Cover
Half Title
Title Page
Copyright Page
Table of Contents
Preface
Author
Chapter 1: Networking: Fundamental Concepts
1.1 Introduction
1.1.1 Learning Objectives
1.2 Network Elements
1.2.1 Host
1.2.1.1 Client-Server Mode
1.2.1.2 Peer-to-
Peer
(P2P) Mode
1.2.1.3 Network Interface Card
1.2.2 Intermediary Device
1.2.2.1 Intra-Networking
vs. Inter-Networking
Devices
1.2.2.2 Other Differences
1.2.3 Network Link
1.2.3.1 Link Types
1.2.3.2 Access Link vs. Trunk Link
1.2.4 Application
1.2.4.1 Application Types and Network Performance
1.2.5 Data/Message
1.2.6 Protocol
1.2.6.1 HTTP Example
1.2.6.2 Standard vs. Proprietary Protocol
1.3 Modes of Communication
1.3.1 Methods of Data Distribution
1.3.1.1 Unicasting
1.3.1.2 Broadcasting
1.3.1.3 Multicasting
1.3.2 Directionality in Data Exchange
1.3.2.1 Simplex
1.3.2.2 Duplex
1.4 Network Topology
1.4.1 Point-to-Point Topology
1.4.2 Bus Topology
1.4.3 Ring Topology
1.4.4 Star (Hub-and- Spoke) Topology
1.4.5 Mesh Topology
1.4.6 Tree (or Hierarchical) Topology
1.4.7 Notes on Hybrid Network Deployment
1.5 Classification of Networks
1.5.1 Personal Area Network (PAN)
1.5.2 Local Area Network (LAN)
1.5.3 Metropolitan Area Network (MAN)
1.5.4 Wide Area Network (WAN)
1.5.5 Note on the Enterprise Network
1.5.6 Note on the Internet of Things (IoT)
1.6 Subnetwork vs. Internetwork
1.6.1 Internetwork: Scenario 1
1.6.2 Internetwork: Scenario 2
1.7 Measures of Network Performance
1.7.1 Capacity
1.7.1.1 Data Types and Data Rate
1.7.1.2 Channel Capacity and Throughput
1.7.2 Delay
1.7.2.1 Delay Sources
1.7.3 Reliability
1.7.3.1 Corrupted or Lost Data
1.7.3.2 Network Unavailability
1.7.4 Quality of Service (QoS)
1.8 Numbering Systems
1.8.1 Binary vs. Decimal
1.8.2 Binary vs. Hexadecimal (Extra)
1.9 Network Addressing
1.9.1 MAC Address
1.9.2 IP Address
1.9.3 Pairing of MAC and IP Addresses
1.10 Data Transmission Technologies
1.10.1 Data Encoding/Decoding
1.10.2 Signal Encoding/Decoding
1.10.2.1 Digital Signal Encoding
1.10.2.2 Analog Signal Encoding
1.10.2.2.1 Properties of an Analog Signal
1.10.2.2.2 Modulation
1.10.3 Bandwidth
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 1.1
Exercise 1.2
Exercise 1.3
Exercise 1.4
Exercise 1.5
Exercise 1.6
Exercise 1.7
Exercise 1.8
Exercise 1.9
Exercise 1.10
Chapter 2: Cybersecurity: Fundamentals
2.1 Introduction
2.1.1 Learning Objectives
2.2 What Are We Trying to Protect?
2.2.1 Motive of Threat Actors
2.2.2 Asset Types
2.2.3 Data/Information Protection
2.3 Entities of a Cybersecurity Program
2.3.1 People
2.3.2 Products
2.3.3 Policies and Procedures
2.4 Key Terms of Cybersecurity
2.4.1 Threat
2.4.2 Threat/Attack Agent or Actor
2.4.3 Threat/Attack Vector
2.4.4 Vulnerability
2.4.5 Risk
2.5 Threat Agent/Actor Types
2.5.1 Cybercriminals
2.5.2 Script Kiddies
2.5.3 Hactivists
2.5.4 Insiders
2.5.5 State-Sponsored Attackers
2.6 Threat Types
2.7 Vulnerability Types
2.7.1 Software Vulnerabilities
2.7.2 Weak or Mis-Configuration
2.7.3 Hardware Vulnerabilities
2.7.4 Non-Technical Vulnerabilities
2.8 Risk Mitigation Strategies
2.8.1 Risk Avoidance
2.8.2 Risk Mitigation (or Reduction)
2.8.3 Risk Acceptance
2.8.4 Risk Deterrence
2.8.5 Risk Transference
