Network and Security Foundations
Return loss
An equally important twisted-pair cable measurement is return loss. This measurement provides a measure of the ratio of power transmitted into a cable to the amount of power returned or reflected. The signal reflection is due to impedance changes in the cable link and the impedance changes contributing to cable loss. Cables are not perfect, so there will always be some reflection. Examples of the causes for impedance changes are non-uniformity in impedance throughout the cable, the diameter of the copper, cable handling, and dielectric differences. A low return loss value (dB) is desirable.
Intranet & IP Internetwork & TCP/IP
An intranet is an internal internetwork that provides file and resource sharing. Private addresses are not valid addresses for Internet use because they have been reserved for internal use and are not routable on the Internet. However, these addresses can be used within a private LAN (intranet) to create an IP internetwork. An IP internetwork uses IP addressing for identifying devices connected to the network and is also the addressing scheme used in TCP/IP networks. TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the protocol suite used for internetworks such as the Internet.
Near-end Crosstalk (NEXT)
A measure of the level of crosstalk or signal coupling within the cable, with a high NEXT(dB) value being desirable
Firewall protection
prevent unauthorized access to your network.
STP, EMI
refers to shielded twisted pair. The addition of this shield reduces the potential for electromagnetic interference (EMI) as long as the shield is grounded. EMI originates from devices such as motors and power lines and from some lighting devices such as fluorescent lights. But UTP is most popular for now for networking environments...
hybrid echo cancellations circuit
removes the transmitted signal from the receive signal
NAT (Network Address Translation)
Translates the private IP address to a public address for routing over the Internet. The outsider sees only the router IP address because the IP addresses of the internal networking devices are not provided on the Internet. Only the ISP-assigned IP address of the router is provided. The home network typically uses a private address that is not routable on the Internet. (Private IP addresses are blocked by the ISP.)
three layers involved in the process of isolating the network problem
layer 1, layer 3, layer 7, which are physical layer, network layer, and application layer. • Is the connection to the machine down? (layer 1) • Is the network down? (layer 3) • Is a service on a specific machine down? (layer 7)
commonly used wavelengths in today's fiber-optic systems
multi mode, single mode, fiber to the home/business
protocol
set of rules established for users to exchange information
multilevel encoding
technique used to reduce in the required bandwidth required to transport the data
Mac address
the MAC address provides the information that ultimately enables the data to reach a destination in a LAN. The switch stored the MAC addresses of all devices connected to its ports and used this information to forward the data from computer 1 directly to the printer. The MAC address provides the physical address for the network interface card but provides no information as to its network location or even on what LAN or in which building, city, or country the network resides, this is where IP address comes in.
bus topology
the computers share the media (coaxial cable) for data transmission. in this topology, a coaxial cable (called ThinNet) is looped through each networking device to facilitate data transfer. when data is sent between computer 1 and a printer, all devices on the network will see computer 1's data traffic to the printer and the other devices will have to wait for pauses in transmission or until it is complete before they can initiate their own transmission. If more than one computer's data is placed on the network at the same time, the data will be corrupted and will have to be retransmitted. This means that the use of a shared coaxial cable in a bus topology prevents data transmission from being very bandwidth-efficient, that's why bus isn't used much.
star topology
the most common networking topology in today's LANs where all networking devices connect to a central switch or hub. Twisted-pair cables with modular plugs are used to connect the computers and other networking devices. At the center of a star network is either a switch or a hub. This connects the network devices and facilitates the transfer of data. For example, if computer 1 wants to send data to the network laser printer, the hub or switch provides the network connection. If a hub is used, computer 1's data is sent to the hub, which then forwards it to the printer. However, a hub is a multiport repeater, meaning the data it receives is broadcast and seen by all devices connected to its ports. Therefore, the hub will broadcast computer 1's data traffic to all networking devices interconnected in the star network. For troubleshooting and maintenance, individual computers can be removed without negatively affecting the network.
Stateful Packet Inspection (SPI)
type of firewall inspects incoming data packets to make sure they correspond to an outgoing request. For example, you might be exchanging information with a website. Data packets that are not requested are rejected.
netstat -a -b
(a) Command used to display the ports currently open on a Windows operating system and (b) used to display the executable involved in creating the connection or listening port
FastEthernet
An Ethernet system operating at 100mbps
long haul
transmission of data over hundreds or thousands of miles
campus network
A collection of two or more interconnected LANs in a limited geographic area
RFID system contains two things
- An RFID tag (also called the RF transponder) includes an integrated antenna and radio electronics. - A reader (also called a transceiver) consists of a transceiver and an antenna. A transceiver is the combination of a transmitter and receiver.
advantages of bridge
-Easy to install, -Does an excellent job of isolating the data traffic in two segments -Relatively inexpensive -Can be used to interconnect two LANs with different protocols and hardware -Reduces collision domains (remember how the CSMA/CD protocol works)
three parameters to define an RFID system
-Means of powering the tag - Frequency of operation - Communications protocol (also called the air interface protocol)
steps to take to prevent viruses
-Open only attachments that come from known sources. Even this can be a problem because email addresses can be spoofed or the message can come from a known person whose computer has been infected. -Require that the emails you receive be digitally signed so you can verify the sender. - Always run antivirus software on the client machines. The antivirus software is not 100% effective but will catch most viruses. - Include email server filters to block specific types of emails or attachments. - Keep the antivirus software up-to-date. - Keep the operating system and applications software current. - Use personal firewalls when possible.
steps to complete Bluetooth device pairing
1. Enable the Bluetooth radio. 2. Enable Discoverability (this enables other Bluetooth devices to find you). 3. Select the device for pairing.
major criteria that affect the choice of fiber type
1. Signal losses 2. Ease of light coupling and interconnection 3. Bandwidth
IPv4 Address Classes and Address Range
A - 0.0.0.0- 127.255.255.255 B - 128.0.0.0- 191.255.255.255 C - 192.0.0.0- 223.255.255.255 D - 224.0.0.0- 239.255.255.255
Private IP addresses
A - 10.0.0.0- 10.255.255.255 B - 172.16.0.0- 172.31.255.255 C - 192.168.0.0- 192.168.255.255
bridge, bridging table, Association, Broadcast, ARP, Broadcast Storm, Network Slowdown, ARP Cache, ARP Table,
A bridge can be used in computer networks to interconnect two LANs together and separate network segments. Recall that a segment is a section of a network separated by bridges, switches, and routers. The bridge is a layer 2 device in the OSI model, meaning that it uses the MAC address information to make decisions regarding forwarding data packets. Only the data that needs to be sent across the bridge to the adjacent network segment is forwarded. This makes it possible to isolate or segment the network data traffic. Bridges monitor all data traffic in each of the LAN segments connected to its ports. Recall that a port is an input/output connection on a networking device. The bridges use the MAC addresses to build a bridging table of MAC addresses and port locations for hosts connected to the bridge ports. The source MAC address is stored in the bridge table as soon as a host talks (transmits a data packet) on the LAN. The bridge monitors the data on its ports to check for an association between the destination MAC address of the Ethernet frames to any of the hosts connected to its ports. An association indicates that the destination MAC address for a host is connected to one of the ports on the bridge. A potential problem with bridges has to do with the way broadcasts are handled. A broadcast means the message is being sent to all computers on the network; therefore, all broadcasts in a LAN will be forwarded to all hosts connected within the bridged LANs. For example, the broadcast associated with an ARP will appear on all hosts. ARP stands for Address Resolution Protocol, which is a protocol used to map an IP address to its MAC address. In the address resolution protocol, a broadcast is sent to all hosts in a LAN connected to the bridge. The bridge forwards all broadcasts; therefore, an ARP request broadcasting the message "Who has this IP address?" is sent to all hosts on the LAN. The data packets associated with ARP requests are small, but it requires computer time to process each request. Excessive amounts of broadcasts being forwarded by the bridge can lead to a broadcast storm, resulting in degraded network performance, called a network slowdown. The MAC address entries stored in a bridge table are temporary. Each MAC address entry to the bridge table remains active as long as there is periodic data traffic activity from that host on its port. However, an entry into the table is deleted if the port becomes inactive. In other words, the entries stored into the table have a limited lifetime. An expiration timer will commence once the MAC address is entered into the bridge table. The lifetime for the entry is renewed by new data traffic by the computer, and the MAC address is reentered. In a similar manner, all networking devices (for example, computers) contain an ARP cache, a temporary storage of MAC addresses recently contacted. This is also called the ARP table. The ARP cache holds the MAC address of a host, and this enables the message to be sent directly to the destination MAC address without the computer having to issue an ARP request for a MAC address.
campus network
A campus network consists of interconnected LANs within a limited geographic area such as a college campus, military base, or group of commercial buildings.
advantages of wireless
A cost-effective networking media for use in areas that are difficult or too costly to wire. User mobility in the workplace.
fiber cross-connect
A fiber cross-connect is the optical patch panel used to connect the fiber cables to the next link. The fiber cross connect typically uses mechanical splices to make the fiber connections.
hub, ping
A hub is a multiport repeater, and all data traffic input to the hub is passed on to all hosts connected to its ports After a link is established between the two computers, a series of echo requests and echo replies are issued by the networking devices to test the time it takes for data to pass through the link. The protocol used by the ping command is the Internet Connection Message Protocol (ICMP). The ping command is issued to an IP address; however, delivery of this command to the computer designated by the IP address requires that a MAC address be identified for final delivery. The computer issuing the ping might not know the MAC address of the computer holding the identified IP address (no entry in the ARP cache table); therefore, an ARP request is issued. An ARP request is broadcast to all computers connected in the LAN. The computer that holds the IP address replies with its MAC address, and a direct line of communications is then established.
