Module 4 / Using Networks Using Networks

The following CompTIA ITF+ domain objectives and examples are covered in
this module:

CompTIA ITF+ Certification Domains Weighting

1.0 IT Concepts and Terminology 17%
2.0 Infrastructure 22%
3.0 Applications and Software 18%
4.0 Software Development 12%
5.0 Database Fundamentals 11%
6.0 Security 20%

Refer To Domain Objectives/Examples

Unit 4.1 / 2.7 Explain basic networking concepts.
Networking Basics of network communication (Basics of
Components packet transmission, DNS, URL-to-IP translation,
LAN vs. WAN) • Device addresses (IP address,
MAC address) • Basic protocols (HTTP/S, POP3,
IMAP, SMTP)
Unit 4.2 / 2.4 Compare and contrast common Internet
Connecting to a service types.
Network Fiber optic • Cable • DSL • Wireless (Radio
frequency, Satellite, Cellular)
2.7 Explain basic networking concepts.
Devices (Modem, Router, Switch, Access point)
2.8 Given a scenario, install, configure and
secure a basic wireless network.
802.11a/b/g/n/ac (Older vs. newer standards,
Speed limitations, Interference and attenuation
factors) • Best practices (Change SSID, Change
default password, Encrypted vs. unencrypted
[Open, Captive portal, WEP, WPA, WPA2])
Unit 4.3 / Secure 2.7 Explain basic networking concepts.
Web Browsing Devices (Firewall)
3.5 Given a scenario, configure and use web
browsers.
Caching/clearing cache • Deactivate client-side
scripting • Browser add-ons/extensions (Add,
Remove, Enable/disable) • Private browsing •
Proxy settings • Certificates (Valid, Invalid) • Popup
blockers • Script blockers • Compatible browser for
application(s)
6.2 Explain methods to secure devices and
best practices.
Securing devices (Host firewall, Safe browsing
practices)

Page 327
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit Summary
Refer To Domain Objectives/Examples
Unit 4.4 / Using 2.5 Compare and contrast storage types.
Shared Storage Local network storage types (NAS, File server) •
Cloud storage service
6.7 Explain business continuity concepts.
Backup considerations—data [File backups,
Critical data, Database, OS backups], Backup
considerations—location [Stored locally, Cloud
storage, On-site vs. off-site]
Unit 4.5 / Using This unit does not cover specific exam domain
Mobile Devices objectives or content examples.

Page 328
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Module 4 / Unit 1 Networking Concepts

Networking Concepts

Objectives
On completion of this unit, you will be able to:

□ Describe the components and functions of computer networks.

□ List the protocols and technologies used for addressing on computer

networks.

□ Connect a computer to a wired or wireless network.

□ Describe the uses of common application protocols.

Syllabus Objectives and Content Examples

This unit covers the following exam domain objectives and content examples:

□ 2.7 Explain basic networking concepts.

Basics of network communication (Basics of packet transmission, DNS,
URL-to-IP translation, LAN vs. WAN) • Device addresses (IP address, MAC
address) • Basic protocols (HTTP/S, POP3, IMAP, SMTP)

Page 329
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1
Network Components

A network is two or more computer systems linked together by some form of

transmission medium that enables them to share information. The network
technology is what connects the computers, but the purpose of the network is
to provide services or resources to its users. These services may include
access to shared files and folders, printing, and database applications.

Networks are built from media, appliances, and protocols but they exist to provide services and
resources to users. (Image by Svetlana Kurochkina © [Link].)

Network Clients and Servers

Network clients are computers and software that allow users to request
resources shared by and hosted on servers.

LANs and WANs

Networks of different sizes are classified in different ways. A network in a
single location is often described as a Local Area Network (LAN). This
definition encompasses many different types and sizes of networks though. It
can include both residential networks with a couple of computers and
enterprise networks with hundreds of servers and thousands of workstations.
Typically, most of the equipment and cabling used on a LAN is owned and
operated by the company or organization using the LAN.

Page 330
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Networks in different geographic locations but with shared links are called Networking Concepts
Wide Area Networks (WAN). A WAN is more likely to make use of a service
provider network. Companies that operate national telephone networks are
called telecommunications companies or telcos. Companies that specialize
in providing Internet access are called Internet Service Providers (ISP).
Telcos operate as ISPs themselves but also make parts of their networks
available to smaller ISPs.

Network Media
A network is made by creating communications pathways between the devices
on the network. Network endpoints can be referred to as nodes or hosts.
Communications pathways are implemented using an adapter installed in the
host to transmit and receive signals and network media between the interfaces
to carry the signals. There are two main types of local network connections:

■ Wired data connections use cabling and either electrical signals over
copper wire or light signals over fiber optic to connect nodes. Most local
networks use a wired network standard called Ethernet to implement these
links.

■ Wireless (Wi-Fi) data connections use radio signals to transmit signals

over the air. With Wi-Fi, a node usually connects to an access point at a
range of up to about 30m.

Wide area networks can also use copper or fiber optic cabling and various
types of wireless networking, including point-to-point radio, cellular radio, and
satellite communications.

Addressing and Protocols

Network signals must be packaged in such a way that each host is able to
understand them. Also, each host must have a means of recognizing the
location of other hosts on the network. These functions are provided by a
network protocol. A network protocol identifies each host on the network using
a unique address. It also defines a packet structure. A packet is a wrapper for
each data unit transmitted over the network. A packet generally consists of a
header (indicating the protocol type, source address, destination address,
error correction information, and so on) and a payload (the data).

Networks use multiple protocols. The packet from one protocol can
be wrapped within the packet from another (encapsulation).

The overwhelming majority of networks use TCP/IP to perform these functions.

Page 331
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1
TCP/IP

In an age when even your refrigerator is connected to the Internet, it’s

important that you understand the basics of networking, specifically, how the
Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols
works to provide the apps and services we increasingly rely on.

Packet Transmission
The original research underpinning TCP/IP was performed in the late 1960s
and early 1970s by the Advanced Research Projects Agency (ARPA), which
is the research arm of the US Department of Defense (DoD). The DoD
wanted to build a network to connect a number of military sites. The prototype
was a research network called ARPANET, first operational in 1972. This
connected four university sites using a system described as a packet
switching network.

Prior to this development, any two computers wanting to communicate had to

open a direct channel, known as a circuit. If this circuit was broken, the
computers would stop communicating immediately. Packet switching
introduces the ability for one computer to forward information to another. To
ensure information reaches the correct destination, each packet is addressed
with a source and destination address and then transferred using any available
pathway to the destination computer. A host capable of performing this
forwarding function is called a router.

A packet switching protocol is described as "robust" because it can

automatically recover from communication link failures. It re-routes data
packets if transmission lines are damaged or if a router fails to respond. It can
utilize any available network path rather than a single, dedicated one.

Packet switching internetwork. Image © [Link].

Page 332
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 The figure above shows an example of an internetworking system. A packet Networking Concepts
being sent from Network A to Network D may be sent via Network C (the
quickest route). If this route becomes unavailable, the packet is routed using
an alternate route (for example, A-F-E-D).

As well as the forwarding function and use of multiple paths, data is divided
into small chunks or packets. Using numerous, small packets means that if
some are lost or damaged during transmission, it is easier to resend just the
small, lost packets than having to re-transmit the entire message.

TCP/IP Protocol Suite Layers

The major benefit in utilizing TCP/IP is the wide support for the protocol. It is
the primary protocol of the Internet and the World Wide Web. It is also the
primary protocol for many private internets, which are networks that connect
Local Area Networks (LANs) together.

As mentioned above, TCP/IP is a suite or set of network transport protocols.

When considering network technologies and protocols, it is helpful to conceive
of them as working in layers. The TCP/IP model consists of four layers, each
with defined functions. At each layer are protocols within the TCP/IP suite, or
its supporting technologies, that make use of the protocols in the layer below
and provide services to the protocols in the layer above:

Layers in the TCP/IP protocol suite.

Page 333
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 The four layers are as follows:

■ Link or Network Interface layer—responsible for putting frames onto the

physical network. This layer does not contain TCP/IP protocols as such. At
this layer, different networking products and media can be used, such as
Ethernet or Wi-Fi. Communications on this layer take place only on a local
network segment and not between different networks. Data at the link layer
is packaged in a unit called a frame.

■ Internet layer—encapsulates packets into Internet datagrams and deals

with routing between different networks. Three key protocols are used at
this layer:

● Internet Protocol (IP)—the main protocol in the TCP/IP suite is

responsible for logical addressing and routing of packets between hosts
and networks.

● Address Resolution Protocol (ARP)—used for hardware address

resolution. Each host has a link or network interface layer address,
usually called the Media Access Control (MAC) address, to identify it on
the local physical network. To deliver packets, this local MAC address
must be resolved to a logical IP address using ARP.

● Internet Control Message Protocol (ICMP)—sends messages and

reports on errors regarding packet delivery.

■ Transport layer—these protocols provide communication sessions

between computers. Each application protocol is identified at the transport
layer by a port number. There are two transport protocols:

● Transport Control Protocol (TCP) provides connection-oriented

delivery. This means that the delivery is reliable and that packets are
delivered in the correct sequence.

● User Datagram Protocol (UDP) provides connectionless delivery –

there is no guarantee that packets will arrive in the correct sequence.
Any issues arising from the unreliable nature of UDP must be dealt with
at the application layer. The advantage of UDP is that there is less
overhead involved in processing and transmitting each packet and so it
is faster than TCP.

■ Application layer—the top level of the architecture contains protocols that

provide the communications formats for exchanging data between hosts,
such as transmitting an email message or requesting a web page.

Page 334
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Internet Protocol Networking Concepts

The Internet Protocol (IP) is the primary protocol responsible for the
forwarding function we defined above. It provides packet delivery for all higher-
level protocols within the suite. It provides best effort delivery between hosts
on a local network or within an internetwork of an unreliable and
connectionless nature.

Delivery is not guaranteed and a packet might be lost, delivered out of

sequence, duplicated, or delayed.

IP Packet Structure
At the IP layer, any information received from the transport layer is wrapped in
a datagram. The transport layer datagram is the payload and IP adds a
number of fields in a header to describe the payload and how to deliver it:

Field Explanation
Source IP address Identifies the sender of the datagram by IP
address.
Destination IP Identifies the destination of the datagram
address by IP address.
Protocol Indicates whether the data should be
passed to UDP or TCP at the destination
host.
Checksum Verifies the packet's integrity upon arrival
at the destination.
Time to Live The number of seconds a datagram is
allowed to stay on the network before
being discarded, otherwise packets could
endlessly loop around an internet. A router
will decrease the TTL by at least one
second when it handles the packet, and is
required to decrement the TTL by at least
the time spent in the router.

Once the fields have been added, the IP datagrams are packaged into a
suitable frame format and delivered over the local network segment.

IP Addresses
As you can see from the fields in the datagram, an IP address is used to
logically identify each device (host) on a given network. An IP address is a 32-
bit binary value. To make this value easier to enter in configuration dialogs, it is
expressed as four decimal numbers separated by periods: [Link] for
instance. Each number represents a byte value, that is, an eight-character
binary value, also called an octet, or a decimal value between 0 and 255. This
is referred to as dotted decimal notation.

Page 335
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 Recall that you can convert between binary and decimal by setting out the
place value of each binary digit. For example, you can convert 172 as follows:

128 64 32 16 8 4 2 1
1 0 1 0 1 1 0 0
128*1 64*0 32*1 16*0 8*1 4*1 2*0 1*0
128 + 0 + 32 + 0 + 8 + 4 + 0 + 0
= 172

Refer back to Unit 2.1 for the topic on binary and decimal notation.

This information relates to IP version 4. IP version 6 (IPv6) defines

longer addresses (128 bit compared to 32 bit). These are
expressed in hex notation ([Link] for
example).

Network Prefixes and Subnet Masks

An IP address encodes two pieces of information:

■ The network number (network ID)—this number is common to all hosts on

the same IP network.

■ The host number (host ID)—this unique number identifies a host on a

particular network or logical subnetwork.

In order to distinguish the network ID and host ID portions within an address,

each host must also be configured with a network prefix length or subnet
mask. This is combined with the IP address to determine the identity of the
network to which the host belongs.

The network prefix is also a 32-bit number. It contains a contiguous series of

binary ones where the matching bit of the IP address is a part of the network
ID. The rest of the mask is zeroes and represents the host ID bits in the IP
address. For example, the prefix /8 would contain eight binary ones followed
by 24 binary zeros. The prefix could also be expressed as a subnet mask by
converting it to dotted decimal ([Link]).

IPv6 only uses network prefixes to identify the network portion of

the address.

Page 336
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Packet Delivery and Forwarding Networking Concepts

The Internet Protocol (IP) covers addressing and forwarding at a "logical" level
between networks with distinct IDs (network layer). Actual delivery of
information takes place at the lower physical/data link layer. The IP datagram
is put into a frame. Frames can only be delivered over a local network
segment.

MAC Addresses
Frames use a different addressing method than IP. At the data link layer, each
host is identified by the address of its network interface. This is called a
hardware address or a Media Access Control (MAC) address. The MAC
address is assigned to the network adapter at the factory. It is a 48-bit value
expressed in hex notation. It is often displayed as six groups of two
hexadecimal digits with colon or hyphen separators or no separators at all (for
example, [Link] or 00608c123abc) or as three groups of
four hex digits with period separators (0060.8c12.3abc).

Address Resolution Protocol (ARP)

If two systems are to communicate using IP, the host sending the packet must
map the IP address of the destination host to the hardware address of the
destination host. The Address Resolution Protocol (ARP) is the protocol that
enables this process of local address discovery to take place. Hosts broadcast
ARP messages onto the local network to find out which host MAC address
"owns" a particular IP address. If the destination host responds, the frame can
be delivered. Hosts also cache IP:MAC address mappings for several minutes
to reduce the number of ARP messages that have to be sent.

