Chapter 11
Reading Organizer
After completion of this chapter, you should be able to:








Identify the devices and protocols used in a small network
Explain how a small network serves as the basis of larger networks.
Explain the need for basic security measures on network devices.
Identify security vulnerabilities and general mitigation techniques
Use the output of ping and tracert commands to establish relative network performance.
Use basic show commands to verify the configuration and status of a device interface.
Explain the file systems on Routers and Switches.
Apply the commands to back up and restore an IOS configuration file.
11.1 Create and Grow
1. What are the factors to consider when planning a small network?
a. Cost
b. Speed and types of port/interfaces
c. Expandability
d. Operating system features and services
2. Planning and documenting the IP addressing scheme helps the administrator to track device types.
Explain two reasons why this is important.
a. If all servers are assigned a host address between ranges of 50-100, it is easy to identify
server traffic by IP address. This can be very useful when troubleshooting network traffic issues
using a protocol analyzer.
b. Additionally, administrators are better able to control access to resources on the network
based on IP address when a deterministic IP addressing scheme is used.
3. How can redundancy can be accomplished in a network environment?
By installing duplicate equipment, but it can also be accomplished by supplying duplicate
network links for critical areas,
4. The smaller the network, the less the chance that redundancy of equipment will be affordable. What
is a common way to a common way to introduce redundancy in a small network?
1
Through the use of redundant switch connections between multiple switches on the network
and between switches and routers.
5. To help ensure availability to network services, the network designer should take the following
steps:
Step 1 - Secure file and mail servers in a centralized location.
Step 2 - Protect the location from unauthorized access by implementing physical and logical
security measures.
Step 3 - Create redundancy in the server farm that ensures if one device fails, files are not lost.
Step 4 - Configure redundant paths to the servers.
6. There are two forms of software programs or processes that provide access to the network. List and
explain both.
a. Network applications –
Applications are the software programs used to communicate over the network.
b. Application layer services –
Other programs may need the assistance of application layer services to use network resources,
like file transfer or network print spooling. Though transparent to an employee, these services
are the programs that interface with the network and prepare the data for transfer.
7. What is the purpose of Network protocols?
Network protocols support the applications and services used by employees in a small network.
8. List the common network protocols and add a brief description of the network services each
provides.
a. DNS –
Service that provides the IP address of a web site or domain name so a host can connect to it
b. Telnet –
Service that allows administrators to login to a host from a remote location and control the
host as though they were logged in locally
2
c. IMAP, SMTP, POP (email) –
Uses Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3), or Internet Message
Access Protocol (IMAP). Used to send email messages from clients to servers over the Internet
d. DHCP –
Service that assigns the IP address, subnet mask, default gateway, and other information to
clients
e. HTTP –
Hypertext Transfer Protocol (HTTP)
Used to transfer information between web clients and web servers
Most web pages are accessed using HTTP
f. FTP –
Service that allows for the download and upload of files between a client and server
9. What is a concern when implementing Real-time applications?
They require more planning and dedicated services (relative to other types of data) to ensure
priority delivery of voice and video traffic.
10. Explain how VoIP works?
Real-time applications require more planning and dedicated services (relative to other types of
data) to ensure priority delivery of voice and video traffic.
11. How is IP Telephony different than VoIP?
In IP telephony, the IP phone itself performs voice-to-IP conversion. Voice-enabled routers are
not required within a network with an integrated IP telephony solution.
12. To transport streaming media effectively, the network must be able to support applications that
require delay-sensitive delivery. List two protocols that support this requirement.
a. Real-Time Transport Protocol (RTP)
b. Real-Time Transport Control Protocol (RTCP)
13. List and explain the elements required to scale a network.
a. Network documentation –
physical and logical topology
b. Device inventory –
3
list of devices that use or comprise the network
c. Budget –
itemized IT budget, including fiscal year equipment purchasing budget
d. Traffic analysis –
protocols, applications, and services and their respective traffic requirements should be
documented
14. What enables a network professional to quickly compile statistical information about traffic flows
on a network?