CNA (Cisco Network Assistant)
A management software tool from Cisco that simplifies switch configuration and troubleshooting
virus
A piece of malicious computer code that, when opened, can damage your hardware, software, or other files
Content Addressable Memory (CAM)
A table of MAC addresses and port mapping used by the switch to identify connected networking devices
packet sniffing
A technique in which the contents of data packets are watched
worm
A type of virus that attacks computers, typically proliferates by itself, and can deny service to networks
social engineering
A way for an intruder to obtain enough information from people to gain access to the network
access points, site survey
Access points use the association to build a table of users (clients) on the wireless network. The association table lists the MAC addresses for each networking device connected to the wireless network. The access point then uses this table to forward data packets between the access point and the wireless network. The wireless client adapter will also notify the user if the client has lost an association with the access point. A wireless bridge is a popular choice for connecting LANs (running similar network protocols) even if the LANs are miles apart. The wireless bridge then connects to an antenna placed on the roof. A clear (line-of-sight) transmission path must exist between the two buildings; otherwise, signal attenuation (loss) or signal disruption can result. Antenna selection is also critical when configuring the connection. Wireless LANs have a maximum distance the signal can be transmitted. This is a critical issue inside buildings when user mobility is required. Many obstacles can reflect and attenuate the signal, causing reception to suffer. Also, the signal level for mobile users is hampered by the increased distance from the access point. Distance is also a critical issue in outdoor point to-multipoint wireless networks. A solution is to place multiple wireless access points within the facility. Mobile clients will be able to maintain a connection as they travel through the workplace because the wireless client will automatically select the access point that provides the strongest signal level. The access points can be arranged so that overlapping coverage of the workplace is provided, thus enabling seamless roaming for the client. In actual practice, the radiation patterns are highly irregular due to reflections of the transmitted signal. It is important to verify that sufficient RF signal level is available for the users in the WLAN. This is best accomplished by performing a site survey. Inside a building, a site survey is performed to determine the best location(s) for placing the access point(s) for providing maximum RF coverage for the wireless clients. Site surveys are also done with outside installations to determine the coverage area.
managed switch
Allows the network administrator to monitor, configure, and manage select network features
Personal firewall
Another form of software protection readily available for a computer is a personal firewall. Most of the operating systems (Windows, Mac OS, and Linux) today are equipped with a personal firewall. Some of them might not be enabled by default. The personal firewall software is typically based on basic packet filtering inspections where the firewall accepts or denies incoming network traffic based on information contained in the packets' TCP or IP headers. Some personal firewalls provide more granular control to allow specific hosts or subnets. Some of the personal firewalls also offer an application based firewall, where trusted programs can be defined. The network traffic originated from or destined to the trusted programs is allowed by the firewall.
distributed feedback (DFB) laser, Dense Wavelength Division Multiplex (DWDM), Vertical Cavity Surface Emitting lasers (VCSEls),
Another laser device, called a distributed feedback (DFB) laser, uses techniques that provide optical feedback in the laser cavity. This enhances output stability, which produces a narrow and more stable spectral width. Widths are in the range of 0.01-0.1 nm. This allows the use of more channels in dense wavelength division multiplex (DWDM) systems. Another even more recent development is an entirely new class of laser semiconductors called vertical cavity surface emitting lasers (VCSELs). These lasers can support a much faster signal rate than LEDs, including gigabit networks. They do not have some of the operational and stability problems of conventional lasers, however.
OFDM
Another technique used in the 802.11 standard is orthogonal frequency division multiplexing (OFDM). The basic idea behind this technique is to divide the signal bandwidth into smaller subchannels and to transmit the data over these subchannels in parallel.
Broadcast Domain
Any network broadcast sent over the network will be seen by all networking devices in this domain.
four layers of the TCP/IP model
Application layer - Defines the applications used to process requests and which ports and sockets are used Transport layer - Defines the type of connection established between hosts and how acknowledgements are sent Internet layer - Defines the protocols used for addressing and routing the data packets Network interface layer - Defines how the host connects to the network
brute force attack
Attacker uses every possible combination of characters for the password
Isolating the Collision Domains
Breaking the network into segments where a segment is a portion of the network where the data traffic from one part of the network is isolated from the other networking devices
Fast Link Pulse (FLP)
Carries the configuration information between each end of a data link
multicast
Messages are sent to a specific group of hosts on the network
Denial of Service (DoS)
Denial of service (DoS) means that a service is being denied to a computer, network, or network server. Denial-of-service attacks can be on individual machines, on the network that connects the machines, or on all machines simultaneously. A denial-of-service attack can be initiated by exploiting software vulnerabilities. For example, a software vulnerability can permit a buffer overflow, causing the machine to crash. This affects all applications, even secure applications. The vulnerable software denial-of-service attack attacks the system by making it reboot repeatedly. DoS attacks can also occur on routers via the software options available for connecting to a router. For example, SNMP management software is marketed by many companies and is supported by many computer platforms. Many of the SNMP packages use a similar core code that could contain the same vulnerability. Another denial-of-service attack is a SYN attack. This refers to the TCP SYN (synchronizing) packet (introduced in Chapter 6, "TCP/IP"). An attacker sends many TCP SYN packets to a host, opening up many TCP sessions. The host machine has limited memory set aside for open connections. If all the TCP connections are opened by the SYN attack, other users are kept from accessing services from the computer because the connection buffer is full. Most current operating systems take countermeasures against the SYN attack. Denial-of-service attacks can affect the network bandwidth and the end points on the network. The classic example is the Smurf attack (Figure 12-7), which required few resources from the attacker. The attacker sent a small packet and got many packets in return. The attacker would pick a victim and an intermediate site. Figure 12-7 shows an attacker site, an intermediate site, and a victim site. The intermediate site has sub nets of 10.1 0.1.0 and 10.10.2.0. The victim is at 10.10.1.0. The attackers send a packet to 10.10.1.255, which is a broadcast address for the 10.10.1.0 subnet. The attacker then spoofs the source address information, making it look as if the packet came from the victim's network. All the machines on the 10.10.1.0 sub net send a reply to the source address. Remember, the attacker has spoofed the source address so the replies are sent to the victim's network. If this attack were increased to all the subnets in the 10.0.0.0 network, an enormous amount of data packets are sent to the victim's network. This enables the attacker to generate a lot of data traffic on the victim's network without requiring the attacker to have many resources. This type of attack is not new, and you can take certain steps to stop a network from becoming an intermediate site. Cisco routers have an interface command that blocks broadcast packets to that subnet. This prevents a network from becoming an intermediate site for a network attack such as this. Make sure this command or a similar command is a default or has been enabled on the router's interface: no ip directed-broadcast But aren't layer 3 devices supposed to stop broadcasts? This is true for general broadcasts (all 32 bits set to Is or "F F F F F F F F" or 255.255.255.255). Routers will always stop these broadcasts. The type of broadcast used in this attack is a directed broadcast, which is passed through the router. The no ip directed- broadcast command enables only the router to reply. To prevent your network from becoming a host for an attacker, use access lists to allow only specific sources from the network to enter the router's interfaces. For example, network B connects to a router. Only packets sourced from network B are allowed to pass through the router. The downside of this is that it does become a maintenance problem: keeping track of the access lists can be a challenge for the network administrator and processing access lists on the router is processor intensive and can slow the throughput of the packets. However, this does help eliminate spoofed packets. Spoof means the attacker doesn't use his IP address but will insert an IP address from the victim's network or another network as the source IP. There is a lot of software on the Internet that enables someone to spoof an IP address. To prevent yourself from becoming a victim, well ... there isn't a way unless you aren't connected to any network or to any other users.
osi vs tcp/ip
OSI is 7 layers, TCP/IP is 4 layers...
