all devices, set minimum password lengths, remember that telnet and tftp are cleartext, etc. AAA to Secure and Scale Access TACACS+ vs. Radius Radius – Multi-vendor solution that allows centralized management of Authentication, Authorization, and Accounting for multiple platforms. Uses combines authentication and authorization into a single request, so this
  • 13. CCNA4.com information must be on the same server. Does not limit what commands a user can issue on a network device, only gives access or does not. TACACS+ - Uses TCP for greater reliability and scalability. Entire body of packets are encrypted, separate servers can handle authentication and authorization, provides multiprotocol support, allows admins to specify commands or privilege modes available to users. Designed by Cisco for Cisco equipment. IOS Firewall Features – Beyond Static ACLs Stateful Packet Filtering – Allows a firewall to be knowledgable of the “state” of a connection, opening ports as needed and closing them once they are finished so that ports do not need to be constantly left open or manually closed. Generally only connections initiated from the inside interface are allowed to open connections to the outside. Proxy Firewalls – Stand between an inside host and the outside and make requests on behalf of the inside host. The inside host is never directly exposed. Common for web traffic so that it can be monitored and filtered. To the outside, all requests appear to come from the proxy firewall. IDS and IPS IDS – Sits outside the path of active network traffic and has copies of the traffic sent to it. It creates alerts whenever it determines that a series of packets may be a threat. It can actively configure other devices to block or quarantine these packets, but cannot itself block any packets. IPS – Sits directly in the path of active network traffic and can both alert and block packets itself and stop an attack. HIPS or HIDS – A software-based IDS or IPS system protecting a single server or host. NIPS or NIDS – Network-based IDS or IPS. Types of IPS/IDS – Signature-based – Cisco’s preferred solution. Uses attack signatures that identify known patterns of attacks that are constantly updated and then downloaded to the device. Can have problems detecting zero-day attacks. Policy-based – Use algorithms to identify traffic that strays outside set norms or that meets certain patterns of malicious traffic. Additional
  • 14. CCNA4.com policies can be configured. Anomaly-Based – Used by MARS and others, system “learns” what normal network behavior “looks” like and then is able to alert or take action when network behavior differs from that pattern. Works well in smaller networks, but can be difficult to define “normal” in larger networks.