Find study materials for any course. Check these out:
Browse by school
Make your own
To login with Google, please enable popups
To login with Google, please enable popups
Don’t have an account?
To signup with Google, please enable popups
To signup with Google, please enable popups
Sign up withor
A network of components from the same vendor or compatible equipment that all run under the same OS or NOS is what kind of network?
What mechanism is used to designate a part of an IP address as the network address, and other parts as the host address?
The router is only concerned with those bits that belong to the network/subnet field.
The 33 series of AFI covers communications-computer networking and information
management, and includes the following instructions
AFPD 33–1 establishes AF policy for responsibly acquiring, planning, and managing its information resources.
AFI 33–104 Outlines standardized management practices and tells how to manage planning and implementation of communications and information systems and the base-level infrastructure.
Global, Regional, and Local
NM is the systems management mechanism that monitors and controls data collection for the purpose of data analysis and report generation on an OSI-based communications network.
A network management server is defined as a bundle of application software designed to significantly improve network efficiency and productivity. The network management server is essentially a network server that specifically runs simple network management protocol (SNMP)-based management applications.
Place the server itself in an area that is controlled strictly by the NCC; the information stored could be used to exploit network vulnerabilities. It is also important to place the machine on a subnet that is separate from the busy user subnets but where it still has access to the information produced by the managed devices on those subnets
Centralized architecture - NM platform on one computer system at a location that is responsible for all NM duties. Hierarchical architecture- Hierarchical architecture uses multiple systems, with one system acting as a central server and the others working as clients. Distributed architecture- Instead of having one centralized platform or a hierarchy of central/client platforms, the distributed approach uses multiple peer platforms.
Briefly describe each of the four levels of activity that one must understand before applying
management to specific services or devices?
Inactive – This is the case when no monitoring is accomplished Reactive – personnel react to a problem after it has occurred, Interactive – This is where you are monitoring components but must interactively troubleshoot to eliminate the side-effect alarms, root cause Proactive – automated monitoring components provide interactive problem analysis, root cause alarm for problem, and automatic restorative processes
Configuration management is the process of obtaining data from the network and
using that data to manage the setup of all managed network devices
What are the two features built into an NMS that alleviate manually configuring a network’s devices?
Automatic Discover and Auto Mapping
Performance management consists of the facilities needed to evaluate the behavior of network objects and the effectiveness of communications activities.
List the steps that you must take to provide accurate performance management.
Take the following steps to provide accurate performance management:
1. Gather statistical information (trend analysis).
2. Maintain and examine logs of system state (history).
3. Determine system performance under natural and artificial conditions.
4. Alter system modes of operation for the purpose of conducting performance management.
We can break performance management into two separate functional categories: monitoring and
Monitoring—The function that tracks historical data by tracking activities on the network.
Tuning—Deals strictly with the adjustment of the parameters on the network devices to improve their overall operation.
Security management allows the manager to control and protect information on the network by limiting access to host computer systems and network devices to both inside and outside organizations and establishing notification parameters to notify the security personnel when unauthorized attempts are made or carried out.
We further break security management into two subsections: network security and NMS security.
Fault management is the process of identifying, locating, and correcting network problems (faults).
Faults are abnormal conditions that require NCC personnel to take action to correct or repair. Errors Sometimes arise on a normal functioning network and do not necessarily require attention.
Unreliable delivery of packets.
Need for polling (user intensive).
Limited information derived from responses.
What is a MIB?
The management information base (MIB) is a hierarchical, structured format that defines the NM information available from network devices.
3. What are the two parts of the labeled node?
An object identifier (OID).
Short text description.
The labeled node and the leaf node.
Labeled Node - Labeled nodes may have subordinate labeled nodes and/or leaf nodes (also known as objects)
Leaf Node - Leaf nodes never have subordinate nodes.
A node can represent a workstation, client, network user, personal computer, server, printer, or other device attached to a data network
Managers – A NM station is typically a computer that is used to run one or more NMS applications (suite). The manager uses the NM station to issue requests for information from managed nodes.