Protocol analyzers
15. To determine traffic flow patterns, it is important to:
a. Capture traffic during peak utilization times to get a good representation of the different
traffic types.
b. Perform the capture on different network segments, because some traffic will be local to a
particular segment.
16. Information gathered by the protocol analyzer is analyzed based on what?
a. the source of the traffic
b. the destination of the traffic
c. the type of traffic being sent
17. In addition to understanding changing traffic trends, a network administrator must also be aware
of how network use is changing. What is one method of doing this?
Taking snapshots of employee application utilization
11.2 Keeping the Network Safe
18. After the hacker gains access to the network, four types of threats may arise. Thses are:
a. Information theft
b. Identity theft
c. Data loss/manipulation
d. Disruption of service
19. List and explain the four classes of physical threats.
a. Hardware threats –
physical damage to servers, routers, switches, cabling plant, and workstations
4
b. Environmental threats –
temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)
c. Electrical threats –
voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total
power loss
d. Maintenance threats –
poor handling of key electrical components (electrostatic discharge), lack of critical spare parts,
poor cabling, and poor labeling
20. There are three network security factors. These are:
a. vulnerability
b. threat
c. attack
21. What is network vulnerability?
Vulnerability is the degree of weakness which is inherent in every network and device.
22. What do network threats include?
The people interested and qualified in taking advantage of each security weakness.
23. There are three primary vulnerabilities or weaknesses. These are:
a. Technological
b. Configuration
c. Security policy
24. List and explain the three main types of malicious code attacks?
a. Viruses –
A virus is malicious software that is attached to another program to execute a particular
unwanted function on a workstation.
b. Trojan horses –
A Trojan horse is different only in that the entire application was written to look like something
else, when in fact it is an attack tool.
c. Worms –
Worms are self-contained programs that attack a system and try to exploit a specific
vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its
program from the attacking host to the newly exploited system to begin the cycle again.
5
25. Explain the three step process of a worm attack.
a. The enabling vulnerability –
A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users
who opens unverified executable attachments in emails.
b. Propagation mechanism –
After gaining access to a host, a worm copies itself to that host and then selects new targets.
c. Payload –
After a host is infected with a worm, the attacker has access to the host, often as a privileged
user. Attackers could use a local exploit to escalate their privilege level to administrator.
26. Network attacks can be classified into three major categories. List and explain each.
a. Reconnaissance attacks –
the unauthorized discovery and mapping of systems, services, or vulnerabilities
b. Access attacks –
the unauthorized manipulation of data, system access, or user privileges
c. Denial of service –
the disabling or corruption of networks, systems, or services
27. List several samples of Reconnaissance attacks.
a. Internet queries
b. Ping Sweeps
c. Port Scans
d. Packet Sniffers
28. List several samples of Access attacks.
a. Password attack
b. Trust attack
c. Port Redirection
d. Man-in-the-Middle
29. List several samples of Denial of Service attacks.
a. DoS attack
b. Ping of Death
c. SYN Flood
d. DDoS
e. Smurf Attack
6
30. List and explain the recommended steps for worm attack mitigation.
a. Containment –
Contain the spread of the worm within the network. Compartmentalize uninfected parts of the
network.
b. Inoculation –
Start patching all systems and, if possible, scanning for vulnerable systems.
c. Quarantine –
Track down each infected machine inside the network. Disconnect, remove, or block infected
machines from the network.
d. Treatment –
Clean and patch each infected system. Some worms may require complete core system
reinstallations to clean the system.
31. What is the most effective way to mitigate a worm attack?
Download security updates from the operating system vendor and patch all vulnerable systems
32. What is one solution to the management of critical security patches?
Create a central patch server that all systems must communicate with after a set period of time
33. AAA, or “triple A” network security services provide the primary framework to set up access control
on a network device. List and explain what the AAA represents?
a. Authentication –
who is permitted to access a network
b. authorization –
what they can do while they are there
c. accounting –
to watch the actions they perform while accessing the network
34. List and explain the two most popular options for external authentication of users.
a. RADIUS –
is an open standard with low use of CPU resources and memory. It is used by a range of
network devices, such as switches, routers, and wireless devices.
