A diploma and certifications are great to have, but hands-on experience can take you even further than your educational accomplishments. Playing around with the technology might help you retain information better, too. So don’t just read how to do something, but actually do it.
You probably don’t have a rack full of enterprise routers and switches to play around with, but there are some free and budget-friendly ways to get experience. You just need some time and eagerness to learn.
Here are eight ideas to get you some of that hands-on experience with networking, starting with simpler projects and progressing to more complex ones. Some of the earlier tasks may just take just a few minutes, while others are more for a weekend project.
Project 1: Configure third-party DNS
One of the basic components involving networks and the internet is the domain name system (DNS). Every time we type a website into a browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the web server to get the content.
The default DNS servers provided by an ISP typically offer only basic domain-name resolution. However, since DNS is a middleman between your browser and the website content, there are many third-party DNS services that offer additional functionality. This can include content filtering, ad blocking, malware or phishing site detection, botnet protection, and website traffic monitoring.
Here are some third-party DNS services you can check out:
- OpenDNS provides enterprise solutions, but also free consumer-based services, including free adult content blocking and other filtering.
- Comodo Secure DNS provides enterprise solutions with a month trial and also an always-free limited edition, both of which are designed for filtering and security.
- Google Public DNS is a simple service for faster DNS, but also should help with security.
- Internet Guide is also a simple service designed to give you faster DNS resolution and web surfing.
Give one of these services a try, maybe just to learn and experiment with for a few days or use them long term. You can specify the default DNS server used by an entire network by changing the IP address of the DNS server in the router, or you can specify a DNS server individually on devices. The exact steps of setting up a router with a third-party DNS varies, but you usually look for the DNS address in the main WAN (internet) or LAN (network) settings.
To specify the DNS individually on a Windows computer involves steps similar to setting up a static IP address:
- Navigate to the Network Connections window via the Control Panel or Network and Sharing Center.
- Double-click the desired connection and click the Properties button on the bottom.
- Double-click Internet Protocol Version 4 (TCP/IPv4) and select Use the following DNS server addresses.
- Enter the DNS server’s two server IP addresses, and click OK.
Project 2: Setup file sharing
One of the basic functions of a computer network is sharing files among users. Files can be hosted from a computer, network attached storage (NAS) device, or another server. All the main operating systems support at least simple file sharing, allowing them to be the host and also giving them the ability to access shared files.
Most operating systems support a version of the Server Message Block (SMB) file-sharing protocol. One big difference to consider on the machine hosting the files is the authentication methods supported to regulate access to the shared files. For instance, on a Windows Server machine, file access can be based on user credentials already in its Active Directory. By contrast, a simple Windows home computer can only authenticate users using the Windows account and passwords setup on that computer.
When you setup file sharing, you are sharing a folder or even sometimes a full drive on the network, and then anything inside that shared folder (or drive) is shared. Access is based on the authentication methods provided by the host. You can create multiple different shares for different reasons/users (like one share for all employees and another share for supervisors) or you can modify the sharing access of sub-folders inside the main share to select users.
In addition to the share’s access settings, file permissions can also regulate access. For instance, a network user might have full access to a share so they can see a listing of all the files, but the file permissions set on the files themselves might restrict them from opening or modifying the files. This is one place to start looking when troubleshooting issues in accessing shared files.
In Windows, it is easy to start sharing a folder on the network:
- Right-click a folder, select Properties, and then click on Sharing.
- For greater access controls, click the Advanced Sharing
- Select the Share this folder checkbox and enter the Share Name.
- Click the Permissions button to specify which users should have access and the type of access, and click OK when done. Keep in mind, you can only specify access based upon the Windows accounts and passwords setup on that computer.
Then go to another computer on the network and try to access the share via Network on the File Explorer.
Remember, although you create a network share and specify the users who have access, you may have to separately edit the file permissions of the folders or files inside the share: right-click the desired folder or file in the share, select Properties, and then click on the Security tab.
Project 3: Create a network diagram
Although you might have a mental map of an entire network stored in your brain, having an up-to-date map or diagram can help others get an idea of the network layout and what components they’re dealing with. It could also be useful for you to glance at when troubleshooting or when referencing component details.
You can create a diagram depicting the network topology. This can be a simple graphic showing the interconnection of the main network infrastructure components, like the modem, router, firewall, switches, servers, and wireless access points (APs).
A network diagram should give an IT professional a quick visual picture of the network along with basic details, such as the component name, IP address, and MAC address. And if you’d like to add more details, consider depicting static clients like IP printers/copiers and hard-wired PCs.
There are many software programs to help build diagrams; the most popular being Microsoft Visio. But there are also free options, including Network Notepad, Dia, and Diagram Designer.