The Get query retrieves the value of one specific instance of management information
The set operation modifies the value of one or more instances of management information. In addition, the operation can create new instances and delete existing instances of management information
Trap is the fourth operation message. A trap is an unsolicited message from an agent to the manager and, therefore, does not have a corresponding request message.
Each SNMP community is a group that contains at least one agent and one management system. The logical name assigned to such a group we call the community name.
1. Read (Get) - read only. These are associated with Get and GetNext requests between the manager and agents
2. Write (Set) - Community names are defined to allow the manager to remotely change configuration information from the management station or server.
1. What do the two hierarchies provided by the CIM describe?
Physical hierarchies describe the real-world components that make up your managed system.
A physical component is something in which you could attach an inventory tag.
Logical hierarchies are visible through network protocols. They provide some network
service, or connect logical components.
What are the three methods for creating a representation of a network topology within the domain managers repository?
Auto-discovery, Manual discovery, & Topology import
3. What are the three main components of SMARTS?
Physical Connectivity Map, IP Network Connectivity Map, IP Network Membership Map, VLAN Connectivity Map, VLAN Membership Map
The monitoring console is the primary console, and it is used to display the results of the domain manager’s correlation alarms.
Briefly describe the differences between the two types of polling used by SMARTS to gather information?
SMARTS uses a combination of ICMP and SNMP polling. Fault and performance data is collected using SNMP while device connectivity is monitored using ICMP.
What two factors determine if a SMARTS map is opened with read-write access or with read only access?
Two factors determine whether a SMARTS map is opened with read-write access or with read-only access. First, only one user can have a specific map opened with read-write access at any one time (the first person to access the map). Second, you can use the file system (FAT or NTFS) to purposely allow specific users read-write or read-only access to a map by setting permission to the files.
A problem notification identifies a specific failure. Red
Compound Event This represents one or more events. Compound event notifications are aggregated (rolled up) to the device- or the VLAN-level. Purple
Symptomatic Event This indicates abnormal conditions. Orange/Yellow
Browser Network Interface Server
Cache Objects Server Work Queues
ICMP (PING) Paging File System
IP Physical Disk TCP
Logical Disk Process Telephony
Memory Processor Thread
NBT Connection Redirector UDP0
A protocol analyzer generates, monitors, and captures data traffic moving across a network connection.
As data moves across the network, the NIC only processes broadcast frames and frames with its MAC address. However, the NIC in a protocol analyzer is configured to process all frames.
What is the recommended minimum amount of time to acquire network information to establish a performance baseline?
The recommended minimum period of initial capture for a representative sample is 24 hours.This allows you to establish normal/expected operating levels, or more commonly called “a network baseline.”
A filter may be defined to capture only a specific type of protocol frame such as World Wide Web (WWW) traffic.
List four types of specific occurrences that can be displayed by counters in the protocol analyzer.
Counters are configured to display the number of specific occurrences such as:
Cyclic redundancy check (CRC) errors.
Address resolution protocol (ARP) requests.
Data frame collisions.
On the protocol analyzer, what menu is best used to report errors that occur at the physical layer such as bad FCS, short frames, and jabbers?
MAC node statistics reports errors that occur at the physical layer such as bad FCS, short frames, and jabbers. These types of problems usually indicate a bad cable, connector, or NIC.
On the protocol analyzer, what kind of information does the connection statistics menu provide?
Connection statistics provide information concerning the bandwidth utilization and the number of connections that are related to specific nodes.
PING(Packet Inter Network Groper), Tracert, & Traffic Generator
Identification and authentication is the process of proving that a subject (e.g., a user or a system) is what the subject claims to be.
Authentication is defined as a measure used to verify the eligibility of a subject and the ability of the subject to access certain information. It protects against the fraudulentuse of a system or the fraudulent transmission of information. 3primary ways to authenticate to network: knowledge based, possession-based, and biometrics based, or to something you know, something you have, and/or something you are.
What are the three primary ways to authenticate oneself on the network?
