Introduction to Networking

Welcome to the comprehensive course on Networking Basics. This course is designed to provide you with a solid
foundation in computer networking principles, technologies, and practices. Over the next 10 sections, we'll explore
everything from fundamental concepts to practical skills that are essential for understanding how networks
function in our increasingly connected world. Whether you're pursuing a career in IT, looking to enhance your
technical knowledge, or simply curious about how the internet works, this course will equip you with the
knowledge to understand and work with networks effectively.

by Gloudy Mama
Network Types and Topologies
Networks can be classified into different types based on their geographical scope and scale. The most common
network types include Local Area Networks (LANs), which connect devices within a limited area such as an office
building or campus; Metropolitan Area Networks (MANs), covering a larger geographical area like a city; Wide Area
Networks (WANs), spanning across countries or even globally; and Personal Area Networks (PANs), which connect
devices within an individual's workspace.

Network Scales

1 Local Area Network (LAN) 2 Wide Area Network (WAN)

Connects computers and devices within a limited Spans a large geographical area, often
area such as a home, school, office building, or connecting multiple LANs. The Internet is the
campus. LANs typically offer high data transfer largest WAN, spanning the entire globe. WANs
rates, small geographic range, and no need for typically rely on leased telecommunication
leased telecommunication lines. circuits.

3 Metropolitan Area Network (MAN) 4 Personal Area Network (PAN)

Covers an area larger than a LAN but smaller than Connects devices within an individual's
a WAN, such as a city. A MAN might be owned workspace. PANs can be wired (using USB or
and operated by a single organization, but usually FireWire) or wireless (using Bluetooth or infrared).
serves many users.

Network Topologies

Network topology refers to the arrangement of elements within a network. The physical topology is the actual
layout of the network devices, while the logical topology describes how data flows through the network.

Bus Topology Star Topology Ring Topology

All devices are connected to a main All devices are connected to a Each device is connected to exactly
cable or "bus." Data travels along central hub or switch. This topology two other devices, forming a
the bus in both directions until it is easy to install and manage, offers continuous loop. Data travels
reaches its destination. Bus better performance, and limits the around the ring in one direction.
topologies are simple and cost- impact of cable failures, but creates Ring topologies provide equal
effective but can create a single point of failure at the hub. access for all devices but can be
performance issues with heavy disrupted by a single device failure.
traffic.

Hybrid topologies combine elements of two or more basic topologies. For example, a star-ring network connects
multiple star networks through a ring backbone. Mesh topologies, where every device connects directly to every
other device, offer maximum reliability but at higher cost and complexity.
The OSI Model and TCP/IP Suite
To standardize network communications, organizations have developed reference models that break down the
complex process of network communication into more manageable layers. The two most important models are
the OSI (Open Systems Interconnection) Reference Model and the TCP/IP (Transmission Control Protocol/Internet
Protocol) Suite.

The OSI Reference Model

Developed by the International Organization for Standardization (ISO) in 1984, the OSI model divides network
communication into seven abstraction layers. Each layer serves a specific function in the process of transmitting
data from one device to another.

Layer 7: Application
1 The entry point for user interactions with network services. Protocols operating at this layer include
HTTP, FTP, SMTP, DNS, and Telnet. This layer provides services directly to user applications.

Layer 6: Presentation
Responsible for data translation, encryption, and compression. It ensures that data from the
2
application layer can be understood by the receiving system, handling tasks like character encoding,
data compression, and encryption/decryption.

Layer 5: Session
Establishes, maintains, and terminates connections (sessions) between applications. It handles
3
session checkpointing and recovery, allowing applications to continue where they left off if a session is
interrupted.

Layer 4: Transport
4 Provides reliable data transfer, error recovery, and flow control. Key protocols include TCP (connection-
oriented, reliable) and UDP (connectionless, faster but less reliable).

Layer 3: Network
Handles logical addressing and routing between different networks. The IP protocol operates at this
5
layer, determining the best path for data to travel from source to destination across multiple
networks.

Layer 2: Data Link

6 Provides node-to-node data transfer and error detection/correction. This layer is divided into two
sublayers: Logical Link Control (LLC) and Media Access Control (MAC). Ethernet protocols operate here.

Layer 1: Physical
7 Transmits raw bit stream over the physical medium. It defines hardware specifications like cable types,
signal types, and physical connectors. It converts digital bits into electrical, radio, or optical signals.

The TCP/IP Suite

The TCP/IP model is a more practical, simplified version of the OSI model and is the foundation of the internet. It
consists of four layers that roughly correspond to the seven layers of the OSI model.

TCP/IP Layer Corresponding OSI Layers Key Protocols

Application 5, 6, 7 (Session, Presentation, HTTP, FTP, SMTP, DNS, Telnet,

Application) SSH

Transport 4 (Transport) TCP, UDP

Internet 3 (Network) IP, ICMP, ARP, RARP

Network Interface 1, 2 (Physical, Data Link) Ethernet, WiFi, PPP

Understanding these models helps network professionals troubleshoot issues by isolating problems to specific
layers, and allows different manufacturers to create products that can interoperate seamlessly by adhering to the
standards defined for each layer.
Network Devices and Hardware
Network infrastructure relies on various hardware components that enable data transmission, traffic management,
and connectivity between devices. Understanding these devices and their functions is crucial for designing,
implementing, and troubleshooting networks.

