Complete Notes · Key Concepts · Ports & Protocols · Exam Tips · Practice Q&A · Acronym Reference
The OSI (Open Systems Interconnection) model breaks network communication into 7 layers. Data flows down on the sender side and up on the receiver side.
| Device / Function | Description |
|---|---|
| Router | Layer 3 device; routes packets between networks using IP addresses |
| Switch | Layer 2 device; forwards frames within a LAN using MAC addresses |
| Firewall | Filters traffic based on rules (ACLs); creates barrier between trusted and untrusted zones |
| IDS | Intrusion Detection System – monitors and ALERTS but does NOT BLOCK traffic (passive) |
| IPS | Intrusion Prevention System – monitors and ACTIVELY BLOCKS threats (inline) |
| Load Balancer | Distributes incoming traffic evenly across multiple servers |
| Proxy Server | Intermediary between clients and internet; can cache, filter, and hide internal IPs |
| NAS | Network-Attached Storage – dedicated file-sharing device on a LAN |
| SAN | Storage Area Network – dedicated high-speed network for block-level storage |
| Wireless AP | Connects wireless clients to a wired network (bridges 802.11 to 802.3) |
| WAP Controller | Centrally manages multiple lightweight APs (vs. autonomous AP = self-managed) |
| CDN | Content Delivery Network – edge servers cache content close to users to reduce latency |
| VPN | Virtual Private Network – encrypted tunnel over public network for secure remote access |
| QoS | Quality of Service – prioritizes certain traffic types (e.g., VoIP over browsing) |
| TTL | Time to Live – field in IP header limiting how many hops a packet can travel |
| Term | Definition |
|---|---|
| Public Cloud | Resources owned by 3rd-party provider, shared across tenants (AWS, Azure, GCP) |
| Private Cloud | Resources used exclusively by one organization |
| Hybrid Cloud | Combination of public and private clouds |
| VPC | Virtual Private Cloud – isolated private network within a public cloud |
| Term | Definition |
|---|---|
| SaaS | Software as a Service – remote access to software apps (e.g., Office 365, Gmail) |
| PaaS | Platform as a Service – dev platform for building apps (e.g., Heroku, Google App Engine) |
| IaaS | Infrastructure as a Service – outsourced compute/storage/networking hardware resources |
| Term | Definition |
|---|---|
| NFV | Network Functions Virtualization – replaces physical network hardware with software |
| Scalability | Planned, deliberate addition of resources to handle increased load |
| Elasticity | Automatic, dynamic adjustment of resources based on real-time demand |
| Multitenancy | Multiple users served by one application instance with isolated environments |
| Internet Gateway | Allows cloud instances to send/receive unencrypted traffic to/from Internet |
| NAT Gateway | Translates private IPs to public IP; restricts inbound connections from outside |
| Direct Connect | Dedicated private connection between on-prem network and cloud provider |
| NSG | Network Security Group – granular firewall rules applied to individual virtual NICs |
| NSL | Network Security List – subnet-level firewall rules (less granular than NSG) |
| Port | Protocol | Notes |
|---|---|---|
| 20 | FTP (data) | File transfer data; insecure – prefer SFTP/FTPS |
| 21 | FTP (control) | FTP session control; insecure |
| 22 | SSH / SFTP | Secure shell & secure file transfer; TCP |
| 23 | Telnet | Insecure remote login – REPLACE with SSH |
| 25 | SMTP | Send email between servers (client→server or server→server) |
| 53 | DNS | Domain Name System; both UDP and TCP |
| 67 | DHCP (server) | UDP – DHCP server listens here |
| 68 | DHCP (client) | UDP – DHCP client listens here |
| 69 | TFTP | Trivial FTP – no auth, no encryption; UDP |
| 80 | HTTP | Hypertext Transfer Protocol; insecure |
| 123 | NTP | Network Time Protocol; UDP |
| 161 | SNMP Agent | UDP – agent receives requests |
| 162 | SNMP Manager | UDP – manager receives traps/notifications |
| 389 | LDAP | Lightweight Directory Access Protocol; TCP |
| 443 | HTTPS | HTTP over TLS; secure web traffic |
| 445 | SMB | Server Message Block – file/printer sharing |
| 514 | Syslog | Log messages; UDP |
| 587 | SMTPS | SMTP Secure – send email over TLS |
| 636 | LDAPS | LDAP over SSL/TLS |
| 853 | DoT | DNS over TLS |
| 1433 | SQL Server | Microsoft SQL Server database; TCP |
| 3389 | RDP | Remote Desktop Protocol; TCP |