2.9 Data Protection Requirements: CIA
2.9.1 Confidentiality (or Privacy)
2.9.2 Integrity
2.9.3 Availability
2.10 Data Protection Requirements: AAA
2.10.1 Authentication
2.10.1.1 Based on βWhat You Knowβ
2.10.1.2 Based on βWhat You Haveβ
2.10.1.3 Based on βWhat You Areβ
2.10.1.4 Based on βWhat You Doβ
2.10.1.5 Based on βWhere You Areβ
2.10.2 Access Control/Authorization
2.10.3 Accounting
2.10.4 Procedural Views
2.11 Principles of Cyber Defense
2.11.1 Layering (Defense-in-Depth) Principle
2.11.1.1 Protection Layers
2.11.1.2 Technical Measures and Organizational Initiatives
2.11.1.3 Security Policies and Procedures
2.11.1.4 Security Awareness and Training
2.11.1.5 Information Security Self-Assessment
2.11.1.6 Regulatory Compliance Assessment
2.11.1.7 Disaster Recovery Plan
2.11.2 Limiting Principle
2.11.3 Simplicity Principle
2.11.4 Diversity Principle
2.11.5 Obscurity Principle
2.12 Cyber Kill Chain β Attack Procedure
2.12.1 Pre-Compromise Phase
2.12.1.1 Reconnaissance
2.12.1.2 Weaponization
2.12.1.3 Malware Delivery
2.12.2 Compromise Phase
2.12.2.1 Vulnerability Exploitation
2.12.2.2 Malware Installation
2.12.3 Post-Compromise Phase
2.12.3.1 Command and Control (C&C)
2.12.3.2 Actions on Objectives
2.12.4 Additional Notes
2.13 WWW, Deep Web, and Dark Web
2.13.1 WWW and Surface Web
2.13.2 Deep Web
2.13.3 Dark Web
2.14 Search Engine as a Hacking Tool
2.14.1 Spiders
2.14.2 Gathering Webpage Information
2.14.3 Indexing
2.14.4 Search Engine as a Hacking Tool
2.15 Social Engineering: Less Technical but Lethal
2.15.1 Phishing
2.15.1.1 Phishing Schemes
2.15.2 Spam
2.15.2.1 Definition
2.15.2.2 Spam Bot and Anti-Spam
2.15.2.3 Case: Spamβs Global Supply Chain Network
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 2.1
Exercise 2.2
Exercise 2.3
Exercise 2.4
Exercise 2.5
Chapter 3: Essential Layers of Computer Networking
3.1 Introduction
3.1.1 Learning Objectives
3.2 TCP/IP vs. OSI
3.2.1 Standard Architecture
3.2.1.1 TCP/IP
3.2.1.2 OSI
3.2.1.3 TCP/IP vs. OSI
3.2.1.4 Layers and Core Functions
3.2.2 Standard and Protocol
3.2.3 Protocol Data Unit (PDU)
3.3 Layer Functions: An Analogy
3.4 Layer Processing
3.4.1 Repetitive Encapsulations
3.4.2 R epetitive De-E
ncapsulations
3.5 Application Layer (Layer 5)
3.5.1 HTTP Demonstration
3.5.2 Select Application-Layer
Protocols
3.6 Transport Layer (Layer 4)
3.6.1 Provision of Data Integrity
3.6.1.1 Error Control
3.6.1.2 Flow Control
3.6.1.3 TCP and Data Integrity
3.6.1.4 UDP and Data Integrity
3.6.2 Session Management
3.6.2.1 Session vs. No-Session
3.6.2.2 Session Management by TCP
3.6.2.3 TCP Session in Real Setting
3.6.2.4 Application-Layer
Protocols and TCP
3.6.3 Port Management
3.6.3.1 Port Types and Ranges
3.6.3.2 Source vs. Destination Port
3.6.3.3 Socket
3.7 Internet Layer (Layer 3)
3.7.1 Packet Creation
3.7.2 Packet Routing Decision
3.7.3 Perform Supervisory Functions
3.7.3.1 Ping Utility
3.8 Data Link Layer (Layer 2)
3.8.1 LAN Data Link
3.8.1.1 Frame and Switching
3.8.1.2 Link Types
3.8.1.3 Technology Standard(s)
3.8.1.4 Single Active Delivery Path
3.8.1.5 Frameβs MAC Addresses
3.8.2 WAN Data Link
3.9 Physical Layer (Layer 1)
3.10 Layer Implementation
