This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher. All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or gtslearning. 2.3 Routers and Firewalls CompTIA Server+ Certification (Exam SK0-004)
Objectives Understand the basics of IP routing and use of tracert to troubleshoot Explain the functions of TCP and UDP ports and use netstat to identify open ports Implement secure network topologies using zones, NAT, firewalls, and VLANs 2.3 Routers and Firewalls 120
Identify the network addresses of the source and destination hosts Compare the source and destination network addresses o Local network - IP uses ARP messaging to locate the destination interface of the local host o Remote networks - IP uses ARP messaging to locate the default gateway (router) to use to forward the packet A data link protocol (such as Ethernet) encapsulates the packet into one or more frames and transmits them over the network Time to Live (TTL) Routing protocols Routing tables IP Routing Basics 2.3 Routers and Firewalls 120
Routers 2.3 Routers and Firewalls 121
Network Address Translation Static / dynamic NAT o Maps IP address from private LAN to public IP address (or address pool) Port Address Translation / NAT overloading o Allows multiple private addresses to map to a single public address 2.3 Routers and Firewalls 122
Troubleshooting Routing Issues Establish IP connection to rule out name resolution or service issue Consider physical or security (firewall) issue Improper subnetting Investigate local routing table – route command Use tracert to test path between hosts 2.3 Routers and Firewalls 123
Using tracert and traceroute 2.3 Routers and Firewalls 124
TCP and UDP Ports Transport layer o End-to-end layer Multiplexing and de- multiplexing o Identifies application data via port numbers o Packages data in a stream of segments o Merges segments from different applications over the network link o Port numbers allow receiving host to de-multiplex and reassemble data for the appropriate application handler 2.3 Routers and Firewalls 125
TCP versus UDP Transmission Control Protocol (TCP) o Connection-oriented, reliable delivery o Connection establishment o Acknowledgements and negative acknowledgments o Segmentation and sequencing User Datagram Protocol (UDP) o Connectionless, non- guaranteed delivery o Lightweight header 2.3 Routers and Firewalls 126
Well Known Ports 2.3 Routers and Firewalls 127
netstat 2.3 Routers and Firewalls 128
Zones and ACLs 2.3 Routers and Firewalls 129
Private network (intranet) o A network of trusted hosts owned and controlled by the organization Extranet o A network of semi-trusted hosts, typically representing business partners, suppliers, or customers o Hosts must authenticate to join the extranet Internet o A public zone permitting anonymous access (or perhaps a mix of anonymous and authenticated access) by untrusted hosts over the Internet Intranets and Extranets 2.3 Routers and Firewalls 130
Demilitarized Zones (DMZ) Screened subnet Three-legged firewall Screened host 2.3 Routers and Firewalls 130
Internal Network Firewalls 2.3 Routers and Firewalls 131
Basic Firewalls Packet filtering o IP filtering o Protocol ID / type o Port filtering / security Ingress versus egress Allow or block 2.3 Routers and Firewalls 132
Troubleshooting Misconfigured Firewalls / ACLs 2.3 Routers and Firewalls 133
Host-based Firewalls NOS Firewall Application Firewall Personal Firewall 2.3 Routers and Firewalls 135
VLAN Configuration Virtual LAN (VLAN) Divide computers attached to same cabling between logically separate networks Isolate traffic Ensure services accessible to VLAN 2.3 Routers and Firewalls 136
Review Understand the basics of IP routing and use of tracert to troubleshoot Explain the functions of TCP and UDP ports and use netstat to identify open ports Implement secure network topologies using zones, NAT, firewalls, and VLANs 2.3 Routers and Firewalls 138