Download Module 2 - Santa Fe College

Module 6.6
Networking
Internet Connectivity
By default, new computers typically come with the network
cards installed, the proper drivers installed, and the network
card is configured to use the Dynamic Host Configuration
Protocol (DHCP) to receive TCP/IP configuration information
automatically.
DHCP gives the configuration settings required to connect to a
TCP/IP network. These values will need to be delivered to each
host using DHCP, or configured manually for each network
connection.
Internet Connectivity
Parameter
Purpose
The IP address identifies both the logical host and the logical network addresses.
IP address
•Each host on the entire network must have a unique IP address.
•Two devices on the same subnet must have IP addresses with the same network portion of the address.
•Two devices on the same subnet must have unique host portions of the IP address.
Subnet mask
The subnet mask identifies which portion of the IP address is the network address, and which
portion is the host address. Two devices on the same subnet must be configured with the
same subnet mask.
Default
gateway
The default gateway identifies the router to which communications for remote networks are
sent. The default gateway address is the IP address of the router interface on the same subnet
as the local host. Without a default gateway set, most clients will be unable to communicate
with hosts outside of the local subnet.
DNS server
The DNS server address identifies the DNS server that is used to resolve host names to IP
addresses.
Host name
The host name identifies the logical name of the local system.
Internet Connectivity
To edit TCP/IP properties for a network connection, open the Network
Connections folder using the following methods:
• On the Start menu, right-click My Network Places (or Network) and
select Properties.
• In My Network Places, click the View network connections link.
• In the Network and Sharing Center, click the Manage network
connections link.
• On Windows 2000/XP, browse the Control Panel to the Network
Connections icon.
In the Network Connections folder, right-click the network connection
and select Properties.
In the Network and Sharing Center, you can also click the View
status link for a connection, then click the Properties button.
Wireless networking
Characteristic
Description


Devices

A wireless NIC for sending and receiving signals.
A wireless access point (AP) is the equivalent of an Ethernet hub. The wireless NICs
connect to the AP, and the AP manages network communication.
A wireless bridge connects two wireless APs into a single network or connects your
wireless AP to a wired network.
An ad hoc network works in peer-to-peer mode. The wireless NICs in each host
communicate directly with one another. An ad hoc network is difficult to maintain for a large
number of hosts because connections must be created between every other host, and special
configurations are required to reach wired networks.
Connection
An infrastructure wireless network employs an access point that functions like a hub on an
Method
Ethernet network. You can easily add hosts without increasing administrative efforts
(scalable), and the access point can be easily connected to a wired network, allowing clients
to access both wired and wireless hosts. You should implement an infrastructure network for
all but the smallest of wireless networks.
SSID
The Service Set Identifier (SSID), also called the network name, groups wireless devices
together into the same logical network. All devices on the same network must use the same
SSID.
Wireless networking
Specification
Standard
802.11a
802.11b
802.11g
802.11n
Frequency
5.75 GHz (UNII)
2.4 GHz (ISM)
2.4 GHz (ISM)
2.4 GHz (ISM) or 5.75
GHz (U-NII)
Maximum speed
54 Mbps
11 Mbps
54 Mbps
600 Mbps
Maximum range
150 Ft.
300 Ft.
300 Ft.
1200 Ft.
Channels
(nonoverlapped)
23 (12)
11 (3)
11 (3)
5.75 GHz--23 (12 or 6)
2.4 GHz--11 (3 or 1)
Backwardscompatibility
N/A
No
With 802.11b
With 802.11a/b/g,
depending
Wireless networking
•
•
•
•
•
The actual speed and maximum distance depends on several factors including obstructions
(such as walls), antenna strength, and interference.
The speed of data transmission decreases as the distance between the transmitter and
receiver increases. You can get the maximum distance or the maximum speed, but not both.
A dual band access point can use one radio to transmit at one frequency, and a different
radio to transmit at a different frequency. For example, you can configure many 802.11n
devices to use one radio to communicate at 5.75 GHz with 802.11a devices, and the
remaining radios to use 2.4 GHz to communicate with 802.11n devices.
When you configure an access point, some configuration utilities use the term mixed mode to
designate a network with both 802.11n and non-802.11n clients. In this configuration, one
radio transmitter is used for legacy clients, and the remaining radio transmitters are used for
802.11n clients.
Many 802.11n access points can support clients running other wireless standards
(802.11a/b/g). When a mix of clients using different standards are connected, the access
point must disable some 802.11n features to be compatible with non-802.11n devices, which
decreases the effective speed.
Wireless Security
Method
Description
Open
Open authentication requires that clients provide a MAC address in order
to connect to the wireless network.
Shared
key
With shared secret authentication, clients and access points are
configured with a shared key (passphrase). Only devices with the correct
shared key can connect to the wireless network.
802.1x
•
•
•
•
•
You can use open authentication on public networks to allow any wireless client to connect to the access point.
You can implement MAC address filtering to restrict access to the access point to only known (or allowed) MAC
addresses. Because MAC addresses are easily spoofed, this provides little practical security.
With shared key authentication, all access points and all clients use the same authentication key.
Use shared key authentication on small, private networks.
Shared key authentication is relatively insecure as hashing methods used to protect the key can be easily broken.
802.1x authentication uses usernames and passwords, certificates, or
devices such as smart cards to authenticate wireless clients. 802.1x
authentication requires the configuration of an authentication server. Use
802.1x authentication on large, private networks.
Wireless Security
Method
WEP
WPA
WPA2 or
802.11i
Description
Wired Equivalent Privacy was designed to provide wireless connections with the same security as wired
connections. WEP has the following weaknesses:

