CDC Study Guide

To reduce this waste and free the CPU for other work, another chip is installed on the system board and works in conjunction with the CPU. This chip is the DMA controller; its only function is to move data.

Complementary metal-oxide semiconductor (CMOS).

Complementary metal-oxide semiconductor (CMOS).

Read-only memory (RAM)

Basic input output system (BIOS)

Cache

Cache

An interrupt is defined as an asynchronous signal from a computer hardware device indicating the need for attention (from the CPU) or a synchronous event in a software application program indicating the need for a change in execution.

Interrupts are a commonly used technique for computer multitasking, especially in real-time computing.

Put simply, data integrity is described as the assurance that data is consistent, correct, and accessible.

Parity is a method in which the computer ensures the data it processes is accurate.

The difference between ECC memory and the parity method is that ECC can both detect and correct errors.

6

Data integrity

Parity bit

Parity bit

Basic input output system (BIOS)

Driver

When two materials are joined together, electrons are given off from one of the materials to the other material. This changes the balance of charge on the two materials so that one material becomes positively charged and the other becomes negatively charged.

Static electricity remains intact until discharged by either a slow current drain or a high current spark.

According to their sensitivity to electrostatic charges.

Class I � Those items sensitive to less than 1000 volts.

Class II � Those items sensitive from 1000, but less than 3999 volts.

Class III � Those items sensitive from 4000, but less than 15000 volts.

It is not the potential to ground that presents the hazard to the device, but the voltage difference between the two potentials that is the culprit.

To further ensure that the workstation is completely free of static charges, wear some type of conductive wrist strap that is connected through a relatively high resistance to earth ground.

Ensure all hand tools are properly grounded prior to use.

Ground the electrostatic discharge sensitive (ESDS) device.

Turn the power switch to the off position.

1-Define the problem; 2-Isolate the problem; 3-Resolve the problem; 4-Confirm the resolution

Because some troubleshooting problems may require more than one session, it�s a good idea to have some organizational aids in hand before you begin to disassemble any piece of equipment.

As a general rule, you can reduce the majority of all equipment problems to the simplest things you can think of.

One of the first things to do if you are not personally familiar with the system is to eliminate the user as a possible source of the problem.

As a matter of fact, try to restart the system after you perform each correctional step.

The most common software troubleshooting packages test the system�s memory, microprocessor, keyboard, display monitor, and the disk drive�s speed.

Define the problem

Isolate the problem

Resolve the problem

Confirm the resolution.

The keyboard lights should flash.

A memory test should be visible on the monitor.

Usually the first step in hardware troubleshooting is peripheral elimination. This means to disconnect peripheral hardware one at a time in search of the problem peripheral device.

When electronic components overheat, they produce a noticeable odor, so you may be able to do some troubleshooting with your nose.

FRUs are the portions of the system that are conveniently replaced in the field.

FRU troubleshooting involves isolating a problem within one section of the system. A section consists of one device such as a keyboard, video display, video adapter card, I/O adapter card, system board, disk drive or printer.

Corrosion may build up on the computer�s connection points and cause a poor electrical contact to occur. When you reseat the connection, the contact problem often disappears.

There are many components that can be upgraded or replaced within the computer. This includes but is not limited to the motherboard, the microprocessor, RAM modules, hard drives, and the floppy drives.

Upgrading or replacing memory is perhaps the easiest installation you will accomplish.

Power-on-self-test (POST)

Training those individuals who are responsible for the COMSEC program within their units.

AFPDs, AFMANs, AFIs, AFSSIs, AFSSMs, General COMSEC publications

DIRNSA � Director National Security Agency

Wing/Installation Commander

The COMSEC Manager

• 1 � the combination to any security container is the same classification as the highest classification of material contained within that container.
• 2 � never store items that could be the target of thieves in any security container used for the storage of COMSEC material.

Oversees and manages the operational use and control of COMSEC material.

ALC-1

SSgt

Communications security (COMSEC) managers

Annually

Director National Security Agency (DIRNSA)

Always classified to the highest classification of material within the container

Accounting legend code (ALC)-1

ALC-2

ALC-4

SF 701, Activity Security Checklist; SF 702, Security Container Check-sheet; AF Form 1109, Visitor Register

Use to record access to COMSEC material by persons not on the authorized access lest (EAL).

To designate personnel who require frequent access to COMSEC material.

When placed either in or out of service. When an individual is no longer authorized access. Annually. If the container is found open, but was certified as having been locked. Following repair of the container that does not degrade the container�s integrity. If there�s a possibility that the combination has been compromised.

At the end of each workday or shift. To ensure that all classified COMSEC material is properly stored and safeguarded. Record the results of the security inspection on SF 701.

It establishes a person�s right and need to know.

SF 701

SF 700

Monthly

AFCOMSEC Form 16

• ALC-1 � inventory material by short title, edition, accounting control number, and quantity.
• ALC-2 � accounted for continuously, just as ALC-1, except you inventory and account by quantity rather than by the accounting control number.
• ALC-4 � this material is not required to be accounted for on the daily or shift inventory.