| 5060 | SIP (plain) | Session Initiation Protocol (unencrypted) |
| 5061 | SIP (TLS) | SIP over TLS (encrypted) |
| Type | Description |
|---|---|
| ICMP | Internet Control Message Protocol – error messages, ping, traceroute |
| TCP | Connection-oriented; 3-way handshake (SYN/SYN-ACK/ACK); reliable, ordered delivery |
| UDP | Connectionless; no handshake; faster, used for streaming, DNS, DHCP, VoIP |
| GRE | Generic Routing Encapsulation – tunneling protocol; NO encryption/auth itself |
| IPSec AH | Authentication Header – integrity + authentication; NO encryption |
| IPSec ESP | Encapsulating Security Payload – confidentiality + integrity + auth (provides encryption) |
| IPSec IKE | Internet Key Exchange – negotiates and sets up IPSec SAs, exchanges keys |
| Unicast | One-to-one traffic (specific destination IP) |
| Multicast | One-to-many (specific group; Class D: 224–239.x.x.x) |
| Anycast | One-to-nearest (IPv6 only – delivers to the nearest node in a group) |
| Broadcast | One-to-all within a network segment |
| Cable Type | Specs / Use Case |
|---|---|
| Cat 5e | Min for Gigabit Ethernet (1000BASE-T); 100m max; 1 Gbps |
| Cat 6 | Min for limited 10GbE (10GBASE-T @ 55m); 100m for 1 Gbps |
| Cat 6A | 10 Gbps up to 100m (augmented) |
| Cat 7 | 10 Gbps up to 100m; shielded |
| Cat 8 | 25/40 Gbps; ~30m; data center use |
| UTP | Unshielded Twisted Pair – most susceptible to EMI/RFI |
| STP | Shielded Twisted Pair – reduces crosstalk and EMI |
| Multimode Fiber | LED-based; short distances; cheaper; up to 400 Gbps; SR/SX standards |
| Single-Mode Fiber | Laser-based; long distances (miles); more expensive; up to 400 Gbps; LR/LX standards |
| Coaxial | Used for cable TV and broadband; features central conductor; RG types |
| Twinaxial (DAC) | Direct Attach Copper; short-range data center high-speed links |
| Plenum-rated | Fire-retardant jacket (PVC/FEP); required in air-handling spaces (drop ceilings) |
| Standard | Description |
|---|---|
| 10BASE2 (ThinNet) | 10 Mbps, thin coaxial cable |
| 10BASE5 (ThickNet) | 10 Mbps, thick coaxial cable |
| 1000BASE-T | 1 Gbps over copper twisted pair (Cat 5e+) |
| 1000BASE-SX | 1 Gbps over multimode fiber (short range) |
| 1000BASE-LX | 1 Gbps over single-mode fiber (long range) |
| 10GBASE-SR | 10 Gbps over multimode fiber (short range) |
| 10GBASE-LR | 10 Gbps over single-mode fiber (long range) |
| 10GBASE-CR | 10 Gbps over twinaxial copper (DAC cable) |
| 10GBASE-T | 10 Gbps over copper (Cat 6 @ 55m, Cat 6A @ 100m) |
| Connector | Description |
|---|---|
| SC | Subscriber Connector – fiber optic; push-pull coupling |
| LC | Local Connector – small form factor fiber; most common in data centers |
| ST | Straight Tip – older fiber connector; bayonet coupling |
| MPO | Multi-Fiber Push On – up to 72 fibers; data center high-density |
| RJ11 | Telephone equipment; dial-up; 2-wire twisted pair |
| RJ45 | Standard Ethernet connector; 8-wire twisted pair; LAN |
| F-type | Coaxial; threaded (screw-on); cable TV / broadband modems |
| BNC | Bayonet Neill–Concelman; coaxial; twist-and-lock; older network/video |
| SFP | Small Form-factor Pluggable – modular, hot-swappable transceiver |
| QSFP | Quad SFP – 4-channel version; higher bandwidth |
| Topology | Description |
|---|---|
| Star / Hub-and-Spoke | All devices connect to a central hub/switch. Most common LAN topology. Single point of failure at center. |
| Mesh | Every node connects to every other node. Highest redundancy. Expensive. Used on WANs/Internet. |
| Point-to-Point | Direct link between exactly two hosts. Simplest topology. |
| Hybrid | Combination of two or more topologies. |
| Spine and Leaf | Two-layer full-mesh in data centers. Every leaf connects to every spine. Max 2 hops between servers. |
| Three-Tier Model | Core (backbone, high-speed) → Distribution (routing/filtering) → Access (end devices) |
| Collapsed Core | Core + Distribution merged into one layer. Used in smaller networks to reduce cost. |
| North-South Traffic | Between a data center and external networks (Internet) |
| East-West Traffic | Between servers/devices within the same data center |
| Class | First Octet | Private Range | Default Mask | Use |
|---|---|---|---|---|
| Class A | 1–126 | 10.0.0.0–10.255.255.255 | 255.0.0.0 (/8) | Large networks |
| Class B | 128–191 | 172.16.0.0–172.31.255.255 | 255.255.0.0 (/16) | Medium networks |