Essential Network Devices

Routers Switches Modems Access Points

Routers operate at Layer 3 Switches operate at Layer Modems (Modulator- Wireless Access Points
(Network layer) of the OSI 2 (Data Link layer) and Demodulator) convert (WAPs) allow wireless
model and connect connect devices within digital signals from your devices to connect to a
multiple networks the same network. Unlike computer to analog wired network. They
together. They determine hubs, switches forward signals that can travel effectively extend a wired
the best path for data data only to the specific over traditional telephone network to support
packets to reach their device for which the data or cable lines, and vice wireless clients, operating
destination using routing is intended, improving versa. They provide the at the Physical and Data
tables and protocols. network efficiency and connection between your Link layers of the OSI
Modern routers often security. Managed internal network and your model.
include additional switches offer Internet Service Provider
features like firewall configuration options like (ISP).
protection, QoS (Quality of VLANs, port mirroring,
Service), and VPN and link aggregation.
support.

Additional Network Hardware

Network Interface Cards Bridges Firewalls

(NICs)
Bridges connect two network Firewalls protect networks by
NICs are hardware components segments and operate at the Data monitoring and controlling
that connect a device to a Link layer. They filter traffic incoming and outgoing network
network. They can be integrated between network segments based traffic based on predetermined
into a device's motherboard or on MAC addresses, reducing security rules. They can be
added as expansion cards. Each unnecessary traffic and improving hardware appliances, software
NIC has a unique MAC address performance. Unlike hubs, bridges programs, or both. Next-
that identifies the device on the only forward data to the segment generation firewalls (NGFWs)
network. NICs are available for where the destination device is include additional features like
different types of networks, located. intrusion prevention, application
including Ethernet and wireless. awareness, and advanced threat
Gateways protection.
Repeaters and Hubs
Gateways connect networks with
Load Balancers
Repeaters operate at the Physical different protocols or
layer to amplify and regenerate architectures. They can operate at Load balancers distribute network
signals to extend the reach of a any layer of the OSI model and traffic across multiple servers to
network beyond cable limitations. perform protocol conversion to ensure no single server becomes
Hubs are multi-port repeaters that enable communication between overwhelmed, improving reliability
forward data received on any port dissimilar networks. For example, and performance. They can
to all other ports, creating a shared an email gateway might convert operate at various layers of the OSI
communication medium. between different email protocols. model and use different
algorithms to determine how to
distribute traffic.

Cabling and Media Types

1 Twisted Pair Cable 2 Coaxial Cable

The most common network cable, available in Features a copper core surrounded by insulation
shielded (STP) and unshielded (UTP) varieties. and a conductive shield. Although less common
UTP cables are categorized by their data capacity in modern LANs, it's still used for cable television
(Cat5, Cat5e, Cat6, etc.) and use RJ-45 connectors. and some specialized network applications.

3 Fiber Optic Cable 4 Wireless Media

Transmits data using light pulses through glass or Uses radio frequencies or infrared signals to
plastic fibers. It offers higher bandwidth, longer transmit data without physical cables. Common
transmission distances, and immunity to standards include Wi-Fi (IEEE 802.11), Bluetooth,
electromagnetic interference compared to and cellular networks.
copper cables. Available in single-mode (long
distance) and multi-mode (shorter distance)
varieties.
IP Addressing and Subnetting
Internet Protocol (IP) addressing is fundamental to network communication, providing a method to uniquely
identify devices on a network. Understanding IP addressing and subnetting is crucial for network design,
troubleshooting, and efficient resource allocation.

IPv4 Addressing

IPv4 addresses are 32-bit numbers typically represented in dotted-decimal notation (e.g., 192.168.1.1). Each of the
four numbers (octets) can range from 0 to 255, providing approximately 4.3 billion unique addresses. Due to the
explosive growth of internet-connected devices, the IPv4 address space has been exhausted, leading to the
development of technologies like NAT (Network Address Translation) and the transition to IPv6.

IPv4 Address Classes Special IPv4 Addresses

Private Address Ranges:
Class First Default Purpose
10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
Octet Subnet
Range Mask 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
Class A 1-126 255.0.0.0 Large
Loopback Address: 127.0.0.1
(/8) networks
APIPA (Automatic Private IP Addressing):
Class B 128-191 255.255.0. Medium 169.254.0.0/16
0 (/16) networks Broadcast Address: The highest address in a subnet
(e.g., 192.168.1.255 for 192.168.1.0/24)
Class C 192-223 255.255.2 Small
Network Address: The lowest address in a subnet
55.0 (/24) networks
(e.g., 192.168.1.0 for 192.168.1.0/24)

Class D 224-239 N/A Multicast

Class E 240-255 N/A Experime

ntal

Note: 127.0.0.0/8 is reserved for loopback addressing.