There are three primary ways toauthenticate oneself on the network: knowledge based, possession-based, and biometrics based, or to put it another way, something you know, something you have, and/or something you are.
The Air Force requires a network password tobe at least nine characters long, to have at least two upper- and lower-case letters (A/a, B/b, etc.), two numbers (0–9), and two special characters.
Where are biometrics based authentication and identification generally used, and why?
While biometric based systems provide very high levels of security (unique physical characteristics are generally harder to counterfeit), they tend to be much more expensive, and are reserved for areas that require a very high level of security.
What is the biggest risk with a possession based system for identifying and authenticating yourself?
The biggest problem with relying solely upon this method of identification and authentication is the risk of counterfeiting
Requiring more than one type of authentication makes it much more difficult for a perpetrator to obtain everything he or she needs for access.
A combination of the biometric and possession based methods constitutes a strong user
authentication, as does cryptographically protected authentication (encrypted) or using one time passwords.
AFSSI 8580 specifically provides for a discussion of the known threats and
vulnerabilities associated with clearing, sanitizing, and destroying storage media; procedures for clearing storage media and restriction on the cleared media’s reuse; and procedures for sanitizing storage media and other components.
Originally remanence and remanence security referred only to magnetic media, but its scope has expanded to include any media that can retain information after the power is removed. This includes, but is not limited, to flexible magnetic media, (floppy disks, magnetic tape), rigid magnetic media (hard drives, disk packs), magnetic memory devices (core memory, magnetic bubble memory),etc
Note that declassifying the media is a separate administrative function that requires the information system owner (ISO) and the information owner approval. Sanitization does not automatically declassify media.
After the information owner provides evidence that no information resides on the media, the information owner can declassify the media by removing the classification markings. The letter is also the authority for the downgrading or declassifying of the media.
Physical destruction is not required if the media is sanitized and declassified.
You must ensure the coercivity strength of the magnetic field generated by the degausser is strong enough to return the magnetic media to its zero state. The higher the coercivity rating, the stronger the magnetic field will need to be.
AFI 33–210, Air Force Certification and Accreditation (C&A) Program (AFCAP) governs the Air Forces certification and accreditation program.
In previous processes, the C&A was usually accomplished as a separate process accomplished just prior to connecting an IS to the network. DIACAP takes a different approach. It is a “cradle to grave” process meant to track every IS and network from inception to retirement. DIACAP is required for every DOD-owned or controlled IS that receive, process, store, display, or transmit DOD information.
Initiate and plan IA C&A, Implement and validate assigned IA controls, Make certification determination and accreditation decision, Maintain authorization to operate and conduct reviews, Decommission
The IT lean reengineering process,along with AFI 33–210, Air Force Certification and Accreditation Program (AFCAP), provide the basic framework of the C&A process
The SISSU checklist is a consolidated list of requirements covering each of those areas that a program office must adhere to when developing and fielding a system. This checklist ensures that SISSU needs (and thus C&A needs) are communicated early, from requirements generation forwards.
The most common Air Force circuit-enclaves are base networks
Non-Secure Internet Protocol Router Network (NIPRNet) is an unclassified but sensitive internet protocol (IP) router network. It is a global long-haul IP-based network that supports unclassified data communications services designed for combat support
The concept the DOD uses in network defense is defense in depth. It encompasses the idea that one defense will not work for every type of attack, that one strategy cannot be full proof, and that even with the best of defenses, some attacks will get through.
Compromise of integrity—A macro virus infects an application or a serious system
vulnerability is discovered.
Denial of service—An attacker disables a system or a worm saturates network bandwidth.
Misuse—An intruder (or insider) makes unauthorized use of an account.
Damage—Data destruction by a virus.
Intrusions—An intruder penetrates system security.
Alterations—Data is changed to affect system performance
ASIM, is placed outside the boundary protection mechanism to monitor all attempted attacks.
This is the practice of encapsulating a message (that would be rejected by the firewall) inside a second message that will pass through the firewall. It resembles the Trojan horse technique used to disseminate viruses.