| Class C | 192–223 | 192.168.0.0–192.168.255.255 | 255.255.255.0 (/24) | Small networks |
| Class D | 224–239 | Multicast | N/A | Multicast groups |
| Class E | 240–255 | Reserved | N/A | Experimental |
| Concept | Details |
|---|---|
| APIPA | 169.254.0.0/16 – auto-assigned when DHCP unavailable; local segment only |
| Loopback | 127.0.0.0/8 (commonly 127.0.0.1 = localhost) – test local NIC |
| RFC 1918 | Defines private IP ranges: 10.x.x.x, 172.16–31.x.x, 192.168.x.x |
| CIDR | Classless Inter-Domain Routing – replaces classful design; uses prefix notation (/24) |
| VLSM | Variable Length Subnet Mask – allows subnets of different sizes in same network |
| /30 | 255.255.255.252 → 4 addresses, 2 hosts – used for point-to-point links |
| /26 | 255.255.255.192 → 64 addresses, 62 hosts |
| /24 | 255.255.255.0 → 256 addresses, 254 hosts (most common) |
| Concept | Description |
|---|---|
| IPv6 Format | 128-bit address expressed in 8 groups of 4 hex digits. :: compresses consecutive zeros. |
| Link-Local | FE80::/10 – equivalent to IPv4 APIPA; not routable; auto-configured |
| Global Unicast | Starts with 2000–3FFF (2xxx or 3xxx); publicly routable; equivalent to public IPv4 |
| Loopback | ::1 – equivalent to 127.0.0.1 |
| Anycast | IPv6-only one-to-nearest delivery type |
| SLAAC | Stateless Address Autoconfiguration – devices auto-configure IPv6 without DHCP |
| Tunneling | Encapsulates IPv6 packets in IPv4 headers to traverse IPv4 networks |
| Dual Stack | Device runs both IPv4 and IPv6 simultaneously for migration |
| NAT64 | Allows IPv6-only devices to communicate with IPv4-only servers |
| Address Exhaustion | Primary reason IPv6 was developed (IPv4 ran out of addresses) |
| Technology | Description |
|---|---|
| SDN | Software-Defined Network – software-based control of network; central policy management; application-aware |
| SD-WAN | Software-Defined WAN – software-managed WAN connections; transport agnostic |
| VXLAN | Virtual Extensible LAN – overcomes 4094 VLAN limit; uses Layer 2 encapsulation over Layer 3 |
| ZTA | Zero Trust Architecture – no implicit trust; policy-based auth; continuous verification; least privilege |
| SASE | Secure Access Service Edge – combines networking + security into single cloud-based service |
| SSE | Security Service Edge – cloud security services only (subset of SASE) |
| IaC | Infrastructure as Code – manage infrastructure through scripts/templates; version control; branching |
| NFV | Network Functions Virtualization – replaces physical network hardware with software |
| Concept | Description |
|---|---|
| Static Routing | Manually configured by admin; simple; high security (no updates exchanged); not scalable |
| Dynamic Routing | Automatically discovers routes; adapts to changes; scalable for large networks |
| RIP | Routing Information Protocol – distance-vector; max 15 hops; older, small networks |
| OSPF | Open Shortest Path First – link-state; most popular; uses cost (bandwidth); fast convergence; IGP |
| EIGRP | Enhanced IGRP – hybrid (Cisco); uses composite metrics (BW, delay, load, reliability); IGP |
| BGP | Border Gateway Protocol – path-vector; used on the Internet between ASs; EGP |
| IS-IS | Intermediate System to IS – link-state; large service provider networks; IGP |
| Admin Distance | Value ranking route trustworthiness; LOWER = more preferred |
| Prefix Length | Longer prefix (/28 > /24) = more specific route = preferred |
| NAT | Network Address Translation – maps private IPs to public IP |
| PAT | Port Address Translation – maps many private IPs to one public IP using port numbers |
| FHRP | First Hop Redundancy Protocol – virtual IP shared among redundant gateway routers; auto-failover |
| VIP | Virtual IP – shared address assigned to multiple devices for redundancy or load balancing |
| Subinterface | Logical division of a physical interface; allows multiple VLANs on one physical port |
| Concept | Description |
|---|---|
| VLAN | Virtual LAN – logical grouping of devices regardless of physical location; reduces broadcast domains |
| VLAN Database | Centrally stores all configured VLANs on a switch |
| SVI | Switch Virtual Interface – logical interface for inter-VLAN routing |
| Native VLAN | Handles untagged frames on a trunk port (default VLAN 1) |
| Voice VLAN | Dedicated VLAN for VoIP traffic to ensure QoS |
| 802.1Q Tagging | Standard method to tag frames with VLAN ID on trunk ports |