You should arrange the list of material alphabetically by short title, then numerically, showing the edition, quantity, and the accounting control number.

Immediately

To ensure proper accountability of COMSEC material between the COMSEC account and the COR at the CPSG.

ALC-1 and ALC-2 items that have not been placed into effect.

Ask the user to verify its holdings by letter or message.

Send the original copy of CPSG. Copy two will be sent to your MAJCOM. The third copy is filed in the account record file.

Alphabetically by short title

6

Cryptologic support group (CPSG)

Any individual or unit required to use and safeguard COMSEC aids in the performance of official duties.

Specific COMSEC material other than equipment, such as keying material, codes, call signs, and so forth.

The Standard Base Supply System (SBSS).

Communications security management (CM2).

• 1 � the DCS
• 2 � the US Postal System

Send a message to the originator, keep the wrappers, and await disposition instructions.

Return one copy to CPSG, send one copy to the MAJCOM, and put one copy in Folder 1 of the COMSEC account file.

Aids

Air Force communications security (AFCOMSEC) Form 14.

By consulting the COMSEC account data base (UCM2).

SF 153

On individual user responsibilities to provide adequate storage facilities for the material, continuous safeguarding, proper destruction, administrative procedures, and the reporting of all COMSEC incidents to the COMSEC account manager.

When a properly executed destruction certificate is received from the CRO or the material is returned to the COMSEC account.

Preparation

• Distribution
• What should each communications security responsible officer (CRO) do before signing the communications security (COMSEC) hand receipt?
• Ensure the required COMSEC material is listed on the SF 153 and ready for issue.

• 1 � obtaining approval for the transfer of material.
• 2 � ensuring the COMSEC aids are properly prepared for shipment.
• 3 � ensuring only authorized means of shipment are used.
• 4 � submitting accounting and transfer reports on a timely basis.

The controlling authority, NSA, or CPSG. Information addresses include your MAJCOM and CPSG.

SF 153, COMSEC Material Report

A voucher number consists of the last two digits of the current year, a dash, and the next consecutive number from the AFCOMSEC Form 14.

Transport

1

Deferring destruction to the first duty hour following night supersession, or deferring to the first duty hour following a weekend or a holiday weekend supersession.

Two; destruction official and witness

Pulping, crosscut shredding, chopping, or pulverizing.

SF 153

6

CPSG

Inform the individual�s commander as soon as possible and make a MFR of the sequence of events.

The mission and critical communication could be affected in regards to security damage. Failure to comply with an urgent dissemination message constitute a cryptographic incident.

Cryptologic systems group (CSGP)

Cryptographic incident

COMSEC Manager

• 1 � accidental emergencies that include aircraft crashes, vehicle collisions, and natural disasters, such as fire, flood, earthquakes, hurricanes, and so forth.
• 2 � hostile actions that are intentional; these include enemy attack, civil disturbances, and covert acts such as bomb threats

The classification of material held, names and addresses of point of contact, assignment of definite responsibilities, authorization to implement the plan, and training on the plan. Also include the location of material by storage container and prioritization of material to be destroyed.

• 1 � instructions for admitting fire fighters to area containing COMSEC material.
• 2 � specification of who assumes responsibility for the COMSEC material while the plan is enacted.
• 3 � identification of what must be either secured or evacuated.
• 4 � determination of how and when to execute each phase of the plan.

Units stationed overseas and those subject to deployment overseas.

• 1 � secure the material
• 2 � remove it from the scene of the emergency
• 3 � destroy it

Communications security manager (CM)

24 months

Air Force and local directives you as the COMSEC manager published.

AF Form 4160, Air Force Information Assurance and Assessment Program Criteria, inspection checklist.

The base COMSEC manager

The dates with the SF 153 transfer or destruction certificates.

AFCOMSEC Forms 16 are kept for six months and you will find six of them in the CRO 6-part folder.

4160

6 months

Incorrect or unauthorized security procedures concerning the task being performed.

A system of storage and handling designed to prohibit individual access to certain COMSEC keying material.

A dual combination X-07 electronic lock.

The continuous surveillance and control of nuclear COMSEC material and equipment always by a minimum of two authorized individuals.

The PRP prior to assuming duty.

Commanders of units possessing TPC requirements are the final approval authority for PRP clearances.

Base COMSEC managers

The commander of the unit holding TPC material

Fortezza cards.

DMS

The X.500 directory system

Certificates that represent a potential security risk

Certification authority workstation

TDC is a state of the art ground-to-ground communications infrastructure designed to exchange secure and non-secure voice, data, and video communications via line of sight, satellite, or hard wired resources.

The nature of the AEF concept requires us to reduce the size, increase the flexibility and capacity of deployable communication systems.

Proposed TDC equipment should strive to have the following characteristics: functionality, modularity/scalability, open system standards, interoperability, mobility, survivability, security, and operability.