3.10.1 Application Layer
3.10.2 Transport and Internet Layers
3.10.3 Data Link and Physical Layers
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 3.1
Exercise 3.2
Exercise 3.3
Exercise 3.4
Exercise 3.5
Chapter 4: IP Address Planning and Management
4.1 Introduction
4.1.1 Learning Objectives
4.2 Governance of IP Address Space
4.2.1 IP Allocation Procedure
4.3 IPv4 Addressing
4.3.1 IPv4 Address Structure
4.4 Classful IPv4 Address β Legacy
4.4.1 Class A Network
4.4.2 Class B Network
4.4.3 Class C Network
4.5 Classless IPv4 Address β Today
4.6 Special IP Address Ranges
4.6.1 Loopback
4.6.1.1 Internal Testing of TCP/IP Stack
4.6.1.2 Offline Testing of an Application
4.6.2 Broadcasting
4.6.2.1 Limited Broadcasting
4.6.2.2 Directed Broadcasting
4.6.2.3 Security Risk of Directed Broadcasting
4.6.3 Multicasting
4.6.4 Private IP and NAT
4.6.4.1 NAT: One-to-
One
IP Mapping
4.6.4.2 NAT: Many-to-
One
IP Mapping
4.6.4.3 Pros and Cons of NAT
4.7 Subnetting
4.7.1 Main Benefits
4.7.2 Subnetwork Addressing
4.7.2.1 Within a LAN
4.7.2.2 LAN Meets WAN
4.8 Subnet Mask
4.8.1 Definition
4.8.1.1 Examples
4.8.2 Subnetting Address Space
4.8.3 Broadcasting within a Subnet
4.9 Supernetting
4.9.1 Definition
4.9.2 Example 1
4.9.3 Example 2
4.10 Managing IP Address Space
4.10.1 Static vs. Dynamic IP Allocation
4.10.2 Obtaining Dynamic IP through DHCP
4.10.3 Determining Subnets
4.10.4 Developing IP Assignment Policy
4.11 IPv6 Addressing
4.11.1 Background
4.11.2 IPv6 Packet Structure
4.11.3 IP Addressing
4.11.3.1 Subnet Address Bits
4.11.3.2 Host Address Bits
4.11.4 Address Abbreviation
4.11.5 IPv6 vs. IPv4 Standards
4.11.6 Transition from IPv4 to IPv6
4.11.6.1 Dual IP Stacks within a Node
4.11.6.2 Direct Address Conversion
4.11.6.3 Packet Tunneling
Chapter Summary
Key Terms
Chapter Review Questions
Questions 13β17:
Hands-On Exercises
Exercise 4.1
Exercise 4.2
Exercise 4.3
Exercise 4.4
Exercise 4.5
Exercise 4.6
Chapter 5: Intermediary Devices
5.1 Introduction
5.1.1 Learning Objectives
5.2 General Properties
5.2.1 Operational Layers
5.2.2 Encapsulation and De-encapsulation
5.2.3 System Components
5.2.4 Operating System
5.2.4.1 General Attributes
5.2.4.2 Access to Operating System
5.2.4.3 Example: Ciscoβs IOS and Access Protection
5.3 Hub (Multi-Port Repeater)
5.3.1 Physical Layer Device
5.3.2 Drawbacks
5.4 Bridge and Wireless Access Point
5.4.1 Bridge Table and Frame Filtering
5.4.2 Transparent vs. Translational Bridges
5.5 Switch
5.5.1 General Features
5.5.2 One Input Port-to-One Output Port
5.5.3 Measures of Switch Capacity
5.5.4 Switch Port
5.5.4.1 Port Naming
5.5.4.2 Port Speed
5.5.5 Switch Table
5.5.5.1 Switch Table Entries
5.5.5.2 Switch Learning
5.5.5.3 Aging of Switch Table Entries
5.5.6 Switch Types
5.5.6.1 Non-Managed vs. Managed Switches
5.5.6.2 Store-and-Forward vs. Cut-Through Switches
5.5.6.3 Symmetric vs. Asymmetric Switches
5.5.6.4 Layer 2 vs. Layer 3 Switches
5.5.6.5 Fixed, Stackable, and Modular Switches
5.5.6.6 Power over Ethernet (PoE)
5.5.7 Security Issues
5.5.7.1 Safeguarding Switch Ports
5.5.7.2 Port Mirroring
5.6 Routers
5.6.1 Two Primary Functions
5.6.1.1 Routing Table Development and Update