Using ARP for local address resolution.

Page 337
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 Routing
If the destination IP address is a local one (with the same network ID as the
source), the host uses ARP messaging to discover the local destination host. If
the network IDs are different, the sending host uses ARP messaging to
discover a router on the local segment (its default gateway) and uses that to
forward the packet. The router forwards the packet to its destination (if known),
possibly via intermediate routers.

DNS and URLs

As we have seen, network addressing uses 48-bit MAC values at the data link
layer and 32-bit IP addresses at the network layer. Computers can process
these numbers easily, but they are very difficult for people to remember or type
correctly.

People find it much easier to address things using simple names.

Consequently, there are protocols to assign names to hosts and networks and
to convert these names into IP addresses. The name resolution protocol used
with the TCP/IP suite is called the Domain Name System (DNS).

Domain Name System (DNS)

DNS name resolution hierarchy.

The Domain Name System (DNS) is a hierarchical, client/server-based

distributed database name management system. The purpose of the DNS
database is to resolve resource names to IP addresses. In the DNS, the clients
are called resolvers and the servers are called name servers. The DNS
database is distributed because no one DNS server holds all possible DNS
records. This would be far too much information for a single server to store.
Instead, the hierarchical nature of the DNS namespace enables DNS servers
to query one another for the appropriate record.

Page 338
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 The namespace is structured like an inverted tree, starting at the root, and Networking Concepts
working down. Below the root are a set of Top Level Domains (TLD) that define
broad classes of entities (.com versus .gov, for instance) or national
authorities (.uk versus .ca, for instance). Within the TLDs, entities such as
companies, academic institutions, non-profits, governments, or even
individuals can all register individual domains. An organization may also create
sub-domains to represent different parts of a business. Domains and sub-
domains contain resource records. These records contain the host name to IP
address mapping information used to resolve queries.

Any computer holding records for a part of the namespace is said to be a

name server. Name servers that contain the requested resource records for a
particular namespace are said to be authoritative. If they are not authoritative
for a namespace, they will have pointers to other name servers which might be
authoritative.

Resolvers are software programs running on client computers. For example,

name resolution is a critical part of web browsing, so web browser software will
implement a resolver.

Hostnames and Fully Qualified Domain Names

A hostname is just the name given to an IP host. A hostname can be
configured as any string with up to 256 alphanumeric characters (plus the
hyphen), though most hostnames are much shorter. The hostname can be
combined with information about the domain in which the host is located to
produce a Fully Qualified Domain Name (FQDN). For example, if www is a
host name, then the FQDN of the host www within the [Link] domain is
[Link].

DNS Query Example

In the graphic below, a client needs to establish a session with the
[Link] web server.

Resolving a hostname using DNS.

Page 339
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 1) The resolver (client) sends a recursive DNS query to its local DNS server
asking for the IP address of [Link]. The local name server
checks its DNS data corresponding to the requested domain name.

A recursive query makes the local name server responsible for

resolving the name and means it cannot just refer the resolver to
another name server.

2) It then sends a query for [Link] to a root name server.

3) The root name server has authority for the root domain and will reply with
the IP address of a name server for the .org top level domain.

4) The local name server sends an iterative query for [Link] to

the .org name server.

An iterative query means that the local name server does not
expect the .com name server to return a record and that it will
accept a referral to another name server. Name servers that are
authoritative for domains will only typically respond to iterative
queries.

5) The .com name server doesn't have a resource record [Link]

but it can provide the IP address of the name server responsible for the
[Link] domain.

6) The local name server now queries the [Link] name server for the IP
address of [Link].

7) The [Link] name server replies with the IP address corresponding to

the FQDN [Link].

8) The local name server sends the IP address of [Link] back

to the original resolver.

Note how each query brings the local name server closer to the IP address of
[Link].

Uniform Resource Locators (URL)

When a web browser is used to request a record from a web server, the
request must have some means of specifying the location of the web server
and the resource on the web server that the client wants to retrieve. This
information is provided as a Uniform Resource Locator (URL).

The URL (or web address) contains the information necessary to identify and
(in most cases) access an item.

Page 340
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Networking Concepts

URL with 1) Protocol; 2) Host location; 3) File path.

A URL consists of the following parts:

1) Protocol—this describes the access method or service type being used.

URLs can be used for protocols other than HTTP/HTTPS. The protocol is
followed by the characters ://

2) Host location—this could be an IP address, but as IP addresses are very

hard for people to remember, it is usually represented by a Fully Qualified
Domain Name (FQDN). DNS allows the web browser to locate the IP
address of a web server based on its FQDN.

3) File path—specifies the directory and file name location of the resource, if
required. Each directory is delimited by a forward slash. The file path may
or may not be case-sensitive, depending on how the server is configured. If
no file path is used, the server will return the default (home) page for the
website.

Internet Application Services

The protocols we have discussed so far all involve supporting communications

with addressing formats and forwarding mechanisms. At the application layer,
there are protocols that support services, such as publishing, e-commerce, or
messaging. The TCP/IP suite encompasses a large number and wide range of
application layer protocols. Some of the principal protocols amongst these are
discussed below.

HTTP and HTML

HyperText Transfer Protocol (HTTP) is the basis of the World Wide Web.
HTTP enables clients (typically web browsers) to request resources from an
HTTP server. A client connects to the HTTP server using its TCP port (the
default is port 80) and submits a request for a resource using a Uniform
Resource Locator (URL). The server acknowledges the request and returns
the data.

To run a website, an organization will typically lease a server or space on a

server from an ISP. Larger organizations with their own Internet Point-of-
Presence may host websites themselves. Web servers are not only used on
the Internet however. Private networks using web technologies are described
as intranets (if they permit only local access) or extranets (if they permit
remote access).

Page 341
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 HTTP is usually used to serve HTML web pages, which are plain text files with
coded tags (HyperText Markup Language) describing how the page should
be formatted. A web browser can interpret the tags and display the text and
other resources associated with the page, such as picture or sound files.
Another powerful feature is its ability to provide hyperlinks to other related
documents. HTTP also features forms mechanisms (GET and POST) whereby
a user can submit data from the client to the server.

The functionality of HTTP servers is often extended by support for scripting

and programmable features (web applications).

SSL/TLS
One of the critical problems for the provision of early e-commerce sites was the
lack of security in HTTP. Under HTTP, all data is sent unencrypted and there is
no authentication of client or server. Secure Sockets Layer (SSL) was
developed by Netscape and released as version 3.0 in 1996 to address these
problems. SSL proved very popular with the industry and is still in widespread
use. Transport Layer Security (TLS) was developed from SSL and ratified as
a standard by IETF. TLS is now the version in active development, with 1.2 as
the latest version.

SSL/TLS is closely associated with use of the HTTP application, referred to as

HTTPS or HTTP Over SSL or HTTP Secure but can also be used to secure
other TCP/IP application protocols.

HTTPS operates over port 443 by default. HTTPS operation is

indicated by using https:// for the URL and by a padlock icon shown
in the browser.

Essentially, a server is assigned a digital certificate by some trusted

Certificate Authority. The certificate proves the identity of the server,
assuming that the client trusts the Certificate Authority. The server uses the
digital certificate and the SSL/TLS protocol to encrypt communications
between it and the client. This means that the communications cannot be read
or changed by a third party.

Use the padlock icon displayed next to a secure web address to verify the identity of the certificate
holder.

Page 342
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Electronic Mail (Email) Networking Concepts

Email is a messaging system that can be used to transmit text messages and
binary file attachments encoded using Multipurpose Internet Mail
Extensions (MIME). Email can involve the use of multiple protocols. The
following process illustrates how an email message is sent from a typical
corporate mail gateway, using the Microsoft Exchange mail server, to a
recipient with dial-up Internet access:

1) The email client software on the sender's computer

(sender@[Link]) sends the message to the Exchange email server
using Microsoft's MAPI (Message Application Programming Interface)
protocol. The mail server puts the message in a queue, waiting for the next
Simple Mail Transfer Protocol (SMTP) session to be started.

2) When the Exchange SMTP server starts to process the queue, it first
contacts a DNS server to resolve the recipient's address (for example,
recipient@[Link]) to an IP address for the
[Link] email server, listed as an MX (Mail Exchanger)
record in DNS.

3) It then uses SMTP to deliver the message to this email server. The delivery
usually requires several "hops," from the mail gateway to the sender's
Internet Service Provider (ISP), then to the recipient's ISP. The hops taken
by a message as it is delivered over the Internet are recorded in the
message header.

Viewing SMTP Internet headers for a mail message. Screenshot used with permission from
Microsoft.

Page 343
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 1 4) The message is put in the message store on the recipient's mail server. To
retrieve it, the recipient uses his or her mail client software to connect with
the mailbox on the server, using the Post Office Protocol v3 (POP3) or
Internet Message Access Protocol (IMAP).

When using POP3, the messages are usually deleted from the server when
they are downloaded, though some clients have the option to leave them on
the server. IMAP supports permanent connections to a server and connecting
multiple clients to the same mailbox simultaneously. It also allows a client to
manage the mailbox on the server, to organize messages in folders and
control when they are deleted for instance, and to create multiple mailboxes.

Email communications between a client and server would normally

be protected with SSL/TLS security.

Configuring Email
To configure an email account, you need the user name, password, and
default email address, plus incoming and outgoing server addresses and
protocol types from the ISP.

Configuring an email account—the incoming server is either POP3 or IMAP while the outgoing
server is SMTP. Screenshot used with permission from Microsoft.

Internet email addresses follow another URL scheme (mailto). An Internet

email address comprises two parts; the user name (local part) and the domain
name, separated by an @ symbol. The domain name may refer to a company
or an ISP. For example, [Link]@[Link]
or [Link]@[Link].

Different mail systems have different requirements for allowed and disallowed
characters in the local part. The local part is supposed to be case-sensitive,
but most mail systems do not treat it as such. An incorrectly addressed email
will be returned with a message notifying that it was undeliverable. Mail may
also be rejected if it is identified as spam or if there is some other problem with
the user mailbox, such as the mailbox being full.
Page 344
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Networking Concepts

Review Questions / Module 4 / Unit 1 / Networking Concepts

Answer these questions to test what you have learned in this unit.

1) What is a WAN?

2) What is a packet made up of?

3) What are the key features of a packet switching network?

4) What protocol is usually used to provide logical addressing on networks?

5) What type of address identifies a network interface in the context of the

local network segment only?

6) What type of device is used to transfer packets between different

networks?

7) Which protocol allows people to use names/labels to address network

resources rather than numeric addresses?

8) Which of the following parts of a web address is usually depends on a

name resolution service: protocol type, host location, file path?

9) What does HTTP stand for?

10) Which email protocol(s) are used to download messages from a mail
server?

Page 345
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2
Module 4 / Unit 2
Connecting to a Network

Objectives
On completion of this unit, you will be able to:

□ Identify the roles of different network devices in providing local and Internet
network connectivity.

□ Distinguish the advantages and disadvantages of Internet connection

types.

□ Connect a computer to a wired or wireless network.

□ Configure a wireless access point to use secure network settings.

Syllabus Objectives and Content Examples

This unit covers the following exam domain objectives and content examples:

□ 2.4 Compare and contrast common Internet service types.

Fiber optic • Cable • DSL • Wireless (Radio frequency, Satellite, Cellular)

□ 2.7 Explain basic networking concepts.

Devices (Modem, Router, Switch, Access point)

□ 2.8 Given a scenario, install, configure and secure a basic wireless

network.
802.11a/b/g/n/ac (Older vs. newer standards, Speed limitations,
Interference and attenuation factors) • Best practices (Change SSID,
Change default password, Encrypted vs. unencrypted [Open, Captive
portal, WEP, WPA, WPA2])

Page 346
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Internet Service Types Connecting to a Network

The sort of equipment and networks used at home and in small businesses are
often described as SOHO (Small Office Home Office). A SOHO network is
typically based around a single multifunction device. This type of network
device can perform the following sort of functions:

■ Switch—connects four or eight computers together in an Ethernet LAN

using RJ-45 network ports and twisted-pair cabling.

■ Access Point (AP)—creates a Wi-Fi wireless network (WLAN) between

computers and mobile devices equipped with suitable adapters and also
switches communications between the wired and wireless networks.

■ Internet router/modem—connects the wired and wireless network clients

to the Internet via a WAN link.

Typical SOHO Internet router/modems—the antennas visible on the one on the left show that it
can also function as a wireless access point. (Image © [Link].)

These devices are often simply referred to as "routers." It is

possible for the modem and the router to be separate appliances.
The function of the modem is to transmit frames across the WAN
link, while the function of the router is to forward packets between
the local network and the Internet.

There are various ways in which the WAN link can be provisioned.

Page 347
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 Digital Subscriber Line (DSL)
Digital Subscriber Line (DSL) is one of the most popular SOHO Internet
service types. DSL works over an ordinary telephone line, providing the line is
of sufficient quality. The DSL modem/router is connected to the telephone line
using a cable with RJ-11 connectors between the WAN port on the router and
the telephone point. Data is transferred over the line using the high frequency
ranges that voice calls don't need to use. The telephone point is fitted with a
microfilter to prevent the data signals interfering with voice calls and vice versa.

Most residential DSL services are asymmetric (ADSL), meaning that the uplink
(up to about 1.4 Mbps) is slower than the downlink (up to about 24 Mbps). The
speeds achievable are heavily depending on the quality of the telephone wiring
and the distance to the local telephone exchange. The maximum supported
distance is about three miles.

Fiber Optic
Faster Internet services can be provisioned using fiber optic networks. Fiber
optic cables perform much better over long distances and are not affected by
noise in the way that electrical signals over copper cable are. Unfortunately,
providing a fiber cable all the way to customer premises, referred to as Fiber
to the Home (FTTH), requires substantial investment by the telecom providers
and is not widely available.