SMTP (e-mail) servers.
Dial up servers.
Web mail servers.
The simplest and least expensive type, which stops messages with inappropriate network addresses, is called a packet filtering firewall.
What type of firewall is used to separate secure sites, networks, or network segments from less secure areas?
A bastion host is a second type of firewall. We use it to separate secure sites, networks, or network segments from less secure areas.
Information security-related access controls fall into two categories:
1. Technical controls, such as passwords and encryption that are part of normal network
2. Administrative controls, such as segregation of duties and security screening of users.
Regardless of the source of the threat, it is usually targeting a vulnerability or weakness in the Network
For the virus to execute, the infected program must execute, activating the virus
The term botnet refers to a group of computers that have been infected by bots under the control of a person or group.
A Trojan horse is not actually a virus, but, as the name suggests, it acts as a cover or disguise for something else. It does not replicate itself, so it technically is not a virus
PKI enables users of basically unsecured public networks, such as the internet, to securely and privately exchange data through the use of public and private cryptographic key pairs obtained and shared through a trusted authority.
1. A certificate policy management system.
2. A registration authority verifies user requests for digital certificates and tells the certificate
authority to issue them.
3. A certificate authority (CA) that is responsible managing certificates.
4. One or more directories or repositories are created where the certificates are held.
which each entity in the community shares a secret key with the central
server (usually called a key distribution center or KDC). In such an architecture, the number of secret keys that need to be stored and maintained in a community is essentially equal to the size of the community, and the central server can act as an “introducer” for entities that do not previously know each other.
asymmetric ciphers make use of two related but different keys. In this key pair, the keys are sufficiently different, knowing one does not allow reception or computation of the other (even for a determined adversary with a lot of computing power at his/her disposal).
private-key operation on data (resulting value is the signature). If the originator is the only entity that knows this private key, the originator is clearly the only entity that could have signed this data. On the other hand, any entity (is able to retrieve a copy of the originator’s corresponding public key) can verify thesignature by doing a public key operation on the signature and checking whether this result
corresponds to the original data.
Verification is a similar two-step process:
1. The verifier hashes the data to a fixed-size value.
2. The verifier then examines this value, the transmitted signature, or the signing entity’s public
key. If the signature matches the key and the hash value, the signature verifies; otherwise,
CA is responsible for establishing, authenticating, maintaining, and, when needed, revoking certificates and hardware.
Key establishment can occur in two ways, key transfer and key agreement
In key transfer, one entity generates the symmetric key and sends it to the other entity.
In key agreement, both entities jointly contribute to the generation of the symmetric key.
How long should ECDSA and ECDH keys be to provide adequate security for the medium-tolong term?
The current state of research with respect to discrete logarithms over EC points suggests that ECDH and ECDSA keys should be at least 192bits long to provide adequate security for the medium-to-long term.
The fundamental premise in the original formulation of public-key cryptography was that two strangers should be able to communicate securely.
The PKI user population trusts these authorities to perform the function of binding a public key pair to a given identity
1. Enterprise root CA. This server is the overall authority for certificates within an enterprise
network. 2. Enterprise subordinate CA. This server is responsible for validating certificates within an
enterprise network3. Stand alone root CA. This CA server configuration does not require the use of active
directory but can be set up to use active directory. 4. Stand alone subordinate CA. This CA server also does not require the use of active directory, and
If a certificate on that list is used for any reason, it will be rejected.
This collection of certificates and corresponding private keys is known as the user’s key history
Tokens come in two flavors, hardware token and software token. The difference between the two is that a hardware token has built in security of some sort, such as a code or password that must be entered to use the certificates and keys.
Identity - Used for digital signature and authentication functions. Examples would be signing on to the network or digitally signing an enlisted evaluation report (EPR).
E-mail signing- Used to sign e-mail. This supports non-repudiation as you must type in your pin prior to the e-mail being sent.Encryption- Used to support data confidentiality. This allows for encryption of your e-mail. Note, certificates are set to expire every three years.