single-mode fiber
Fiber cables with core diameters of about 7-10 nm; light follows a single path
PERTINENT INFO
Firewalls are used in computer networks for protection against the "network elements" (for example, intrusions, denial-of-service attacks, and so on). Access lists (ACLs) are the basic form of firewall protection, although an access list is not stateful and is not by itself a firewall. Access lists can be configured on a router, on a true dedicated firewall, or on the host computer. Firewalls are examined first in this section. Firewalls allow traffic from inside the network to exit but don't allow general traffic from the outside to enter the network. The firewall monitors the data traffic and recognizes where packets are coming from. The firewall will allow packets from the outside to enter the network if they match a request from within the network. Firewalls are based on three technologies: • Packet filtering • Proxy server • Stateful packet filtering In packet filtering, a limit is placed on the packets that can enter the network. Packet filtering can also limit information moving from one segment to another. ACLs are used to enable the firewall to accept or deny data packets. The disadvantages of packet filtering are • Packets can still enter the network by fragmenting the data packets. • It is difficult to implement complex ACLs. • Not all network services can be filtered. A proxy server is used by clients to communicate with secure systems using a proxy. The client gets access to the network via the proxy server. This step is used to authenticate the user, establish the session, and set policies. The client must connect to the proxy server to connect to resources outside the network. The disadvantages of the proxy server are • The proxy server can run very slowly. • Adding services can be difficult. • There can be a potential problem with network failure if the proxy server fails or is corrupted. In a stateful firewall the inbound and outbound data packets are compared to determine if a connection should be allowed. This includes tracking the source and destination port numbers and sequence numbers as well as the source and destination IP addresses. This technique is used to protect the inside of the network from the outside world but still allow traffic to go from the inside to the outside and back. The firewall needs to be stateful to accomplish this. But what if the campus network has a web server? How are outside users allowed access? This requires that holes must be opened in the network that allow data packets to pass through. The three most common traffic types that require holes to be opened are web servers, DNS, and email. The firewall must be modified so that anybody can connect to the web server via port 80. But what if a vulnerability is discovered on port 80 for the server's operating system? When you open ports, the network administrator must continually upgrade the software so that vulnerabilities are removed. The web server also might need to have its own firewall. Most firewalls can perform deep packet inspection. This can catch some of protocol vulnerabilities. A firewall is usually placed inline between a trusted (internal) network and an untrusted (external) network. Its primary function is to protect its trusted network. Figure 12-17 illustrates an example of how a perimeter firewall is often deployed. A perimeter firewall is physically placed between the public Internet and its internal networks. All incoming traffic is considered untrusted and is inspected by the firewall according to its rules. Sometimes, a firewall might be connected to a campus router. A router might be needed to aggregate multiple networks or to handle more complicated network routing. At the firewall, NAT or PAT is typically configured to handle the translation between the private IP addresses to the public IP addresses. A big problem with firewalls is that users assume a firewall catches all possible problems. This is a wrong assumption. The user might be slow to update the patches and fixes to the software. For example, an attacker sends an email message with an attachment to a user. The user opens the attachment and unknowingly loads a Trojan horse on his computer that scans all the machines on the LAN, checking for any possible open ports and compromising the entire LAN. A firewall is not the endto-end solution.
802.11 WIRELESS LAN facts.... MIMO
IEEE 802.11a equipment is not compatible with 802.11b, 802.11g, or 802.11n. The good aspect of this is that 802.11 a equipment will not interfere with 802.11 b, g, or n; therefore, 802.11a and 802.lIb/g/n links can run next to each other without causing any interference. The downside of 802.11 a is the increased cost of the equipment and increased power consumption because of the OFDM technology. This is of particular concern with mobile users because of the effect it can have on battery life. However, the maximum usable distance (RF range) for 802.11 a is about the same or even greater than that of 802.11b/g/n. Another IEEE 802.11 wireless standard is IEEE 802.11g. The 802.11g standard supports the higher data transmission rates of S4Mbps but operates in the same 2.4GHz range as 802.11 b. The 802.11g equipment is also backward compatible with 802.11b equipment. This means that 802.11b wireless clients will be able to communicate with the 802.11g access points and the 802.11g wireless client equipment will communicate with the 802.11b access points. The obvious advantage of this is that a company with an existing 802.11 b wireless network will be able to migrate to the higher data rates provided by 802.11 g without having to sacrifice network compatibility. In fact, new wireless equipment support both the 2.4GHz and SGHz standards, giving it the flexibility of high speed, compatibility, and noninterference. Another entry into wireless networks is the 802.11n. This wireless technology operates in the same ISM frequency as 802.11b/g (2.4GHz) and can also operate in the 5GHz band. A significant improvement with 802.11n is Multiple Input Multiple Output (MIMO). MIMO uses a technique called space-division multiplexing, where the data stream is split into multiple parts called spatial streams. The different spatial streams are transmitted using separate antennas. With MIMO, doubling the spatial streams doubles the effective data rate. The downside of this is the possibility of increased power consumption. The 802.11n specification includes a MIMO power-save mode. With this, 802.11n only uses multiple data paths when faster data transmission is required-thus saving power.
IPv6 Addressing
IP version 4 (IPv4) is the current TCP/IP addressing technique being used on the Internet. Address space for IPv4 is quickly running out due to the rapid growth of the Internet and the development of new Internet - compatible technologies such as the IP addressable telephone. IP version 6 (IPv6) is the proposed solution for expanding the possible number of users on the Internet. IPv6 is also called IPng, the next generation IP. IPv6 uses a 128-bit address technique, compared to IPv4's 32-bit address structure. IPv6 provides for a large number of IP addresses (2128). IPv6 numbers are written in hexadecimal rather than dotted decimal. For example, the following is a 32-hexadecimal digit IPv6 address (Note: 32 hex digits x 4 bits/hex digit = 128 bits): 6789:ABCD:1234:EF98:7654:321F:EDCB:AF21 This is classified as a full IPv6 address. The full means that all 32 hexadecimal positions contain a value other than O. Why doesn't IPv6 use the dotted decimal format of IPv4? It would take many decimal numbers to represent the IPv6 address. Each decimal number takes at least 7 binary bits in American Standard Code for Information Interchange (ASCII) code. IPv6 uses seven colons (:) as separators to group the 32 hex characters into eight groups of four. Some IPv6 numbers will have a 0 within the address. In this case, IPv6 allows the number to be compressed to make it easier to write the number. There are three types of IPv6 addresses: unicast, multicast, and anycast. The unicast IPv6 address is used to identify a single network interface address and data packets are sent directly to the computer with the specified IPv6 address. Multicast IPv6 addresses are defined for a group of networking devices. Data packets sent to a multicast address are sent to the entire group of networking devices, such as a group of routers running the same routing protocol. Multicast addresses all start with the prefix FFOO::/8. The next group of characters in the IPv6 multicast address (the second octet) are called the scope. The scope bits are used to identify which ISP should carry the data traffic. The anycast IPv6 address is obtained from a list of addresses but is only delivered to the nearest node. IPv6 addressing is being used in a limited number of network sites (for example, www.6bone.com and the federal government); however, the Internet is still running IPv4 and will be for some time. However, transition strategies are in place to help with the IPv4-to-IPv6 transition. One possible transition to IPv6 is called the 6t04 Prefix, which is essentially a technique that enables IPv6 sites to communicate over the IPv4 Internet. This requires the use of a 6t04-enabled router, which means that 6t04 tunneling has been enabled. This also requires the use of a 6t04 Relay router that forwards 6t04 data traffic to other 6t04 routers on the Internet. When will the Internet switch to IPv6? The answer is not clear, but the networking community recognizes that something must be done to address the limited availability of current IP address space. Manufacturers have already incorporated IPv6 capabilities in their routers and operating systems. What about IPv4? The bottom line is that the switch to IPv6 will not come without providing some way for IPv4 networks to still function. Additionally, techniques such as Network Address Translation (NAT; see Chapter 1, "Introduction to Computer Networks") have made it possible for intranets to use the private address space and still be able to connect to the Internet. This has significantly reduced the number of IP addresses required for each network.
FHSS, Pseudorandom, hopping sequence
In frequency hopping spread spectrum (FHSS), the transmit signal frequency changes based on a pseudorandom sequence. Pseudorandom means the sequence appears to be random but in fact does repeat, typically after some lengthy period of time. FHSS uses 79 channels (each IMHz wide) in the ISM 2.4GHz band. FHSS requires that the transmitting and receiving units know the hopping sequence (the order of frequency changes) so that a communication link can be established and synchronized. FHSS data rates are typically 1Mbps and 2Mbps. FHSS is not commonly used anymore for wireless LANs. It's still part of the standard, but very few (if any) FHSS wireless LAN products are sold.
vulnerable software, buffer overflow
In the process of writing large amounts of code, errors happen that can open access to the code and to a network. The basic attack that capitalizes on these errors is the buffer overflow. The buffer overflow occurs when a program attempts to put more data into a buffer than it was configured to hold and the overflow writes past the end of the buffer and over adjacent memory locations. The program stack contains data plus instructions that it will run. Assume, for example, that a program includes a variable size of 128 bytes. It is possible that the programmer didn't include instructions to check the maximum size of the variable to make sure it is smaller than 128 bytes. An attacker will look through pages and pages of source code searching for a vulnerability that allows her to issue a buffer overflow. The attacker finds the variable and sends data to the application assigned to that variable. For example, a web application could have a vulnerability with long URLs assigned to a variable within it. If the attacker makes the URL long enough, then the buffer overflow could allow her code to be placed in the stack. When the program counter gets to the inserted code, the inserted code is run and the attacker then has remote access to the machine. Sometimes buffer overflows don't allow instructions to be run, but rather the application crashes. This is used in denial-of-service attacks, examined in section 12- 3. A common code that gets run in buffer overflow attacks is setting up a backdoor to gain entry into the computer. What the attacker is doing is creating an application on a port and then connecting to the port. The attacker can also use this to place viruses in the computer. For example, say the attacker finds a vulnerability in the source code for an operating system, such as the SSL code on a web server. The attacker downloads malicious code onto the server and then connects to the machine and instructs the code to begin attacking other machines.
fragment free, fragment-collisions
In this mode, fragment collisions are filtered out by the switch. Fragment-collisions are collisions that occur within the first 64 bytes of the data packet. The collisions create packets smaller than 64 bytes, which are discarded. Latency is measured from the time the first bit is received until it is transmitted.