LMST, ICAP, NCC-D

ICAP is a suite of modules and accessory kits providing the communications backbone for deployed units. The ICAP is comprised of COTS circuit switches, hubs and routers, multiplexers, and on-base transmission (radio and laser) and encryption devices.

Commercial industry standard and military specification connectors built into the signal entrance panel and coupled to flexible baseband equipment allow the LMST to interface with legacy TRI-TAC and newer ICAP equipment without modification.

NCC-D provides network management, information protection, and network core services for deployed operations. NCC-D is comprised of COTS servers and software packaged in transit cases for deployed operations.

It is the module that all others are added to, to provide communications support.

The P-MUX module is generally located at the primary hub of a deployed base. There it receives data and voice traffic and condense it for more efficient transmission.

Theater deployable communications (TDC)

Open system standards

Mobility

Survivability

Integrated communications access package (ICAP).

Initial communications support is designed to provide basic communications to a bare base operation within 72 hours of deployment notification and remain in place for up to 30 days.

For this reason, communications teams are part of the first crew to enter a deployed location. They provide the communicating link between forces securing the area and setting up support facilities as well as providing messaging capabilities back to the garrison units.

The mission of technicians providing sustained communications support is to ensure AEF and AEW commanders have connectivity and an uninterrupted flow of mission critical information to field units, in-garrison units, and to command structures for the duration of the contingency.

Sustained communications support becomes part of the deployments if it extends past 30 days.

Sustained communications support teams.

This is the time period where you will be involved in exercises to ensure you are familiar with the deployment process and with your equipment.

The focus will be two-fold: 1 � connect your equipment to the outside world; 2 � connect your customers to you.

1 � relocating back to your home base; 2 � relocating to another deployed location where your services are required.

Unit deployable manger (UDM) and commander

Pre-deployment

AFI 33 series

How C4 systems are acquired, operated, and maintained

Standardized management practices and tells how to manage planning and implementation of communications and information systems and the base-level infrastructure.

Global, regional and local

33

AFPD 33-1

AFI 33-115, Vol 1

Air Force Instruction (AFI) 33-115, Vol 2

It provides personnel the ability to see all aspects of an NCC. It broadens their job knowledge and also allows for a change in responsibility to boost morale.

Communication and information services entering and exiting the base or site.

The domain name system.

The help desk

The workgroup manager

The configuration management function

Coordinates installation, acceptance testing, quality assurance, fault isolation and restoration of the infrastructure with the base�s other communications unit fuctions.

1 � identify the problem; 2 � isolate the cause of the problem; 3 � fix the problem

Base Network Control Center (BNCC)

Network administration

Unit functional systems administrator

AFI 33-115

Network Management

Configuration Management

Monitoring and tuning

Fault management

Availability, confidentiality, and integrity of data

To ensure the job can be tracked even after completion

Without good listening skills, we will not be able to understand what the customer is trying to communicate.

Communicating over the phone is more difficult than in person, since it is the tone of your voice that will convey your attitude.

Define the problem, gather facts, consider the possibilities, create a plan of action, implement the plan of action, and observe the result of each action, repeat.

Network monitoring, account unlocks, and account creations

Help desk

Listening

Remedy

An Internetwork is a set of subnets that are connected with routers.

Heterogeneous network environments consist of computer systems from different vendors that run different operating systems and communication protocols.

Generally, a homogeneous network is a network of components from the same vendor or compatible equipment that all run under the same operating system or network operating system.

A local area network.

Metropolitan area network

Peer-to-peer network

Single-server network (1-0 to 50 users)

Enterprise network

Wireless networks

Internetwork

Intranetwork

Heterogeneous network

Homogeneous network

Local area network

Wide area network

2 to 10

10 to 50

250 to 1000

Industrial, scientific, and medical (ISM)

They are twisted pair, coaxial cable, and fiber optics cable.

Resistance

Inductive coupling (crosstalk)

Attenuation is caused by exceedingly long cable segments or by broken/damaged cable.

The Federal Communications Commission regulates emission in the United States.

Throughput is a measurement of data transferred through the medium between network connections.

Asynchronous communication

Synchronous communication

• Simplex: One direction only (common radio communication)
• Half-duplex: Two directions, one way at a time (walkie-talkie radio)
• Duplex: Communication goes in both directions simultaneously (phone)

Twisted pair is by far the least expensive type of network media and is also the easiest to install

22 gauge, and 24 gauge cabling are the two most common types of media

1000Base-T

Attenuation

Throughput

Asynchronous communication

Cat 5

A fiber optic network uses a laser or light-emitting diode to send a signal through the core portion of the cable.

Total internal reflection

Voice, video or data, depending on the type of transmitter and receiver being used.