| Link Aggregation (LACP) | Combines multiple physical ports into one logical channel for bandwidth and redundancy |
| Half-duplex | Communication in one direction at a time |
| Full-duplex | Simultaneous two-way communication |
| STP | Spanning Tree Protocol – prevents switching loops by blocking redundant paths |
| RSTP | Rapid STP – faster convergence than STP; preferred |
| MTU | Maximum Transmission Unit – max data size per frame (standard Ethernet = 1500 bytes) |
| Jumbo Frames | Ethernet frames larger than standard 1518 bytes (typically 9000 bytes) |
| Port Mirroring (SPAN) | Copies traffic from one port to another for analysis with a packet sniffer |
| Standard | Frequency | Max Speed | Notes |
|---|---|---|---|
| 802.11a | 5 GHz | 54 Mbps | Wi-Fi 1; older; 5 GHz only |
| 802.11b | 2.4 GHz | 11 Mbps | Wi-Fi 2; long range; slow |
| 802.11g | 2.4 GHz | 54 Mbps | Wi-Fi 3; backward compatible with b |
| 802.11n | 2.4 + 5 GHz | 600 Mbps | Wi-Fi 4; MIMO; dual-band |
| 802.11ac | 5 GHz | 6.9 Gbps | Wi-Fi 5; MU-MIMO |
| 802.11ax | 2.4 + 5 + 6 GHz | 9.6 Gbps | Wi-Fi 6/6E; OFDMA; 6E adds 6 GHz |
| Concept | Description |
|---|---|
| 2.4 GHz band | Longest range; most interference; only 3 non-overlapping channels (1, 6, 11); 11 channels total |
| 5 GHz band | Shorter range; less interference; more non-overlapping channels |
| 6 GHz band | Newest (Wi-Fi 6E only); shortest range; least congestion; most channels |
| Band Steering | Guides dual-band devices to the best available frequency |
| 802.11h | Amendment for spectrum and power management (DFS/TPC) in 5 GHz |
| SSID | Service Set Identifier – the Wi-Fi network name users see |
| BSSID | MAC address of the AP; unique per AP in a network |
| BSS | Basic Service Set – one AP + its clients |
| ESS | Extended Service Set – multiple APs with same SSID (roaming) |
| WPA2 | Uses AES/CCMP; PSK (home) or Enterprise (RADIUS server) modes |
| WPA3 | Strongest current Wi-Fi encryption; SAE replaces PSK; required for large secure networks |
| WPS | Wi-Fi Protected Setup – security risk; should be disabled |
| WEP | Wired Equivalent Privacy – deprecated; vulnerable; do not use |
| Captive Portal | Restricts access until user completes action (login/accept terms) |
| Autonomous AP | Self-managed; no controller required; good for small deployments |
| Lightweight AP | Requires Wireless LAN Controller (WLC) for centralized management |
| Omnidirectional | 360-degree coverage; standard for indoor APs |
| Directional | Focused beam; used for long-range point-to-point links (Yagi, dish, parabolic) |
| Concept | Description |
|---|---|
| MDF | Main Distribution Frame – main hub connecting internal networks to outside cabling |
| IDF | Intermediate Distribution Frame – connects MDF wiring to end devices on a floor/area |
| Rack Units (U) | 1U = 1.75 inches; standard racks typically 42U tall |
| Port-side Exhaust | Hot air exits from the port side; faces hot aisle |
| Port-side Intake | Cool air enters from port side; ports face cold aisle |
| Patch Panel | Copper cable management device with multiple ports |
| Fiber Distribution Panel | Termination and management point for fiber-optic cables |
| UPS | Uninterruptible Power Supply – provides emergency power during outages |
| PDU | Power Distribution Unit – supplies and monitors power to multiple devices |
| Blackout | Complete power outage |
| Brownout | Partial voltage drop (not full outage) |
| HVAC | Controls temperature, humidity, and air quality in data centers |
| Fire Suppression | Gaseous/clean agent systems preferred (NOT water or foam near equipment) |
| US Voltage | 110–120V (standard residential/commercial) |
| Europe Voltage | 220–240V |
| Document Type | Purpose |
|---|---|
| Physical Diagram | Shows physical hardware, cables, and their connections |
| Logical Diagram | Shows IP addressing, VLANs, routing, and traffic flow (no physical detail) |
| Layer 1 Diagram | Physical connections: cabling and hardware |
| Layer 2 Diagram | MAC addresses, switches, and network topology |
| Layer 3 Diagram | IP addressing, routing protocols, logical subnets |
| Rack Diagram | Shows physical placement of equipment in server racks |
| Cable Maps/Diagrams | Physical paths and connections between network components |
| IPAM | IP Address Management – tools to plan, track, and manage IP addresses |
| Asset Inventory | Records of hardware, software, licenses, and warranties |