Fiber to the Curb (FTTC) is a compromise solution widely deployed in urban

and some rural areas. FTTC means that the telecom provider has installed a
fiber network terminating at a cabinet somewhere in a nearby street. Each
residence is connected to the fiber network over the ordinary copper telephone
cabling using Very High Bit Rate DSL (VDSL). VDSL supports a downlink of
up to 52 Mbps and an uplink of 16 Mbps at a distance of up to about 300m.
VDSL2 also specifies a very short range (100m/300 feet) rate of 100 Mbps (bi-
directional). The VDSL Internet modem/router is connected in much the same
way as an ADSL modem/router.

Cable
Where FTTC is offered by providers with origins in the telephone network, a
cable Internet connection is usually provided as part of a Cable Access TV
(CATV) service. These networks are often described as Hybrid Fiber Coax
(HFC) as they combine a fiber optic core network with coax links to customer
premises equipment. Coax is another type of copper cable but manufactured in
a different way to twisted pair.

The cable modem or modem/router is interfaced to the computer through an

Ethernet adapter and to the cable network by a short segment of coax,
terminated using an F-connector.

Cable based on the Data Over Cable Service Interface Specification

(DOCSIS) version 3.0 supports downlink speeds of up to about 1.2 Gbps. Most
service providers packages do not offer those kinds of speeds however, with
about 100 Mbps being typical of a premium package at the time of writing.
Page 348
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Connecting to a Network

Each Internet access type requires a specific modem or

router/modem. You cannot use an ADSL router/modem to connect
to an FTTC or HFC service for instance.

Verifying a Wired Connection

When you connect a Windows computer to a wired network, the network icon
in the notification area of the taskbar should show a valid connection. A red
cross on the icon indicates that either the cable is not connected properly, is
faulty, or the network switch/router is faulty. A yellow alert on the icon indicates
that the link has not been configured properly with IP address information and
cannot connect to the Internet.

Network status icons showing (left-to-right) a working connection, a disconnected cable, and a
connection with unknown or incomplete address information. Screenshot used with permission
from Microsoft.

The Internet Protocol (IP) address information is usually configured by the

router, using a service called the Dynamic Host Configuration Protocol
(DHCP). You would need to investigate either the settings on the adapter or
the switch/router.

You can test an Internet connection quite simply by trying to browse a website.

Wireless Internet Services

While a cabled Internet service will usually offer the best bandwidth, they are
not always available. Wireless services can be used in areas where it is too
difficult or expensive to lay cable.

Microwave Satellite
Satellite systems provide far bigger areas of coverage than can be achieved
using other technologies. The microwave dishes are aligned to orbital satellites
that can either relay signals between sites directly or via another satellite. The
widespread use of satellite television receivers allows for domestic Internet
connectivity services over satellite connections. Satellite services for business
are also expanding, especially in rural areas where DSL or cable services are
less likely to be available.

Satellite connections experience severe latency problems as the signal has to

travel thousands of miles more than terrestrial connections, introducing a delay
of 4–5 times what might be expected over a land link. For example, if
accessing a site in the US from Europe takes 200ms over a land (well,
undersea) link, accessing the same site over a satellite link could involve a
900ms delay. This is an issue for real-time applications, such as video
conferencing, voice calling, and multi-player gaming.
Page 349
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 To create a satellite Internet connection, the ISP installs a satellite dish
(antenna) at the customer's premises and aligns it with the orbital satellite. The
satellites all orbit the equator, so in the northern hemisphere the dish will be
pointing south. The antenna is connected via coaxial cabling to a DVB-S
(Digital Video Broadcast Satellite) modem. This can be installed in the PC as
an expansion card or as an external box connected via a USB or Ethernet port.

Cellular Radio
Cellular data connections use radio transmissions but at greater range than
Wi-Fi. Cellular data is more closely associated with Internet access for cell
phones and smartphones than with computers.

That said, a cell phone can share its Internet connection with a
computer (tethering), if the computer has no other means of
Internet access.

A cellular phone makes a connection using the nearest available transmitter

(cell or base station). Each base station has an effective range of up to five
miles (eight km). The transmitter connects the phone to the mobile and PSTN
networks. Cellular radio works in the 850 and 1900 MHz frequency bands
(mostly in the Americas) and the 900 and 1800 MHz bands (rest of the world).

Cellular digital communications standards developed in two competing formats,

established in different markets:

■ GSM (Global System for Mobile Communication)-based phones. GSM

allows subscribers to use a SIM (Subscriber Identity Module) card to use
an unlocked handset with their chosen network provider. GSM is adopted
internationally and by AT&T and T-Mobile in the US.

■ TIA/EIA IS-95 (cdmaOne)-based handsets. With CDMA, the handset is

managed by the provider not the SIM. CDMA adoption is largely restricted
to the telecom providers Sprint and Verizon.

There are many different cellular Internet service types, marketed in terms of
"generations" (3G, 4G, and 5G). Support for a particular type is dependent on
the local cell tower. Some of the technologies used include:

■ GPRS/EDGE (General Packet Radio Services/Enhanced Data Rates for

GSM Evolution) is a precursor to 3G (2.5G) with GPRS offering up to
about 48 Kbps and EDGE about 3–4 times that.

■ Evolved High Speed Packet Access (HSPA+) is a 3G standard

developed via several iterations from the Universal Mobile
Telecommunications System (UMTS) used on GSM networks. HSPA+
nominally supports download speeds up to 168 Mbps and upload speeds
up to 34 Mbps. HSPA+-based services are often marketed as 4G if the
nominal data rate is better than about 20 Mbps.

■ CDMA2000/Evolution Data Optimized (EV-DO) are the main 3G

standards deployed by CDMA network providers. EV-DO can support a 3.1
Page 350 Mbps downlink and 1.8 Mbps uplink.
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 ■ Long Term Evolution (LTE) is a converged 4G standard supported by Connecting to a Network
both the GSM and CDMA network providers. LTE has a maximum
downlink of 150 Mbps in theory, but no provider networks can deliver that
sort of speed at the time of writing, with around 20 Mbps far more typical of
the speed that might actually be obtained.

■ LTE Advanced (LTE-A) is intended to provide a 300 Mbps downlink, but

again this aspiration is not matched by real world performance. Current
typical performance for LTE-A is around 40 Mbps.

Radio Frequency
As noted above, Radio Frequency (RF) is a means of provisioning a wireless
local network using Wi-Fi standard equipment. While this isn't a means of
Internet service provision in itself, it is a means for a client to connect to a
wireless router offering Internet access.

As well as the wireless router in your home network, you could use an open or
public access point to get on the Internet. You have to be careful to secure
the connections you open when doing this and to avoid using public access
points that have been set up for malicious purposes.

When using an open access point, only use web servers

supporting the HTTPS secure protocol if transferring information.
Similarly, ensure that your connection to your email provider uses a
secure type of SMTP and POP3/IMAP.

Setting Up a Wireless Network

A typical SOHO network appliance provides four wired Ethernet ports to

connect hosts to the local network via a built-in switch and, via a built-in router
and WAN modem, to the Internet. Most consumers need to connect more than
four devices to the network, and it is not very convenient to have to use those
devices only in locations where they can be cabled to the router.
Consequently, most SOHO networks rely heavily on wireless (Wi-Fi)
networking.

Wireless Standards and Compatibility

"Wireless networking" is generally understood to mean the IEEE's 802.11
standards for Wireless LANs (WLAN), also called Wi-Fi. There are several
versions of the standard, starting with the legacy 802.11a and 802.11b, which
supported data rates of 54 Mbps and 11 Mbps respectively. Subsequently,
802.11g acted as an upgrade path for 802.11g, working at 54 Mbps but also
allowing support for older 802.11b clients. 802.11a was not as widely adopted
but does use a less crowded frequency band (5 GHz) and is considered less
susceptible to interference than the 2.4 GHz band used by 802.11b/g.

Page 351
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 The 802.11n standard can use either frequency band and deliver much
improved data rates (nominally up to 600 Mbps). The latest 802.11ac standard
is now widely supported. 802.11ac access points can deliver up to 1.7 Gbps
throughput at the time of writing. 802.11ac works only in the 5 GHz range with
the 2.4 GHz band reserved for legacy standards support (802.11b/g/n).

Standard Maximum Transfer Rate Band

802.11a (1999) 54 Mbps 5 GHz
802.11b (1999) 11 Mbps 2.4 GHz
802.11g (2003) 54 Mbps 2.4 GHz
802.11n (2009) 72.2 Mbps/stream (Single Channel) 2.4/5 GHz
150 Mbps/stream (Bonded Channels)
802.11ac (2013) 1.7 Gbps (at time of writing) 5 GHz

Most SOHO routers support 802.11g/n or 802.11g/n/ac. This means that you
can have a mix of client devices. For example, you might have a new router
that supports 802.11ac but computers and tablets with wireless adapters that
only support 802.11n. You can use the access point in compatibility mode to
allow these devices to connect.

Compatibility modes can slow the whole network down, especially

if 802.11b clients have to be supported. If possible, use newer
standards only.

Configuring an Access Point

To configure an access point, you connect a PC or laptop to one of the LAN
ports on the SOHO router. The SOHO router should assign the computer's
adapter an Internet Protocol (IP) address using a service called the Dynamic
Host Configuration Protocol (DHCP). If this has worked properly, you should
see the network status icon in the notification area.

Look at the SOHO router's setup guide to find out the router's IP address.
Open a web browser and type the router's IP address into the address bar.
This should open a management page for you to log on. Enter the user name
and password listed in the router's setup guide. Most routers will invite you to
complete the configuration using a wizard, which guides you through the
process.

Use the System page to choose a new admin password. The admin password
is used to configure the router. It is vital that this password be kept secret and
secure. You must choose a strong password that cannot be cracked by
password-guessing software. Use a long, memorable phrase of at least 12
characters.

You must always change the default password (typically

"default," "password," or "admin") to prevent unauthorized
access.
Page 352
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Use the Wireless settings page to configure the router as an access point. Connecting to a Network
Having checked the box to enable wireless communications, you can adjust
the following settings from the default.

It is best practice not to enable services you do not need,

especially on a multifunction device such as this. Most devices are
now shipped in "security-enabled" configurations, meaning that you
explicitly have to choose to enable services that you want to run.

■ SSID (Service Set ID)—a name for the WLAN. This is usually set by default
to the router vendor's name. It is a good idea to change the SSID from the
default to something unique to your network. Remember that the SSID is
easily visible to other wireless devices, so do not use one that identifies
you personally or your address. The SSID can be up to 32 characters.

Configuring a SOHO access point.

■ Wireless mode—enable compatibility for different 802.11 devices.

Configuring Wireless Security

To prevent snooping, you should enable encryption on the wireless network.
Encryption scrambles the messages being sent over the WLAN so that anyone
intercepting them is not able to capture any valuable information. An
encryption system consists of a cipher, which is the process used to scramble
the message, and a key. The key is a unique value that allows the recipient to
decrypt a message that has been encrypted using the same cipher and key.
Obviously, the key must be known only to valid recipients or the encryption
system will offer no protection.

Following our SOHO router configuration example, under Encryption, you

would select the highest security mode supported by devices on the network.

■ WEP (Wired Equivalent Privacy)—this is an older standard. WEP is

flawed and you would only select this if compatibility with legacy devices
and software is imperative.
Page 353
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 ■ Wi-Fi Protected Access (WPA)—this fixes most of the security problems
with WEP. WPA uses the same weak RC4 (Rivest Cipher) cipher as WEP
but adds a mechanism called the Temporal Key Integrity Protocol (TKIP)
to make it stronger.

■ WPA2—this implements the 802.11i WLAN security standard. The main

difference to WPA is the use of the AES (Advanced Encryption
Standard) cipher for encryption. AES is much stronger than RC4/TKIP.
The only reason not to use WPA2 is if it is not supported by devices on the
network. In many cases, devices that can support WPA can be made
compatible with WPA2 with a firmware or driver upgrade.

See Unit 5.3 for more information about ciphers and encryption.

On a SOHO network, you would also generate a Pre-Shared Key (PSK) using
a wireless password. When you type a password into the box, the router
converts it into an encryption key to use with the cipher. You can see the key in
the screenshot above expressed as hex numerals. The same wireless
password must be entered on client devices for them to connect to the WLAN.

Choose a strong passphrase and keep it secret. In order to

generate a strong key, use a long phrase (at least 12 characters).
The passphrase can be up to 63 characters long, but making it too
long will make it very hard for users to enter correctly.

Do not use the same wireless password as the admin

password. The wireless password can be shared with anyone
you want to allow to connect to the network. The admin
password must be kept secret.

Open Authentication and Captive Portals

Selecting open authentication means that the client is not required to
authenticate. This mode would be used on a public AP (or hotspot). This also
means that data sent over the wireless network is unencrypted.

Open authentication may be combined with a secondary authentication

mechanism managed via a browser. When the client associates with the open
hotspot and launches the browser, the client is redirected to a captive portal.
This will allow the client to authenticate to the hotspot provider's network (over
HTTPS so the login is secure). The portal may also be designed to enforce
terms and conditions and/or take payment to access the Wi-Fi service.

Page 354
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Configuring a Wireless Client Connecting to a Network

To connect a Windows computer to a wireless network, click the network

status icon in the notification area . Select the network name and then click
Connect. If you leave Connect automatically selected, Windows will save the
password and always try to connect to this SSID when it is in range. In the next
panel, enter the wireless password (PSK):

Connecting to a network and entering the network security key (password). Screenshot used with
permission from Microsoft.