IC
Interconnect fibers branch exchange-item D shows the jumpers connecting the main fiber cross-connect (item B) to the active equipment (item C)
Routing Table
Keeps track of the routes to use for forwarding data to its destination
tunable laser
Laser in which the fundamental wavelength can be shifted a few nanometers, ideal for traffic routing in DWDMsystems
dynamic assignment
MAC addresses are assigned to a port when a host is connected
malware
Malware is the term used to encompass all malicious programs intended to harm, disrupt, deny, or gain unauthorized access to a computing system. Malware is short for malicious software. Viruses and worms are considered a type infectious malware. It is important to understand that an intruder can gain network access or even control of your network. And remember, the information presented in this chapter is an example of what the hacker already knows and what the network administrator needs to know to protect the network.
Multilayer switch (MLS), wirespeed routing
Newer switch technologies are available to help further improve the performance of computer networks. The term used to describe these switches is multilayer switches (MLS). An example is a layer 3 switch. Layer 3 switches still work at layer 2 but additionally work at the network layer (layer 3) of the OSI model and use IP addressing for making decisions to route a data packet in the best direction. The major difference is that the packet switching in basic routers is handled by a programmed microprocessor. The layer 3 switch uses application-specific integrated circuits (ASICs) hardware to handle the packet switching. The advantage of using hardware to handle the packet switching is a significant reduction in processing time (software versus hardware). In fact, the processing time of layer 3 switches can be as fast as the input data rate. This is called wire speed routing, where the data packets are processed as fast as they are arriving. Multilayer switches can also work at the upper layers of the OSI model. An example is a layer 4 switch that processes data packets at the transport layer of the OSI model.
RFID tags are classified in three ways based on how they obtain their operating power.
Passive: Power is provided to the tag by rectifying the RF energy, transmitted from the reader, that strikes the RF tag antenna. Semi-active: The tags use a battery to power the electronics on the tag but use the property of backscatter to transmit information back to the reader. Active: Use a battery to power the tag and transmit a signal back to the reader. Basically this is a radio transmitter.
Auto-negotiation
Protocol used by interconnected electronic devices to negotiate a link speed
RFID, backscatter
Radio frequency identification (RFID) is a technique that uses radio waves to track and identify people, animal, objects, and shipments. This is done by the principle of modulated backscatter. The term "backscatter" is referring to the reflection of the radio waves striking the RFID tag and reflecting back to the transmitter source with its stored unique identification information.
SSID
Service set identifier, 802.ll wireless LAN devices use an SSID to identify what wireless data traffic is allowed to connect to the network. The SSID is the wireless service set identifier, basically a password that enables the client to join the wireless network. The access point uses the SSID to determine whether the client is to become a member of the wireless network. The term association is used to describe that a wireless connection has been obtained. Another common question is "Why does the access point have two antennas?" The answer is that the two antennas implement what is called spatial diversity. This antenna arrangement improves received signal gain and performance.
Flooding
The term used to describe what happens when a switch doesn't have the destination MAC address stored in CAM
pulse dispersion
Stretching of received pulse width because of multiple paths taken by the light
Subnet masks info
Subnetting is a technique used to break down (or partition) networks into subnets. The subnets are created through the use of sub net masks. The subnet mask identifies which bits in the IP address are to be used to represent the network/subnet portion of an IP address. Subnets are created by borrowing bits from the host portion of the IP address. This is shown in Figure 6-14. The network portion of the IP address and the new subnet bits are used to define the new sub net. Routers use this information to properly forward data packets to the proper sub net. The class C network shown in Figure 6-15 is partitioned into four subnets. It takes 2 bits to provide four possible subnets; therefore, 2 bits are borrowed from the host bits. This means the process of creating the 4 subnets reduces the number of bits available for host IP addresses.
SONET/SDH
Synchronous optical network; protocol standard for optical transmission in long-haul communication/synchronous digital hierarchy. SONET/SDH defined a standard for the following: • Increase in network reliability • Network management • Defining methods for the synchronous multiplexing of digital signals such as DS-l (1.S44Mbps) and DS-3 (44.736Mbps) • Defining a set of generic operating/equipment standards • Flexible architecture
WLAN standard layers/pieces?
The IEEE 802.11 WLAN standard defines the physical (PHY) layer, the medium access control (MAC) layer, and the media access control (MAC) management protocols and services. The PHY (physical) layer defines the following: • The method of transmitting the data, which can be either RF or infrared (although infrared is rarely used) • The MAC layer defined • The reliability of the data service • Access control to the shared wireless medium • Protecting the privacy of the transmitted data
ICMP, IGMP, ping
The Internet Control Message Protocol (ICMP) is used to control the flow of data in the network, to report errors, and to perform diagnostics. A networking device, such as a router, sends an ICMP source-quench packet to a host that requests a slowdown in the data transfer. An important troubleshooting tool within the ICMP protocol is ping, the packet Internet groper. The ping command is used to verify connectivity with another host in the network. The destination host could be in a LAN, in a campus LAN, or on the Internet. The ping command was introduced in Chapter 1 and used in Chapter 4 to test the data packet deliveries in a LAN using a hub or switch. The ping command uses a series of echo requests, and the networking device receiving the echo requests responds with a series of echo replies to test a network connection. IGMP is the Internet Group Message Protocol. It is used when one host needs to send data to many destination hosts. This is called multicasting. The addresses used to send a multicast data packet are called multicast addresses and are reserved addresses not assigned to hosts in a network. An example of an application that uses IGMP packets is when a router uses multicasting to share routing tables. This is explained in Chapter 7, when routing protocols are examined. Another application of IGMP packets is when a host wants to stream data to multiple hosts. Streaming means the data is sent without waiting for any acknowledgement that the data packets were delivered. In fact, in the IGMP protocol, the source doesn't care whether the destination receives a packet. Streaming is an important application in the transfer of audio and video files over the Internet. Another feature o IGMP is that the data is handed off to the application layer as it arrives. This enables the appropriate application to begin processing the data for playback.
Static Addressing
The MAC address has been manually assigned to a switch port
Internet Layer
The TCP/IP Internet layer defines the protocols used for addressing and routing the data packets. Protocols that are part of the TCP/IP Internet layer include IP, ARP, ICMP, and IGMP. We examine these protocols next. The IP (Internet Protocol) defines the addressing used to identify the source and destination addresses of data packets being delivered over an IP network. The IP address is a logical address that consists of a network and a host address portion. The network portion is used to direct the data to the proper network. The host address identifies the address locally assigned to the host. The network portion of the address is similar to the area code for a telephone number. The host address is similar to the local exchange number. The network and host portions of the IP address are then used to route the data packets to the destination. (IP addressing and subnet masking are examined in detail in sections 6-4 and 6-5.) ARP Address Resolution Protocol (ARP) is used to resolve an IP address to a hardware address for final delivery of data packets to the destination. ARP issues a query in a network called an ARP request, asking which network interface has this IP address. The host assigned the IP address replies with an ARP reply, the protocol that contains the hardware address for the destination host. Figure 6-9 provides an example of an ARP request captured with a protocol analyzer. As shown highlighted in Figure 6-9(a), an ARP request is issued on the LAN. The source MAC address of thepacket is 00-1O-A4-13-99-2E. The destination address on the local area network shown is BROADCAST, which means this message is being sent to all computers in the local area network. A query (Q) is asking who has the IP address 10.10.10.1 (PA=). PA is an abbreviation for protocol address.
FTTC, FTTH, FTTB, FTTD,
The architectures of fiber networks for the home include providing fiber to the curb (FTTC) and fiber to the home (FTTH). FTTC is being deployed today. It provides high bandwidth to a location with proximity to the home and provides a highspeed data link, via copper (twisted-pair), using VDSL (very high-data digital subscriber line). This is a cost-effective way to provide large-bandwidth capabilities to a home. FTTH will provide unlimited bandwidth to the home; however, the key to its success is the development of a low-cost optical-to-electronic converter in the home and laser transmitters that are tunable to any desired channel. Another architecture in place is fiber to the business (FTTB). A fiber connection to a business provides for the delivery of all current communication technologies including data, voice, video, conferencing, and so on. An additional type is fiber to the desktop (FTTD). This setup requires that the computer has a fiber network interface card (NIC). FTTD is useful in applications such as computer animation work that has high-bandwidth requirements.