| SLA | Service Level Agreement – defines service quality/availability requirements between provider and user |
| Wireless Heat Map | Visual representation of wireless signal coverage/strength |
| EOL | End of Life – product no longer manufactured or sold |
| EOS | End of Support – no more patches, bug fixes, or technical assistance |
| Golden Configuration | Optimized, pre-approved ideal configuration baseline |
| Decommissioning | Formal process of removing/retiring hardware or software |
| Change Management | Formal process for tracking and approving network changes |
| Concept | Description |
|---|---|
| SNMP | Simple Network Management Protocol – UDP-based; monitors network devices |
| SNMP Agent | Software on managed device; receives requests on UDP 161 |
| SNMP Manager (NMS) | Monitors devices; receives traps on UDP 162 |
| MIB | Management Information Base – virtual database on device holding config/state info |
| SNMP Trap | Unsolicited alert sent from agent to manager |
| SNMPv1/v2c | Use community strings (passwords); send data UNENCRYPTED |
| SNMPv3 | Adds encryption and stronger authentication; only version with encryption |
| Community String | Acts as a password in SNMPv1/v2c |
| Flow Data | Monitors network traffic patterns and usage statistics (NetFlow, sFlow) |
| Packet Capture | Captures and inspects actual packet contents (Wireshark, tcpdump) |
| Protocol Analyzer | Tool that captures and inspects network traffic (Wireshark, packet sniffer) |
| Syslog | Protocol for sending log/event messages (UDP 514); Syslog collector aggregates them |
| SIEM | Security Info and Event Management – collects, aggregates, analyzes log data; detects anomalies |
| API Integration | Automated communication and data exchange between monitoring systems |
| Port Mirroring | Copies traffic from ports to a monitoring port (SPAN) for analysis |
| Baseline Metrics | Standard performance measurements under normal conditions; used to detect anomalies |
| Nmap | Network discovery tool; identifies hosts, services, and topology |
| ICMP | Used to send echo requests (ping) to confirm device availability |
| Concept | Description |
|---|---|
| RPO | Recovery Point Objective – max acceptable data loss; how far back can you restore? |
| RTO | Recovery Time Objective – max allowable time to restore business functions after disaster |
| MTTR | Mean Time To Repair – average time to repair a failed component |
| MTBF | Mean Time Between Failures – higher MTBF = MORE reliable (fails less often) |
| Cold Site | Physical space only; no equipment; cheapest; slowest recovery |
| Warm Site | Has some hardware/software; partial data backups; needs configuration before use |
| Hot Site | Fully equipped and operational; ready to take over immediately; fastest; most expensive |
| Active-Active | All nodes handle traffic simultaneously; no single point of failure; complex/costly |
| Active-Passive | One node active, backup passive; simpler/cheaper; brief failover delay |
| Tabletop Exercise | Discussion-based DR simulation in a controlled environment |
| Validation Test | Hands-on execution of actual recovery processes |
| Term | Definition |
|---|---|
| Scope | Pool of IP addresses DHCP server can assign to clients |
| Reservation | Permanent IP assignment based on MAC address |
| Lease | Duration a client can use an assigned IP address |
| Options | Additional settings provided with IP (gateway, DNS, subnet mask) |
| Relay Agent / IP Helper | Allows DHCP server to assign IPs across multiple subnets |
| Exclusions | IP addresses removed from pool (reserved for static devices) |
| SLAAC | Stateless Address Autoconfiguration – IPv6 auto-config without DHCP |
| APIPA Symptom | Device gets 169.254.x.x address = DHCP scope exhausted or server unreachable |
| Record / Concept | Description |
|---|---|
| A | Maps hostname → IPv4 address (32-bit) |
| AAAA | Maps hostname → IPv6 address (128-bit) |
| CNAME | Canonical Name – alias for another hostname (multiple names to same IP) |
| MX | Mail Exchange – points to mail server for a domain |
| TXT | Text record – used for email security (SPF, DKIM, DMARC); not used for traffic routing |
| NS | Nameserver – specifies authoritative DNS servers for a domain |
| PTR | Pointer – reverse lookup; maps IP address → hostname (opposite of A/AAAA) |
| SOA | Start of Authority – administrative info about a DNS zone |