7
b. TACACS+ is a security mechanism that enables modular authentication, authorization, and accounting
services. It uses a TACACS+ daemon running on a security server.
35. Firewall products use various techniques for determining what is permitted or denied access to a
network. List and explain the techniques firewalls use.
a. Packet filtering –
Prevents or allows access based on IP or MAC addresses.
b. Application filtering –
Prevents or allows access by specific application types based on port numbers.
c. URL filtering –
Prevents or allows access to websites based on specific URLs or keywords.
d. Stateful packet inspection (SPI) –
ncoming packets must be legitimate responses to requests from internal hosts. Unsolicited
packets are blocked unless permitted specifically. SPI can also include the capability to
recognize and filter out specific types of attacks such as denial of service (DoS).
36. Firewall products come packaged in various forms. List and explain each.
a. Appliance-based firewalls –
An appliance-based firewall is a firewall that is built-in to a dedicated hardware device known
as a security appliance.
b. Server-based firewalls –
A server-based firewall consists of a firewall application that runs on a network operating
system (NOS) such as UNIX or Windows.
c. Integrated firewalls –
An integrated firewall is implemented by adding firewall functionality to an existing device,
such as a router.
d. Personal firewalls –
Personal firewalls reside on host computers and are not designed for LAN implementations.
They may be available by default from the OS or may come from an outside vendor.
8
37. Securing endpoint devices is one of the most challenging jobs of a network administrator, because
it involves human nature. What must a company have to accomplish this task?
A company must have well-documented policies in place and employees must be aware of
these rules.
38. Endpoint security also requires securing Layer 2 devices in the network infrastructure to prevent
against Layer 2 attacks such as MAC address spoofing, MAC address table overflow attacks, and LAN
storm attacks. This is known as:
Attack mitigation
39. What are some simple steps that should be taken that apply to most operating systems?
a. Default usernames and passwords should be changed immediately.
b. Access to system resources should be restricted to only the individuals that are authorized to
use those resources.
c. Any unnecessary services and applications should be turned off and uninstalled, when
possible.
40. To protect network devices, it is important to use strong passwords. What are standard guidelines
for creating strong passwords?
a. Use a password length of at least 8 characters, preferably 10 or more characters. A longer
password is a better password.
b. Make passwords complex. Include a mix of uppercase and lowercase letters, numbers,
symbols, and spaces, if allowed.
c. Avoid passwords based on repetition, common dictionary words, letter or number
sequences, usernames, relative or pet names, biographical information, such as birthdates, ID
numbers, ancestor names, or other easily identifiable pieces of information.
d. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security =
5ecur1ty.
e. Change passwords often. If a password is unknowingly compromised, the window of
opportunity for the attacker to use the password is limited.
9
f. Do not write passwords down and leave them in obvious places such as on the desk or
monitor.
41. Which Cisco IOS command prevents unauthorized individuals from viewing passwords in plaintext
in the configuration file?
service password-encryption
42. Which Cisco IOS command ensures that all configured passwords are a minimum of a specified
length?
security passwords min-length
43. Telnet is an unsecure method of accessing a Cisco device “in band”. What is a better method?
SSH
11.3 Basic Network Performance
44. Which command is an effective way to test connectivity?
Ping
45. A ping issued from the IOS will yield one of several indications for each ICMP echo that was sent.
List and explain the most common indicators.
a. ! –
indicates receipt of an ICMP echo reply message
b. . –
indicates a time expired while waiting for an ICMP echo reply message
c. U –
an ICMP unreachable message was received
46. Explain what pinging the loopback address 127.0.0.1 does.
This verifies the proper operation of the protocol stack from the network layer to the physical
layer - and back - without actually putting a signal on the media.
47. Why would a network administrator enter a longer timeout period than the default when running
an extended ping from a router?
10
It allows for possible latency issues to be detected. If the ping test is successful with a longer
value, a connection exists between the hosts, but latency may be an issue on the network.
48. What is a network baseline?
A baseline is a process for studying the network at regular intervals to ensure that the network
is working as designed.