Static Pre-shared Keys (PSK) are configured on the access point and the client and cannot be
dynamically changed or exchanged without administration. As a result, every host on large networks
usually uses the same key.

Because it doesn't change, the key can be captured and easily broken. The key values are short,
making them easy to predict.
Wi-Fi Protected Access was intended as an intermediate measure to take the place of WEP while a fully
secured system (802.11i) was prepared.

Uses TKIP for encryption.

Supports both Pre-shared Key (referred to as WPA-PSK or WPA Personal) and 802.1x (referred to as
WPA Enterprise) authentication.

Can typically be implemented in WEP-capable devices through a software/firmware update.
Wi-Fi Protected Access 2 is the implementation name for wireless security that adheres to the 802.11i
specifications and resolves the weaknesses inherent in WEP.

Uses Advanced Encryption Standard (AES) as the encryption method. It is similar to and more secure
than TKIP, but requires special hardware for performing encryption.

Supports both Pre-shared Key (referred to as WPA2-PSK or WPA2 Personal) and 802.1x (referred to
as WPA2 Enterprise) authentication.

Can use dynamic keys or pre-shared keys.
Note: WPA2’s main disadvantage is that it requires new hardware for implementation.
Wireless Security
Method
Change the
administrator
account name and
password
Description
The access point comes configured with a default username and password that is
used to configure the access point settings. It is important to change the defaults to
help prevent outsiders from breaking into your system by guessing the default
username and password.
The access point comes configured with a default SSID It is important to change
your SSID from the defaults or disable the SSID broadcast for further protection, this
Change SSID from
is known as SSID suppression or cloaking.
defaults
Note: Even with SSID broadcast turned off, a determined hacker can still identify
the SSID by analyzing wireless broadcasts.
By specifying which MAC addresses are allowed to connect to your network, you
can prevent unauthorized MAC addresses from connecting to the access point.
Enable MAC
Note: Configuring a MAC address filtering system is very time consuming and
address filtering
demands upkeep. Attackers can still use tools to capture packets and then retrieve
valid MAC addresses. An attacker could then spoof their wireless adapter's MAC
address and circumvent the filter.
DHCP servers dynamically assign IP addresses, gateway addresses, subnet
masks, and DNS addresses whenever a computer on the wireless network starts
Disable DHCP
up. Disabling DHCP on the wireless access points allows only users with a valid,
static IP address in the range to connect.
Network Troubleshooting
Step
Description
Verify the
adapter
Verify that your computer has detected and properly configured the network
adapter card. Make sure that the connection is enabled.
If you have a network connection in Windows, verify that the adapter can establish
a physical connection to the network.
Verify physical
connectivity
Verify the
TCP/IP
configuration