Multi-mode fiber cable

Multi-mode fiber cable

Sturdiness and security

Cost and maintenance

Core

100

Single mode

Multi mode

Sturdiness and security

A bus network consists of a single central cable to which all computers and other devices connect

The bus itself might become inoperable

The nodes on a bus network must contend (compete) with each other for the use of the bus

A ring network topology

Its reliance on a central node for performing almost all the functions of the network

The mesh topology

A group of star-configured networks, connected to a linear bus backbone

FDDI has a data rate capacity of 100Mbps

FDDI has a maximum distance of 100 kilometers (60 miles)

Bus

The bus itself becoming inoperable

Fiber Distributed Data Interface (FDDI)

Layer 1 � the physical layer; Layer 2 � the data link layer; Layer 3 � the network layer

The physical layer is a set of rules regarding the hardware used to transmit data. It also includes descriptions of the acceptable connectors and interfaces to the media.

Any three of the following: provides the grammar by which machines converse with each other; serves as a vehicle for information transmission; defines the initialization and finalization procedures; decides who talks who listens; ensures error-free data transmission.

The network layer

Packet switching

Layer 4 � the transport layer; Layer 5 � the session layer; Layer 6 � the presentation layer; Layer 7 � the application layer

Error recognition and recovery

The session layer

This involves periodically inserting points into the data from which any recovery necessary can be started.

Network security, file transfers, and formatting functions

Database management programs, electronic mail, file server, and print server programs, and the command-and-response language of the operating system.

The Transmission Control Protocol/Internet Protocol Suite

A protocol

Physical

Data Link

Transport

Checkpointing

Presentation

Because a wide range of incompatible LAN products already existed.

The first three layers of the OSI model

Bus

CSMA/CD

Token bus

It can be listed several times in the network table of addresses so that it will receive the token more often.

This frame sends a general request through the network asking any station that wants to send a message to respond to receive the token.

Token ring

Wire centers

It can cover a greater distance than a token bus without loss of signal; each workstation repeats the signal

Bus

Carrier Sense Multiple Access/Collision Detection

Solicit successor frame.

Token ring

Because each workstation repeats the singal

X.400

As a datagram-based protocol, it is well-suited to LAN access methods. It is popular within the UNIX community with a large user base wishing to use LANs.

Internet Control Message Protocol

IP

To present the remote files to a program running on a workstation as if they were local to that workstation

Internet Protocol

Transmission Control Protocol

eXternal data representation

Layering is a design approach that specifies different functions and services at levels in the protocol stack.

To the protocol layer above it.

Service access points.

The Physical Layer simply transmits the completed frame to the network backbone.

There are 65,536

When the LLC PDU arrives at the MAC sublayer a trailer is added

They are placed in the trailer of the frame in the Field Check Sequence

The Checksum

Protocol data unit

Physical

Data Link

46

MAC addresses

Binary (the base two-number system)

The 32-bit IP address is broken into 4 sets of eight bits

128 64 32 16 8 4 2

There are 16 host bits

With a �C� there are 3 network octets

Network, subnet, and specific host fields

Those bits that belong to the network/subnet field

Media access control address

01100000

4

Standard

Modem

It converts binary electrical signals into acoustic signals for transmission over telephone lines (analog) and converts these acoustic signals back into binary form at the receiving end.

Demodulation

Converting analog signals to digital for transmission on digital lines.

CSU-channel service unit.

The computer as DTE and the CSU

Network interface card.

They are the RJ45 for 10BaseT cable, the BNC for 10Base2, attachment unit interface for transceiver connections, and the fiber connections.

The encode/decode module.

Network interface drivers.

Modem

Codecs

Encode/Decode

Frame Buffering

A transceiver

Data communications equipment

The physical layer

HUBs

An intelligent hub has special capabilities for configuration and/or management.

An active hub servers as a wiring and signal relay center, and also cleans and boosts signals.

A passive hub merely serves as a wiring and relay center.

A collision domain is a group of devices connected to the same physical media such that if two devices access the media at the same time, the result is a collision of the two signals.

A broadcast domain is a group of devices in the network that receive one another�s broadcast messages.

The same collision domain, broadcast domain, and bandwidth.

A Repeater

Hub

An intelligent hub

Broadcast Storm

A collision domain

Regenerates any signal received

Bridges

Since a bridge works at layer two, it�s not concerned with what protocol frames are using; it merely concerns itself with the MAC address.

Listen, Learn, Filter, and Forward.

First, if a packet that is received by a bridge is destined for a node on the same port as the packet was received, that packet will be filtered (or dropped). Second, bad packets are automatically filtered out. A bridge will not pass along garbled frames or electrical interference from one segment to the next. Third, a bridge filters packets using the MAC address.

It is a loop that is created when there is more than one path to the destination.

Transparent bridges

A mathematical algorithm uses to identify and correct loop potential port connections.

The bridge with the highest priority (the lowest number)

The one with the lowest MAC address is the root.

Bridge

Listen, learn, filter, forward

Spanning Tree Algorithm

Switch

Switches use the same spanning-tree algorithm to eliminate logical loops.

Bridges are software-based while switches are hardware-based.

Switches work at the data link layer and network layers of the OSI model.