IPsec, etc
The attacker then watches the data packets until a telnet or FTP data packet passes (or one from many of the other applications that have unencrypted logins). Many of these applications pass the username and password over the network in plain text. Plain text means that the information is in a human readable form. Ifthe attacker captures all data packets from a user's computer, then the chances are good that the attacker can obtain the user's login name and password on one of the network's computers. The way to prevent this is by encrypting the user's name and password. An encrypted alternative to telnet is secure shell (SSH). The packets that pass across this SSH connection are encrypted. Secure socket layer (SSL) is an encryption used by web servers. For example, the packet transmission is encrypted when a credit card number is entered. There is also a secure version of FTP called Secure FTP (STFP). In these examples, the security is implemented at the application layer. Can also be implemented at layer 3 using IP security (IPsec). In IPsec each packet IP security is encrypted prior to transmission across the network link.
password cracking
The attacker tries to guess the user's password
network switch info
The bridge provides a method for isolating the collision domains for interconnected LANs but lacks the capability to provide a direct data connection for the hosts. The bridge forwards the data traffic to all computers connected to its port. The networking hub provides a technology for sharing access to the network with all computers connected to its ports in the LAN but lacks the capability to isolate the data traffic and provide a direct data connection from the source to the destination computer. The increase in the number of computers being used in LANs and the increased data traffic are making bridges and hubs of limited use in larger LANs. Basically, there is too much data traffic to be shared by the entire network. What is needed is a networking device that provides a direct data connection between communicating devices. Neither the bridge nor the hub provides a direct data connection for the hosts. A technology developed to improve the efficiency of the data networks and address the need for direct data connections is the layer 2 switch.
Half-Duplex
The communications device can transmit or receive but not at the same time
Cut-Through (READ, NO ERROR DETECTION)
The data packet is forwarded to the destination as soon as the destination MAC address has been read. In this mode, the data packet is forwarded to the destination as soon as the destination MAC address has been read. This minimizes the switch latency; however, no error detection is provided by the switch. There are two forms of cut-through switching-Fast-Forward and Fragment Free.
Store-and-Forward
The entire frame of data is received before any decision is made regarding forwarding the data pack
BSS, ad hoc, access point, transceiver
The fundamental topology of the WLAN is the Basic Service Set (BSS). This is also called the independent Basic Service Set, or ad hoc network. In this network, the wireless clients (stations) communicate directly with each other. This means the clients have recognized the other stations in the WLAN and have established a wireless data link. The performance of the Basic Service Set can be improved by including an access point. The access point is a transmit/receive unit (transceiver) that interconnects data from the wireless LAN to the wired network. Additionally, the access point provides 802.11 MAC layer functions and supports bridge protocols. The access point typically uses an RJ-45 jack for connecting to the wired network. If an access point is being used, users establish a wireless communications link through it to communicate with other users in the WLAN or the wired network,
last mile
The last part of the connection from the telecommunications provider to the customer
Layer 2 switch, Multiport Bridge
The layer 2 switch is an improved network technology that addresses the issue of providing direct data connections, minimizing data collisions, and maximizing the use of a LAN's bandwidth; in other words, that improves the efficiency of the data transfer in the network. The switch operates at layer 2 of the OSI model and therefore uses the MAC or Ethernet address for making decisions for forwarding data packets. The switch monitors data traffic on its ports and collects MAC address information in the same way the bridge does to build a table of MAC addresses for the devices connected to its ports. The switch has multiple ports similar to the hub and can switch in a data connection from any port to any other port, similar to the bridge. This is why the switch is sometimes called a muItiport bridge. The switch minimizes traffic congestion and isolates data traffic in the LAN.
Aging Time
The length of time a MAC address remains assigned to a port
Switch Latency
The length of time a data packet takes from the time it enters a switch until it exits
loss of association
The mobile client was moved to point D in the building, and a signal quality of "Out of range" was observed. This is also called a loss of association with the access point.
Transparent Bridge, Translation Bridge
The name for the type of bridge used to interconnect two LANs running the same type of protocol (for example, Ethernet) is a transparent bridge. Bridges are also used to interconnect two LANs that are operating two different networking protocols. For example, LAN A could be an Ethernet LAN and LAN B could be a token ring. This type of bridge is called a translation bridge. The bridge allows data from one LAN to be transferred to another. Also the MAC addressing information is standardized so the same address information is used regardless of the protocol. A common application today using a bridge is interconnecting LANs using wireless technology. The use of wireless bridges in LAN s is a popular choice for interconnecting the LANs when the cost of physically connecting them is prohibitive. The use of a bridge is not as common as it used to be except for wireless network applications. New networking technologies are available that provide similar capabilities to the bridge but that are much more powerful. However, the bridge still is useful and has several advantages.
Secure Address
The switch port will automatically disable itself if a device with a different MAC address connects to the port
XENPAK, XPAK, X2, XFP, SFP+ (small pluggable form)
The ten gigabit interface adapter
network interface layer
The network interface layer of the TCP/IP model defines how the host connects to the network. Recall that the host can be a computer or a networking device such as a router. The type of network to which the host connects is not dictated by the TCP/IP protocol. The host could be a computer connected to an Ethernet or token-ring network or a router connected to a frame relay wide area network. TCP/IP is not dependent on a specific networking technology; therefore, TCP/IP can be adapted to run on newer networking technologies such as asynchronous transfer mode (ATM). In the network interface layer every TCP/IP data packet must have a destination and a source MAC address in the TCP/IP header. The MAC or hardware address is found on the host's network interface card or connection and is 12 hexadecimal characters in length. For example, the network interface could have a MAC address of OO-1O-A4-13-99-2E. The hardware address is used for final delivery of data packets to the next destination in a network. The first six hexadecimal numbers represent the organization that manufactured the card. This is called the organizational unit identifier (0UI). The last six digits are unique numbers assigned by the manufacturer of the network interface.
DDoS
The number of packets that can be generated by a single packet as in the Smurf attack can be limited on a router; however, attackers now use worms to distribute an attack. In a distributed denial-of-service (DDoS) attack, the attacker will do a port scan and look for an open port or a software application that is vulnerable to an attack. The machine is hacked (attacked) and distributes the malicious software. The attacker will repeat this for many victim machines. After the software is on the victim machines, the attacker can issue a command or an instruction that starts the attack on a specific site. The attack comes from a potentially massive amount of machines the worm has infected.
Error Threshold
The point where the number of errors in the data packets has reached a threshold and the switch changes from the cut-through to the store and-forward mode
ESS, hand off, roaming, CSMA/CA, DSSS, ISM
The problem with the Basic Service Set is that mobile users can travel outside the radio range of a station's wireless link with one access point. One solution is to add multiple access points to the network. Multiple access points extend the range of mobility of a wireless client in the LAN. This arrangement is called an Extended Service Set (ESS). The mobile computer will establish an authorized connection with the access point that has the strongest signal level (for example, AP-l). As the user moves, the signal strength of the signal from AP-l will decrease. At some point, the signal strength from AP-2 will exceed AP-l, and the wireless bridge will establish a new connection with AP-2. This is called a hand-off. This is an automatic process for the wireless client adapter in 802.11, and the term used to describe this is roaming. Network access in 802.11 uses a technique called carrier sense multiple access/collision avoidance (CSMAlCA). In CSMAlCA, the client station listens for other users of the wireless network. If the channel is quiet (no data transmission), the client station can transmit. If the channel is busy, the station(s) must wait until transmission stops. Each client station uses a unique random back-off time. This technique prevents client stations from trying to gain access to the wireless channel as soon as it becomes quiet. 802.11 DSSS implements 14 channels (each consuming 22MHz) over approximately 90MHz of RF spectrum in the 2.40Hz ISM (industrial, scientific, and medical) band. DSSS is a technique used to spread the transmitted data over a wide bandwidth; in this case it is a 22MHz bandwidth channel.
the router facts... network address, logical address, router interface
The router is the most powerful networking device used today to interconnect LANs. The router is a layer 3 device in the OSI model, which means the router uses the network address (layer 3 addressing) to make routing decisions regarding forwarding data packets. Remember from Chapter 1, section 3, that the OSI model separates network responsibilities into different layers. In the OSI model, the layer 3 or network layer responsibilities include handling of the network address. The network address is also called a logical address, rather than being a physical address such as the MAC address. The physical address is the hardware or MAC address embedded into the network interface card. The logical address describes the IP address location of the network and the address location of the host in the network. Essentially, the router is configured to know how to route data packets entering or exiting the LAN. This differs from the bridge and the layer 2 switch, which use the Ethernet address for making decisions regarding forwarding data packets and only know how to forward data to hosts physically connected to their ports. Routers are used to interconnect LANs in a campus network. Routers can be used to interconnect networks that use the same protocol (for example, Ethernet), or they can be used to interconnect LANs that are using different layer 2 technologies such as an Ethernet and token ring. Routers also make it possible to interconnect to LANs around the country and the world and interconnect to many different networking protocols. Routers have multiple port connections for connecting to the LANs, and by definition a router must have a minimum of three ports, The common symbol used to represent a router in a networking drawing is provided in Figure 5-14, The arrows pointing in and out indicate that data enters and exits the routers through multiple ports. The router ports are bidirectional, meaning that data can enter and exit the same router port. Often the router ports are called the router interface, the physical connection where the router connects to the network.
application layer
The top level of the TCP/IP stack is the application layer. This layer is used to process requests from hosts and to ensure a connection is made to an appropriate port. A port is basically an address used to direct data to the proper destination application. There are 65,536 possible TCP/UDP ports. Ports 1-1023 are called well known ports or reserved ports. These ports are reserved by Internet Corporation for Assigned Names and Numbers (ICANN). Ports 1024--49151 are called registered ports and are registered with ICANN. Ports 49152-65535 are called dynamic or private ports. Examples of well-known ports include HTTP (TCP port 80), HTTPS (TCP port 443), and SSH (TCP port 22). Host B is passing to Host A data that is destined for TCP port 80 (HTTP). HTTP is the HyperText Transfer Protocol, used for transferring non-secure web-based documents to a web browser such as Internet Explorer or Mozilla Firefox. Host A receives the packet and passes the application up to the port 80 application.
