Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Network tap wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Building a Real-World Network Chapter 17 Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Objectives • Explain the concepts of basic network design • Describe unified communication features and functions • Describe the components of an ICS/SCADA system and understand the security risks involved with ICS/SCADA Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Overview Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Campus Area Network (CAN) • Medium sized network spanning multiple buildings • Chapter example: Bayland Widgets – Start up business with three new buildings • Office building housing sales and managerial staff • Factory space • Warehouse and shipping facilities Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.1 The new campus Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Test Specific Designing a Basic Network Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Designing a Basic Network • Categories to consider – List of requirements – Device types/requirements – Environment limitations – Equipment limitations – Compatibility requirements – Wired/wireless considerations – Security considerations Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Define the Network Needs • Bayland Widgets’ needs – Individual offices need workstations that can do specific jobs – Flexible servers – Buildings need internal cabling and intermediate distribution frames (IDFs) – Buildings need solid connectivity Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Documentation • Needed to support configuration management – Network diagrams – Asset management – IP address utilization – Vendor documentation – Internal operating procedures/policies/standards Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Network Design • Design must address the following hardware: – Workstations – Servers – Equipment room – Peripherals Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Workstations • Choice between Windows or Mac – Depends on application software needs – Microsoft Office for the PC traditionally updated a year or two prior to the Mac version • Adobe Creative Cloud works equally well with Windows and Mac workstations – Choose platform most familiar to workers Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Servers • Small company: one or two servers • Bigger networks: most or all server functions are virtualized • Server infrastructure can be adapted to handle multiple client types Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Necessary Server Functions • • • • • • • Network authentication Network management Accounting File management (including redundancy) Intranet services Development environments Software repositories Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Equipment Room • Centralized core for the network – Location of servers • May need power converters to change from AC to DC to fit needs of different equipment • Uninterruptible power supply (UPS) – Can handle brief power fluctuations for a single rack • Generator needed for power redundancy Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Peripherals • Printers, scanners, and fax machines – Needs depend on what the company does in house – Consider how many and what size documents need to be printed – Fax machine could be hardware or software Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Compatibility Issues • Important when upgrading a network in an existing space • Design considerations vary by location and scenario Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Internal Connections • Structured cabling – Each building in the example could be wired with CAT 6a to all workstations – All cabling would terminate in the main equipment room – Fiber running 10Gb Ethernet could connect the buildings – Building connections would terminate at IDFs in each building Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.2 Cabling within each building Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.3 Connecting the buildings Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Wireless • Logical option for Bayland Widgets CAN – Provide high-speed wireless throughout the area – Multiple 802.11ac units installed within each building and outside – Control with a central or unified wireless controller • Connected to the primary equipment room Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.4 Implementing wireless Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) VLANs • Segment the CAN departments and components into unique VLANs – Provides control, security, and optimized performance • Create VLANs for network service – Example: public versus private network access Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Set Up the Network IP Address Scheme • Decide on the internal IP addressing scheme – Pick an arbitrary, unique, internal private IP network ID – Preassign static IP addresses to servers and WAPs – Pick a DHCP server and preassign DHCP scope IP address ranges Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) External Connections • Bayland Widget’s options for reducing downtime on their Internet connection – Two ISPs—the second as a fallback in case the primary ISP fails – Metro Ethernet connection—a dedicated fiber line from the ISP to the office Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Unified Communication • TCP/IP-based communications replaced the traditional PBX-style phone systems • Voice over IP (VoIP) enables voice communication over an IP network • Unified communication field – Includes voice, video, and messaging Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) It Started With VoIP • Early VoIP systems separated data and VoIP – Required multiple cables running to each drop • VoIP systems use: – Real-time Transport Protocol (RTP) on TCP ports 5004 and 5005 – Session Initiation Protocol (SIP) on TCP ports 5060 and 5061 Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.5 Workstation drop Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Unified Communication Features • Various services added to classic VoIP – Presence information – Video conferencing/real-time video – Fax – Messaging – Collaboration tools/workflow Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.6 