• 1 � Layer 2 switch: this type of switch makes its switching decision based solely upon the MAC address and follows the switching process just described.
• 2 � Layer 3 switch: this type of switch makes its switching decisions based upon the MACK and IP address.

• 1 � Cut through: a cut-through switch reads only the MAC address in each frame�s header, and Immediately forwards it to the destination port.
• 2 � Store-and-forward: store-and-forward switches wait until the entire frame has arrived before forwarding the frame.
• 3 � Fragment-free: this is also known as modified cut-through. The switch reads the first 64 bytes before forwarding the frame.

A group of end-stations systems on multiple physical LAN segments that are not constrained by their physical location and can communicate as one common LAN.

• 1 � Port grouping is the most common method of defining VLAN membership. This method involves grouping ports on a switch, exclusive to other ports.
• 2 � MAC-layer grouping is defined by assigning MAC addresses to a specified VLAN community.
• 3 � Network-layer grouping considers the protocol type or address when defining separate VLAN membership.

The Media Access Control address

The Media Access Control and Internet Protocol address

Cut through

Fragment free

Auto negotiation

Virtual local area network

Port grouping

Routers

They can only process packets that adhere to the protocol family that it supports.

A series of subnets connected by routers. Internetworks on a larger scale are a series of related networks connected via a WAN, or connected via a series of interconnected WANs. Each constituent network of the internetwork is called a subnetwork, or subnet.

Administrators can manually enter the information or routers can use protocols that allow routers to exchange information about their attached networks.

In packet switching, a hop is a transmission between two routers, sometimes these packets may make several hops, depending on the size of the network or internetwork across which transmission they must go. Hop count is the total number of hops.

• 1 � Path determination: the function performed by a router for determining the optimal path/route to the destination.
• 2 � Switching: a function performed by the router to move information from one router to another according to decide path determinations.

• 1 � Static routing is defined as the establishment of routes by the network administrator that changes only when done manually. This type of routing is used primarily with networks supporting predictable traffic.
• 2 � Dynamic routing involves the use of routing protocols that adjust real-time to changing network circumstances. These protocols perform route determinations using mathematical algorithms, called metrics that analyze specific route criteria.

Distance vectoring

Link state

Router metrics are algorithms configured and used to determine the most optimal path on which to send data

• 1 � Hold Downs prevents regular update messages from inappropriately reinstating a route that has gone bad.
• 2 � Split Horizons prevents a router from sending route information back to the router from which it came.
• 3 � Poison Reverse will �poison� route updates that have a loop potential. Instead of preventing redundant updates to routers, as is done with split horizons, the poison reverse method sets the distance field (hope count) of the update to 16.

Network

Router

Static routing

Dynamic routing

Distance vectoring

Reliability

Split horizons

Gateway

Nonvolatile RAM

Interfaces

These are connections used to attach the internetworking device to a terminal, a PC running terminalemulation software, or a modem, allowing configuration commands to be entered.

A Privileged EXEC command.

An Interface command

User EXEC commands

The enable command is typed at the command prompt to enter privileged EXEC mode.

Aux, con, tty, and vty

To use command syntax help, enter �?� in the place of a keyboard or argument.

So error messages will have accurate timestamps.

Nonvolatile random access memory

Interfaces

Router>

Router#

Privileged Exec level

Global configuration mode

Enable password

No shutdown

Show running

Confreg

By controlling whether routed packets are forwarded or blocked at a router�s interface.

The first step is to create an access list definition, and the second step is to group the access list to a routing interface.

• 1 � Routers apply lists sequentially in the order in which you type them in the router.
• 2 � Routers apply list to packets sequentially, from the top down, one line at a time.
• 3 � Packets are processed only until a match is made and then they are acted upon based on the access list criteria contained in access list statements.
• 4 � Lists always end with an implicit deny. Routers discard any packets that do not match any of the access list statements.
• 5 � access list must be applied to an interface as either inbound or outbound traffic filters.

Routers use them to determine which bits in an address will be significant.

By extended IP access list can filter by source IP address, destination IP address, protocol type, and application port number.

That an access list has been successfully applied to an interface.

Access control lists

Implicit deny

• What does a standard access list use to filter packets?
• Source Internet Protocol address

1-99

Server

Database server

File server

Communications server

Domain name server

It is an application that breaks the connection between sender and receiver and acts as an intermediary between a workstation user and the internet so the organization can ensure security, administrative control, and caching service.

Windows internet name service.

Dynamic host configuration protocol server.

A network management server.

Dedicated server

Peer-to-peer

Print queues

Print spooling

Network Management System

An operating system that manages network resources and allows those resources to be shared across the network.

Client server and peer to peer configurations

Before installing a NOS, caution must be taken to ensure the computer hardware you are loading the software on is compatible, not to mention powerful enough to run without constant problems.

A domain.

The Registry is the central repository for the entire software and hardware configuration settings within a computer running the Windows NT operating system.