When you connect to a new network, you are prompted to set its location. If
the link is configured as Public (selecting No in Windows 10), your computer is
hidden from other computers on the same network and file sharing is disabled.
If it is configured as Private (home or work) by selecting Yes, the computer is
discoverable and file sharing is enabled.

The computer should now be part of the SOHO network and able to connect to
the Internet. To verify, test that you can open a website in the browser.
Page 355
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 Speed Limitations (Attenuation and Interference)
A device supporting the Wi-Fi standard should have a maximum indoor range
of up to about 30m (100 feet), though the weaker the signal, the lower the data
transfer rate. The distance between the wireless client (station) and access
point determines the attenuation (or loss of strength) of the signal. Each
station determines an appropriate data rate based on the quality of the signal
using a mechanism called Dynamic Rate Switching/Selection (DRS). If the
signal is strong, the station will select the highest available data rate,
determined by the 802.11 standard. If the signal is weak, the station will reduce
the data rate to try to preserve a more stable connection.

Radio signals pass through solid objects, such as ordinary brick or drywall
walls but can be weakened or blocked by particularly dense or thick material
and metal. Other radio-based devices and nearby Wi-Fi networks can also
cause interference. Other sources of interference include devices as various
as fluorescent lighting, microwave ovens, cordless phones, and (in an
industrial environment) power motors and heavy machinery. Bluetooth uses
the 2.4 GHz frequency range but a different modulation technique, so
interference is possible but not common.

Connecting to an Enterprise Network

An enterprise network uses the same sort of switch, access point, and router
technologies as a SOHO network. In a SOHO network, these technologies are
likely to be combined within a single multifunction appliance. On an enterprise
network, multiple switch, access point, and router appliances will be used.

Cabled Enterprise Network Access

An office building is likely to be flood wired with cabling so that there are
network ports at every desk. A computer can be connected to the network via
an RJ-45 patch cable (or possibly a fiber optic patch cable) plugged into one of
these network ports.

Modular wall plate with an RJ-45 patch cord connected. Image by Nikolai Lebedev © [Link].
Page 356
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 The cabling from each port is routed back to a telecommunications room where Connecting to a Network
it is connected to an Ethernet switch. While the switch in a SOHO Internet
router usually provides four ports, a single enterprise switch will support 20
ports or more. Modular enterprise switches can support hundreds of ports.
Furthermore, the switches can be interconnected to create a switched fabric
supporting thousands of ports within the same LAN.

Cisco Catalyst 3650 Series workgroup switch. Image © and Courtesy of Cisco Systems, Inc.
Unauthorized use not permitted.

Wireless Enterprise Network Access

Wireless enterprise network access also works in the same basic way to
SOHO but at a bigger scale. Enterprise access points can support more
devices than consumer-level ones.

Cisco Aironet access point. Image © and Courtesy of Cisco Systems, Inc. Unauthorized use not
permitted.

Page 357
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2 Enterprise Network Routers
While the switches and access points can provide thousands of ports and
network connections, it is inefficient to have that many connections to the
same "logical" network. The ports are divided into groups using a technology
called Virtual LAN (VLAN) and each VLAN is associated with a different
subnet. Communications between different VLANs have to go through a router.

Cisco 1000 Series Advanced Services Router. Image © and Courtesy of Cisco Systems, Inc.
Unauthorized use not permitted

The graphic below illustrates how the network components described above
might be positioned. The whole network is connected to the wider Internet via
a router. The router is also used to divide the network into two subnets (A and
B). Within each subnet, a switch is used to allow nodes to communicate with
one another and, through the router, to the other subnet and the Internet. The
link between each node and the switch is a segment.

Positioning network components.

High bandwidth backbone segments are used between the router and the
Internet and between the router and the two switches.

Note that this diagram is very much simplified. An enterprise

network might use hundreds of switches and tens of router
appliances. The routers used within the network and for Internet
access are also likely to be separate appliances.

Page 358
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Connecting to a Network

Review Questions / Module 4 / Unit 2 / Connecting to a Network

Answer these questions to test what you have learned in this unit.

1) What device is used to connect computers together in an Ethernet

network?

2) What is the difference between a modem and a router?

3) Can you list at least four Internet access methods?

4) What is the latest Wi-Fi standard and which frequency band(s) does it use?

5) What information do you need to configure a wireless connection

manually?

6) What is the risk of using a free Wi-Fi network to make an order from an
online shop?

7) What does attenuation mean?

Page 359
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2

Lab 17 / Network Settings

In this lab, you will verify the network connection between your computer and
your Internet router. This lab assumes that you have a SOHO router configured
to connect to the Internet and assign local network settings to connected
computers.

1) If necessary, start your computer and sign in.

2) If you have a wired connection to the router, make the following checks:

○ The router is powered on and connected to the telephone point. Also

verify that its "Internet," "WAN," or "DSL" LED is green.

○ The computer is connected to the router via a cable connecting the RJ-
45 ports on the two devices.

○ The network status icon in the notification area shows a connected

symbol and pointing at the icon reveals an "Internet access" tooltip.

If there is a warning icon the connection has not been correctly

configured by the router or the router is not connected to the

Internet. If there is a red cross icon then the cable is faulty or

not connected properly.

○ If you open the web browser then you can view a website such as
[Link].

3) If you have a wireless connection to the router, make the following checks:

○ The network status icon in the notification area shows a connected

symbol and pointing at the icon reveals an "Internet access" tooltip.

○ If the icon shows that connections are available , click it, select your
wireless network name (SSID) and click Connect, then input the
passkey.

○ If you open the web browser then you can view a website such as
[Link].

4) Right-click the network status icon and select Open Network & Internet
Settings.

From here, you can configure Wi-Fi or Ethernet (as appropriate) settings,
and also create and configure Dial-up and VPN connections. You can also
configure your computer as a mobile hotspot.
Page 360
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Connecting to a Network

Network & Internet Settings. Screenshot used with permission from Microsoft.

5) Click the WiFi or Ethernet tab (depending on whether your computer has a
wireless or wired connection).

WiFi tab. Screenshot used with permission from Microsoft.

Page 361
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2

Ethernet tab. Screenshot used with permission from Microsoft.

6) Click Network and Sharing Center.

Network and Sharing Center. Screenshot used with permission from Microsoft.

Page 362
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 7) Under "view your active networks," click the Ethernet link or the SSID Connecting to a Network
(depending on whether your link is wired or wireless). This displays a
Status dialog showing the protocol used by the connection and the link
speed

Ethernet Status dialog. Screenshot used with permission from Microsoft.

8) Click the Details button. This shows the configuration of the link, including
the Internet Protocol (IP) address ([Link] in the example below)
and the IP address of the default gateway—your Internet router
([Link]).

Page 363
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 2

Network Connection Details dialog. Screenshot used with permission from Microsoft.

9) Make a note of the "IPv4 Default Gateway":

____________________________________________________________

10) Click Close then Close again to close both dialogs.

11) Open the web browser then type the IP address of your default gateway
into the address bar.

This should load the configuration page for your Internet router. You could
log on here using the administrative credentials supplied with your router to
change settings or investigate problems.

12) Optionally, shut down your computer if you are not continuing to use it after
this lab.

Page 364
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Module 4 / Unit 3 Secure Web Browsing

Secure Web Browsing

Objectives
On completion of this unit, you will be able to:

□ Explain risks of using open Internet access methods.

□ Describe safe browsing practices and configure browser security/privacy

features.

□ Identify the use and basic configuration parameters of a firewall.

Syllabus Objectives and Content Examples

This unit covers the following exam domain objectives and content examples:

□ 2.7 Explain basic networking concepts.

Devices (Firewall)

□ 3.5 Given a scenario, configure and use web browsers.

Caching/clearing cache • Deactivate client-side scripting • Browser add-
ons/extensions (Add, Remove, Enable/disable) • Private browsing • Proxy
settings • Certificates (Valid, Invalid) • Popup blockers • Script blockers •
Compatible browser for application(s)

□ 6.2 Explain methods to secure devices and best practices.

Securing devices (Host firewall, Safe browsing practices)

Page 365
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3
Safe Browsing Practices

When you use a computer and web browser to access pages and other
resources over the Internet, you must consider the ways you can keep any
information you transmit secure and prevent any malicious software (malware)
from infecting your computer. There are a number of safe browsing practices
that you should be aware of.

Using Free/Open Networks

Sometimes people connect to the Internet via an open or free network. This may
be a commercial Wi-Fi network, operated by a cafe or made available in an airport
or railway terminal, or wired Internet access available from a "web cafe." You
might also find that your neighbor is operating an open Wi-Fi network or discover
several open networks when you use your laptop in a park or other public space. It
is important to realize that any data you transfer over a free network could be
intercepted by anyone else connected to the network and by the person that owns
the network. To mitigate this, use a security-enabled protocol (SSL/TLS) that
encrypts the link between your client and the web or mail server.

It is also worth noting that any data you transfer over an Internet
connection is processed and may be stored on the ISP's
computers. When you use an ISP, you are trusting them not to
snoop on your unencrypted Internet traffic.

When using a public workstation, you should always be alert to the possibility
that it could be infected with malware. Clear the browser cache before shutting
down or logging off, and make sure you do not allow passwords to be cached.

If you operate a wireless network, it is important to secure it so that others do

not make malicious use of it, for which you could be held responsible. Most
ISPs make it a condition of service that you use your wireless router in a
secure configuration.

An ISP's terms and conditions aside, it is also illegal to use open

networks (those not protected by a password) without explicit
permission from the owner, though the chances of a prosecution
being launched are very low. If you try to guess or crack the
password of someone's network, perhaps one that has been
configured with the default password for instance, you are
committing an illegal act.

Malware Threats
The web browser is one of the most well-exploited vectors for infecting a
system with malware or stealing information. Malware is malicious software
threats and tools designed to vandalize or compromise computer systems.
Malware can be categorized in a number of ways:
Page 366
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 ■ Viruses and worms—malware principally designed to spread to other PCs. Secure Web Browsing

■ Trojan Horse—an apparently legitimate application that conceals malicious

functions, such as spyware or a bot allowing remote control of the PC.

SubSeven RAT management console—the attacker could use this interface to snoop or exploit the
infected host. Image courtesy (CCAS4.0 International) J.SA13D034 from Wikimedia Comm ons.

■ Adware—software or configuration files installed with your agreement that

helps a company track what pages you visit and display personalized
adverts to you.

■ Spyware—malware installed covertly, possibly as a Trojan or as a result of

a virus or worm infection, that tries to track everything you use the
computer for. Spyware might record keystrokes, take screenshots of the
desktop, or even hack the computer's camera and microphone.

The lines between useful utilities, adware, and spyware are not
completely clear-cut, but if something is there that the user (or IT
department) did not explicitly sanction, then it’s best to get rid of it.

Consequently, it is important to use the latest browser software versions.

Legacy browsers are more likely to be susceptible to malware. Also, ensure
that the browser software and any plug-in software used by the browser (see
below) is updated with the latest security patches.

Refer to Unit 5.2 for notes on software updates and malware.

As well as faults in the browser client software, web applications

can be vulnerable to faults in web server and database software
and poor programming practice.
Page 367
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3 Spyware and Adware Symptoms
Malware, such as adware and spyware, is designed with commercial or
criminal intent rather than to vandalize the computer system. It can therefore
be difficult to identify whether a computer is infected, because the malware
may be designed to remain hidden.

Obvious symptoms of infection by spyware or adware are pop-ups or additional

toolbars, the home page or search provider changing suddenly, searches
returning results that are different from other computers, slow performance,
and excessive crashing (faults). Viruses and Trojans may spawn pop-ups
without the user opening the browser.

Another symptom is redirection. This is where the user tries to open one page
but gets sent to another. This may imitate the target page. Redirection attacks
often target Internet search engines. In adware, redirection is just a blunt
means of driving traffic through a site, but spyware may exploit it to capture
authentication details.

You should also be wary of suspicious banner ads. A banner ad is an area of a

website set aside for third-party advertising. The advert is inserted into a frame
and can be hosted on a different server to that of the main site. Adverts for free
anti-virus, or virus infection warnings, or system performance warnings are all
likely to be bogus. In the worst cases, the ads could contain malicious code
that will attempt to exploit any vulnerabilities in your OS or browser/plug-in
software to infect your computer (a drive-by download).

Configuring Browser Security

Malware may be able to infect your computer because OS or browser software

is not up to date and is therefore vulnerable to some sort of exploit. You can
only mitigate this type of threat by installing the latest software patches. There
are other browser settings you can configure to ensure you are using the best
safe browsing practices though.

Choosing a Compatible Browser

Historically, browsers varied quite widely from the standards agreed for the
way HTML and associated formats, such as Cascading Style Sheets (CSS).
Microsoft's Internet Explorer (IE) browser was particularly notorious for this.
Many websites and web applications used custom or proprietary features of IE
that meant other browsers might fail to run the web application properly.

While the mainstream browsers are now much more standards-based,

compatibility problems can still arise. It is often the case that you will need to
have more than one browser installed on your computer. This is not ideal in
security terms, as it is better to install as few applications as possible, but
circumstances may demand it.

Page 368
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Secure Web Browsing

Browser compatibility advice for Google's G Suite cloud applications.

Compatibility aside, your choice of browser is largely down to personal

preference. Do make sure you choose a browser whose developer is active in
monitoring security issues and providing software updates to fix them.

Active Content Types

HTTP is a limited protocol in terms of serving any content other than text and
pictures. Many websites use active content to play video or add animated and
interactive features. There are several ways of creating this type of content:

■ Scripting—scripts can run either on the server or on the client (browser) to

perform quite sophisticated actions. Scripting is usually based on
JavaScript. JavaScript can also be used to create browser add-ons.

■ Add-ons—animated or interactive content often uses a browser add-on.