5.6.1.2 Packet Forwarding
5.6.2 Router Ports
5.6.3 Router Port Naming
5.6.3.1 Example: Cisco Routerβs Port Naming
5.6.4 Router Port Addressing
5.6.5 Router Configuration
5.6.5.1 Basic Configuration Features
5.6.5.2 Advanced Configuration Features
5.7 Switching vs. Routing
5.7.1 Data Link Layer vs. Internet Layer
5.7.2 Connection-Oriented vs. Connection-Less
5.7.3 Single Delivery vs. Multiple Delivery Paths
5.8 Address Resolution Protocol (ARP)
5.8.1 Background
5.8.2 ARP Table
5.8.3 ARP Usage Scenarios
5.9 Collision vs. Broadcast Domains
5.9.1 Collision Domain
5.9.1.1 Definition
5.9.1.2 Collision Domain Types
5.9.2 Broadcast Domain
5.9.3 Collison vs. Broadcast Domains
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 5.1
Exercise 5.2
Exercise 5.3
Exercise 5.4
Exercise 5.5
Exercise 5.6
Exercise 5.7
Exercise 5.8
Chapter 6: Wi-Fi and Cellular Network
6.1 Introduction
6.1.1 Wireless Network Standards
6.1.2 Leaning Objectives
6.2 Standard Layers and Wi-Fi Cards
6.2.1 Data Link Layer
6.2.2 Physical Layer
6.3 Wi-Fi Setup Modes
6.3.1 Ad Hoc Mode
6.3.2 Infrastructure Mode
6.4 Wireless Access Points (APs)
6.4.1 AP in Infrastructure Mode
6.4.2 AP in Non-Infrastructure Modes
6.4.2.1 Repeater Mode
6.4.2.2 Bridge Mode
6.5 SSID, BSS, and ESS
6.5.1 Service Set Identifier (SSID)
6.5.2 BSS vs. ESS
6.5.2.1 Basic Service Set (BSS)
6.5.2.2 Extended Service Set (ESS)
6.6 Media Access Control
6.6.1 CSMA/CA
6.6.2 RTS/CTS
6.6.3 Drawbacks of CSMA/CA and RTS/CTS
6.7 Wi-Fi Frames
6.7.1 Data Frame
6.7.2 Management Frame
6.7.3 Control Frame
6.8 Wi-Fi and Radio Frequency
6.8.1 Radio Spectrum
6.8.2 Low vs. High Radio Frequency
6.8.3 Governance
6.8.4 Licensed vs. Unlicensed Radio
6.8.5 Wi-Fi Channels
6.8.6 Planning Basic Service Sets
6.9 Wi-Fi Standards
6.9.1 IEEE 802.11n (or Wi-Fi 4)
6.9.1.1 Throughput Modes
6.9.1.2 2.4/5.0 GHz Bands
6.9.1.3 Single-User MIMO (or SU-MIMO)
6.9.2 IEEE 802.11ac (or Wi-Fi 5)
6.9.2.1 5.0 GHz Band
6.9.2.2 Channel Throughput Modes
6.9.2.3 Multi-User MIMO (or MU-MIMO)
6.9.3 IEEE 802.11ax (or Wi-Fi 6)
6.9.4 Common Features and Comparison
6.10 Wi-Fi Mesh Network (IEEE 802.11S)
6.11 Wi-Fi Home/SOHO Network
6.11.1 DSL/Cable Modem
6.11.2 Wireless Access Router
6.11.3 IP Configuration
6.12 Cellular Network
6.12.1 General Architecture
6.12.1.1 Cell
6.12.1.2 Base Station
6.12.1.3 Mobile Terminal Switching Office (MTSO)
6.12.1.4 Call Channels
6.12.2 Multiple Access Technologies
6.12.2.1 FDMA (Frequency Division Multiple Access)
6.12.2.2 TDMA (Time Division Multiple Access)
6.12.2.3 CDMA (Code Division Multiple Access)
6.12.2.4 OFDMA (Orthogonal Frequency Division Multiple Access)
6.12.3 Cellular Network Generations
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 6.1
Exercise 6.2
Exercise 6.3
Exercise 6.4
Exercise 6.5
Exercise 6.6
Chapter 7: Ethernet LAN
7.1 Introduction
7.1.1 Learning Objectives
7.2 Standard Layers
7.3 Ethernet Frame
7.3.1 Frame Structure
7.3.2 Addressing Modes
7.4 Ethernet LAN Design
7.4.1 Flat vs. Hierarchical Design
7.4.1.1 Flat Design
7.4.1.2 Hierarchical Design
7.4.2 Access Layer in Hierarchical Design
7.4.2.1 Access Layer Switches
7.4.3 Distribution and Core Layers in Hierarchical Design
