What is FTTP?
Fiber to the premises.
means that the service provider’s fiber optic cable is run all the way to the customer’s building. This full fiber connection type is implemented as a passive optical network (PON)
Whats a PON?
Passive optical network.
In a PON, a single fiber cable is run from the point of presence to an optical line terminal (OLT) located in a street cabinet. From the OLT, splitters direct each subscriber’s traffic over a shorter length of fiber to an optical network terminal (ONT) installed at the customer’s premises. The ONT converts the optical signal to an electrical one. The ONT is connected to the customer’s router using an RJ45 Ethernet patch cord.
What is FTTC?
A fiber to the curb (FTTC) solution retains some sort of copper wiring to the customer premises while extending the fiber link from the point of presence to a communications cabinet servicing multiple subscribers.
The service providers with their roots in telephone networks use very high-speed DSL (VDSL) to support FTTC.
What is the primary advantage of using Time Division Multiplexing (TDM) in T-carrier systems?
Time Division Multiplexing (TDM) is a method used in T-carrier systems that enables multiple signals to be transmitted simultaneously over a single transmission path. By assigning each circuit (or channel) a specific time slot, multiple channels can share the same transmission medium (such as a T1 line) without interference, effectively increasing the capacity of the medium.
What is the primary function of a T-carrier system?
The T-carrier system was designed to digitize voice traffic for transport around the core of the telecommunications network. It also supports the transportation of other types of digital data and can be provisioned directly to subscribers as a leased line.
What is the purpose of a filter (splitter) in a DSL setup?
A filter, or splitter, is installed on each phone point in a DSL setup to separate the frequencies used for voice calls from those used for the DSL internet connection. This prevents interference or “noise” from affecting the quality of either service.
What role does a Cable Modem Termination System (CMTS) play in a cable internet setup?
It connects all the premises in a street via coaxial cables and routes data traffic through the fiber optic backbone to the Internet Service Provider’s (ISP’s) Point of Presence (PoP), facilitating internet access.
At which layer of the OSI model do WANs often use simpler protocols compared to LANs?
At the Data Link layer, WANs often use simpler protocols than LANs due to the point-to-point nature of many WAN connections, which requires less complexity.
What is the very short range rate of VDSL2?
VDSL2 specifies a very short range (100 m/300 feet) rate of 100 Mbps bi-directional, meaning it can support 100 Mbps for both downstream and upstream traffic at this distance. This high rate is achievable due to the short range and the advanced technology used in VDSL2.
What are the 2 core protocols in IPSEC?
Authentication Header (AH): Performs a cryptographic hash on the whole packet, including the IP header, plus a shared secret key (known only to the communicating hosts), and adds this value in its header as an Integrity Check Value (ICV). Payload is only hashed not encrypted so it provides no confidentiality but provides integrity.
Encapsulating Security payload (ESP): Can be used to encrypt the payload rather than simply calculating an ICV (integrity check value). ESP attaches three fields to the packet: a header, a trailer (providing padding for the cryptographic function), and an Integrity Check Value. Unlike AH, ESP excludes the IP header when calculating the ICV.
What are the 2 modes for IPSec?
Transport mode: used to secure communications between hosts on a private network (an end-to-end implementation). When ESP is applied in transport mode, the IP header for each packet is not encrypted, just the payload data. If AH is used in transport mode, it can provide integrity for the IP header.
Tunnel Mode: used for communications between VPN gateways across an insecure network (creating a VPN). This is also referred to as a router implementation. With ESP, the whole IP packet (header and payload) is encrypted and encapsulated as a datagram with a new IP header. AH has no real use case in tunnel mode, as confidentiality will usually be required.
What is IKE?
Internet Key Exchange: implements an authentication method, selects which cryptographic ciphers are mutually supported by both peers, and performs key exchange. The set of properties is referred to as a security association (SA).
How does phase 1 and 2 of IKE work?
Phase 1: establishes the identity of the two peers and performs key agreement using the Diffie-Hellman algorithm to create a secure channel.
Two methods of authenticating peers are commonly used: Digital certificates and Pre shared (group authentication.)
Phase 2: uses the secure channel created in Phase I to establish which ciphers and key sizes will be used with AH and/or ESP in the IPSec session.
IKE v1 was designed for: site-to-site and host-to-host topologies and requires a supporting protocol to implement remote access VPNs.
Tell me about ike v2.
The main changes are the following:
Supports EAP authentication methods, allowing, for example, user authentication against a RADIUS server.
Provides a simple setup mode that reduces bandwidth without compromising security.
Allows network address translation (NAT) traversal and MOBIKE multihoming. NAT traversal makes it easier to configure a tunnel allowed by a home router/firewall. Multihoming means that a smartphone client with Wi-Fi and cellular interfaces can keep the IPSec connection alive when switching between them.
What is a clientless vpn?
a remote access solution that allows users to securely access internal network applications via a standard web browser without installing dedicated client software. It works through a portal/reverse proxy
Which protocol is often used with other protocols to provision a secure tunnel due to its lack of inherent security mechanisms?
PPP (point to point protocol)
Which protocol is used in conjunction with IPSec to provide added security?
L2TP Layer 2 Tunneling Protocol
What can remote access be used for?
Remote configuration of network appliances.
Remote desktop connections either allow an administrator to configure a server or a user to operate a computer remotely.
Remote desktop gateways allow user access to networked apps.
What is another function of RDP?
RDP is mainly used for the remote administration of a Windows server or client, but another function is to publish software applications on a server, rather than installing them locally on each client
What is a OOB?
out of band management.
Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.
What is a jump box/host/sever?
The jump box only runs the necessary administrative port and protocol, such as SSH or RDP. Administrators connect to the jump box and then use the jump host to connect to the admin interface on the application server. The application server’s admin interface has a single entry in its ACL (the jump server) and denies connection attempts from any other hosts.
Its a hardened server that provides access to other hosts.
What is a API?
Application Programming interface
The means by which external entities interact with the appliance, calling it with expected parameters and receiving the expected output.
What are strong authentication policies to mitigate API connection risks?
Not using the root account for day to day logon activity or automation.
Only use secure protocols, such as HTTPS, for API communications.
Principals—user accounts, security groups, roles, and services—are enabled for programmatic access by assigning a secret key to the account.
What is the purpose of the ssh-agent command?
ssh-agent is a program that holds private keys used for public key authentication, reducing the number of times a user needs to enter their passphrase. It acts as a secure key manager for SSH sessions.
-
Topologies15
-
OSI Model15
-
SOHO Networks7
-
Troubleshooting methodology2
-
Ethernet3
-
Wiring Implementation11
-
Ports6
-
Fiber Optic Cables17
-
Common acronyms4
-
Physical installation factors.. Racks etc12
-
Cable Troubleshooting18
-
Network interfaces8
-
Network Threats and Attacks5
-
Authentication2
-
Hubs Bridges and Switches8
-
Cat cables9
-
switch port configuration and troubleshooting33
-
IP47
-
routing techniques50
-
Headers2
-
Transport and application layer protocols52
-
application services32
-
Supporting Network Management99
-
Explaining Network security concepts53
-
Applying Network Security Features56
-
Supporting Network Security Design30
-
Configuring Wireless networks67
-
Comparing remote access methods25
-
Summarizing cloud concepts9