transport layer
The transport layer protocols in TCP/lP are very important in establishing a network connection, managing the delivery of data between a source and destination host, and terminating the data connection. There are two transport protocols within the TCP/lP transport layer, TCP and UDP. TCP, the Transport Control Protocol, is a connection-oriented protocol, which means it establishes the network connection, manages the data transfer, and terminates the connection. The TCP protocol establishes a set of rules or guidelines for establishing the connection. TCP verifies the delivery of the data packets through the network and includes support for error checking and recovering lost data. TCP then specifies a procedure for terminating the network connection. A unique sequence of three data packets is exchanged at the beginning of a TCP connection between two hosts, as shown in Figure 6-3. This is a virtual connection that is made over the network. This sequence is as follows: 1. The SYN (Synchronizing) packet 2. The SYN ACK (Synchronizing Acknowledgement) packet 3. The ACK (Acknowledgement) packet The host initiating the connection will send a synchronizing packet (SYN). In this example, Host A issues a SYN packet to initiate the TCP handshake. The SYN will have a sequence number (SEQ) associated with it. In the example shown in Figure 6-3, the sequence number is x. The sequence number is used to keep track of the data packets being transferred from Host A to Host B. The length of the packet being sent by Host A is 0 (LEN 0), which indicates that the packet contains no data. In packet 2, Host B replies with a SYN ACK packet. The ACK is an acknowledgement that Host B received the packet from Host A. A number is attached to the ACK with a value of (x + 1) that should be the sum of the SEQ# from packet 1 plus the length (LEN) of packet 1. Recall that the length of packet 1 is 0 (LEN 0), but packet 1 counts as one packet; therefore, Host B replies with an acknowledgement of packet 1 sequence number plus 1 (x + 1). This acknowledgement notifies Host A that the packet (packet 1) was received. Packet 2 from Host B will also have a sequence number issued by Host B. In this packet, the sequence number has a value of y. This sequence number is used to keep track of packets transferred by Host B. In packet 3, Host A acknowledges the reception of Host B's packet. The ACK number is an increment of one higher than the SEQ# sent by Host B in packet 2 (y + 1). Host A also sends an updated SEQ# that is one larger than the SEQ# Host A sent in packet 1 (x + 1). Remember, Host A and Host B each have their own sequence numbers. This completes the three-packet handshake that establishes the TCP connection. This handshake appears at the beginning of all TCP data transfers. The following is an example of a TCP packet transmission captured using a network protocol analyzer. The network setup is shown in Figure 6-4. Host A (the client) is establishing an FTPconnection with Host B. The captured file is 6-a.cap and is also provided in the Capture folder with the text's accompanying CD ROM. Portions of the captured data packets are shown in Figure 6-5 Packet 1 (ID 000001) is the SYN or synchronizing packet. This packet is sent from the host computer on the network that wants to establish a TCP network connection. in this example, Host A is making a TCP connection for an FTP file transfer. The summary information for packet 1 specifies that this is a TCP packet, the source port is 1054 (SP=1054), and the destination port is 21 (DP=21). Port 1054 is an arbitrary port number that the FTP client picks or is assigned by the operating system. The destination port 21 (command/control) is the well known FTP port (see Table 6-4). The packet has a starting sequence number, 997462768, and there is no acknowledgement (ACK=O). The length of the data packet is 0 (LEN=O). This indicates that the packet does not contain any data. The window size = 16384 (WS=16384). The window size indicates how many data packets can be transferred without an acknowledgement. Packet 2 is the SYN-ACK packet from the FTP server. The sequence number SEQ=3909625466 is the start of a new sequence for the data packet transfers from Host B. The source port is 21 (SP=21) and the destination port for packet 2 is 1054 (DP=1054). ACK=997462769 is an acknowledgement by host B (the FTP server) that the first TCP transmission was received. Note that this acknowledgement shows an increment of 1 from the starting sequence number provided by host A in packet 1. Packet 3 is an acknowledgement from the client (host A) back to the FTP server (host B) that packet 2 was received. Note that the acknowledgement is ACK=3909625467, which is an increment of 1 from the SEQ number transmitted in packet 2. This completes the initial handshake establishing the TCP connection. The next part is the data packet transfer. At this point, the two hosts can begin transferring data packets. The last part of the TCP connection is terminating the session for each host. The first thing that happens is that a host sends a FIN (finish) packet to the other connectedhost. This is shown in Figure 6-6. Host B sends a FIN packet to Host A indicating the datatransmission is complete. Host A responds with an ACK packet acknowledging the reception of the FIN packet. Host A then sends Host B a FIN packet indicating that the connection is being terminated. Host B replies with an ACK packet. Packet 48 (see Figure 6-7) is a TCP packet with a source port of 21 (SP=21) and a destination port of 1054 (DP=1054). The FIN statement is shown, followed by a SEQ# and an ACK#. Remember, the SEQ and ACK numbers are used to keep track of the number of packets transmitted and an acknowledgement of the number received. The LEN of packet 48 is 0, which means the packet does not contain any data. Packet 49 is an acknowledgement from the host, at port 1054, of the FIN packet. Remember, the FIN packet was sent by the host at the source port 21. In packet 50 the host at port 1054 sends a FIN packet to the host at the destination port 21. In packet 51, the host at port 21 acknowledges the reception of the FIN packet and the fourpacket sequence closes the TCP connection.
intermediate components, all kinds of shit, just be aware..
The typical fiber-optic telecommunication link is a light source or transmitter and light detector or receiver interconnected by a strand of optical fiber, light pipe, or glass. An increasing number of specialized networks and system applications have various intermediate components along the span between the transmitter and the receiver. A brief review of these devices and their uses is provided in the list that follows. • Isolators: An isolator is an inline passive device that allows optical power to flow in one direction only. • Attenuators: Attenuators are used to reduce the received signal level (RSL). They are available in fixed and variable configurations. • Branching devices: Branching devices are used in simplex systems where a single optical signal is divided and sent to several receivers, such as point to multipoint data or a CATV distribution system. • Splitters: Splitters are used to split, or divide, the optical signal for distribution to any number of places. • Wavelength division multiplexers: Wavelength division multiplexers combine or divide two or more optical signals, each having a different wavelength. They are sometimes called optical beam splitters. • Optical-line amplifiers: Optical-line amplifiers are analog amplifiers. Placement can be at the optical transmitter output, midspan, or near the optical receiver.
wireless LAN adapter and services provided
The wireless adapter (wireless LAN adapter) is the device that connects the client to the wireless medium. The medium is typically a radio wave channel in the 2.4GHz or 5GHz ISM band. services include: delivery of the data, authentication, privacy
how are optic fibers rated?
bandwidth per length
Adaptive Cut-Through, error threshold
This is a combination of the store-and-forward mode and cut-through. The cut-through mode is used until an error threshold (errors in the data packets) has been exceeded. The switch mode changes from cut through to store-and-forward after the error threshold has been exceeded.
fast forward (EXTRACTED)
This mode offers the minimum switch latency. The received data packet is sent to the destination as soon as the destination MAC address is extracted.
bluetooth, paging procedure, piconet
This section examines another wireless technology called Bluetooth, based on the 802.15 standard. Bluetooth was developed to replace the cable connecting computers, mobile phones, handheld devices, portable computers, and fixed electronic devices. The information normally carried by a cable is transmitted over the 2.4GHz ISM frequency band, which is the same frequency band used by 802.lIb/g/n. When a Bluetooth device is enabled, it uses an inquiry procedure to determine whether any other Bluetooth devices are available. This procedure is also used to allow itself to be discovered. If a Bluetooth device is discovered, it sends an inquiry reply back to the Bluetooth device initiating the inquiry. Next, the Bluetooth devices enter the paging procedure. The paging procedure is used to establish and synchronize a connection between two Bluetooth devices. When the procedure for establishing the connection has been completed, the Bluetooth devices will have established a piconet. A piconet is an ad hoc network of up to eight Bluetooth devices such as a computer, mouse, headset, earpiece, and so on. In a piconet, one Bluetooth device (the master) is responsible for providing the synchronization clock reference. All other Bluetooth devices are called slaves.