The system tray includes an icon that indicates the physical status of the connection. If the cable is unplugged, or if
the NIC cannot find a connected device, you will typically see a message in the system tray.
Check the status lights on the back of the Ethernet NIC to verify the physical status. There should be a link light
that is green. An unlit link light or one that is another color (like red or amber) indicates a physical connectivity
problem.
If the network adapter has a physical connection, verify the TCP/IP configuration
for the connection.


Use Ipconfig to view the IP address, subnet mask, and default gateway configured for the system.
If the computer is using DHCP and if you see an IP address beginning with 169.254.x.x, the computer was not able
to contact the DHCP server and used the APIPA feature to configure the address automatically.
If the computer has a valid network connection and TCP/IP configuration values
are correctly set, you can use the ping command to test connectivity with other
Verify network network hosts.

If the ping test succeeds, the destination device is working. If you are still having problems, check issues with
connectivity

logon, resource sharing, permissions, or services.
If a ping test fails to any network device, check routers and other devices. If you can ping the host by the IP
address but not the host name, then the problem is likely with the DNS configuration.
IPv6
The current IP addressing standard, version 4, will eventually run out of unique addresses, so a new
system is being developed. It is named IP version 6 or IPv6. The IPv6 address is a 128-bit binary number.
A sample IPv6 IP address looks like: 35BC:FA77:4898:DAFC:200C:FBBC:A007:8973. The following list
describes the features of an IPv6 address:
• The address is made up of 32 hexadecimal numbers, organized into 8 quartets.
• The quartets are separated by colons.
• Each quartet is represented as a hexadecimal number between 0 and FFFF. Each quartet represents
16-bits of data (FFFF = 1111 1111 1111 1111).
• Leading zeros can be omitted in each section. For example, the quartet 0284 could also be
represented by 284.
• Addresses with consecutive zeros can be expressed more concisely by substituting a double-colon
for the group of zeros. For example:
–
–
•
FEC0:0:0:0:78CD:1283:F398:23AB
FEC0::78CD:1283:F398:23AB (concise form)
If an address has more than one consecutive location where one or more quartets are all zeros,
only one location can be abbreviated. For example, FEC2:0:0:0:78CA:0:0:23AB could be abbreviated
as:
–
–
FEC2::78CA:0:0:23AB or
FEC2:0:0:0:78CA::23AB
The 128-bit address contains two parts: the prefix and the Interface IP
Homegroup
A HomeGroup is a simple way of sharing resources and managing authentication to resources on a home
network. The HomeGroup is created when a network interface is identified as a Home location.
Be aware of the following HomeGroup details:
•
Use the HomeGroup utility in the Control Panel to create, join, or leave a HomeGroup, manage shared
libraries or change/retrieve the HomeGroup password.
•
When creating a HomeGroup, a default password is provided. Use this password to connect other
computers to the HomeGroup.
•
To join to a HomeGroup from a computer running any edition of Windows 7:
– Identify the network connection as a Home location.
– Click Join Now from the HomeGroup prompt in the Taskbar, or click Join Now within the HomeGroup
utility from the Control Panel.
– Select which types of libraries to share.
– Provide the HomeGroup password.
Note: Network Discovery must be on to join to a HomeGroup.
•
To share individual files and folders within the HomeGroup, right-click the file or folder, click Share, and
select one of the following:
– HomeGroup (Read) shares the file or folder with read-only privileges with the entire HomeGroup.
– HomeGroup (Read/Write) shares the file or folder with read-write privileges with the entire
HomeGroup.