REGEDIT.EXE and REGEDIT32.EXE

Because any errors occurring during installation can cause problems for the server in the future.

Peer-to-peer and client server.

Registry

Hive

HKEY_LOCAL_MACHINE

It provides the information needed to ensure that the network is running at its optimum and that barring equipment failures the network will stay operational.

It is a set of activities to continuously evaluate the performance indicators of network operations and verify how service levels are maintained.

A set of statistical measurements made over a period of time that characterizes network operations and verify how service levels are maintained.

It is used as a starting point or performance reference, so detailed analysis of the performance of the network can be conducted.

1 � First, the data is collected; 2 � Then a report is generated; 3 � The third and most important step is results interpretation, which becomes easier over time as each successive baseline report teaches more about the network.

• 1 � Look for abnormalities; to begin with, look for high levels of utilization during hours that the internal server�s work center is off duty.
• 2 � Look for changes; compare successive baselines and question any significant changes in traffic patterns. Be sure that you understand and are comfortable with these changes.
• 3 � Learn what is normal for your network over time; to manage and secure your network, you must understand what bandwidth and protocols are needed by your customers.

A baseline is a reference the performance of the entire network is compared against (a set of statistical measurements made over a period of time that characterizes network performance) and benchmarking is the statistical measurements that distinguishes the performance of a specific networked application or network element.

Because it is usually the first most recognized problem with a network that is experiencing performance problems. All problem on a network usually culminate in a drop in network availability.

The degree to which errors is impacting network performance.

The amount of time that passes between when a request is issued and when a response to that request is received.

Because it consumes not only transmission bandwidth, but also processing time within the receiving devices.

Baseline

Benchmark

Network availability

The systems management mechanism that monitors and controls data collection for the purpose of data analysis and report generation on an OSI-based communications network.

A bundle of application software designed to significantly improve network efficiency and productivity, that specifically runs SNMP-based management applications.

In an area that is controlled strictly by the NCC.

1 � Centralized architecture has a NM platform on one computer system at a location that is responsible for all NM duties; 2 � Hierarchical architecture uses multiple systems, with one system acting as a central server and the others working as clients; 3 � Distributed architecture combines the centralized and hierarchical architectures. Instead of having one centralized platform or a hierarchy of central/client platforms, the distributed approach uses multiple peer platforms.

• 1 � Inactive; this is the case when no monitoring is accomplished
• 2 � Reactive; this is where network support personnel react to a problem after it has occurred yet no monitoring has been applied.
• 3 � Interactive; this is where you are monitoring components, but must interactively troubleshoot to eliminate the side-effect alarms and isolate to a root cause.
• 4 � Proactive; this is where the automated monitoring components provide interactive problem analysis, giving a root cause alarm for the problem at-hand, and automatic restorative problem analysis, giving a root cause alarm for the problem at-hand, and automatic restorative processes are in-place wherever possible to minimize downtime.

Network management server

Centralized, hierarchical, and distributed.

Centralized

Hierarchical

Interactive

Proactive

The process of obtaining data from the network and using that data to manage the setup of all managed network devices.

1 � Automatic discover; 2 � Auto-mapping features

Performance management is the evaluation of the network to ensure it performs as expected when compared against statistical data extracted from the network.

1 � Gather statistical information (trend analysis); 2 � Maintain and examine logs of system state (history); 3 � Determine system performance under natural and artificial conditions; 4 � Alter system modes of operation for the purpose of conducting performance management.

• 1 � Monitoring; the function that tracks historical data by tracking activities on the network.
• 2 � Tuning; deals strictly with the adjustment of the parameters on the network device to improve their overall operation.

The protection of sensitive information on devices attached to a data network by controlling access points to that information.

1 � Network security; 2 � NMS security

The process of identifying, locating and correcting network problems.

Faults are abnormal conditions that require NCC personnel to take action to correct or repair. Errors sometimes arise on a normal functioning of the network and do not necessarily require attention.

Configuration management

Monitoring and tuning

Monitoring

Security management

Tolerance parameters

Un reliable delivery of packets, need for polling (user intensive), and limited information derived from responses.

A hierarchical, structured format that defines the NM information available from network devices.

1 � An object identifier; 2 � A short text description

• 1 � Labeled nodes; 2 � Leaf nodes
• Word formatted (labeled) nodes allow people to read and understand what the label is pointing to, while the decimal (leaf) nodes are how the NMS tracks the information.

A workstation, client, network user, personal computer, server, printer or other device attached to a data network.

• 1 � Managers; typically a computer that is used to run one or more NMS applications (suite)
• 2 � Agents; responsible for monitoring, collecting and reporting management data to the management system.

The Get query retrieves the value of one instance of management information.

Modifies the value of one or more instances of management information.

An unsolicited message from an agent to the manager; it does not have a corresponding request message.

Each SNMP community is a group that contains at least one agent and one management system. The logical name assigned to such a group we call the community name.

• 1 � Read; community names as implied define a community that is read only.
• 2 � Write; community names are defined to allow the manager to remotely change configuration information from the management station or server.