Subnetting

Subnetting divides a large network into smaller, more manageable subnetworks. This improves security, reduces
network congestion, and allows for more efficient use of IP addresses. Subnetting involves borrowing bits from the
host portion of an IP address to create additional network identifiers.

Assign Host
Calculate Subnet Addresses
Calculate Subnet Mask Addresses Allocate IP addresses to
Determine The subnet mask Determine the network devices within each
Requirements identifies which portion of address for each subnet. subnet. Valid host
Identify how many the IP address belongs to The first address in each addresses fall between
subnets you need and the network and which subnet is the network the network address and
how many hosts per portion identifies the host. address, and the last broadcast address in each
subnet. This will By extending the network address is the broadcast subnet.
determine how many bits portion (changing host address. Both are
to borrow from the host bits to 1s), you create reserved and cannot be
portion of the address. subnets. assigned to hosts.

CIDR Notation

Classless Inter-Domain Routing (CIDR) notation provides a more flexible way to specify IP address ranges than the
traditional class system. It uses a suffix indicating the number of bits in the network portion of the address, such as
192.168.1.0/24, where "/24" means the first 24 bits specify the network, leaving 8 bits for hosts (allowing for 254
usable host addresses).

IPv6 Addressing

IPv6 was developed to address the IPv4 address exhaustion problem. IPv6 addresses are 128 bits long, providing an
astronomically large number of unique addresses (approximately 3.4 × 10^38). They are represented in hexadecimal
notation, with eight groups of four hexadecimal digits separated by colons (e.g.,
2001:0db8:85a3:0000:0000:8a2e:0370:7334).

1 IPv6 Address 2 IPv6 Address Types 3 IPv6 Subnetting

Simplification Like IPv4, IPv6 has various IPv6 subnetting is typically
Leading zeros within a group address types: unicast (one- simpler than IPv4 due to the
can be omitted, and one to-one), multicast (one-to- abundance of addresses.
consecutive group of zeros many), and anycast (one-to- Organizations are usually
can be replaced with a double nearest). IPv6 eliminates assigned a /48 prefix, allowing
colon (::). For example, the broadcast addresses, for 65,536 subnets with 18 bits
address above could be replacing their functionality for subnet allocation, and 64
written as with multicast addresses. bits for host addressing in
2001:db8:85a3::8a2e:370:7334. each subnet.
Ethernet and Switching Fundamentals
Ethernet is the most widely used Local Area Network (LAN) technology in the world. It defines the physical and
data link layers of network communication and has evolved significantly since its invention in the 1970s.
Understanding Ethernet and switching concepts is fundamental to designing and managing modern networks.

Ethernet Evolution

10 Mbps Ethernet
The original Ethernet standard (10Base5, Gigabit Ethernet
10Base2, 10BaseT) offered 10 Mbps 1000BaseT (Gigabit Ethernet) further
speeds. 10Base5 used thick coaxial cable, increased speeds to 1 Gbps (1000 Mbps).
10Base2 used thin coaxial cable, and It requires Category 5e or better cabling
10BaseT used twisted pair cabling with a and has become the standard for most
star topology. modern LANs.

1 2 3 4

Fast Ethernet 10 Gigabit and Beyond

100BaseT (Fast Ethernet) increased 10GBaseT offers 10 Gbps speeds using
speeds to 100 Mbps using Category 5 Category 6a or better cabling. Even
UTP cabling. It maintained backward faster standards exist (40GbE, 100GbE,
compatibility with 10BaseT while offering and 400GbE), primarily used in data
significantly higher performance. centers and high-performance
computing environments.

Ethernet Frame Structure

An Ethernet frame is the basic unit of data transmission in an Ethernet network. It consists of several fields that
contain addressing information, data, and error-checking mechanisms.

Field Size Description

MAC Addresses
Media Access Control (MAC) addresses are 48-bit (6-
Preamble 7 bytes Synchronizati
byte) hardware addresses uniquely assigned to
on pattern of network interfaces. They are typically represented in
alternating 1s hexadecimal format (e.g., 00:1A:2B:3C:4D:5E). The first 3
and 0s
bytes (Organizationally Unique Identifier or OUI)
identify the manufacturer, while the last 3 bytes are
Start Frame 1 byte Indicates the
assigned by the manufacturer to uniquely identify the
Delimiter start of the
device.
(SFD) frame
Types of MAC Addresses
Destination 6 bytes Physical
MAC Address address of the Unicast: Identifies a specific network interface
recipient Multicast: Identifies a group of devices (first bit of
first byte set to 1)
Source MAC 6 bytes Physical
Broadcast: Sent to all devices on the network
Address address of the
(FF:FF:FF:FF:FF:FF)
sender

EtherType/Le 2 bytes Indicates

ngth either the
protocol type
or frame
length

Data and Pad 46-1500 bytes The actual

data being
transmitted

Frame Check 4 bytes Error

Sequence detection
(FCS) code (CRC)

Ethernet Switching

Ethernet switches operate at Layer 2 of the OSI model and forward frames based on MAC addresses. They create a
more efficient network by sending frames only to the intended recipient rather than broadcasting to all connected
devices (as hubs do).