These are mini applications that work within the browser. There are many
different add-ons, each working with a different type of content. Add-ons
can also be used to extend or change the functionality of the browser by
adding a custom toolbar for instance.

■ Flash/Silverlight—these are two rival development environments, created

by Adobe and Microsoft respectively, used to provide interactive web
applications and video. The browser must have the Flash or Silverlight
plug-in installed to view this type of content.

■ Java—unlike JavaScript, this is a fully-featured programming language

used to develop sophisticated web applications. Java applications require
the Java Virtual Machine to be installed on Windows and for the Java plug-
in to be enabled in the browser.

All of these technologies pose some degree of risk as they can be used for
malicious purposes. When a web page needs to use active content and it is
either not permitted to by current security settings or because the required
plug-in is not installed, the browser displays a warning. Click the bar to install
the component or change security settings.

Page 369
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Installing an add-on—the yellow information bar will tell you if the publisher is trusted (has a valid
digital certificate) and prompts you whether to install the add-on. Screenshot used with permission
from Microsoft.

Generally speaking, you should only install add-ons where the

browser can identify that the publisher is a trusted source.

Flash, Silverlight, and client-side Java have fallen out of favor with
web developers. Most modern sites use scripting for interactive
content.

Disabling Client-side Scripting

Most sites will use server-side scripting, meaning that code runs on the
server to display the page you are looking at. There is no way to disable this.
Many sites also depend on client-side scripting. This means that code is
placed in the page itself and runs within the browser to change the way it looks
or provide some other functionality.

Disabling scripting in the Firefox browser requires the advanced options configuration interface
and cannot be configured on a site-by-site basis.

Page 370
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Deactivating client-side scripting tends to break most of the websites published Secure Web Browsing
on the Internet because they depend very heavily on the functionality that
scripting allows. In theory, enabling scripting should not be significantly risky.
Modern browsers "sandbox" the scripts running on a page or browser tab so
that they cannot change anything on other tabs or on the computer (at least,
not without explicit authorization from the user). Scripting can be disabled in
some browsers by configuring settings, but others, Microsoft's new Edge
browser for instance, do not allow scripts to be disabled.

It is also possible to install a script blocker add-on. This provides more control
over which websites are allowed to run scripts.

You could use a script blocker extension such as NoScript ([Link]) to manage active content
instead. Make sure the extension is maintained by a reputable developer!

Managing Add-ons
While scripting is usually left enabled, all browsers provide tools for managing
add-ons. Add-ons come in several different types:

■ Extensions—these can add functionality to the browser. They might install

a toolbar or change menu options. They can run scripts to interact with the
pages you are looking at.

■ Plug-ins—these are designed to play some sort of content embedded in a

web page, such as Flash, Silverlight, or other video/multimedia format. The
plug-in can only interact with the multimedia object placed on the page so
is more limited than an extension.

■ Themes—these change the appearance of the browser using custom

images and color schemes.

You can view installed add-ons and choose to remove or enable/disable them
using the browser settings button or menu.

Page 371
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Managing plugin type add-ons in Firefox.

Disabling an add-on rather than removing it means the application

code is left on your computer, but the add-on does not execute
when the browser starts. You would use the disable option if you
only want to stop using the add-on temporarily.

The interface will also provide an option for browsing and installing add-ons,
via the browser's store or portal, using the Get Add-ons link in the screenshot
above. You can read reviews of the add-on and determine whether it will be
useful and trustworthy. All extensions and plug-ins should be digitally signed
by the developer to indicate that the code is as-published. You should be
extremely wary of installing unsigned add-ons.

Managing Cookies and PII

As well as protecting against risks from malware and malicious add-ons, you
also need to consider how the way your browser stores data and interacts with
websites protects, or doesn't protect, your personal information.

Cookies
A cookie is a plain text file created by a website when you visit it. The purpose
of cookies is to store session information so that the website can be
personalized for you. For example, cookies may record information you type
into forms, preferences you choose for the way the site works, and so on. They
may also be used to display targeted advertising to you or collect information
(metadata) about the browser you are using, your IP address, the links you
click, how often you visit a site, and so on. An IP address can often be tied
quite closely to a geographic location.

This sort of information is referred to as Personally Identifiable Information

(PII). Anyone able to collect this information might be able to track the sites you
visit and work out where you live. You can configure browser settings to try to
limit the way sites can gather PII from your browser.

There are two classes of cookies:

Page 372
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 ■ First-party cookies—set by the domain you visit. For example, if you Secure Web Browsing
browse [Link] and the server creates a cookie owned by [Link]
then this is a first-party cookie.

■ Third-party cookies—set by another domain. For example, if you browse

[Link] and a widget on the site tries to create a cookie for ad-
[Link], this is a third-party cookie.

Cookies have the following privacy and security issues:

■ The site may record more information about you than you are aware, and
information in the cookies may be shared with other sites. Sites should
generally publish a privacy policy describing what information is collected
and how it is used.

■ Cookies cannot spread malware, but if your computer is infected with a

virus or a Trojan, it may be able to steal the information contained within
cookies.

■ Spyware and adware may make use of cookies to track what sites you visit
and display targeted adverts.

■ Cookies should normally expire (self-delete) after a given date, but some
try to set a date in the very distant future.

■ Confidential information, such as a password, should only be stored in a

secure cookie (readable only under the SSL/TLS session it was created in).

Do not type passwords into unsecure sites (any site not using the
HTTPS protocol). If you must use a password with an unsecure
site, do not reuse that password in any other context. While sharing
passwords between sites is not recommended generally, sharing a
password between encrypted and unencrypted sites is doubly
risky.

Pop-up Windows
A pop-up is a "sub-window" that appears over the main window. Pop-ups can
be implemented using scripts or add-ons. A pop-up can be opened
automatically by a script running on the page or in response to clicking a link. A
different kind of overlay pop-up can be implemented using Cascading Style
Sheets (CSS), which is HTML's extended formatting language. These don't
open a new window but place some content in a layer above the main content
so that you cannot view it without waiting for a timer to end or clicking a close
icon.

Most of the time pop-ups are designed to be helpful to the user. For example,
a form might use a pop-up window to explain what you are supposed to enter
in a particular field without having to navigate away from the form and lose the
information you have already entered.

Page 373
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Example of a pop-up window—this one is trying to direct the user to the appropriate site home
page.

Pop-ups are also used for advertising however. For example, a site may have
some content you want to read and pop an advertising window over the top of
it, so that you cannot read the content without first looking at the advert and
closing it, or as the advertiser hopes, perhaps reading it, buying the product,
then returning to the article. They are also used by subscription-based sites to
prompt you to sign in with your account before you can view the content.

Aggressive use of pop-up windows is associated with spyware and adware.

These spawn pop-ups when you open the browser, on every site you visit, and
when you try to close the browser. They may even re-spawn when you try to
close them. Malicious software can also use misleading pop-ups; for example,
the Close button may try to execute a script that installs a virus or Trojan or the
window may be designed to look like a Windows alert dialog ("Viruses have
been detected on your computer—click OK to remove them").

The User Account Control (UAC) feature in Windows should

protect you against malicious scripts such as this. The script should
not be able to change the computer configuration without your
explicit authorization through UAC.

Controlling Cookies and Pop-ups

You can control the use of cookies by the websites you visit using browser
settings. There will be options to set what type of cookies to accept and how
long to keep them. You can also configure exceptions so that certain domains
are always or never allowed to create cookies. Finally, you can view which
sites have created cookies and clear any data that you do not want to keep.

Page 374
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Secure Web Browsing

Configuring privacy settings in Firefox.

As with scripting, disabling first-party cookies is likely to leave a website, and

certainly a web application, unusable. Sites that depend on advertising can
detect when you are blocking third-party cookies, pop-ups, and other
advertising features and refuse to show the page content.

Configuring browser permissions in Firefox.

You can also choose to prevent sites from creating pop-up windows and
configure exceptions for this rule. Note that this will not block all types of
overlay pop-ups or advertising. If you want to have closer control over
advertising on a site you need to install a suitable browser extension.

Page 375
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3 Disabling AutoFill and Clearing Browser Cache
Another privacy issue is that the browser can be set to store information typed
into forms, including passwords, and retains a history of browsed pages. Any
user using a publicly accessible computer should be trained to check these
settings and to clear the browser cache before logging off. This is done from
the browser's settings dialog or configuration page.

Private Browsing Mode

As these settings are relatively tricky to turn on and off, most browsers provide
a private browsing mode. In private (or incognito) mode, the browser doesn't
store cookies or temporary files and doesn't add pages to the history list.

Private mode does allow the creation of cookies but only ones that
are directly connected to the URL you are visiting. It also deletes
the cookies when you close the page. Third-party cookies are not
accepted.

You can usually open a private browser tab by pressing CTRL+SHIFT+P.

Private mode is indicated by a different icon and darker theme colors.

Running Firefox in private mode.

Private mode does not stop the browser from sending some
information to the website. You cannot avoid the website
discovering your IP address for instance. For fully "anonymous"
browsing, you have to use some sort of Virtual Private Network
(VPN) or proxy.

Page 376
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Digital Certificates and Anti-phishing Secure Web Browsing

When a web browser communicates with a secure (HTTPS) server, it accepts

the server's digital certificate to use its public key to encrypt communications.
Because of the special way that the keys are linked, the public key cannot be
used to decrypt the message once encrypted. Only the linked private key can
be used to do that. The private key must be kept secret. This is referred to as
asymmetric encryption.

Having a certificate is not in itself any proof of identity. The browser and server
rely upon a third-party—the Certificate Authority (CA)—to vouch for the
server's identity. This framework is called Public Key Infrastructure (PKI).

A browser is pre-installed with a number of root certificates that are

automatically trusted. These represent the commercial CAs that grant
certificates to most of the companies that do business on the web.

Windows has a certificate store that Microsoft Internet Explorer and

Edge browsers use, but third-party browsers such as Firefox and
Chrome maintain their own stores.

Valid and Invalid Certificates

When you browse a site using a certificate, the browser displays the
information about the certificate in the address bar:

■ If the certificate is valid and trusted, a padlock icon is shown. Click the icon
to view information about the certificate and the Certificate Authority
guaranteeing it.

Browsing a secure site: 1) Check the domain name as highlighted in the address bar; 2) Only
enter confidential data into a site using a trusted certificate; 3) Click the padlock to view
information about the certificate holder and the CA that issued it and optionally to view the
certificate itself.

■ If the certificate is highly trusted, the address bar is colored green. High
assurance certificates make the website owner go through a (even) more
rigorous identity validation procedure.

■ If the certificate is untrusted or otherwise invalid, the address bar is colored

maroon and the site is blocked by a warning message. If you want to trust
the site anyway, click through the warning.
Page 377
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Untrusted certificate warning. Screenshot used with permission from Microsoft.

Digital certificates are also used to verify the identity of software

publishers. If a certificate has not been issued by a one of the trusted
root CAs, Windows will warn you that the publisher cannot be
verified when you try to install an add-on or other type of application.

Suspicious Links and URLs

Another important step in validating the identity of a site is to confirm its
domain name. Techniques to direct users to fake or manipulated websites are
called phishing and pharming. These depend on making a fake site look like
the real one. One trick is to use well-known subdomains as part of the address.
For example, "[Link]" has nothing to do with "[Link]" but
may fool the unwary into thinking it does. The browser highlights the registered
domain part of the address so that you can verify it.

Most browsers run anti-phishing protection to block access to URLs known to

be the source of phishing attempts or that host malware.

Enabling a Firewall

A firewall restricts access to a computer or network to a defined list of hosts

and applications. Basic packet filtering firewalls work on the basis of filtering
network data packets as they try to pass into or out of the machine.

Types of Firewall
On a TCP/IP network, each host is identified by an IP address, while each
application protocol (HTTP, FTP, SMTP, and so on) is identified by a port
number. Packet filters on a firewall can be applied to IP addresses and port
numbers.

A more advanced firewall (stateful inspection) can analyze the contents of

network data packets, so long as they are not encrypted, and block them if any
Page 378 suspicious signatures are detected and identify suspicious patterns of activity.
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 A hardware firewall is a dedicated appliance with the firewall installed as Secure Web Browsing
firmware. A software firewall is installed as an application on a workstation or
server. Most Internet routers also feature a built-in firewall, configured via the
web management interface.

Configuring a firmware-type firewall on DSL router.

A simple host firewall (or personal firewall) may be installed on a client PC to

protect it. Windows features such a firewall. There are also numerous third-
party host firewalls.

Configuring the Windows Defender Firewall

Windows Defender Firewall is enabled on all network connections by default
unless it has been replaced by a third-party firewall. It is not a good idea to run
two host firewalls at the same time because they can conflict with each other,
would be unnecessarily complex to configure, and more difficult to
troubleshoot.

Checking the status of Windows Defender Firewall. Screenshot used with permission from
Microsoft.

Page 379
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3 To configure the firewall, open Windows Defender Security Center and then
click the Firewall & network protection node. Use the links to configure the
settings. For example, to allow an app through the firewall, click Allow an app
through the firewall.

You can also access Windows Defender Firewall settings by using the Control
Panel Windows Defender Firewall applet.

Checking the status of Windows Defender Firewall. Screenshot used with permission from
Microsoft.

To turn off the firewall, which is only advisable if you are using an alternative
host firewall software product, in Settings, click the active network and then
click the On button to turn off the firewall. In Control Panel, click the Turn
Windows Defender Firewall on or off link. You can then configure the
required settings, as shown below.

Configuring the firewall state for links to private and public networks. Screenshot used with
permission from Microsoft.

The Allow an app or feature link lets you configure applications that are
allowed to accept incoming Internet connections.
Page 380
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Secure Web Browsing

Allowed Programs configuration dialog of the Windows Firewall. Screenshot used with permission
from Microsoft.