VPN Tunneling Protocols ...so many
This section provides a quick overview of the protocols used in the creation of these VPN tunnels. One of the original tunneling protocols is the Generic Routing Encapsulation (GRE). GRE was developed by Cisco in 1994 and is still being used today. GRE is commonly used as a site-to site VPN solution because of its simplicity and versatility. It is the only tunneling protocol that can encapsulate up to 20 types of protocols. In the past when protocols like AppleTalk, Novell IPX, and NetBEUI roamed the network, GRE was the tunneling protocol of choice to carry these protocols to other remote sites. The tunneling protocols commonly used in remote access VPNs are mentioned throughout the rest of this section. To better understand remote access VPN, you should at least understand the importance of PPP. In the days when modems and dialups were kings, PPP was the key to the remote access solution; it was the de facto protocol of the dial-up networking. In those days, people would make a dial-up connection to their ISP and establish a PPP session to the Internet. Even though authentication is optional for PPP, most implementations ofPPP provide user authentication using protocols like Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). PAP is a simple, clear-text (unencrypted) authentication method, which is superseded by CHAP, an encrypted authentication method that uses the MD5 hashing algorithm. Later, Extensible Authentication Protocol (EAP) was introduced as another PPP authentication method. During the PPP authentication phase, the ISP dial-up server collects the user authentication data and validates it against an authentication server like a RADIUS server. RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is an IETF standard protocol that is widely used for authenticating remote users and authorizing user access. The RADIUS server supports many methods of user authentication including PAP, CHAP, and EAP. Even though PPP dial-up is not as prevalent today, the concepts of central authentication still lend themselves to many technologies and applications. Point-to-Point Tunneling Protocol (PPTP) was developed jointly by Microsoft, 3Com, and Alcatel-Lucent in 1996. It has never been ratified as a standard. Microsoft was a big advocate of PPTP and made PPTP available as part of Microsoft Windows Dial-up Networking. A PPTP server was included in Microsoft NT 4.0 server, and PPTP was widely used as a remote access solution. PPTP was designed to work inconjunction with a standard PPP. A PPTP client software would establish a PPP connection to an ISP, and once the connection is established, it would then make the PPTP tunnel over the Internet to the PPTP server. The PPTP tunnel uses a modified GRE tunnel to carry its encapsulated packet for IP transmission. The diagram of typical PPTP connection and other tunneling protocols is represented in Figure 12-18. PPTP does not have any authentication mechanism, so it relies heavily on the underlying PPP authentication. Layer 2 Forwarding Protocol (L2F) was developed by Cisco around the same time as PPTP. L2F was not used widely in the consumer market due to its requirement of L2F hardware. Unlike PPTP where the VPN client software is installed and initiated from the client, L2F does not require any VPN client software. A L2F connection is intended to be done by L2F hardware. This hardware is designed to be at the ISP. A client would make a typical PPP connection to the ISP. The ISP will then initiate the L2F tunnel connection on UDP port 1701 to the L2F server at the corporate headquarters. This requires coordination between the ISP and the corporate network. L2F relies on the PPP authentication to be passed on to the corporate authentication server. Layer 2 Tunneling Protocol (L2TP) was developed by the Internet Engineering Task Force (IETF) in 1999. L2TP was created with the intention of merging two incompatibles proprietary tunneling protocols, PPTP and L2F. L2TP is considered to be an enhancement of the two previous protocols. L2TP does not require a specific hardware. It can be initiated directly from the client. L2TP Tunnel encapsulation is done on UDP port 1701. L2TP allows for tunnel authentication, so it does not have to rely heavily on the underlying PPP. IfL2TP is used over an IP network where PPP is not used, the tunnel can be created with its own authentication mechanism. All of the previously mentioned tunneling protocols are lacking one important security feature-encryption. An encryption can guarantee data confidentiality in the tunnel. IPsec offers encryption features that the others lack. IPsec was designed for the purpose of providing a secure end-to-end connection. The VPN can take advantage of IPsec to provide network layer encryption as well as authentication techniques. IPsec are versatile in that it can be implemented easily as a remote access VPN or as a site-to-site VPN. For IPv6, IPsec becomes an even more integral part as it is embedded within the IPv6 packets. There are two primary security protocols used by IPsec. They are Authentication Header (AH) and Encapsulating Security Payload (ESP). AH guarantees the authenticity of the IP packets. It uses a one-way hash algorithm like Message Digest S (MDS) or Secure Hash Algorithm 1 (SHA-l) to ensure the data integrity of the IP packets. ESP provides confidentiality to the data messages (payloads) by ways of encryption. It uses symmetrical encryption algorithms like Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). Before an IPsec tunnel can be established, quite a few security parameters have to be negotiated and agreed upon by both ends. IPsec uses the Internet Key Exchange (IKE) protocol to manage such process. IKE is a hybrid protocol that encompasses several key management protocols, most notably Internet Security Association and Key Management Protocol (ISAKMP). Many times, the term IKE and ISAKMP are often mentioned alongside each other. There are two negotiation phases that the two network nodes must perform before the IPsec tunnel is complete. The IKE Phase 1 is a phase where both network nodes authenticate each other and set up an IKE SA (Security Association). In phase 1, the Diffee Hellman key exchange algorithm is used to generate a shared session secret key to encrypt the key exchange communications. This phase is essentially to set up a secure channel to protect further negotiations in phase 2. IKE Phase 2 uses the secure channel established in phase 1 to negotiate the unidirectional IPsec SAs-inbound and outbound-to set up the IPsec tunnel. This is where the parameters for AH and ESP would be negotiated.
TCP/IP intro
Transmission Control Protocol/Internet Protocol (TCP/IP) is the protocol suite used for communications between hosts in most local networks and on the Internet. TCP/IP can be used to enable network communications in LANs, campus networks, and wide area networks (WANs) as long as the hosts support the protocol.
UDP
UDP, the User Datagram Protocol, is a connectionless protocol. This means UDP packets are transported over the network without a connection being established and without any acknowledgement that the data packets arrived at the destination. UDP is useful in applications such as video conferencing and audio feeds, where such acknowledgements are not necessary. No acknowledgements are sent back from the client because all the packets are coming from the Internet source. UDP does not have a procedure for terminating the data transfer; either the source stops delivery of the data packets or the client terminates the connection.
CIDR, Classful, Supernetting, Prefix length notation, CIDR block, supernets
Up to this point, this chapter has focused on the issues of classful networks. Classful means that the IP addresses and subnets are within the same network. The problem with classful addressing is that there is a lot of unused IP address space. For example, a class A IP network has more than 16 million possible host addresses. A Class B network has more than 65,000 host addresses, but the fact is that only a limited number of Class A and B address space has been allocated for Internet use. A technique called supernetting was proposed in 1992 to eliminate the class boundaries and to make available the unused IP address space. Supernetting allows multiple networks to be specified by one subnet mask. In other words, the class boundary could be overcome. Supernetting required a simpler way to indicate the sub net mask. The technique developed is called classless interdomain routing (CIDR). CIDR (pronounced "cider") notation specifies the number of bits set to a 1 that make up the subnet mask. For example, the Class C size subnet mask 255.255.255.0 is listed in CIDR notation as 124. This indicates the 24 bits are set to a 1. A Class B size subnet is written as /16, and a Class A subnet is written as /8. CIDR can also be used to represent subnets that identify only part of the octet bits in an IP address. An alternative to the CIDR notation is the prefix length notation. This is another shorthand technique for writing the subnet mask. For example, the subnet mask 255.255.255.192 is written as 126. This notation shows the number of network and host bits being used to create the sub net mask. In the case of a /26 subnet mask, 24 network bits and 2 host bits are being used. Yes, this is basically the same as the CIDR except class boundaries are not being crossed and network bits are not being borrowed. CIDR blocks are used to break down the class barriers in IP addressing. For example, two Class C networks (192.168.78.0124 and 192.168.79.0124) can be grouped together as one big sub net. These two networks can be grouped together by modifying the 124 CIDR number to 123. This means that one bit has been borrowed from the network address bits to combine the two networks into one supemet. Writing these two networks in CIDR notation provides 192.168.78.0/23. This reduces the two Class C subnets to one larger network. The group of networks defined by CIDR notation is called a CIDR block. When you group two or more classful networks together, they are called supernets. This term is synonymous with CIDR blocks. The group of four IP addresses from 192.168.76.0 to 192.168.79.0 with a CIDR ofl22 is a supemet. The supemet uses a CIDR subnet mask (/22) that is shorter than the number of network bits for Class C network (/24). Another example of a supemet is 172.16.0.0/12. 172.16.0.0 is a Class B address, and the CIDR sub net mask (/12) is less than the 16bits for the network portion of a Class B address. The problem with randomly applying CIDR blocks to Class A, B, and C addresses is that there are boundaries in each class, and these boundaries can't be crossed. If a boundary is crossed, the IP address maps to another subnet. For example, the CIDR block is expanded to include four Class C networks. This means that all four Class C networks need to be specified by the same CIDR subnet mask to avoid crossing boundaries. The new subnet mask is 255.255.252.0. The following example demonstrates what happens if a boundary is crossed. Careful planning is required to ensure the IP addresses can all be specified by the same sub net mask. The goal of this section has been to develop an understanding of supernets, classless routing, and CIDR blocks. The reader should also understand the CIDR notation and be able to determine whether a group of IP addresses is in the same subnet.
passkey
Used in Bluetooth Security to limit outsider access to the pairing
media converter
Used to adapt a layer 1 (physical layer) technology to another layer 1 technology
auto negotiation protocol advantages
Useful in LANs that have multiple users with multiple connection capabilities. The auto-negotiation feature can maximize the data links' throughput.
dictionary attack
Uses known passwords and many variations (upper- and lowercase and combinations) to try to log in to your account
VPN intro
VPN is a concept of extending a private or a trusted network over public infrastructure like the Internet. A VPN accomplishes this by establishing a secure connection between the remote end and the private network, therefore enabling the remote clients to become part of the trusted network. A secure VPN connection between two endpoints is known as an IP tunnel. A tunnel is created by an encapsulation technique, which encapsulates the data inside a known protocol (IP) that is agreed upon by the two end points. A tunnel creates a virtual circuit-like between the two endpoints and makes the connection appear like a dedicated connection even though it spans over the Internet infrastructure. Two types of VPNs are commonly used today: Remote access VPN: A remote access VPN is used to facilitate network access for users in remote office networks or for remote users that travel a lot and need access to the network. The client usually initiates this type of VPN connection. • Site-to-site VPN: A site-to-site VPN is used to create a virtual link from one site to the other. It essentially replaces the traditional WAN-type connection used in connecting typical sites. This type of VPN requires network hardware like a router or a firewall to create and maintain the connection.