Switch Operation Advanced Switching Concepts

1. When a switch receives a frame, it examines the VLANs (Virtual LANs): Logical groupings of devices
source MAC address and adds it to its MAC address that can communicate as if they were on the same
table (also called a CAM table), associating it with physical network, regardless of their physical
the port on which it was received. location. VLANs improve security, reduce broadcast
2. The switch then examines the destination MAC domains, and simplify network management.
address and forwards the frame only to the port Spanning Tree Protocol (STP): Prevents loops in
associated with that address in its MAC address networks with redundant paths by placing certain
table. ports in a blocking state while maintaining a single
3. If the destination MAC address is not in the table, active path.
the switch forwards the frame to all ports except Link Aggregation (Port Trunking): Combines
the one it was received on (flooding). multiple physical links between switches into a
4. Broadcast frames (those with a destination address single logical link to increase bandwidth and
of FF:FF:FF:FF:FF:FF) are always forwarded to all provide redundancy.
ports. Quality of Service (QoS): Prioritizes certain types of
traffic to ensure critical applications receive
adequate bandwidth.

Ethernet Collision Domains and Access Methods

Early Ethernet networks used a shared medium where only one device could transmit at a time. These networks
used CSMA/CD (Carrier Sense Multiple Access with Collision Detection) to manage access to the shared medium.

CSMA/CD Operation Collision vs. Broadcast Full Duplex Ethernet

1. A device wanting to transmit Domains Modern switched Ethernet
first listens to see if the A collision domain is a segment networks typically operate in full-
medium is idle (Carrier of a network where collisions duplex mode, where devices can
Sense). can occur. Hubs create a single transmit and receive
2. If the medium is idle, the collision domain, while switches simultaneously, eliminating
device begins transmitting. create separate collision collisions entirely. Full-duplex
domains for each port. A operation requires a dedicated
3. If two devices transmit
broadcast domain is a segment connection between each
simultaneously, a collision
of a network where broadcast device and the switch, and both
occurs.
frames are propagated. All ports must support full-duplex
4. When a collision is detected,
on a switch are in the same operation.
the devices stop transmitting
broadcast domain unless
and wait a random amount
separated by VLANs or routers.
of time before attempting to
transmit again.
Routing Basics
Routing is the process of forwarding packets between different networks. While switches operate at Layer 2 (Data
Link) of the OSI model and make forwarding decisions based on MAC addresses, routers operate at Layer 3
(Network) and use logical addresses like IP addresses to determine the best path for data to reach its destination.

Router Functions

Path Determination Packet Forwarding

Routers use routing tables and metrics to determine Once a path is determined, routers forward packets
the optimal path for packet delivery. They consider to the next hop in the path. This process continues
factors such as hop count, bandwidth, delay, and from router to router until the packet reaches its
reliability when selecting routes. final destination.

Network Segmentation Protocol Translation

Routers divide broadcast domains, limiting the Some routers can translate between different
propagation of broadcast traffic and improving network protocols, allowing communication
network performance and security. between disparate networks.

Routing Tables

A routing table is a data structure stored in a router's memory that contains network destination prefixes and the
appropriate forwarding actions for each prefix. When a packet arrives, the router consults its routing table to
determine where to send the packet next.

A typical routing table entry includes:

Network Destination: The target network or host address

Netmask: The subnet mask that determines which portion of the IP address refers to the network
Gateway: The next hop router's IP address
Interface: The local interface through which the packet should be forwarded
Metric: A value indicating the route's preference (lower is better)

Routing Methods

Static Routing Dynamic Routing

In static routing, network administrators manually Dynamic routing uses routing protocols to
configure routes in the routing table. These routes do automatically discover network destinations and
not change unless manually modified. Static routing is update routing tables. Routers exchange routing
suitable for small networks with simple topologies or information to adapt to changes in network topology.
for specific routes that should not change.
Advantages of Dynamic Routing:
Advantages of Static Routing:
Automatically adapts to network changes
Minimal CPU and bandwidth overhead (no routing Reduces administrative overhead in large networks
protocol traffic)
Can implement load balancing and redundancy
Enhanced security (no advertisement of routes)
Predictable routing paths Disadvantages of Dynamic Routing:
Consumes CPU, memory, and bandwidth resources
Disadvantages of Static Routing:
More complex to configure and troubleshoot
Does not automatically adapt to network changes
Potential security vulnerabilities from route
Administrative overhead increases with network advertisements
size
Difficult to implement in large, complex networks

Routing Protocols

Routing protocols enable routers to exchange information about network destinations. They can be classified in
several ways:

Interior Gateway Protocols (IGPs) Exterior Gateway Protocols (EGPs)