When a new (unlisted) program attempts to accept an Internet connection, a

warning is displayed prompting the user to allow or block the program, unless
the firewall is configured not to display notifications.

Configuring Proxy Settings

On an enterprise network, a network firewall is likely to be deployed to monitor
and control all traffic passing between the local network and the Internet. On
networks like this, clients might not be allowed to connect to the Internet
directly but forced to use a proxy server instead. The proxy server can be
configured as a firewall and apply other types of content filtering rules.

Some proxy servers work transparently so that clients use them without any
extra configuration of the client application. Other proxies require that client
software, such as the browser, be configured with the IP address and port of the
proxy server. This information would be provided by the network administrator.

Configuring Firefox to use a proxy by entering its IP address and port number. Any requests will
be passed to the proxy for processing rather than trying to contact a web server directly.
Page 381
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Review Questions / Module 4 / Unit 3 / Secure Web Browsing

Answer these questions to test what you have learned in this unit.

1) If you use an open network, what email configuration setting should you
ensure is enabled?

2) You have installed a screensaver application. Later, after updating your

anti-virus software, a malicious program is found. This appears to have
infected your system at the same time as the screensaver was installed.
What class of malware is this?

3) You want to use a website that hosts training modules in a custom media
format. What type of add-on would you need to install to play this media?

4) What type of file might a website use to track whether you have visited it
before?

5) True or false? Browser pop-up windows are definite symptoms of virus

infection.

6) You are using a computer in an Internet cafe. What should you do at the
end of the session?

7) What identifies a website as using the secure HTTPS protocol with a valid
certificate?

8) You want to restrict access to a computer on your network to a single

Internet host running a particular application. What two things do you need
to configure in your firewall's access control list?

Page 382
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Secure Web Browsing

Lab 18 / Web Security

To use the web and the Internet safely, you need to ensure that the operating
system and Internet applications and plug-ins are patched to the latest version,
configure browser security settings to prompt you before running untrusted
code, and understand how to spot spoof or malicious sites.

Exercise 1 / Browser Security Settings

In this exercise you will investigate browser security settings.

1) If necessary, start your computer and sign in.

2) Open the Internet Options applet in Control Panel.

3) Click the Security tab. Check that the settings for the Internet zone are
Medium-High.

4) Click the Privacy tab then click the Advanced button. Note that the default
policy is to accept all kinds of cookies.

5) Click Cancel. Note the check box for the "Pop-up Blocker." Click the
Settings button next to it.

This dialog allows you to specify sites that are allowed to show pop-ups,
regardless of the default policy.

6) Click Close.

7) Click the Content tab then the Settings button next to AutoComplete.
The checked boxes represent data that Internet Explorer is caching. If you
are using a public computer, you should make sure all these boxes are
unchecked.

When using an unfamiliar computer, it is also worth checking which

add-ons are installed (Programs tab).

8) Close the Internet Options dialog and start Internet Explorer.

9) Open the home page for the online store [Link].

10) This takes you to a secure page—look for the protocol (HTTPS not HTTP)
and the padlock icon. Click the icon to view the CA (the company that
issued the certificate) and confirmation that the certificate matches the web
address shown in the bar.

Page 383
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 3

Internet Explorer highlights the "important" part of the domain

name. Phishing sites use various tricks to disguise the domain
name. For example, they may use a spelling variant such as
"[Link]" or a misleading subdomain such as
"[Link]." Also, be wary of pop-ups on a secure site—
never enter confidential information into a pop-up—and pages that
do not display an address bar or status bar.

11) Open the page for [Link].

Notice that this secure site is highlighted in green; this means that the
certificate has undergone "extended validation" by the CA. Compare the
certificate details with those of Amazon.

12) Press CTRL+SHIFT+H and note the record of the sites you have visited.
Select the Safety button then click Delete Browsing History.

13) Note the different options—delete whatever cached data you want or click
Cancel if you want to keep it for now.

14) Press CTRL+SHIFT+P. This opens Internet Explorer in a special InPrivate

mode. In this mode, the cache is deleted automatically at the end of the
session, and add-ons are blocked from recording your web activity.

15) Open a couple of sites in InPrivate mode then close both browsers.

16) Open Internet Explorer and check the browser history—the sites you just
visited will not be listed.

The Edge browser uses different security settings to Internet Explorer.

Changes you make in "Internet Options" only affect Internet Explorer, not
the Edge browser.

17) Start the Edge browser then click the More Actions ellipse icon and
select Settings.

18) Under "Clear browsing data," click the Choose what to clear button.

19) Note the different types of browsing data that can be deleted then click the
Back chevron.

20) Click View advanced settings and scroll through the list of options.

Edge does not support ActiveX at all, so there is no option to configure it.
You can choose to enable Flash or not. JavaScript is always supported and
can only be disabled using an advanced Windows configuration tool
(Group Policy). There are also options for managing cookies and whether
passwords are cached.

21) Close the browser.

Page 384
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Exercise 2 / Installing a Plug-in Secure Web Browsing

Plug-ins (referred to as "extensions" by Edge) are used to extend the

functionality of the browser to block ads, make notes, save form content and
passwords, and so on. You have to be careful only to install plug-ins from
reputable sources. Generally speaking, if Windows cannot verify the publisher
of a plug-in (or other "active" content) you should not trust it.

One of the most widely used plug-ins is Flash Player, published by Adobe.

1) If necessary, start your computer and sign in.

2) Open [Link] in the Edge browser. Click the Reviews > Laptops link.

3) Look around the page to identify the banner ads.

4) Click the More Actions ellipse icon and select Extensions then
click the Get extensions from the Store link.

5) Take a minute to browse the different plug-ins available. Click the link for
Ghostery. On the product page, click the Get button.

6) When setup is complete, click the Launch button. In Edge, click the Turn it
on button.

7) Switch to the [Link] tab and refresh the page.

The website displays a notification requesting that you allow ads to enable
the website owner to continue to receive revenue for running the site.

8) Click Continue without whitelisting. Note that the banner ads are now no
longer present.

9) Optionally, use Apps and Features to uninstall Ghostery.

10) Optionally, shut down your computer if you are not continuing to use it after
this lab.

Page 385
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4
Module 4 / Unit 4
Using Shared Storage

Objectives
On completion of this unit, you will be able to:

□ List ways to share files and storage on a local network.

□ Describe means of sharing files and services on the Internet.

□ Explain the importance of backups and configure simple backup options.

Syllabus Objectives and Content Examples

This unit covers the following exam domain objectives and content examples:

□ 2.5 Compare and contrast storage types.

Local network storage types (NAS, File server) • Cloud storage service

□ 6.7 Explain business continuity concepts.

Backup considerations—data [File backups, Critical data, Database, OS
backups], Backup considerations—location [Stored locally, Cloud storage,
On-site vs. off-site]

Page 386
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Local Network Sharing and Storage Using Shared Storage

One of the main uses of a network is to share files. There are a number of
different methods for making shared storage available on a local network.

File Server (Direct Attached Storage)

All computers have at least one internal hard disk, or SSD, for storing the
operating system and software applications plus user data. Additional storage
can be added to the computer as internal or external hard drives or flash
drives.

Direct attached storage—this computer has a local hard drive and optical drive and a USB-
attached hard drive and removable SD memory card. Any of these drives can be shared on the
network. Screenshot used with permission from Microsoft.

When the computer is on a network, any internal or external local drives can be
shared with other computers. When a computer shares an attached hard drive,
or folder on an attached drive, it can be referred to as Direct Attached
Storage. The computer is acting as a file server.

On a SOHO network, any workstation can act both as a server and

as a client. This is referred to as peer-to-peer. On an enterprise
network, dedicated server computers are reserved for server
functions such as file sharing. This provides centralized control
over the servers.

Network Attached Storage (NAS)

A Network Attached Storage (NAS) appliance is one or more hard drives
housed in an enclosure with basic server firmware, usually running some form
of Linux. The NAS appliance provides access to its storage devices using
various file sharing protocols. The appliance is accessed over the network
using a wired Ethernet port. In a SOHO network you would plug it into a LAN
port on the SOHO router. A NAS appliance may also support wireless (Wi-Fi)
networking.
Page 387
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Network Attached Storage (NAS) server appliance—the display shows the device's IP address
while the housings beneath allow the installation of up to six hard disks. There are also two USB
ports on the left. Image © [Link].

The NAS appliance can be configured by connecting to its web management

page. Like a SOHO router, open a web browser then input the IP address
assigned to the NAS device.

Network Printer Sharing

There are two main options for sharing a printer on the network, similar to the
direct attached and network attached options for storage:

■ Share the printer via Windows—an administrator can share any locally
installed printer via its Sharing tab in the Properties dialog. Locally
installed means that Windows communicates with the print device directly
over the relevant port. It does not matter whether the port is wired (USB or
Ethernet) or wireless (Bluetooth or Wi-Fi). The main disadvantage of this
approach is that both the printer and the Windows PC must be switched on
for other devices to be able to access the printer.

■ Use a hardware print server—some printers come with an embedded print

server, allowing client computers to connect to them over the network
without having to go via a server computer. If the print server supports
wired connections, it needs to be attached to a switch or home router via
an RJ-45 cable. If the printer has a wireless adapter, it can be joined to a
wireless network using the printer's control panel. You can also purchase
print servers or use a solution such as a Network Attached Storage (NAS)
device that supports print sharing.

Page 388
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Windows File Sharing Using Shared Storage

For Windows to connect to a network and share resources with other

computers, the computers must have appropriate client software installed.
This is no problem for a network where all the computers run Windows, as the
Windows client software is installed by default. It allows the computer to
connect to workgroups or, in the case of the Professional or Enterprise
editions, to Active Directory domain networks.

Joining a Workgroup or Domain

Information about the network the computer is joined to is shown in System
properties, which you can open from Control Panel or by right-clicking the
This PC object (Computer object in older versions of Windows) and selecting
Properties. Each computer is given a name to identify it on the network.

Using the System applet to view the network name configuration—this PC is called "COMPTIA"
and is joined to the default workgroup. Screenshot used with permission from Microsoft.

An administrator can change the network computer name and domain or

workgroup membership by clicking Change settings.

In Windows 10, you can also use the Access work or school page from the
Settings app.

A computer can belong to either a workgroup or a domain but not

both. In addition, the computer can only belong to one domain.

Page 389
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4 File and Printer Sharing
As long as the network location/Windows firewall settings have been
configured to allow it, any file or folder on a Windows computer can be shared
with other computers. To share an object, right-click it and select Give access
to. You can then select the user accounts allowed to access the share and
whether they can modify files in it or not. You can choose to share an object
with the Everyone special account to grant access to all users.

Basic folder sharing in Windows 10—select an account then set the permission level for that
account. Note that an account can be a specific user (like David) or a group of users (like
Everyone). Screenshot used with permission from Microsoft.

When configuring file sharing like this, it is important for users to have
matching user accounts, with the same user name and password, on both the
host and client computer. This can become very complex to manage.

To allow unauthenticated access, you can enable the Guest account via the
User Accounts applet. Alternatively, you can disable password-protected file
sharing by opening the Network and Sharing Center from Control Panel and
clicking Advanced sharing settings. Neither of these options are very secure
however.

Microsoft also provided a Homegroup feature to try to simplify file

sharing with Windows 10 but that has been discontinued in the
1803 version update. PCs with a Bluetooth adapter can use the
new Nearby Devices sharing feature to quickly send a file over the
network.

Page 390
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Shared Storage

Windows 10 Advanced sharing settings dialog—you can use this to disable password-protected
sharing or use the public folders to share files with anyone with network access. Screenshot used
with permission from Microsoft.

Browsing Network Shares and Drives

When a folder has been shared, the host computer will be visible on the
network.

Browse network resources via the Network object. Screenshot used with permission from
Microsoft.

Opening a computer object shows the shares available. Browse into a share to
view the files and subfolders it contains.

Page 391
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Browsing a network share—note the UNC path selected in the address bar. Screenshot used with
permission from Microsoft.

You can also access a shared folder by entering its UNC (Universal Naming
Convention) in the address bar. A UNC is composed of a double slash (\\)
followed by the server name and then a single slash and the shared folder
name. For example, \\COMPTIA\CERTS is the UNC of a folder named
"CERTS" located on a server named "COMPTIA."

If you access a share often, you can map it as a network drive. To do so, right-
click the share and select Map network drive:

Mapping a network drive. Screenshot used with permission from Microsoft.

Select a drive letter then click Finish. The network drive will now appear under
the Computer/This PC object in Explorer:

Page 392
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Shared Storage

The "CERTS" share has been mapped as drive M on the local PC. Screenshot used with
permission from Microsoft.

Hosted Sharing and Storage

The sharing and storage options discussed above make resources available to
computers on the same local network. If you want to make resources available
over a wider network, such as the Internet, you likely need to make use of a
hosted storage solution.

HTTP/HTTPS and File Downloads

A powerful feature of HTTP is the capability to provide hyperlinks to other
related documents. As well as web pages, hyperlinks can point to any type of
file. This means that a web server can be used to host any type of file
download.

File Transfer Protocol (FTP)

The FTP (File Transfer Protocol) is used to upload and download files
between clients and servers. For example, it is widely used to update the files
constituting a website from the designer's PC to the web server. An FTP server
can also be configured with a number of public directories (accessed
anonymously) and private directories, requiring a user account. FTP is more
efficient compared to email file attachments or HTTP file transfer.

Like plain HTTP, FTP has no security mechanisms. All authentication and data
transfers are communicated as plain text. An FTP session can be protected
using encryption protocols.

Page 393
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Configuring the FileZilla FTP client to use a secure server.

Cloud Computing
Hosted storage means leasing a web server from a service provider. Hosted
services can also be provided as a "cloud." Cloud computing has lots of
different definitions but generally refers to any sort of computing resource
provided to the customer on a pay-per-use basis. The customer is not
responsible for configuring and provisioning the computing resource within the
cloud.