7.4.3.1 Full Mesh vs. Partial Mesh
7.4.3.2 Device Types
7.4.4 Benefits of Hierarchical Design
7.5 Spanning Tree Protocol (STP)
7.5.1 Link Redundancy
7.5.1.1 Importance of Having Link Redundancy
7.5.1.2 Unintended Creation of Link Redundancy
7.5.1.3 Consequence of Link Redundancy
7.5.2 Loop Detection with STP
7.5.2.1 Loop Detection Protocol
7.5.2.2 Loop Detection Mechanism
7.6 Link Aggregation
7.6.1 Link Aggregation: Scenario 1
7.6.2 Link Aggregation: Scenario 2
7.6.3 Link Aggregation Control Protocol
7.7 Virtual LANS (VLANs)
7.7.1 Background: Without VLANs
7.7.1.1 Effects of Message Broadcasting
7.7.1.2 Network Segmentation with Routers
7.7.2 VLAN Concept
7.8 VLAN Scenarios
7.8.1 Without VLANs
7.8.2 With VLANs
7.8.2.1 Define VLANs on Switches
7.8.2.2 Decide Overall Range of Trunk and Access Ports
7.8.2.3 Decide Specific Range of Access Ports for Each VLAN
7.8.2.4 Configure Access and Trunk Ports on Switches
7.8.3 Segmented Broadcast Domains
7.8.4 VLAN ID vs. Subnet Addressing
7.9 VLAN Tagging/Trunking (IEEE 802.1Q)
7.9.1 Background
7.9.2 VLAN Tagging
7.9.3 VLAN Tagging/Untagging Process
7.10 VLAN Types
7.10.1 Default VLAN
7.10.1.1 Example: Default VLAN on Cisco Switch
7.10.2 Data VLAN
7.10.2.1 Example: Data VLANs on Cisco Switch
7.10.2.2 Data VLAN and Network Security
7.10.3 Voice VLAN
7.10.3.1 Practical Implementation
7.11 Inter-VLAN Routing (Advanced: Optional Reading)
7.11.1 A Router Interface per VLAN
7.11.1.1 Scenario 1
7.11.1.2 Scenario 2
7.11.2 Sub-Interfaces/Ports
7.12 VLANs and Network Management
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 7.1
Exercise 7.2
Exercise 7.3
Exercise 7.4
Exercise 7.5
Chapter 8: Cybersecurity: Threats
8.1 Introduction
8.2 Deliver or Inject a Malicious Program
8.2.1 Virus
8.2.2 Ransomware
8.2.2.1 Locker Ransomware
8.2.2.2 Crypto Ransomware
8.2.3 Worm
8.2.3.1 Case: Sobig Worm
8.2.4 Trojan
8.2.4.1 Case: FreeVideo Player Trojan
8.2.5 Bot and Botnet
8.2.5.1 Case: Cutwail Botnet
8.2.6 Rootkit
8.2.7 Logic Bomb and Other Malware Types
8.2.8 Malware Features
8.3 Exploit Weak or Mis-Configuration
8.3.1 Failure to Enforce Strong Passwords
8.3.1.1 Brute Force Method
8.3.1.2 Dictionary Method
8.3.2 Installation of a Rogue Access Point (AP)
8.4 Abuse Networking Protocol and Embedded Functions
8.4.1 Spoofing
8.4.1.1 IP Spoofing
8.4.1.2 MAC Spoofing
8.4.1.3 Email Address Spoofing
8.4.1.4 Web (or HTTP/HTTPS) Spoofing
8.4.2 Denial of Service
8.4.2.1 DOS with Pinging
8.4.2.2 DOS with SYN Requests
8.4.2.3 Distributed DOS
8.4.2.4 MAC Address Flooding
8.4.2.5 DOS on Wi-Fi
8.4.2.6 DOS Case: MyDoom
8.4.3 Packet Sniffing
8.4.3.1 Packet Sniffing with Wireshark
8.4.4 Port Scanning
8.4.4.1 Port Scanning with Zenmap
8.4.5 Man-in-the-Middle/Session Hijacking
8.4.5.1 MITM with Bogus DHCP Server
8.4.5.2 MITM with Evil Twin
8.4.6 Poisoning
8.4.6.1 ARP Poisoning (also ARP Spoofing)
8.4.7 Wi-Fi Threat: Wardriving
8.5 Exploit Software Design/Development Faults
8.5.1 Zero-Day Attack
8.5.2 Cross-Site Scripting
8.5.2.1 XSS Success Conditions
8.5.3 SQL Injection
8.5.3.1 SQL Basics
8.5.3.2 Web Entry and Its SQL Translation
8.5.3.3 SQL Injection