Used within an autonomous system (a network under Used between autonomous systems.
a single administrative domain).
Path Vector Protocols:
Distance Vector Protocols:
BGP (Border Gateway Protocol): The de facto
RIP (Routing Information Protocol): Simple standard for Internet routing. Makes routing
protocol that uses hop count as its metric. Limited decisions based on network policies, rule sets, and
to 15 hops, updates every 30 seconds. AS path attributes rather than purely technical
EIGRP (Enhanced Interior Gateway Routing metrics.
Protocol): Cisco proprietary protocol that uses
Hybrid Protocols:
bandwidth, delay, reliability, and load in its
composite metric. EIGRP: Combines features of distance vector and
link state protocols.
Link State Protocols:
Routing Protocol Metrics:
OSPF (Open Shortest Path First): Uses cost based
on bandwidth as its metric. Creates a topological Hop count: Number of routers a packet must
map of the network and runs Dijkstra's algorithm to traverse
find shortest paths. Bandwidth: Data capacity of the links
IS-IS (Intermediate System to Intermediate Delay: Time required to traverse a path
System): Similar to OSPF but operates at Layer 2
Reliability: Error rate of the network links
rather than Layer 3. Common in service provider
networks. Load: Amount of activity on network resources
Cost: An arbitrary value assigned by administrators

Advanced Routing Concepts

Route Redistribution
Administrative Distance The process of importing routes
When a router learns about the from one routing protocol into
same destination from multiple another, allowing different
routing protocols, it uses routing domains to exchange
administrative distance to 2 information.
determine which source to trust. 1
Lower values are preferred. Route Summarization
Combines multiple routes into a
single advertisement to reduce
3 routing table size and minimize
5 processing overhead.
Policy-Based Routing
Makes routing decisions based on 4 Floating Static Routes
factors other than destination Static routes with a higher
address, such as source address, administrative distance than
protocol type, or application. dynamic routes, used as backup
routes when dynamic routing
fails.
Wireless Networking
Wireless networking has revolutionized how we connect devices, providing flexibility and mobility without the
constraints of physical cables. Understanding wireless technologies, standards, security considerations, and best
practices is essential for implementing reliable wireless networks.

Wireless Standards

The IEEE 802.11 family of standards defines the protocols for implementing wireless local area networks (WLANs).
Each standard offers different speeds, ranges, and frequencies.

Standard Frequency Max Data Rate Approximate Year Released

Range

802.11b 2.4 GHz 11 Mbps 35m indoor, 140m 1999

outdoor

802.11a 5 GHz 54 Mbps 35m indoor, 120m 1999

outdoor

802.11g 2.4 GHz 54 Mbps 38m indoor, 140m 2003

outdoor

802.11n (Wi-Fi 4) 2.4/5 GHz 600 Mbps 70m indoor, 250m 2009
outdoor

802.11ac (Wi-Fi 5) 5 GHz 3.5 Gbps 35m indoor, 120m 2013

outdoor

802.11ax (Wi-Fi 6) 2.4/5/6 GHz 9.6 Gbps Similar to 802.11ac 2019

802.11be (Wi-Fi 7) 2.4/5/6 GHz 46 Gbps Similar to 802.11ax Expected 2024

Wireless Network Components

Access Points (APs) Wireless Clients Wireless Controllers Antennas

Devices that bridge Devices that connect to Centralized management Devices that convert
wireless and wired wireless networks, such as systems that configure, electrical signals into
networks, allowing laptops, smartphones, control, and monitor radio waves (and vice
wireless clients to connect tablets, IoT devices, and multiple access points. versa). Different antenna
to the wired any equipment with They simplify deployment types (omnidirectional,
infrastructure. Enterprise wireless network and management of large directional, patch, etc.)
environments typically interfaces. wireless networks and serve different coverage
deploy multiple APs to enable features like fast requirements and
provide seamless roaming, load balancing, deployment scenarios.
coverage across larger and intrusion detection.
areas.

Wireless Network Topologies

Infrastructure Mode Ad Hoc Mode Mesh Networks

The most common topology, A decentralized topology where A topology where access points
where wireless clients connect to a devices connect directly to each communicate with each other
network through one or more other without using access points. wirelessly, creating a self-healing,
access points. The access points Ad hoc networks are typically resilient network. Only some
are connected to a wired network temporary and used for specific access points need a wired
infrastructure, providing purposes like file sharing or connection to the backbone
centralized control and gaming. network, making mesh networks
management. versatile for covering challenging
areas.

Wireless Channels and Frequency Bands

Wireless networks operate in specific frequency bands, which are divided into channels to minimize interference
between networks. The 2.4 GHz band has 14 channels (though only 1-11 are used in the US), while the 5 GHz band
has many more channels depending on regulatory domain.

2.4 GHz Band 5 GHz Band 6 GHz Band

More crowded but better Less crowded with more Newest band, introduced with
penetration through walls and available channels Wi-Fi 6E and Wi-Fi 7
obstacles Shorter range and less Offers 1,200 MHz of additional
Only three non-overlapping penetration through obstacles spectrum
channels (1, 6, 11) Less susceptible to common Currently uncongested with up
Subject to interference from interference sources to 59 non-overlapping 20 MHz
microwave ovens, cordless Used by 802.11a/n/ac/ax channels
phones, and Bluetooth devices standards Shorter range than 5 GHz
Used by 802.11b/g/n/ax Some channels require Requires Wi-Fi 6E or Wi-Fi 7
standards Dynamic Frequency Selection compatible devices
(DFS) to avoid interference with
radar systems

Wireless Security

Wireless networks are inherently more vulnerable than wired networks because the transmission medium (air) is
accessible to anyone within range. Several security mechanisms have been developed to protect wireless
communications:

WEP (Wired Equivalent Privacy)

1 The original 802.11 security standard, now considered completely insecure due to serious
cryptographic weaknesses. Should never be used in modern networks.