| DNSSEC | DNS Security Extensions – ensures integrity and authenticity of DNS data |
| DoH | DNS over HTTPS – hides DNS queries in regular HTTPS web traffic (port 443) |
| DoT | DNS over TLS – encrypts DNS queries using dedicated TLS connection (port 853) |
| Forward Zone | Maps hostnames to IP addresses |
| Reverse Zone | Maps IP addresses to hostnames (uses PTR records) |
| Authoritative DNS | Holds original records for a domain (Primary or Secondary) |
| Non-Authoritative | Responds using cached or forwarded data |
| Recursive Lookup | DNS server contacts multiple servers on client behalf to fully resolve |
| Hosts File | Local file on machine; overrides DNS for name resolution |
| Method / Concept | Description |
|---|---|
| Site-to-Site VPN | Encrypted tunnel connecting two networks (e.g., two office sites) |
| Client-to-Site VPN | Individual user connects securely to a remote network (remote access VPN) |
| Clientless VPN | VPN access through a web browser (HTTPS); no client software needed |
| Split Tunnel | Only certain traffic goes through VPN; rest uses public internet (saves bandwidth) |
| Full Tunnel | All traffic routed through VPN |
| SSH | Secure Shell – encrypted command-line remote access (port 22); replaces Telnet |
| RDP | Remote Desktop Protocol – GUI-based remote access (port 3389); Windows |
| API | Application Programming Interface – automated communication between systems |
| Console Access | Physical port connection for direct device management; used when network is down |
| Jump Box/Host | Dedicated intermediary system for secure access to devices in protected segments |
| In-Band Management | Managing devices through the same network used for data (SSH, HTTPS, RDP, SNMP) |
| Out-of-Band Management | Separate management network; works even when main network is down (console port) |
| NTP | Network Time Protocol – synchronizes clocks over network |
| PTP | Precision Time Protocol – nanosecond precision; financial/industrial systems |
| NTS | Network Time Security – protects time synchronization data from attacks |
| Concept | Description |
|---|---|
| CIA Triad | Confidentiality, Integrity, Availability – core principles of information security |
| PKI | Public Key Infrastructure – hierarchical system for creating/managing digital certificates |
| Self-Signed Cert | Not trusted by browsers by default; used in internal/dev environments; no 3rd-party CA |
| IAM | Identity and Access Management – framework for controlling access to digital resources |
| MFA | Multifactor Authentication – requires 2+ categories (know/have/are/somewhere) |
| SSO | Single Sign-On – one login grants access to multiple connected systems |
| RADIUS | Remote Authentication Dial-In User Service – centralized AAA for remote access users |
| LDAP | Lightweight Directory Access Protocol – manages user accounts, groups, devices |
| SAML | Security Assertion Markup Language – exchanges authentication/authorization data |
| TACACS+ | AAA protocol primarily for managing access to network devices (Cisco) |
| TOTP | Time-Based One-Time Password – generates OTP based on current time + secret key |
| Least Privilege | Users get minimum access needed for their responsibilities |
| RBAC | Role-Based Access Control – permissions tied to roles/job functions |
| Geofencing | Controls device usage based on geographic location |
| Honeypot | Decoy system mimicking real systems; attracts attackers; monitors for threats |
| Honeynet | Network of multiple honeypots |
| PCI DSS | Payment Card Industry Data Security Standards – protects credit cardholder data |
| GDPR | General Data Protection Regulation – governs privacy of EU citizens personal data |
| IoT | Internet of Things – interconnected devices with sensors |
| IIoT | Industrial IoT – IoT for industrial applications |
| SCADA | Supervisory Control and Data Acquisition – specific type of ICS |
| ICS | Industrial Control System – control/automation systems in industrial settings |
| OT | Operational Technology – hardware/software monitoring/controlling physical industrial processes |
| BYOD | Bring Your Own Device – employees use personal devices for work |
| Screened Subnet | Semi-trusted zone (DMZ) between trusted internal and untrusted external networks |
| Attack | Description |
|---|---|
| DoS | Denial of Service – overwhelms target from a single source |