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 8.1
Exercise 8.2
Exercise 8.3
Exercise 8.4
Exercise 8.5
Exercise 8.6
Chapter 9: Cybersecurity: Network and Host Protection
9.1 Introduction
9.1.1 Learning Objectives
9.2 Access Control List (Routers)
9.2.1 Example: Adding ACL to Cisco Router
9.3 Firewall
9.3.1 Separating Firewall and Border Router
9.3.2 Firewall Functions
9.3.3 Managing Firewall
9.3.4 Stateless Packet Filtering
9.3.4.1 Demonstration of Stateless Rules
9.3.5 Stateful Packet Filtering
9.3.6 Deep Packet Inspection
9.3.6.1 Limitations of Stateless and Stateful Filtering
9.3.6.2 Deep vs. Shallow Packet Inspection
9.4 Intrusion Detection System (IDS)
9.4.1 IDS vs. Firewall
9.4.2 Intrusion Detection Technologies
9.4.3 Network vs. Host IDS
9.5 Demilitarized Zone (DMZ)
9.5.1 DMZ and Production Network
9.5.2 IP Addressing of DMZ
9.5.3 Case: Firewall Router and DMZ
9.6 Proxy Server
9.6.1 Primary Functions
9.6.2 Proxy Server Types
9.6.3 Third-Party Proxy Service
9.7 Cyber Threat Intelligence (CTI)
9.7.1 Rise of CTI
9.7.2 What Is CTI?
9.7.3 Examples: CTI in Practice
9.7.4 Security Information and Event Management (SIEM)
9.7.4.1 SIEMβs External and Internal Data Sources
9.7.4.2 SIEMβs Analytical Capabilities
9.7.5 Honeypot as CTI Source
9.7.5.1 Honeypot Deployment
9.8 Defending DNS Infrastructure
9.8.1 Domain and Name Resolution
9.8.2 Domain Hierarchy and Management
9.8.3 DNS Architecture
9.8.4 Host DNS File
9.8.5 DNS Poisoning/DNS Spoofing
9.8.6 DNS Protection Measures
9.9 Cybersecurity amid New Networking Paradigms
9.9.1 Software Defined Networking (SDN)
9.9.1.1 Traditional Networking vs. SDN
9.9.1.2 Control Plane
9.9.1.3 Data Plane
9.9.1.4 Management Plane
9.9.1.5 Operational Mechanism of Three Planes
9.9.1.6 SDN and Network Security
9.9.2 Virtualization
9.9.2.1 Drawbacks of Traditional Model
9.9.2.2 Types of Server Virtualization
9.9.2.3 Network Function Virtualization
9.9.2.4 Benefits of Virtualization
9.9.2.5 Virtualization and Cybersecurity
9.9.3 Cloud Computing Network
9.9.3.1 Service Categories
9.9.3.2 Cloud Security
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 9.1
Exercise 9.2
Exercise 9.3
Exercise 9.4
Exercise 9.5
Chapter 10: Cybersecurity: Data Protection
10.1 Introduction
10.2 Steganography
10.3 Cryptography
10.3.1 Essential Elements
10.3.1.1 Plaintext and Ciphertext
10.3.1.2 Cipher
10.3.1.3 Key Value
10.3.2 Symmetric-Key Cryptography
10.3.3 Asymmetric-Key Cryptography
10.3.3.1 Private and Public Keys
10.3.3.2 General Features
10.3.3.3 Popular Standards
10.3.4 Hybrid Approach
10.3.4.1 Scenario 1: HTTPS
10.3.4.2 Scenario 2: PGP
10.3.5 Hashing
10.4 Digital Signature
10.4.1 On the Sender Side
10.4.2 On the Receiver Side
10.5 Digital Certificate
10.5.1 X.509 Digital Certificate Standard
10.5.2 Digital Certificate Types
10.5.3 Certificate Authorities
10.5.3.1 Creating a Chain of Trust
10.5.4 Obtaining a Digital Certificate
10.5.5 Certificate Revocation List
10.5.5.1 CAs Trusted by OS and Web Browser
10.6 Security Protocols
10.7 Wi-Fi Security
10.7.1 Authentication: Three-Stage Process
10.7.2 Authentication Methods of a Station
10.7.2.1 Open Authentication
10.7.2.2 Pre-Shared Key Authentication