WPA (Wi-Fi Protected Access)

2 Developed as an interim solution to address WEP's weaknesses. Uses TKIP (Temporal Key Integrity
Protocol) for encryption, which is also now considered vulnerable.

WPA2 (Wi-Fi Protected Access 2)

Implements the full 802.11i standard using AES encryption (specifically CCMP, Counter Mode with
3
Cipher Block Chaining Message Authentication Code Protocol). Available in Personal (PSK) and
Enterprise (802.1X/EAP) modes.

WPA3 (Wi-Fi Protected Access 3)

The latest security standard, offering improved protection even with weak passwords through
4
Simultaneous Authentication of Equals (SAE). Includes enhanced encryption and protection against
brute force attacks.

Wireless Network Design Considerations

1 Coverage and Capacity Planning 2 Channel Planning

Determine the required coverage area and the Assign non-overlapping channels to adjacent
number of clients that need to be supported. access points to minimize co-channel
Conduct site surveys to identify dead zones, interference. In the 2.4 GHz band, use channels 1,
sources of interference, and optimal AP 6, and 11; in the 5 GHz band, maintain separation
placement. between channels used by neighboring APs.

3 Power Management 4 Roaming and Mobility

Adjust the transmit power of access points to Ensure sufficient cell overlap (15-20%) to allow
control cell size and overlap. Higher power isn't clients to roam seamlessly between access points.
always better4it can increase interference Implement technologies like 802.11r (Fast
between cells and may not help clients with lower Transition), 802.11k (Radio Resource
transmit power capabilities. Management), and 802.11v (Wireless Network
Management) to improve roaming performance.
Network Security Fundamentals
Network security encompasses the policies, practices, and technologies designed to protect network
infrastructure, data integrity, and system access from unauthorized use, misuse, modification, or denial of network
resources. As networks grow more complex and threats become more sophisticated, implementing a
comprehensive security strategy becomes increasingly critical.

The CIA Triad

The CIA triad4Confidentiality, Integrity, and Availability4forms the foundation of information security principles.

Integrity
Maintaining the accuracy,
consistency, and trustworthiness
of data throughout its lifecycle.
Confidentiality 2 Hash functions, digital signatures,
Ensuring that sensitive
and checksums help verify that
information is accessible only to
authorized individuals.
1 data hasn't been altered.

Technologies like encryption,

Availability
access controls, and
Ensuring that systems, networks,
authentication mechanisms help
and data are accessible when
maintain confidentiality.
3 needed by legitimate users.
Redundancy, fault tolerance, and
disaster recovery planning help
maintain availability.

Common Network Threats

Malware Social Engineering

Malicious software includes viruses, worms, trojans, Manipulating people into divulging confidential
ransomware, spyware, and rootkits. Malware can information or performing actions that compromise
compromise systems, steal data, encrypt files, or security. Phishing, pretexting, baiting, and tailgating
provide unauthorized access to attackers. are common social engineering techniques.

Man-in-the-Middle (MitM) Attacks Denial of Service (DoS) Attacks

Intercepting communications between two parties Overwhelming network resources to make services
without their knowledge. Attackers can eavesdrop, unavailable to legitimate users. Distributed DoS
modify data in transit, or impersonate legitimate (DDoS) attacks use multiple compromised systems
systems. to launch coordinated attacks.

Advanced Persistent Insider Threats Zero-Day Exploits

Threats (APTs) Security risks posed by Attacks targeting previously
Prolonged, targeted attacks individuals with legitimate unknown vulnerabilities in
where adversaries gain and access to an organization's software or hardware before
maintain unauthorized access to network, systems, or data. These developers can create and
networks over extended periods. could be current or former distribute patches. These are
APTs typically involve employees, contractors, or particularly dangerous because
sophisticated techniques and business partners who misuse traditional security measures
are often sponsored by nation- their access privileges. may not detect them.
states or well-funded criminal
organizations.