Before you start manually building your network diagram, check out what topology views or maps your router might give you. Some routers will detect components and give you automated maps. These can help you start your own diagram. Creating your own illustration lets you double-check accuracy, add components your router can’t detect, and add the details you want. Plus, you’ll learn along the way.
Project 4: Put together full network documentation
A network diagram is a good start, but there is much more you should put down on paper to have complete network documentation. You want as many details as you can get on all the network components, including the login credentials and configuration details. This can be handy for you and especially others that might be trying to get acquainted with the network. If you’re an IT contractor that provides support to multiple organizations and networks, you certainly know just how much proper documentation can save time and frustration.
Here's a list of content to get you started:
- ISP details, including speeds, the modem models and serial numbers, and any static IP configuration.
- Main network components details, such as the model numbers, MAC addresses, static IP addresses, and login credentials.
- Specify designated IP ranges and also detail any VLAN and QoS IDs along with their designated use, like VoIP traffic or guest access.
- For the Wi-Fi network, be sure to note the access point (APs) details. If you have more than a few APs, you should have floor plan images with AP locations marked.
When you’re connecting to these components to check the details it would be a great time to save a backup of the configuration if you haven’t already, and then specify the location of the backup file in the documentation.
Project 5: Play with network monitoring tools
There are many IT monitoring solutions, and many different acronyms you might find when searching: remote monitoring and management (RMM) tools are designed usually for managed service providers (MSPs) that look after multiple networks, and mobile device management (MDM) tools are for keeping tabs on tablets, phones, and laptops.
Some monitoring tools are built just to be a simple up/down monitor, while some keep an eye on many other performance and security aspects. Some are designed to monitor network infrastructure components and servers, some are designed for PC workstations, and some are for web apps. Plus, you’ll have some tools that can monitor all these types of devices and services.
Take a look at a couple of monitoring tools and pick one or two to play with. Setup some monitoring at work, home, or even family devices. Try to understand how it’s monitoring and what it’s actually testing or measuring. Maybe it will help alert you of real problems that arise, but at least you’ll learn along the way.
Here are a few tools to consider:
- SpiceWorks is well-known for its free help desk and network inventory service, but they also have a free monitoring feature. It’s a cloud-based service with a web GUI that lets you monitor websites and web apps via HTTP or ICMP.
- ITarian also offers a free ticketing and remote-control platform, but only provides a 30-day trial of their RMM, MDM & Endpoint Security modules.
- ManageEngine offers many free and inexpensive tools, including OpManager for keeping tabs on network infrastructure components and servers, Desktop Central for workstations, and also a simple free Windows Server monitoring tool.
Project 6: Run network vulnerability scans
Vulnerability scanners can help automate security auditing and can play a crucial part in IT security. They can scan networks and websites for up to thousands of different security risks, producing a prioritized list of those that need patches, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.
Some of these tools can cost a fortune, but there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned, but there are also those that offer broad IT security scanning. Whatever the case, it can be a great learning experience to setup and to educate yourself on any vulnerabilities found. You might even be able to get more hands-on experience fixing the issues.
Here are two scanner platforms you can try:
- The ManageEngine Vulnerability Manager provides a Free Edition that’s fully functional for scanning up to 25 Windows or macOS computers. This one is designed mostly for computer scanning and monitoring, although there is some scanning offered for web servers.
- The Nessus Essentials (formerly Nessus Home) allows you to scan up to 16 IP addresses at a time. They offer a 7-day free trial of their Profession edition, which offers unlimited IP scanning and also adds compliance checks or content audits, live results, and the ability to use the Nessus virtual appliance.
Project 7: Setup a VPN server
If you haven’t yet played with a virtual private network (VPN) server, give it a try. Since so many things have been pushed to the cloud, even some network management tools, VPNs aren’t as crucial as in the past. However, it’s still something you should get hands-on experience with.
VPN connections can serve as an encrypted link into a network for securely accessing an office’s file shares when away from the office, for example. Or VPN connections can link networks from multiple locations. Even if you don’t need remote access to a network, a VPN connection can be used just so your Internet traffic is encrypted and hidden when on untrusted networks, like Wi-Fi hotspots.
Most operating systems include VPN server and client functionality, but for more control and features, such as certificate-based authentication, use third-party VPN server software instead. There are a couple of good open source options, such as OpenVPN.
Regardless of what VPN server software you use, you need to make sure the PC’s firewall is configured to allow incoming and outgoing VPN access. Plus, you’ll probably have to setup your router with a port forward so it knows what PC has the VPN server running when you go to VPN into the network via the internet.
You can also see what VPN functionality your router, NAS, and other network appliances offer. They might allow both remote VPN users and the ability to be a VPN client so you can link different locations. Utilizing the VPN server of a network appliance means you wouldn’t have to leave a PC powered on just to serve VPN user connections. If you don’t have a router or other appliance to play with, maybe load a third-party firmware (like DD-WRT) onto a home router.