10.7.2.3 Authentication Server
10.7.2.4 Notes on Additional Security
10.7.3 Wi-Fi Security Protocols
10.7.3.1 Wired Equivalent Privacy (WEP)
10.7.3.2 Wi-Fi Protected Access (WPA and WPA2)
10.7.3.3 Wi-Fi Protected Access (WPA3)
10.7.4 Wi-Fi Security Modes: Enterprise vs. Personal Mode
10.7.5 Example: Wi-Fi Security Options on Windows OS
10.8 VPN Security
10.8.1 Background
10.8.2 VPN Benefits and Drawbacks
10.8.3 Remote-Access vs. Site-to-Site VPN
10.8.3.1 Remote-Access VPN
10.8.3.2 Site-to-Site VPN
10.8.4 VPN Protocol: IPSec (IP Security)
10.8.4.1 IPSec Tunnel Mode
10.8.4.2 IPSecβs Transport Mode
10.8.5 VPN Protocol: SSL
10.8.5.1 Broad Acceptance
10.8.5.2 VPN Implementation
10.8.6 IPSec vs. SSL/TLS
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 10.1
Exercise 10.2: View Software Code Sign
Exercise 10.3
Exercise 10.4
Chapter 11: Fundamentals of Packet Routing
11.1 Introduction
11.1.1 Learning Objectives
11.2 Internet Architecture
11.2.1 Internet Service Provider (ISP)
11.2.1.1 National ISPs
11.2.1.2 Regional/Local ISPs
11.2.1.3 ISP Network Architecture
11.2.2 Internet Exchange Point (IXP)
11.2.3 Autonomous System (AS)
11.3 Routing Mechanism
11.3.1 Scenario 1: Two Subnets
11.3.2 Scenario 2: Three Subnets
11.4 Routing Table
11.4.1 Background and Dynamic Routing Protocol
11.4.2 Routing Table Elements
11.4.2.1 Destination Subnetwork Addresses and Subnet Masks
11.4.2.2 Exit Ports (Interfaces)
11.4.2.3 Next-Hop IP
11.4.2.4 Metric
11.5 Packet Forwarding Decision
11.5.1 Finding Matching Routes
11.5.1.1 Single Match
11.5.1.2 Multiple Matches
11.5.1.3 No Match
11.6 Entry Types of Routing Table
11.6.1 Directly Connected Routes
11.6.1.1 Example: Adding a Directly Connected Route
11.6.2 Static Routes
11.6.2.1 Static Routes of a Router
11.6.2.2 Example: Adding a Default Route on Cisco Router
11.6.2.3 Static Routes of a Host
11.6.3 Dynamic Routes
11.7 Dynamic Routing Protocols
11.7.1 Interior Gateway Protocols
11.7.2 Exterior Gateway Protocols
11.7.3 Delivery of Advertisement
11.8 Determination of Dynamic Routes
11.8.1 Learn Directly Connected Links
11.8.2 Form Adjacency
11.8.3 Build Link-State Information
11.8.4 Advertise Link-State Information
11.8.5 Construct a Map
11.8.6 Update Routing Table
11.9 Security Management
11.9.1 Message Authentication
11.10 Activating Dynamic Routing Protocol
11.11 Comparison β Static vs. Dynamic Routing
11.12 Inter-Domain Routing
11.12.1 Process View
11.13 Traceroute and Tracert
11.14 Perspectives on Packet Routing
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 11.1
Exercise 11.2
Exercise 11.3
Exercise 11.4
Exercise 11.5
Exercise 11.6
Exercise 11.7
Exercise 11.8
Exercise 11.9 (Challenge)
Exercise 11.10 (Challenge)
Exercise 11.11 (Challenge)
Chapter 12: Wide Area Network
12.1 Introduction
12.1.1 Learning Objectives
12.2 WAN and Enterprise Network
12.2.1 WAN Connection Scenarios
12.2.2 Service Level Agreement
12.2.3 CPE vs. SPF
12.2.4 Demarcation Point
12.2.5 WAN Design Considerations
12.3 Layers of WAN Standards
12.3.1 Physical Layer
12.3.2 Data Link Layer
12.3.2.1 Circuit Switching
12.3.2.2 Packet Switching
12.3.3 Comparison: WAN vs. LAN