Among other benefits, the cloud provides rapid elasticity. This means that the
cloud can scale quickly to meet peak demand. For example, a company may
operate a single web server instance for most of the year but provision
additional instances for the busy Christmas period and then release them
again in the New Year. This example also illustrates the principles of on-
demand and pay-per-use; key features of a cloud service (as opposed to a
hosted service). On-demand implies that the customer can initiate service
requests and that the cloud provider can respond to them immediately. This
feature of cloud service is useful for project-based needs, giving the project
members access to the cloud services for the duration of the project, and then
releasing the cloud services back to the provider when the project is finished.
This way, the organization is only paying for the services for the duration of the
project.

The provider's ability to control a customer's use of resources through

metering is referred to as measured service. The customer is paying for the
CPU, memory, disk, and network bandwidth resources they are actually
consuming rather than paying a monthly fee for a particular service level.

Page 394
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 In order to respond quickly to changing customer demands, cloud providers Using Shared Storage
must be able to provision resources quickly. This is achieved through resource
pooling and virtualization. Resource pooling means that the hardware making
up the cloud provider's data center is not dedicated or reserved to a particular
customer account. The layers of virtualization used in the cloud architecture
allow the provider to provision more CPU, memory, disk, or network resource
using management software, rather than (for instance) having to go to the data
center floor, unplug a server, add a memory module, and reboot.

Cloud-based Storage
Cloud-based storage solutions are very popular, both for home and business
use. Vendors such as Apple, Google, and Microsoft (plus many ISPs) offer
users a certain amount of free cloud-based storage. There are also business-
oriented solutions, such as DropBox and Amazon. These services are typically
operated with a browser or smartphone/tablet app. In Windows 10, a cloud
storage client (OneDrive) is built into the OS and can be accessed via File
Explorer.

Microsoft's OneDrive cloud-based storage product. Screenshot used with permission from
Microsoft.

Cloud-based Collaborative Applications

As well as dedicated storage solutions, many different types of software
applications can be delivered using the cloud computing model. Office suites,
such as Microsoft Office 365, Google G Suite, and Smartsheet, allow access to
word processing, spreadsheets, and presentations with just a web browser
installed on the client. These suites have tools to allow multiple users to access
and collaborate on documents.

Page 395
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Google G Suite online word processing, spreadsheet, and presentation software that multiple
users can collaborate on over the web.

Peer-to-Peer File Sharing

The hosted storage solutions described above rely on a central server for
clients to access. An online Peer-to-Peer (P2P) network is one where, instead
of a central server, each client contributes resources to the network. In the
case of P2P file sharing, clients contribute a certain amount of storage space
and bandwidth. Each client can then search for, download, or upload files. The
files are split between the available clients and rebuilt by the P2P client for
download.

Using BitTorrent to download a copy of KALI Linux.

P2P networks, such as BitTorrent, may use servers to coordinate

clients. Other P2P networks do not rely on any sort of servers, and
some try to operate with complete anonymity, referred to as the
darknet or deep web.

Page 396
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 P2P networks have often been used to distribute music and video without Using Shared Storage
respecting copyright. There is also the risk of files being infected with malware.
Most companies prevent the use of P2P file sharing software on corporate
networks.

Backups

Whenever you consider a storage solution, you must also consider backup. It
is essential to make a backup of data files. Making a backup of the system
configuration is also important, as reinstalling Windows, software
applications, and reconfiguring custom settings can be very time consuming.

Backup Considerations
You should understand the main principles of backups:

■ Keep at least one backup in a different location to the computer. This

protects data against theft, fire, and flood. A backup stored in the same
location as the original data is called on-site, while one kept in a different
location is called off-site.

■ Keep the device or media used to store backup data in a secure location.

■ Keep more than one copy of data—if you delete or accidentally change a
file then make a backup, you will not be able to restore the file. You need
multiple backups going back to different points in time to recover from this
type of data error.

■ Make a backup regularly—the frequency depends how often your data files
change, but most people should consider making a backup every week.
Data in an office is typically backed up every day. Make a system backup
whenever you install new software or perform an upgrade.

Backup Storage Types

Any of the storage media discussed in this unit could be suitable for making a
backup:

■ Locally attached storage—use hard disks or flash drives attached to the

local PC or server.

■ Network Attached Storage—use a NAS appliance to allow multiple

machines to back up to the same location.

■ Offsite/cloud-based—back up over the Internet to cloud-based storage.

Keeping offsite copies of data is very important in mitigating against the risk
of fire or theft. This method might require substantial bandwidth. You also
need to be able to trust the cloud provider with your data.

Page 397
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4 It is a good idea to use a combination of methods, to cover both on-site and
off-site backups for instance. You could back up often to locally attached
storage or NAS and then copy the backups to a cloud storage solution for off-
site security.

Enterprise networks with very large amounts of data to backup may

use more specialized media, such as tape drives.

File Backups and Critical Data

A file backup is an ordinary backup job. You configure the backup software to
select certain folders or individual files to include in the backup job and a
schedule for performing the backup.

When configuring backups, you need to understand that not all critical data
may be stored in files within a user folder or shared folder. Critical data could
be stored in a settings file outside of the normal data areas or be located within
a database or message store. You also have to consider that critical data
might include confidential, proprietary, and/or personal information. When you
make a copy of such information by making a backup, you need to ensure that
the copy is subject to the same security policies and access controls as the
original.

Unit 5.3 has more information about access controls.

Database Backups
If the data that you're considering backing up is part of a RDBMS (Relational
Database Management System), such as SQL data, or a messaging system,
such as Exchange, then the data is probably being used all the time. Each
change in the database is referred to as a transaction. Transactions that add,
amend, or retrieve a record might comprise several read/write operations.
These operations are bundled as transaction to ensure that the data records
remain consistent and are not corrupted by partially completed write
operations. Ordinary file copy backup methods are not "transaction-aware" and
so cannot be reliably used to back up a database. Consequently, database
backup requires the use of software dedicated to that purpose.

One of the ways of backing up a database is called replication. A replica is a

copy (or mirror) of the database hosted on a separate server. When a
transaction is posted, it must typically be committed to both the master
database and its replica before the transaction can be considered complete.
This provides redundancy in the case that the master database server is
damaged.

Page 398
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Replication doesn't protect you from errors such as accidentally deleting a Using Shared Storage
record, however. If the error is accepted as a valid transaction, it will be
propagated amongst all the replicas at the next scheduled replication interval.
You still have to back up the replicated data therefore, so that you can restore
data to a point-in-time. An RDBMS keeps a transaction log. It is critical to
include the transaction log along with the database tables in backup operations
to support rollback of mistaken transactions and recovery from critical
disasters.

Backing up an SQL Server using Acronis Backup ([Link]).

You may also want to make read-only copies of the database. This is
supported through snapshots. A snapshot-based backup might be useful for
keeping historical records of changes to the database or for recovering from
really serious administrative errors that cannot be corrected through
transaction rollbacks.

OS Backups
An OS or system backup makes a copy of the OS and installed applications
so that a workstation or server can be recovered without having to manually
reinstall software and reconfigure settings. Older methods of system backup
could involve lengthy recovery procedures. Typically, the operating system
would have to be reinstalled, then the backup applied to the new OS to recover
the old configuration.

A bare metal backup is one that can be applied directly to a partitioned drive
without the separate step of reinstalling the OS. Bare metal backups typically
work by making an image. The backup software provides a recovery boot disk
which enables the system to connect to the recovery media (an external hard
drive or network drive for instance). The only drawback to this method is that
system images require multi-gigabyte storage media.

A system image can also be quite time-consuming to create, so this method

works best if the system configuration is kept fairly static and user data is
stored separately from the OS volume.

Page 399
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4
Windows Backup

In Windows, there are a number of options for backing up your files, and for
providing for file recovery. These are:

■ Backup and Restore (Windows 7)—enables you to perform selective,

scheduled, and ad-hoc backups.

Backup and Restore (Windows 7). Screenshot used with permission from Microsoft.

■ File History (Windows 8 and Windows 10)—enables automated backups.

As files are modified, the versions are tracked and backed up
automatically.

File History app in Windows 10. Screenshot used with permission from Microsoft.

These are accessible from the Backup tab in the Update & Security category
Page 400
in the Settings app.
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Scheduling and Frequency Using Shared Storage

Having selected the type of backup and what files to include, you then need to
define a schedule on which to run the backup and work out how frequently to
make backups.

With tape-based backup on an enterprise network, backing up data can take a

long time and tapes have to be carefully managed to balance their limited
capacity with the amount of data to preserve. For a typical personal computer,
there is not so much data to backup, and hard-disk based storage is fast and
very high capacity. As you can see, the default for File History is to make
copies of files every hour.

On a SOHO network, backup jobs are often scheduled to run overnight,

minimizing any performance problems the backup might cause, especially if
using cloud-based storage. Most businesses would make a backup at least
once every day.

You also need to consider whether you need to keep backups to a certain
point in time. If you delete or change a file by accident, then make a backup,
there will be no way to restore the file from the last backup. To do so, you
would have to have made an earlier backup and gone back to that. To keep
multiple backups, you will need multiple drives (ideally) or enough space on a
single drive to store multiple backups.

As well as making scheduled backups, make a backup whenever

you install or upgrade software or hardware, just in case the
installation causes serious problems with your PC. It is also worth
making a backup before you uninstall software.

Choosing a backup schedule. Screenshot used with permission from Microsoft.

Page 401
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4 Restoring Data and Verifying Backups
It is critical to test that backup operations work properly. There can be no
worse feeling in IT than turning to the backups you have been happily making
for the last six months only to discover that a critical data file has never been
included in the job! The following represent some of the main backup
verification and testing issues:

■ Error detection—problems with the backup media or configuration can

cause backup jobs to fail. Depending on the error, the whole job may be
cancelled, or some data may not get backed up. Backup software usually
has the facility to verify a backup. This makes the backup operation longer
though. The software should also be able to report errors to a log file.

■ Configuration—when setting up a new job (and periodically thereafter), it

is wise to check to ensure that all the expected data has been backed up.

■ Test restore—another option is to test that a restore operation can be

performed successfully. This is important when using new backup
software, to test old backup media, to check a new job, and to carry out
random spot checks. When you do a test restore, you redirect the data to a
different folder, to avoid overwriting live data.

As well as completing test restores, you should review the status report to
confirm that the backup ran successfully.

Choosing folders and files to restore from a particular point in time. Screenshot used with
permission from Microsoft.

Page 402
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Shared Storage

Review Questions / Module 4 / Unit 4 / Using Shared Storage

Answer these questions to test what you have learned in this unit.

1) True or false? A hard disk connected to a computer via a USB port could
be described as "Direct Attached Storage."

2) What type of connection would a NAS device use?

3) Which admin tool or screen would you use to configure a Windows

computer to join a domain?

4) True or false? Any version or edition of Windows can be used to share files
with other users.

5) How could you access a network folder called DATA on a network server
called TOWER1 using the Explorer address bar?

6) What is a mapped drive?

7) What protocol would be used to provide encrypted file downloads from a

web server?

8) You have made a backup of system data using a removable hard disk.
What should you do next?

Page 403
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Lab 19 / File Sharing

In this lab, you will investigate workgroup settings and configure a shared
folder. If you have a second computer, you can use that to browse the network;
if not, you can still investigate the settings and network shares on the local
machine.

1) If necessary, start your computer and sign in.

2) Click Start, click Settings, click System and then select the About node.

Using the Settings app to view system information. Screenshot used with permission from
Microsoft.

3) Under "Device specifications," make a note of the device name:

____________________________________________________________

4) Open Control Panel, and click System and Security, then click System.
The same computer name is listed.

Page 404
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 5) The computer should be part of a workgroup name "Workgroup." If it is not, Using Shared Storage
complete the following additional steps:

○ Click Change settings.

○ Click the Change button.

○ Type WORKGROUP in the Workgroup box.

○ Click OK then OK again.

○ Click Close.

○ Click Restart Now.

○ When the computer has restarted, sign in again.

6) Right-click the network status icon on the taskbar, and then click Open
Network & Internet settings.

Settings app—network status information and options. Screenshot used with permission from
Microsoft.

Page 405
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4 7) With the Status node selected, scroll down and click Network and
Sharing Center.

Network and Sharing Center—under "View your active networks," check that the network type is
set to "Private network." Screenshot used with permission from Microsoft.

8) Check that the network type is set to "Private network." If it is not, complete
the following steps:

○ Switch to Settings.

○ On the Status tab, click Change connection properties.

○ Under the Network profile heading, click Private.

○ Switch back to Network and Sharing Center.

Page 406
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Shared Storage

Viewing network connection properties via the Settings app. Screenshot used with permission
from Microsoft.

Note that this page gives you another way to view the adapter's
address configuration. Also, you can use the Copy button here to
obtain the information for pasting into a document or an email. This
is useful if you need a user to give you the computer's current
network configuration.

9) Select the Change advanced sharing settings link.

Page 407
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 4

Advanced sharing settings—check that network discovery and file and printer sharing are enabled.
Screenshot used with permission from Microsoft.

10) If necessary, select Turn on network discovery and Turn on file and
printer sharing.

11) Click in the window address bar, type documents, then press Enter.

12) In the Documents folder, right-click the Holidays folder and select Give
access to > Specific people.

13) In the "Network access" dialog, select Everyone from the list box then click
Add.

Network access dialog. Screenshot used with permission from Microsoft.

Page 408
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 14) Leave the permission level set to "Read" and click the Share button. Note Using Shared Storage
the UNC share path. Click Done to finish.

If you have a second computer, complete the following steps. If not, just
use your first PC, but be aware that you will receive different results when
viewing the shared folder and testing the permissions you have.