Network Security Technologies and Controls

Firewalls Intrusion Detection and Security Information and

Prevention Systems (IDS/IPS) Event Management (SIEM)
Firewalls monitor and control
incoming and outgoing network IDS monitors network traffic for SIEM systems collect, analyze, and
traffic based on predetermined suspicious activity and alerts correlate security event data from
security rules. They act as a barrier administrators, while IPS actively various sources across the
between trusted internal networks blocks or prevents such activity. network. They provide real-time
and untrusted external networks Both use signature-based analysis, alerting, and reporting to
like the internet. detection (known patterns of help organizations detect and
malicious activity) and anomaly- respond to security incidents.
Types of Firewalls: based detection (deviations from
normal behavior). Encryption
Packet Filtering Firewalls:
Examine packets and allow or Encryption converts data into a
Virtual Private Networks
deny based on form that unauthorized parties
(VPNs)
source/destination addresses, cannot read without the proper
ports, and protocols VPNs create encrypted tunnels for decryption key. It protects data
Stateful Inspection Firewalls: secure communication over public both in transit (TLS/SSL, IPsec) and
Track the state of active networks like the internet. They at rest (disk encryption, file
connections and make provide confidentiality, integrity, encryption).
decisions based on context and authentication for transmitted
data, allowing remote users to Multi-Factor Authentication
Application Layer Firewalls:
securely access private networks. (MFA)
Inspect and filter traffic based
on application-specific data MFA requires users to provide two
Network Access Control
or more verification factors to gain
Next-Generation Firewalls (NAC)
access, typically something they
(NGFWs): Combine traditional
NAC solutions enforce security know (password), something they
firewall capabilities with
additional features like policies by restricting network have (security token), and/or
access based on user identity, something they are (biometric).
intrusion prevention,
device posture, and compliance This significantly reduces the risk
application awareness, and
threat intelligence with security requirements. They of unauthorized access even if
can quarantine non-compliant passwords are compromised.
devices and remediate security
issues before granting full access.

Security Policies and Best Practices

Defense in Depth 1
Implement multiple layers of security controls
throughout the network. This strategy ensures
that if one security measure fails, others are in 2 Principle of Least Privilege
place to protect assets. Layers should include Grant users and systems only the minimum
physical security, perimeter security, network permissions necessary to perform their
security, endpoint security, application security, functions. Regularly audit and review access
and data security. rights, especially for privileged accounts, and
immediately revoke access when no longer
needed.
Regular Updates and Patch Management 3
Maintain a systematic approach to applying
security patches and updates to operating
systems, applications, firmware, and network
devices. Unpatched vulnerabilities are among
4 Security Awareness Training
the most common attack vectors.
Educate users about security risks, safe
computing practices, and how to recognize
and report suspicious activities. Human error
Incident Response Planning 5 remains one of the biggest security
Develop and regularly test procedures for vulnerabilities in most organizations.
responding to security incidents. An effective
incident response plan includes steps for
identification, containment, eradication, 6 Regular Security Assessments
recovery, and lessons learned. Conduct vulnerability assessments and
penetration testing to identify and address
security weaknesses before they can be
exploited. Both internal and external testing
should be performed on a regular schedule.

Regulatory Compliance

Organizations must often comply with various regulatory requirements related to network security and data
protection. Some major regulations include:

GDPR (General Data Protection Regulation): European Union regulation on data protection and privacy
HIPAA (Health Insurance Portability and Accountability Act): US regulation protecting health information
PCI DSS (Payment Card Industry Data Security Standard): Security standard for organizations handling credit
card data
SOX (Sarbanes-Oxley Act): US law requiring specific financial record-keeping and reporting for public
companies
NIST Cybersecurity Framework: Voluntary framework of standards and best practices to manage cybersecurity
risk
Troubleshooting and Network Management
Effective network troubleshooting and management are essential skills for maintaining reliable network
infrastructure. This section explores systematic approaches to problem-solving, essential tools and techniques,
network monitoring, and management practices that help ensure optimal network performance and availability.

Network Troubleshooting Methodology

A structured approach to troubleshooting helps resolve network issues efficiently and effectively. Following a
systematic methodology reduces downtime and prevents the introduction of new problems during the
troubleshooting process.

Identify the Problem

Gather information about the issue, including when it started, who is affected, what systems or services are
impacted, and any recent changes that might have triggered the problem. Ask specific questions to narrow
down the scope and nature of the issue.

Establish a Theory of Probable Cause

Based on the symptoms and collected information, develop theories about potential causes. Consider both
the most obvious explanations and less apparent possibilities. Prioritize theories based on likelihood and
the potential impact of the issue.

Test the Theory

Perform tests to confirm or eliminate each theory. Start with simple, non-invasive tests before
proceeding to more complex or disruptive ones. Document each test and its results for future reference.

Establish a Plan of Action

Once the cause is identified, develop a plan to resolve the issue. Consider the potential impact of the
solution, required resources, and any necessary approvals. Create a rollback plan in case the solution
causes unexpected problems.

Implement the Solution

Execute the planned solution carefully, documenting each step. Monitor the effects of changes to
ensure they resolve the issue without creating new problems.

Verify System Functionality

Test the affected systems thoroughly to ensure they are functioning correctly. Confirm with users that the
issue has been resolved to their satisfaction.

Document the Process

Record the problem, cause, solution, and any lessons learned. This documentation helps with future
troubleshooting, training, and process improvement.