12.4 IP Addressing for WAN Links
12.4.1 Leased Lines
12.4.2 Packet Switched Data Network (PSDN)
12.4.2.1 One Subnet between Two Locations
12.4.2.2 One Subnet for All Locations
12.5 Physical Layer Options: Leased Lines
12.5.1 Lease Line Usages
12.5.2 T-Carrier/E-Carrier
12.5.2.1 T-1 and T-3 Circuits
12.5.3 SONET/SDH
12.6 Data Link Standard: Leased Lines
12.6.1 PPP Frame Structure
12.6.2 Router Authentication
12.6.2.1 CHAP
12.6.3 Example: Enabling PPP on Cisco Router
12.7 Data Link Standards: PSDN
12.7.1 Two Segments of a PSDN-Based WAN Link
12.7.2 PSDN Attributes
12.7.2.1 Shared Capacity
12.7.2.2 Customizability of Subscribed Speeds
12.7.2.3 Support for Data and Voice
12.7.2.4 Frame Multiplexing
12.7.2.5 Unreliable Transmissions
12.7.2.6 Use of Virtual Circuits
12.7.2.7 Use of WAN Switch Table
12.7.2.8 Access Link Speeds
12.8 Frame Relay
12.8.1 General Characteristics
12.8.2 Frame Structure
12.8.3 Data Link Connection Identifier (DLCI)
12.8.3.1 How DLCI Works
12.8.3.2 FR Switch Table
12.8.3.3 Multiple VCs and DLCIs
12.9 Asynchronous Transfer Mode (ATM)
12.9.1 Background
12.9.2 Cell Switching
12.9.3 Quality of Service (QoS)
12.10 Carrier Ethernet
12.10.1 Background
12.10.2 Strengths
12.10.3 Service Provision
12.11 Multi-Protocol Label Switching
12.11.1 Labels and Label Information Base (LIB)
12.11.1.1 Label Information Base
12.11.2 Benefits of MPLS
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 12.1
Exercise 12.2
Exercise 12.3
Chapter 13: Physical Layer Data Transmissions
13.1 Introduction
13.1.1 Learning Objectives
13.2 Data Transmission Technologies
13.2.1 LAN Signal Encoding
13.2.2 WAN Signal Encoding
13.2.2.1 Modem and Analog Signal Encoding
13.2.2.1.1 Dial-Up Modem
13.2.2.1.2 DSL and Cable Modems
13.2.2.2 CSU/DSU and Digital Signal Encoding
13.2.3 Digital Signal Encoding Standards
13.2.4 Baseband vs. Broadband
13.2.5 Synchronous vs. Asynchronous Transmission
13.2.5.1 Asynchronous Transmission
13.2.5.2 Synchronous Transmission
13.2.6 Multiplexing
13.2.6.1 Frequency Division Multiplexing (FDM)
13.2.6.2 FDM Example: DSL
13.2.6.3 Time Division Multiplexing (TDM)
13.2.6.4 Synchronous vs. Statistical TDM
13.2.6.5 TDM Example: T-1 Line
13.2.7 Digital Speed Hierarchies
13.2.7.1 Digital Signal (DS)
13.2.7.2 Optical Carrier/STM
13.3 Networking Media
13.3.1 Propagation Effects
13.3.1.1 Attenuation
13.3.1.2 Distortion
13.3.2 Twisted Pairs
13.3.2.1 UTP vs. STP
13.3.2.2 Cable Structure and Categories
13.3.2.3 Twisted-Pair Patch Cable
13.3.3 Optical Fibers
13.3.3.1 Advantages
13.3.3.2 Physical Structure
13.3.3.3 Single-Mode vs. Multi-Mode Types
13.3.3.4 Comparing Single-Mode and Multi-Mode Fibers
13.3.3.5 Fiber Patch Cable
13.3.4 LAN Cabling Standards
13.4 Structured Cabling
13.4.1 Background
13.4.2 Structured Cabling System
13.4.2.1 Work Area Subsystem
13.4.2.2 Horizontal Cabling Subsystem
13.4.2.3 Wiring Closet Subsystem
13.4.2.4 Backbone Cabling Subsystem
13.4.2.5 Main Equipment Room Subsystem
13.4.2.6 Building Entrance Facility Subsystem
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercises
Exercise 13.1
Exercise 13.2
Exercise 13.3
Index
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z