49. What does the Microsoft command tracert or the Cisco IOS command traceroute accomplish?
A trace returns a list of hops as a packet is routed through a network.
50. Network technicians use show commands extensively for:
a. Viewing configuration files
b. Checking the status of device interfaces and processes
c. Verifying the device operational status
51. List some of the most popular Cisco IOS show commands.
a. show running-config
b. show interfaces
c. show arp
d. show ip route
e. show protocols
f. show version
52. List the output from the show version command.
a. IOS version
b. Bootstrap version
c. IOS image file
d. Model and CPU
e. Amount of RAM
f. Number and type of interfaces
g. Amount of NVRAM
h. Amount of flash
53. What does the show version command on a switch display?
11
Information about the currently loaded software version, along with hardware and device
information.
54. What information does the ipconfig command give you?
a. IP address
b. Subnet Mask
c. Default gateway
55. What is the purpose of the arp command?
The arp command enables the creation, editing, and display of mappings of physical addresses
to known IPv4 addresses.
56. Explain in detail what happens when a Cisco device boots up and has CDP enabled.
When a Cisco device boots up, CDP starts up by default. CDP automatically discovers
neighboring Cisco devices running CDP, regardless of which Layer 3 protocol or suites are
running. CDP exchanges hardware and software device information with its directly connected
CDP neighbors.
57. List and explain what information CDP provides about each CDP neighbor device.
a. Device identifiers –
For example, the configured host name of a switch
b. Address list –
Up to one network layer address for each protocol supported
c. Port identifier –
The name of the local and remote port-in the form of an ASCII character string such as
ethernet0
d. Capabilities list –
For example, whether this device is a router or a switch
e. Platform –
The hardware platform of the device; for example, a Cisco 1841 series router
58. What does the show cdp neighbors detail command reveal about a neighboring device?
the IP address
12
59. What command can you use to disable CDP globally?
no cdp run
60. What does the show ip interface brief output display?
a. all interfaces on the router
b. the IP address assigned to each interface
c. the operational status of the interface
61. Write in the correct show command to go with each scenario.
11.4 Managing IOS Configuration Files
62. What is the purpose of the Cisco IOS File System (IFS)?
It provides a single interface to all the file systems a router uses
63. Which command can be used to view the file systems on a Catalyst switch or Cisco router?
13
show file systems
64. Configuration files can be saved/archived to a text file using Tera Term. What are the steps
involved?
Step 1. On the File menu, click Log.
Step 2. Choose the location to save the file. Tera Term will begin capturing text.
Step 3. After capture has been started, execute the show running-config or show startup-config
command at the privileged EXEC prompt. Text displayed in the terminal window will be directed
into the chosen file.
Step 4. When the capture is complete, select Close in the Tera Term: Log window.
Step 5. View the file to verify that it was not corrupted.
65. Where can backup configuration files can be stored?
a. on a Trivial File Transfer Protocol (TFTP) server
b. a USB drive
66. To be compatible with a Cisco router, a USB flash drive must be formatted in a FAT16 format.
67. When backing up to a USB port, it is a good idea to issue the show file systems command to verify
that the USB drive is there and confirm the name
68. What command do you use to copy the configuration file to the USB flash drive?
copy run usbflash0:/
11.5 Integrated Routing Services
69. What is an integrated router (ISR)?
It is a single device that has several different devices connected together.
70. What is a wireless SSID?
The SSID is a case-sensitive, alpha-numeric name for your home wireless network.
71. How can you have multiple ISRs operate in close proximity?
Multiple APs can function in close proximity to one another as long as they use different
channels for communication.
14
72. What are some basic security measures you can take with and ISR?
a. Change default values for the SSID, usernames, and passwords
b. Disable broadcast SSID
c. Configure encryption using WEP or WPA
73. What is WEP?
WEP is an advanced security feature that encrypts network traffic as it travels through the air.
74. Why is WPA a better choice than WEP?
WPA generates new, dynamic keys each time a client establishes a connection with the AP.
75. Other security implementations that can be configured on a wireless AP include:
a. MAC address filtering
b. authentication
c. traffic filtering
15