The GDS provides for the ability to search for individuals, access information about them
such as what their work phone number is or what their e-mail address is. It also contains the public key encipherment certificates, which allow other users to encrypt a message for that person that only they will be able to decipher.
In the case of PKI, middleware refers to the software that resides on the users system that allows the use of the CAC and the certificates contained on the CAC.
What does combat-ready communications and information forces provide?
Combat-ready communications and information support teams provide first-in capabilities to support peacetime through combat operations worldwide.
Communications and information (C&I) professionals plan, engineer, deploy, and employ this support for all air and space forces.
What will disappear as personnel become adept in the standardized expeditionary C&I skill sets needed to support Expeditionary Air and Space Forces throughout the entire predeployment/deployment cycle?
The dividing line between “fixed” and “tactical” C&I will disappear as personnel become adept in the standardized expeditionary C&I skill sets needed to support expeditionary air and space forces throughout the entire pre-deployment/deployment cycle.
Why do we have quicker response times, an efficient use of resources, and more effective training than previous Air and Space Expeditionary Force deployments?
As we look at the types of equipment used and how this equipment is used, you will see certainsystems can be utilized during both initial and sustained deployments. This versatility and flexibilityallow a quicker response time, a more efficient use of resources, and more effective training than previous air and space expeditionary force (AEF) deployments.
They provide the communicating link between forces securing the area and setting up support facilities as well as providing messaging capabilities back to the garrison units. This is where initial communications support will be a major player.
Within what time frames are initial communications support designed to provide basic
communications to a bare base operation?
Initial communications support is designed to provide basic communications to a bare base operation within 24 to 72 hours of deployment notification and remain in place for up to 30 days.
The TDC program includes three major components. The first component, the lightweight multiband satellite terminal (LMST) provides easily deployable, long haul communications. The second component, the integrated communications access package (ICAP), provides switched voice and data traffic. The third component is the network control center-deployed (NCC-D). TDC-ICAP provides seamless interoperability between deployed air elements and
Sustained communications support becomes part of the deployments if it extends past 30 days. The mission of sustained communications support teams is to ensure air and space expeditionary force and air and space expeditionary wing (AEW) commanders have connectivity and an uninterrupted flow of mission critical information to field units, in-garrison units, and to command structures for the duration of the contingency.
What program is a state-of-the-art ground communications infrastructure that is designed to replace existing older communication systems?
The TDC program is a state-of-the-art ground communications infrastructure designed to provide base level full spectrum communications to the commander and all agencies on that base.
Earlier we looked at TDC-ICAP and its use in an initial deployment. Because of TDC-ICAP’s scalable features and its expandability, it also is useful in a sustained deployment.
open architecture can interface with and adapt to emerging commercial standards. TDC-ICAP
supports the efficient transfer of command and control, intelligence, logistics, and administrative data
Fixed sites and deployed locations.
Different deployed locations.
Different functional areas at each deployed location.
CONUS gateway locations and deployed locations.
What concept allows planners to scale the network to meet the needs of deployments ranging from a few subscribers to a full wing, or even a Joint Air Force Command Component?
The TDC-ICAP network can also be connected as nodes to external wide area networks (WAN). This “building block” concept allows planners to scale the network to meet the needs of deployments ranging from a few subscribers to a full wing, or even a Joint Air Force Command Component. The system can be expanded to meet growing customer requirements as operations mature.
The base hub (MAN) is the conduit that ties all theLANs together and provides the interface to other networks.
The pre-deployment phase is where all the preparation is done
What order indicates that your unit may deploy?
Your unit getting a warning order does not mean that you are deploying but that you may
After disembarking from the transportation (plane, train, etc.), you will work to establish services.
In which phase of the deployment cycle do you replace and or repair worn equipment and replenish supplies?
Reconstitution normally takes place at home station and consists of medical and psychological reviews for personnel, repair/replacement of worn or missing equipment, and replenishment of supplies.
Sign up for free and study better.
Get started today!