Session

Management information base

Agent

Get

1 � File system; 2 � Licensing mode; 3 � Role in the domain; 4 � Protocol(s) to activate; 5 - Services

1 � Per Server; 2 � Per Seat

Other domain controllers automatically pick up the work load.

NetBEUI

CD-ROM installation

Domain controllers

No action is required

Member server

Internetwork packet exchange/sequenced packet exchange (IPX/SPX)

Data link control protocol

1 � Domain; 2 - Local

Minimum of nine characters; a mix of at least two uppercase characters, two lowercase characters, two numbers, and two special characters.

1 � Directory-based (located in AD); 2 � Local to a particular computer

• 1 � Distribution groups; 2 � Security groups
• Use distribution groups to create e-mail distribution lists, and security groups to assign permissions to shared resources.

The extent to which the group is applied within a domain or forest.

To ensure users don�t create vulnerability by leaving the default password in place.

Minimum of fifteen characters consisting of at least two upper and lowercase letters, two numbers, and two special characters.

Universal

The different levels of access to resources based on what particular groups or users need to be able to accomplish with the resource.

Read permissions are more restrictive.

The �No Access� permission always overrides all other permissions assigned to a user group to which the user belongs.

When a volume is formatted with NTFS, the �Everyone� group is automatically assigned Full Control permission to the volume.

Permissions

Access control lists

Full control

No access

Everyone group

Inherited permissions of the folder it is contained in.

No

1 � Distinguishing special users from typical users; 2 � Classifying users by rank or position.

Folder sizes are dependent on the server technology and size versus the importance and number of individual users.

Archiving files

Databases

Limiting the access time of typical users.

Job position

MBR

• 1 � It must be able to recognize enough of the file system to find the NTLDR program
• 2 � It loads and executes the NTLDR program.

BOOT.INI

It creates the registry key settings for hardware from the information passed to it by the boot loader.

It is essentially a query and response action.

BOOT.INI and NTDETECT.COM

System kernel

• 1 � Define the main problems; 2 � Gather facts; 3 � Consider all possible causes; 4 � Create a plan of action;
• 5 � Implement the plan of action; 6 � Observe the results of each action; 7 � Repeat any step necessary.

1 � The failure of a link; 2 � The restart of a device; 3 � The lack of response from a host.

Any action, whether automatic or manual, that provides information on substandard performance of network hardware.

Fault correction

Where is the network map?

Define the main problems.

Consider all possible causes.

Isolate a definite cause if the action fixes the problem

Failure to accurately observe and thoroughly document the results of their individual efforts.

Reactively and proactively

Devices that have lost power and have broken network connections.

Fault correction.

Status polling

An indication that a noteworthy even has occurred on the network.

By configuring the NMS alarm browser to post threshold alarms from mission-critical devices.

The object is not functioning; red.

What device had the alarm.

It allows you to keep a history of alarms while improving the performance of the alarm browser.

1 � Analyzes events based on previous, current, or subsequent events; 2 � Can create new events; 3 � Dramatically reduces the number of alarms displayed by the NMS alarm browser

Alarm

Cor

It is computed as a function of the contents of all the frame�s fields (source address, destination address, length/type, data) except the preamble, start-of-frame delimiter, and FCS.

CSMA/CD

By increasing network bandwidth, by further subdividing the network, or by eliminating other impairments that might be causing collisions.

Faulty NICs or transceivers that constantly transmit frames onto the network.

Oversize packets are discarded, but some network nodes may accept oversize packets and fail.

Undersize packets are the result of software errors generated by incompatible network protocols.

Frames that are smaller than the minimum size the network protocol requires.

The packet is fragmented into three packets, which are encapsulated into three Ethernet frames.

Alignment

Media Access Control frame

64

Jabbers

65,535

28

1 � Local collisions; 2 � Remote collisions; 3 � Late collections; 4 � Bad FCS; 5 � Runts

Additional bandwidth must be added or the network must be further subdivided

Less than 30%

Less than 70%

Jabbers manifest themselves as collisions and high utilization and FCS error rates.

PING and TRACERT

The target node�s network and MAC node addresses are displayed. The round-trip delay is indicated under the Delay column in milliseconds.

MAC node statistics

A list of errored frames including frame length, time frame was transmitted, and source and destination addresses.

Data link and physical

High utilization or jabbers

High utilization and collisions

PING and Tracert

Specific types of diagnostic software.

When either a software or hardware loopback test fails on the NIC.

The IPCONFIG command

It can provide the MAC address of the offending device that is using the same IP addres.

TRACERT will show you the devices it talks to in between your device and the host device you are trying to contact, while PING only shows if it connected to the distant end.

Loopback

IPCONFIG

127.0.0.1

Look on the back of the computer to see if the NIC�s green communication link light is illuminating.

Handshaking between the computer and the NIC (or between the NIC and the network) is not occurring.

The loopback plug.