| DDoS | Distributed DoS – multiple compromised systems flood target; harder to defend |
| VLAN Hopping | Bypasses VLAN segmentation using unauthorized VLAN tags |
| MAC Flooding | Overwhelms switch CAM table with fake MACs; causes switch to broadcast all traffic |
| ARP Spoofing | Attacker sends fake ARP packets to associate their MAC with a legitimate IP |
| ARP Poisoning | Device ARP cache contains incorrect IP-to-MAC mappings |
| DNS Poisoning | Remaps domain names to rogue IPs in a DNS resolver cache |
| DNS Spoofing | Attacker intercepts DNS query and responds with forged record |
| Rogue DHCP | Unauthorized DHCP server causes IP conflicts, wrong gateway/DNS settings |
| Evil Twin | Rogue AP with same SSID as legitimate AP; used for eavesdropping |
| On-Path Attack | Attacker intercepts and modifies traffic between two parties (MITM) |
| Phishing | Social engineering: disguised as legitimate to steal credentials/info |
| Dumpster Diving | Searching trash for sensitive discarded documents or media |
| Shoulder Surfing | Observing screen/keyboard to steal info; countered by privacy filters |
| Tailgating | Following authorized person into a restricted area without permission |
| Malware | Harmful programs: viruses, worms, ransomware, trojans |
| Worm | Self-propagating malware that spreads across networks without user action |
| Technique | Description |
|---|---|
| Device Hardening | Disable unused ports/services; change default passwords; apply firmware updates |
| NAC | Network Access Control – controls which devices can join network (port security, 802.1X, MAC filtering) |
| 802.1X | IEEE standard – switch acts as authenticator; requires RADIUS server; used for port security |
| Port Security | Limits which MAC addresses can connect to a switch port |
| MAC Filtering | Network access based on 48-bit hardware address |
| ACL | Access Control List – rule-based traffic filtering; implicit deny at end |
| URL Filtering | Blocks/allows access to websites based on URL |
| Content Filtering | Inspects data streams for keywords, file types, or patterns |
| UTM | Unified Threat Management – single device providing multiple security services |
| Trusted Zone | Private/internal network (LAN, intranet) |
| Untrusted Zone | Public networks (Internet, guest Wi-Fi) |
| Screened Subnet | Buffer zone (DMZ) with publicly accessible servers outside main firewall |
| Data in Transit | Protect with VPN, IPSec, TLS |
| Data at Rest | Protect with encryption (archived files, DB records, backup files) |
| Key Management | Secure handling of encryption keys |
| Step | Description |
|---|---|
| Step 1 | Identify the problem – gather info, question users, identify symptoms, check for changes, duplicate issue |
| Step 2 | Establish a theory of probable cause – question the obvious; consider top-to-bottom or bottom-to-top OSI |
| Step 3 | Test the theory – confirm or deny; if wrong, establish new theory or escalate |
| Step 4 | Establish a plan of action – resolve problem and identify potential effects |
| Step 5 | Implement the solution or escalate as necessary |
| Step 6 | Verify full system functionality and implement preventive measures |
| Step 7 | Document findings, actions, outcomes, and lessons learned |
| Issue | Details |
|---|---|
| Incorrect Cable | Wrong type: single-mode vs multimode, Cat 5 in GbE → replace with Cat 5e+ |
| Attenuation | Signal loss over distance; solved by repeaters/switches, not transceivers alone |
| Crosstalk | Interference between adjacent wire pairs; STP cable reduces this |
| EMI/RFI | External electromagnetic interference; fiber immune; STP reduces; UTP most susceptible |
| Improper Termination | Wrong pinouts; use cable tester to diagnose |
| TX/RX Transposed | Wrong TIA/EIA standard or wrong pin assignments; use crossover or check MDI-X |
| Auto MDI-X | Interface automatically detects and configures connection type (straight-through vs crossover) |
| CRC Errors | Cyclic Redundancy Check failures = transmission errors; often bad cable or NIC |
| Runts | Ethernet frames smaller than 64 bytes; caused by collisions or faulty devices |
| Giants | Frames exceeding 1518 bytes; caused by misconfigured MTU or faulty equipment |
| Packet Drops | Lost packets due to congestion, buffer overflow, or network issues |
| Error Disabled | Port shut down by switch due to errors, security violations, or config issues |