Common Network Issues and Symptoms

Symptom Possible Causes Troubleshooting Approach

Complete network outage Hardware failure, power issues, Check physical connections,
ISP problems, configuration power, ISP status; review recent
errors configuration changes

Intermittent connectivity Loose cables, interference, Monitor for patterns, check cable
overloaded network, hardware connections, look for sources of
issues interference

Slow network performance Bandwidth saturation, broadcast Use monitoring tools to identify
storms, hardware limitations, bottlenecks, check for unusual
misconfiguration traffic patterns

DNS resolution failures DNS server issues, Verify DNS settings, test DNS
misconfiguration, connectivity server functionality, check for
problems connectivity to DNS servers

Authentication failures Expired credentials, account Check user credentials, verify

lockouts, authentication server authentication server status,
issues review security logs

Specific application issues Application bugs, compatibility Isolate the application, verify
problems, resource constraints requirements, check application
logs

Essential Network Troubleshooting Tools and Commands

Ping Traceroute/Tracert nslookup/dig Packet Analyzers

Tests basic connectivity by Maps the path that Queries DNS servers to Tools like Wireshark
sending ICMP Echo packets take from source retrieve domain name or capture and analyze
Request messages to a to destination, showing IP address mapping network traffic at a
target host. Useful for each hop along the way. information. Useful for detailed level. They allow
verifying that a device is Helps identify where in troubleshooting DNS you to inspect individual
reachable on the network the network path a resolution issues. packets to diagnose
and measuring round-trip problem might exist. Example: nslookup protocol issues,
time. Example: ping Example: tracert www.example.com or malformed packets, or
192.168.1.1 or ping www.example.com dig www.example.com unexpected network
www.example.com (Windows) or traceroute behavior.
www.example.com
(Linux/macOS)

ipconfig/ifconfig netstat SSH/Telnet arp

Displays current network Shows active network Provides remote access to Displays and modifies the
configuration information connections, listening network devices for ARP cache, which maps
for network interfaces. ports, and network configuration and IP addresses to MAC
Useful for verifying IP statistics. Helps identify troubleshooting. SSH is addresses. Useful for
address, subnet mask, what applications are the secure, preferred troubleshooting IP
default gateway, and DNS using the network and option, while Telnet is address conflicts and
server settings. Example: potential connection unencrypted and should connectivity issues at the
ipconfig /all (Windows) or issues. Example: netstat - only be used in secure data link layer. Example:
ifconfig -a (Linux) an environments. Example: arp -a
ssh admin@192.168.1.1

Network Monitoring and Management

Proactive network monitoring and management help identify and address potential issues before they cause
significant problems. Effective network management encompasses several key areas:

Performance Monitoring Configuration Management Capacity Planning

Continuously tracking network Maintaining accurate records of Analyzing current network usage
metrics like bandwidth utilization, network device configurations and and anticipating future needs to
latency, packet loss, and controlling changes to ensure ensure sufficient resources are
throughput to establish baselines consistency and compliance. Best available. Key components include:
and detect abnormal behavior. practices include:
Analyzing historical traffic
Common tools include:
Documenting all network patterns and growth trends
SNMP (Simple Network configurations in a central Monitoring resource utilization
Management Protocol): repository (bandwidth, CPU, memory)
Standard protocol for collecting Implementing change Forecasting future
and organizing information management procedures requirements based on
about managed devices on
Automating configuration business plans
networks
backups Planning upgrades and
NetFlow/sFlow: Network
Using configuration expansions proactively
protocols for collecting IP traffic
management tools like Ansible, Implementing Quality of
information
Puppet, or Chef Service (QoS) to manage
PRTG, Nagios, Zabbix,
Conducting regular bandwidth effectively
SolarWinds: Comprehensive
configuration audits
network monitoring platforms

Network Documentation

Comprehensive network documentation is essential for effective troubleshooting, management, and planning.
Documentation should be kept up-to-date and easily accessible to relevant personnel.

1 Network Topology Diagrams 2 Asset Inventory

Visual representations of the physical and logical Detailed records of all network hardware and
network layout, showing connections between software, including make, model, serial numbers,
devices, IP addressing schemes, and network firmware/software versions, warranty information,
segments. These should be updated whenever support contracts, and physical locations.
changes are made to the network.

3 Configuration Standards 4 Procedures and Policies

Documented standards for device configurations, Step-by-step procedures for common tasks such
ensuring consistency across the network and as adding new devices, performing changes, and
compliance with security policies. These should responding to incidents. Also, policies governing
include templates for routers, switches, firewalls, network usage, security requirements, and access
and other network devices. controls.

Network Management Best Practices

Implement Change Management Conduct Regular Maintenance

Establish formal processes for requesting, Schedule routine maintenance activities like
approving, implementing, and reviewing network firmware updates, security patching, physical
changes. This reduces the risk of service disruptions inspections, and performance optimization. Regular
caused by unauthorized or poorly planned changes. maintenance helps prevent failures and ensures
optimal network operation.

Create and Test Backups Plan for Disaster Recovery

Regularly back up device configurations, Develop and regularly test comprehensive disaster
documentation, and critical network data. recovery plans that address various scenarios, from
Periodically test the restoration process to ensure isolated device failures to site-wide outages. Include
backups are valid and recoverable in an emergency. clear procedures, roles and responsibilities, and
recovery time objectives.

Effective network troubleshooting and management require a combination of technical knowledge, structured
methodologies, appropriate tools, and documented processes. By adopting these practices, organizations can
maintain reliable network infrastructure, minimize downtime, and quickly resolve issues when they do occur.