Loopback plug

Physical hierarchies describe the real-world components, while Logical hierarchies are visible through network protocols.

Auto-discovery, manual discovery, and topology import.

Domain manager(s), a broker, and clients.

Physical Connectivity, IP Network Connectivity, IP Network Membership, VLAN Connectivity, and VLAN Membership.

Monitoring console; it is used to display the results of the domain manager�s correlation alarms.

Fault and performance data is collected using SNMP while device connectivity is monitored using CMP.

• 1 � Only one user can have a specific map opened with read-write access at anyone time.
• 2 � You can use the file system (FAT or NTFS) to purposely allow specific users to read-write or read-only access to a map by setting permission to the files.

Problem, compound event, and symptomatic event.

Domain managers, broker, and clients

Domain manager

Broker

Purple

Brower, Network Interface, Server, Cache, ICMP (PING), IP, Logical Disk, Memory, NBT Connection, Objects, Paging File, Physical Disk, Process, Processor, Redirector, Server Work Queues, System, TCP, Telephony, Thread, UDP0

Digital network diagnostics and developing communications software.

The NIC in a protocol analyzer is configured to process all frames, whereas other NICs only process broadcast frames and frames with its MAC address.

24 hours

The capture filters option.

Packets transmitted, CRC errors, undersize packets, oversize packets, ARP requests, data frame collisions, and bit errors.

MAC node statistics

Information concerning the bandwidth utilization and the number of connections that are related to specific nodes.

PING, Trace Route, and Traffic Generator

21

Protocol statistics

Node discovery

Connection statistics

Analyzing the network for known and unknown risks to the security posture.

The process of analyzing threat to and vulnerabilities of an information system to determine the risks (potential for losses), and using the analysis as a basis for identifying appropriate and cost-effective countermeasures.

1 � Definition; 2 � Verification; 3 � Validation; 4 � Post accreditation

The responsible data sources

A maximum of three years.

Risk analysis

Phase 1: Definition

Three

Authentication is a measure used to verify the eligibility of a subject and the ability of the subject to access certain information.

1 � Through something you know; 2 � Something you have; 3 � Something you are

CAC and associated PIN

Something you know

It must be at least nine characters long, have at least two upper- and lower-case letters (A/a, B/b, C/c, etc.), two numbers (0-9), and two special characters.

Authentication

Something you know.

The science of information security; it is most often associated with scrambling ordinary text files into ciphertext.

Confidentiality, integrity, nonrepudiation, and authentication

An infrastructure composed of a combination of products, services, facilities, policies, procedures, agreements, and users to provide for and sustain secure interactions on the Internet. PKI provides: 1 � Policies that indicate rules for the working of cryptographic systems; 2 � Mechanism for creating, storing, and managing keys and certificates; 3 � Strategy for creating, storing, managing, and distributing keys and certificates.

1 � Certification authority; 2 � Registration authority; 3 � PKI clients; 4 � Digital certificates; 5 � Certificate distribution system or repository.

A trusted authority that authenticates the identity of entities involved in electronic transactions. A CA issues digital certificates to authenticate the identity of a person or entity.

• 1 � A private key is an encryption/decryption key known only to the party or parties that exchange secure messages.
• 2 � A public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and verify digital signatures.

An intermediary authority that coordinates the interaction between clients and CAs; to ease the load of bulk certification requests from the CA during high peak demands.

An electronic credit card-like device that establishes your credentials when doing business or other transactions on the Internet.

A CDSR distributes the certificates to users and organizations.

The LDAP is a software protocol for enabling any internet user to locate organizations, individuals, and other resources such as files and devices in a network.

Token

Smart card

Session key

Barrier Reef

To �allow authorized traffic and deny all else.�

Network time sourcing

A firewall

Base network security policy

Step 1: Know thyself

Step 2: Determine requirements

1 � Boundary protection; 2 � Viral detection; 3 � Configuration inspection; 4 � Network mapping; 5 � Remote patching; 6 � Vulnerability testing

Tunneling

One or more routers and host machines; filtering software containing a series of rules that accept or reject packets of information, connection types or application-specific communications attempting to cross the firewall.

Packet filtering firewall; it stops messages with inappropriate network addresses.

A bastion host type of firewall.

Tunneling and application-based attacks.

Tunneling

Packet filtering

Bastion host

Bastion host

Vulnerability scanners

Unless prohibited by other policies, sanitized storage media is unclassified.

Wipeinfo

They must be degaussed to be considered sanitized.

Pulverizing, smelting or disintegrating the core arrays.

Wipeinfo

Degaussing

An IAVA is disseminated.

30 days

AFCERT

Urgent TCNOs

NCCs

IAVA

DISA

Information assurance vulnerability alert

Information assurance vulnerability bulletin

Service management capability

The middleman is eliminated; an individual introduces a message into DMS and it goes directly to the intended recipient�s desktop, laptop, PDA, or whatever.

Windows and UNIX

X.400 and X.500

27

X.400

X.500

Fortezza cards