Also, this lab assumes you are accessing the second PC with a
user account with a different name and password.

○ Open File Explorer and expand the Network object from the navigation
pane. You should see both computer names listed.

○ Double-click the icon for your first computer. You should see a
"Holidays" shared folder.

○ Click in the address bar and type \\ServerName\Holidays, where

ServerName is the name of your first computer, and press ENTER.

○ Test that you have only view permissions on this folder by trying to
delete one of the existing files and create a new file.

15) Back on your first PC, in File Explorer, right-click the C:\Holidays folder
and select Share with > Stop sharing.

16) Optionally, shut down your computer if you are not continuing to use it after
this lab.

Page 409
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5
Module 4 / Unit 5
Using Mobile Devices

Objectives
On completion of this unit, you will be able to:

□ Identify the key features of different types of mobile devices and mobile
operating systems.

□ Configure network, email, and data transfer settings on mobile devices.

Syllabus Objectives and Content Examples

This unit does not cover specific exam domain objectives or content examples.

Page 410
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using a Mobile Device Using Mobile Devices

A touchscreen allows the user to control the OS directly through the screen (or
with a stylus) rather than using navigation buttons or a scroll wheel.

Gesture-based Interaction
Modern mobile devices use capacitive touchscreens. These capacitive
displays support multitouch, meaning that gestures can be interpreted as
events and responded to by software in a particular way.

■ Tap—usually the equivalent of a main button mouse click.

■ Tap-and-hold—usually the equivalent of a right-button mouse click.

■ Swiping—typically used to switch between documents or apps. Some

devices and software can distinguish between one-, two-, and three-finger
swiping.

■ Pinch and stretch—typically used to zoom out (bring your fingers together)
and zoom in (spread your fingers).

■ Sliding—move objects around the screen.

Kinetics and Screen Orientation

Kinetics can refer either to operating a device by moving it around or using a
camera in the device to recognize your hand movements.

Mobile devices use accelerometers and gyroscopes to detect when the

device is moved and change the screen orientation between portrait and
landscape modes. Often this can happen inappropriately so the screen
orientation can also be locked to a particular setting.

Kinetics can also be used as a more advanced control mechanism. For

example, a driving game could allow the tablet itself to function as a steering
wheel or shaking the device could be interpreted as an "undo" event in a
software application.

Speech Recognition and Hands Free

Speech recognition is another important interface for controlling a mobile
device. All three of the major vendors have speech recognition built into the
OS (Apple's Siri, Google Now, and Microsoft's Cortana) and are working hard
to create interfaces that can correctly interpret users' natural language
requests. Speech recognition is one part of allowing hands free use of a
mobile device. Using a Bluetooth or wired headset also means that the device
can be kept in a pocket (while walking for instance) or used in a motor vehicle
safely.

Page 411
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5 Passcode Locks
If an attacker is able to gain access to a smartphone or tablet, they can obtain
a huge amount of information and the tools with which to launch further
attacks. Quite apart from confidential data files that might be stored on the
device, it is highly likely that the user has cached passwords for services such
as email or remote access networks and websites. In addition to this, access to
contacts and message history (SMS, email, and IM) greatly assists social
engineering attacks.

Consequently, access to a mobile device should always be protected by a

screen lock. The screen lock can be configured to activate whenever the
power button is pressed and/or to lock when the sleep timer activates (or some
time afterward). Once the phone locks, it has to be unlocked by entering the
appropriate credentials. A simple passcode requires the user to enter a PIN; a
more complex password-based lock can use letters and symbols too. Android
can use a graphical "join-the-dots" lock. Some devices can use biometric
authentication via a fingerprint reader.

Configuring a passcode lock on iOS.

The screen lock can also be configured with a lockout policy. This means that
if an incorrect passcode is entered, the device locks for a set period. This could
be configured to escalate, so the first incorrect attempt locks the device for 30
seconds while the third locks it for 10 minutes for instance. This deters
attempts to guess the passcode.

Another possibility is for the phone to support a remote wipe or "kill switch."
This means that if the handset is stolen, it can be set to the factory defaults or
cleared of any personal data. Some utilities may also be able to wipe any plug-
in memory cards too. The remote wipe could be triggered by a number of
incorrect passcode attempts or by enterprise management software. Other
features include backing up data from the phone to a server first and displaying
a "Lost/stolen phone—return to XX" message on the handset.

Page 412
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Mobile Devices

Most corporate messaging systems come with a Remote Wipe feature, allowing mail, calendar,
and contacts information to be deleted from mobile devices.

A thief can (in theory) prevent a remote wipe by ensuring the phone cannot
connect to the network then hacking the phone and disabling the security.

Full Device Encryption

All but the early versions of mobile device OS for smartphones and tablets,
such as Android and iOS, provide full device encryption.

In iOS 5 (and up), there are various levels of encryption.

■ All user data on the device is always encrypted, but the key is stored on the
device. This is primarily used as a means of wiping the device. The OS just
needs to delete the key to make the data inaccessible rather than wiping
each storage location.

■ Email data and any apps using the "Data Protection" option are also
encrypted using a key derived from the user's passcode (if this is
configured). This provides security for data in the event that the device is
stolen. Not all user data is encrypted; contacts, SMS messages, and
pictures are not, for example.

In iOS, Data Protection encryption is enabled automatically when you

configure a password lock on the device. In Android, you need to enable
encryption via Settings > Security. Android uses full-disk encryption with a
passcode-derived key. When encryption is enabled, it can take some time to
encrypt the device.

The encryption key is derived from the PIN or password. In order to

generate a strong key, you should use a strong password. Of
course, this makes accessing the device each time the screen
locks more difficult.

Page 413
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5

With the release of Android Nougat, full device encryption is being

deprecated in favor of file-level encryption.

Mobile Applications and App Stores

Apps are installable programs that extend the functionality of the mobile
device. An app must be written and compiled for a particular mobile operating
system (Apple iOS, Android, or Windows).

Third-party developers can create apps for iOS using Apple's Software
Development Kit (SDK). The SDK can only be installed and run on a computer
using macOS. Apps have to be submitted to and approved by Apple before
they are released to users. Apps are made available for free or can be bought
from the App Store.

Apple's App Store.

Android's app model is more relaxed, with apps available from both Google
Play and third-party sites, such as Amazon's app store. The SDK for Android
apps is available to install on Linux, Windows, and macOS development
machines.

Page 414
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Using Mobile Devices

Google Play app store.

Apps are supposed to run in a sandbox and have only the privileges granted
by the user.

Network Connectivity

There are generally two choices for connecting a smartphone or tablet to the
Internet:

■ Use mobile data access (the cellular provider's network).

■ Use a nearby Wi-Fi network.

In iOS, cellular network options are configured via Settings > General >
Network. In Android, the options are configured via Settings > Data usage.

Configuring mobile data options in iOS (left) and Android (right). Page 415
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5 Devices default to using Wi-Fi if it is available. The indicator on the status bar
at the top of the screen shows the data link in use.

Wi-Fi networks can be setup via Settings > Wi-Fi. Choose the SSID and
configure the security level (WEP, WPA, or WPA2 for instance). Enter either
the key (for pre-shared key networks) or your user name and password
(Enterprise networks) and test the connection. If the Wi-Fi network is not
broadcasting its SSID, you can connect to the network by entering the network
name manually.

You could perform a quick connection test by trying to browse a

website.

Use the Wi-Fi screen to switch between networks. To remove a network, select
it, then choose Forget Network.

Airplane Mode
Most airlines prevent flyers from using radio-based devices while onboard a
plane. A device can be put into "airplane mode" to comply with these
restrictions, though some carriers insist that devices must be switched off
completely at times such as takeoff and landing. Airplane mode disables all
wireless features (cellular data, Wi-Fi, GPS, and Bluetooth). On some devices,
some services can selectively be re-enabled while still in airplane mode.

Both iOS and Android provide a notification or toggle shade with some quick
configuration options, including toggles for wireless options.

Wireless options can be quickly switched on or off in iOS and Android using the toggle shades.
Swipe up from the bottom of the screen in iOS or down from the top of the screen in Android.

Page 416
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Email Configuration Using Mobile Devices

One of the most important features of smartphones is the ability to receive and
compose email. The settings are configured on the phone in much the same
way you would set up a mail account on a PC. For example, in iOS, open
Settings > Mail, Contacts, Calendars then click Add Account. In Android,
the configuration is performed via Settings > Accounts.

Configuring a mail account in iOS.

Choose the mail provider (Exchange, Gmail, and so on) then enter your user
credentials and test the connection. If the mail provider is not listed, you can
enter the server address manually by selecting Other, then inputting the
appropriate server addresses.

■ The incoming mail server will either be an Internet Message Access

Protocol (IMAP) or a Post Office Protocol (POP) server. Both of these
protocols are designed to allow a mail client to download messages from a
mail server. IMAP has better functionality than POP, allowing the user to
manage messages and folders on the server.

■ The outgoing mail server will be a Simple Mail Transfer Protocol (SMTP)
server. The client sends a new message to an SMTP server, which then
handles the process of transferring the message to the recipient's SMTP
server.

The other important option is to enable SSL/TLS. This option should always be
chosen if the server supports a secure link.

SSL/TLS protects confidential information such as the account

password and is necessary if you connect to mail over a public link,
such as an open Wi-Fi "hotspot."
Page 417
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5
Synchronization and Data Transfer

Mobile device synchronization refers to copying data back and forth between a
PC and phone or tablet. This method can be used to share email, calendar,
and contacts with a locally installed mail application, though setting up an "over
the air" server or cloud service sync, as described above for email, is generally
preferable. It can also be used to share media files between devices—camera
pictures, downloaded music tracks or videos, and so on.

iOS can synchronize with a PC via the iTunes program. The device must be
connected to the PC via a USB to Apple Lightning cable or a Wi-Fi link.

Using iTunes to sync data between an iPhone and a PC.

Android-based phones are primarily set up to sync with Google's Gmail email
and calendar/contact manager services. You can usually view the phone from
Windows (Android phones use standard USB ports) and allow drag and drop
or copy and paste for file transfer with a Windows PC using the Picture
Transfer Protocol (PTP) or Media Transfer Protocol (MTP).

Connecting to an Android smartphone's storage folders via Windows. The inset shows the
connection options available from the Android device (choosing between MTP and PTP).

Page 418
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Remote Backup Using Mobile Devices

While devices can often store gigabytes of data, improved Internet bandwidth
means that it can be feasible to back this data up to a cloud storage provider.
As well as keeping a security copy, this can allow files to be shared and
synchronized between multiple devices. Notable service providers include
Apple's iCloud, Dropbox, Microsoft's OneDrive, and Google's Cloud Platform.

Configuring iCloud backup and synchronization options.

Page 419
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit 5

Review Questions / Module 4 / Unit 5 / Using Mobile Devices

Answer these questions to test what you have learned in this unit.

1) What type of gesture is typically used for zooming on a touchscreen?

2) What is the purpose of an accelerometer, as fitted in a mobile device?

3) What feature allows data to be removed from a device if is lost or stolen?

4) True or false? A smartphone cannot join a Wi-Fi network if the SSID is not
being broadcast.

5) What is "airplane mode?"

Page 420
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
 Module 4 / Summary Using Networks

Using Networks

In this module you investigated the components and protocols used to create
networks and how to configure basic SOHO networks and file sharing.

Module 4 / Unit 1 / Networking Concepts

□ Ethernet LANs are based on switches and cabled media to connect
computers together; wireless networks use IEEE 802.11 standards. At this
data link layer, hosts are identified by a MAC address.

□ Packet transmission uses routers to forward small packets over any

available network path, making the network more resilient to link failures. At
this network layer, hosts are identified by an IP address. The IP address
contains a network ID, masked by a network prefix, and a host ID.

□ DNS provides a means for people to use plain names or labels to access
resources. DNS maps these labels to IP addresses.

□ Make sure you can match application protocols in the TCP/IP suite to
functions such as web browsing and email.

Module 4 / Unit 2 / Connecting to a Network

□ Home/small office networks are usually configured with a multifunction
network device, combining the function of switch, access point, WAN
modem, and router.

□ Typical Internet access methods include DSL, cable/HFC, FTTC, satellite,

and cellular.

□ Make sure you know the configuration parameters for setting up a wireless
network, such as standards support, SSID, and encryption type.

Module 4 / Unit 3 / Secure Web Browsing

□ Using effective browser security settings is imperative in protecting the
computer against malicious sites. Make sure you understand how to control
cookie and cache settings to ensure privacy.

□ Digital certificates are a means of validating the identity of a web server or

software publisher.

□ Firewalls are another essential component of a secure system as they

restrict network communications to authorized hosts, applications, and
protocols.

Page 421
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM
Module 4 / Unit Summary Module 4 / Unit 4 / Using Shared Storage
□ Local file and print sharing can use direct attached storage (file server) or a
Network Attached Storage appliance.

□ Windows network client settings are configured via the System Properties
or Settings. Shared resources can be browsed using the Network object in
File Explorer or the share's UNC. A shared folder can also be mapped as a
drive.

□ Hosted sharing can be implemented using HTTP/HTTPS, FTP, cloud,

streaming, and P2P services.

□ Make sure you understand the issues and procedures surrounding backing
up and restoring data files, especially different kinds of backup (data,
database, OS) and the need for off-site storage.

Module 4 / Unit 5 / Using Mobile Devices

□ Make sure you know how to operate a mobile device using gestures and
kinetics and about the basic options for securing the device.

□ Understand the capabilities of different network connection methods and

how to enable and disable them.

□ Make sure you know how to set up email and data synchronization
services.

Page 422
Licensed For Use Only By: Byte Back Student 1 BB1 Jun 10 2021 11:32AM