| Administratively Down | Port manually shut down for maintenance or policy |
| Suspended | Port temporarily inactive due to network conditions or security policies |
| Issue | Cause / Solution |
|---|---|
| Network Loop | Multiple active paths causing endless packet circulation; prevented by STP/RSTP |
| Incorrect VLAN | Devices on same switch cannot communicate if on different VLANs |
| ACL Misconfiguration | Implicit deny may block legitimate traffic; ACL evaluated top-down |
| Wrong Default Gateway | Device can reach local LAN but not external networks |
| Wrong Subnet Mask | Device may think other hosts are on different network; causes local comm failure |
| Duplicate IP | Two devices share same IP; caused by static assignment errors or rogue DHCP |
| DHCP Exhaustion | No more IPs to assign; devices get APIPA address (169.254.x.x) |
| Routing Loop | Packets circulate between routers; mitigated by route poisoning, split horizon, TTL |
| Issue | Solution / Notes |
|---|---|
| Congestion/Contention | Too many devices competing for bandwidth; use QoS |
| Bottlenecking | Single component limits overall performance; fix with hardware/software upgrades |
| Latency | Delay in data delivery; CDN reduces latency for geographically distant users |
| Jitter | Variable delay (especially VoIP quality); use QoS to prioritize voice traffic |
| Packet Loss | Detected with ping, tracert, traceroute |
| Channel Overlap | 2.4 GHz: use channels 1, 6, 11 (non-overlapping); increasing width = more throughput but more interference |
| Wireless Signal Loss | Do NOT switch to lower frequency; check AP placement, obstructions |
| Roaming Issues | Ensure all APs broadcast same SSID, use identical encryption, adequate overlap |
| Client Disassociation | Use security features preventing deauthentication attacks |
| Tool | Function |
|---|---|
| ping | Tests reachability; detects packet loss; sends ICMP echo requests |
| traceroute (Linux) | Displays hops between source and destination (IPv4) |
| tracert (Windows) | Same as traceroute but for Windows |
| nslookup | Troubleshoots DNS issues on Windows |
| dig | DNS query tool on Linux/macOS |
| tcpdump | Command-line packet capture utility (Linux) |
| netstat -a | Displays all active TCP connections and listening ports |
| netstat -b | Shows application names accessing the network (Windows) |
| ipconfig /all | Full TCP/IP config for all adapters (Windows) |
| ipconfig /release | Releases DHCP-assigned IP address (Windows) |
| ipconfig /renew | Renews DHCP-assigned IP address (Windows) |
| ifconfig | Displays TCP/IP settings on Linux (older; replaced by ip command) |
| ip | Modern Linux replacement for ifconfig |
| arp -a | Displays ARP cache (IP-to-MAC mapping table) |
| Nmap | Network discovery; identifies hosts, services, open ports, topology |
| Wireshark | GUI protocol analyzer; captures and inspects packets |
| Command | Purpose |
|---|---|
| show mac-address-table | Displays MAC-to-port mapping table on a switch |
| show route | Displays routing table on router or Layer 3 switch |
| show interface | Status and performance of network interfaces (up/down, errors, stats) |
| show config | Current device configuration (interfaces, routing, VLANs, settings) |
| show arp | Displays ARP table (IP-to-MAC mappings) |
| show vlan | VLAN configuration (IDs, names, port assignments) |
| show power | PoE power information; useful for troubleshooting PoE issues |
| Tool | Function |
|---|---|
| Cable Tester | Verifies cable integrity and connectivity; detects incorrect pinouts |
| Toner & Probe Kit | Traces and identifies individual wires within a cable bundle |
| Optical Power Meter | Tests signal strength in fiber-optic links |
| PoE Tester | Verifies PoE compatibility between switch and connected devices |
| Network Tap | Passive monitoring device; captures traffic without interrupting flow |
| Wi-Fi Analyzer | Detects Wi-Fi networks, signal strength, channel usage, interference |
| Network Heat Map | Visual map of wireless signal coverage (identifies weak areas) |
| Visual Fault Locator | Locates faults in fiber-optic cables using visible red laser light |
| Speed Tester | Measures bandwidth (upload/download speed) and latency |
| LLDP | Link Layer Discovery Protocol – vendor-neutral; devices advertise identity to neighbors |
| CDP | Cisco Discovery Protocol – Cisco-proprietary; shares device info between Cisco devices |