Presence at work Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.7 Multicast vs. unicast Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) UC Network Components • Core components: UC devices, UC servers, and UC gateways • A UC device was previously called VoIP telephone – Handles voice, video, and more • A UC server supports UC service, connecting to every UC device – Multiple UC servers may be on a separate VLAN Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) UC Network Components (cont’d.) • A UC gateway is an edge device – May be a dedicated device or extra services added to an existing edge router – The router interfaces with remote gateways and PSTN systems and services Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.8 Cisco Unified IP Phone Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) UC Protocols • H.323 – Most commonly used video presentation protocol – Runs on TCP port 1720 • Media Gateway Control Protocol (MGCP) – Complete VoIP or video presentation connection and session controller – Uses TCP ports 2427 and 2727 Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) VTC and Medianets • Video teleconferencing is particularly sensitive to disruption and slowdowns • Medianet – Network of routers and servers that provide sufficient bandwidth for VTC – Works with UC servers to distribute videoconferences – Can be complex or simple Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) ISDN vs. IP/SIP • Many organizations using VTC use ISDN-based products – Very slow by modern standards (128-Kbps bandwidth) – H.320 standard used multiple ISDN channels with compression • ISDN-based VTC is being replaced by highspeed Internet connections Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) QoS and Medianets • VTC needs a very high level of QoS • Differentiated Services (DiffServ) – Underlying architecture for QoS • Differentiated services field header is on every piece of data – Explicit congestion notification (ECN) – Differentiated services code point (DSCP) Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.9 DS field Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) ECN and DSCP • ECN – A two-bit field where QoS-aware devices can place a “congestion encountered” signal to other QoSaware devices – Four possible values denote the level of congestion and awareness • DSCP – Six bits Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Classes of Service (CoS) • Two-bit ECN and six-bit DSCP make up the eight classes of service • Flexible value to apply to services, ports, and whatever your QoS device might use Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.10 CoS settings on router Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Industrial Control System (ICS) • Overall system that monitors and controls machines • Has been in existence for over 100 years • ICS today – Uses computers combined with digital monitors and controls – Moving from stand-alone networks to interconnect with the Internet Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Basic Components of an ICS • Input/output functions on the machine – Sensors and actuators • Controller – Computer • Operator interface – Monitor Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.11 A simple ICS Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.12 An early computer-assisted ICS Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Distributed Control System (DCS) • Smaller controllers at each machine – Distributes the computing load • Each local controller connects to a centralized controller (ICS server) – Manages global changes Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.13 A simple DCS Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Human Machine Interface (HMI) • Early versions: custom-made boxes with gauges and switches • Today: PCs running custom, touch-screen interfaces • Not general purpose Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.14 HMI with a touch screen Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Programmable Logic Controller (PLC) • A computer that controls a machine following a set of ordered steps • A PLC monitors sensors and controls timing and order of processes Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.15 Typical rack-mounted PLCs Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) SCADA • Supervisory control and data acquisition (SCADA) – Subset of ICS • Same basic components as DCS but applied to large-scale, distributed processes – Examples: power grids, pipelines, and railroads • Remote devices may or may not have ongoing communication with the central control Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Remote Terminal Unit (RTU) • Provides the same function as a controller, except the RTU has some autonomy if it loses connection with the central controller • Uses some form of long-distance communication – Examples: telephony, fiber optic, or cellular WANs Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Figure 17.16 Typical RTU Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Network Segmentation • Many ICS systems are crucial for the needs of everyday living – Catastrophic failure has large consequences – Examples: electrical infrastructure, oil refinery • Segmenting networks increases security and optimizes performance – Side benefit: easier troubleshooting Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Network Segmentation and the OSI Model • Layer 1 – Physically separate your network from other networks (air gap) • Layer 2 – Separate a physically-connected network into separate broadcast domains – VLANs Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Network Segmentation and the OSI Model (cont’d.) • Layer 3 – Separate broadcast domains by blocking IP routes • Above Layer 3 – VPNs – Separate SSIDs – Separate Windows domains – Virtualization Copyright © 2015 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks, Fourth Edition (Exam N10-006) Segmentation and ICSs • All forms of ICS are closed networks – The network strictly controls who and what may connect • Some examples that include connectivity – Public wireless networks may connect SCADA servers to RTUs – Intranet access by connecting SCADA servers to the Internet – VPN connections provide security Copyright © 2015 by McGraw-Hill Education. All rights reserved.