WPA, EAP, RADIUS
WPA is considered to be a higher level of security for wireless systems. In the 802.Ix system, a user requests access to the wireless network via an access point. The next step is for the user to be authenticated. At this point, the user can only send EAP messages. EAP is the Extensible Authentication Protocol and is used in both WPA and WPA2 by the client computer and the access point. The access point sends an EAP message requesting the user's identity. The user (client computer) returns the identity information that is sent by the access point to an authentication server. The server will then accept or reject the user's request to join the network. If the client is authorized, the access point will change the user's (client's) state to authorized. A Remote Authentication Dial-In User Service (RADIUS) is sometimes used to provide authentication. This type of authentication helps prevent unauthorized users from connecting to the network.
pairing
When a Bluetooth device is set up to connect to another Bluetooth device
WiMAX, BWA
WiMAX (Worldwide Interoperability for Microwave Access) is a broadband wireless system that has been developed for use as broadband wireless access (BWA) for fixed and mobile stations and can provide a wireless alternative for last mile broadband access in the 2GHz 66GHz frequency range. BWA access for fixed stations can be up to 30 miles, whereas mobile BWA access is 3-10 miles.
WLAN
Wireless networking is an extension of computer networks into the radio frequency (RF) world. The WLAN provides increased flexibility and mobility for connecting to a network. A properly designed WLAN for a building provides mobile access for a user from virtually any location in the building.
WiFi and summary of wireless standards..
Wireless networks also go by the name Wi-Fi, which is the abbreviated name for the Wi-Fi Alliance (Wi-Fi stands for wireless fidelity). The Wi-Fi Alliance is an organization whose function is to test and certify wireless equipment for compliance with the 802.11x standards, the group of wireless standards developed under the IEEE 802.11 standard. The following list provides a summary of the most common wireless standards: • 802.11a (Wireless-A): This standard can provide data transfer rates up to S4Mbps and an operating range up to 7S feet. It operates at SGHz. (Modulation-OFDM) • 802.11b (Wireless-B): This standard can provide data transfer rates up to 11Mbps with ranges of 100-lS0 feet. It operates at 2.4GHz. (ModulationDSSS) • 802.11g (Wireless-G): This standard can provide data transfer rates up to 54Mbps up to 150 feet. It operates at 2.40Hz. (Modulation-DSSS or OFDM) • 802.11n (Wireless-N): This is the next generation of high-speed wireless connectivity promising data transfer rates over 200+ Mbps. It operates at 2.40Hz and 50Hz. (Modulation-DSSS or OFDM) • 802.11i: This standard for WLANs provides improved data encryption for networks that use the 802.11 a, 802.11 b, and 802.11 g standards • 802.11r: This standard is designed to speed hand-offs between access points or cells in a WLAN. This standard is a critical addition to 802.11 WLAN s if voice traffic is to become widely deployed
multi mode fiber
a fiber that supports many optical waveguide modes
token ring hub
a hub that manages the passing of the token in a Token Ring network
fusion splicing
a long-term method where two fibers are fused or wielded together
scattering
caused by refractive index fluctuations; accounts for 96 percent of attenuation loss
optical ethernet
ethernet data running over a fiber link
absorption
light interaction with the atomic structure of the fiber material; also involves the conversion of optical power to heat
microbending
loss caused by very small mechanical deflections and stress on the fiber
macrobending
loss due to light breaking up and escaping into the cladding
backbone
main fiber distribution
how to minimize pulse dispersion effects?
make the core extremely small
range extender
this device basically extends the reach of the wireless network
Zero-dispersion Wavelength
point where the dispersion is actually zero
important characteristics of light detectors
responsivity, response speed, spectral response
mode field diameter
the actual guided optical power distribution, which is typically a micron or so larger than the core diameter; single-mode fiber specifications typically list the mode field diameter
graded index fiber
the index of refraction is gradually varied with a parabolic profile
attenuation
the loss of power introduced by the fiber. This loss accumulates as the light is propagated through the fiber strand.
beacon
used to verify the integrity of a wireless link
problems caused by viruses include
• Annoyance • Clogging up the mail server • Denial of service • Data loss • Open holes for others to access your machine
guidelines that will help prevent password cracking
• Don't use passwords that are dictionary words. • Don't use your username as your password. • Don't use your username spelled backward as your password. • Limit the number of login attempts. • Make your password strong, which means it is sufficiently long (eight or more characters) and is an alphanumeric combination (for example, A b 1 & G 2 5 h). • Change passwords often.
basic guidelines for wireless security
•Make sure the wireless security features are turned on. • Use firewalls and intrusion detection on your WLAN. • Improve authentication of the WLAN by incorporating 802.1 x features. • Consider using third-party end-to-end encryption software to protect the data that might be intercepted by an unauthorized user. • Whenever possible, use encrypted services such as SSH and Secure FTP
the following components found in telecommunications closet
1. Backbone cabling interconnecting this closet with other closets 2. Switch or hub 3. Patch panels 4. Patch cables 5. Cabling to the LAN (horizontal cabling) 6. Wall plate 7. Patch cable connecting the computer to the wall plate
There are three improvements required for transmitting the higher data bit rates over the copper cabling
1. Improve the cable so it can carry greater bandwidth. 2. Improve the electronics used to transmit and receive (recover) the data. 3. Utilize improvements in both the cable and electronics to facilitate greater bandwidths and distance.
private IP address ranges
10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255
Gigabit ethernet
1000Mbps Ethernet
10GBASE-T
10GBGB over twisted-pair copper
10GBASE- T
10Gbps over twisted-pair copper cable
presentation layer (6th layer)
Accepts and structures the messages for the application. It translates the message from one code to another if necessary. This layer is responsible for data compression and encryption. Examples of technologies working in this layer are American Standard Code for Information Interchange (ASCII) and Joint Photographic Experts Group (JPEG).
network layer (3rd layer)
Accepts outgoing messages and combines messages or segments into packets, adding a header that includes routing information. It acts as the network controller. Examples of protocols working in this layer are Internet Protocol (IP) and Internetwork Packet Exchange (IPX).
Ping & ICMP
After you have verified that the networking devices are physically connected, use the ping command to verify that the networking devices are communicating. Ping uses Internet Control Message Protocol (ICMP) echo requests and replies to test that a device on the network is reachable. The ICMP protocol verifies that messages are being delivered. The ping command is available in the command window of Windows to verify the networking devices are communicating. The command structure for the ping command is as follows:
Alien Crosstalk
Alien Crosstalk is an important issue at higher data rates such as with 10GBASE-T. Alien Crosstalk (AXT) is unwanted signal coupling from one permanent link to another. Basically, this is the coupling of a signal from one 4-pair cable to another 4-pair cable.
most common twisted-pair standards used for computer networking today
CAT6, CAT6a, and CAT6e
F/UTP and benefits
Cable manufacturers are starting to offer CAT6 and higher grades of twisted pair cable with foil over each of the four wire-pairs. The designation for this type of cable is F/UTP. There are several advantages to using a shielded cable: • A shielded cable offers better security because there is less chance that the data will radiate outside the cable. • The foil shield helps improve noise immunity from EMI, radio frequency interference (RFI), and (most importantly) AXT.
Straight-through, Crossover Patch Cables, Wire map
Category 6/5e twisted-pair cables are used to connect networking components to each other in the network. These cables are commonly called patch cables. In this section a technique for terminating CAT6/5e cables with RJ-45 (8P8C) modular plugs is demonstrated for two different configurations of patch cables, a straight-through and a crossover cable. In a straight-through cable the four wire pairs connect to the same pin numbers on each end of the cable. A wire-map is a graphical or text description of the wire connections from pin to pin for a cable under test. In some applications in 10/100Mbps data links, it is necessary to construct a cable where the transmit and receive wire pairs are reversed in the cable rather than by the switch or the hub. This cable configuration is called a crossover cable, which means the transmit pair of device A connects to the receive pair of device B, and the transmit pair of B connects to the receive pair of A.
Address Range IPv4 Networks
Class A - 0.0.0.0 to 127.255.255.255 Class B - 128.0.0.0 to 191.255.255.255 Class C - 192.0.0.0 to 223.255.255.255 Class D - 224.0.0.0 to 239.255.255.255
Classes of IPv4 Networks
Class | Description |Example IP Numbers | Max Number of Hosts ------------------------------------------------------------------ Class A | Governments, very large networks | 44.x.x.x. | 2^24=16,777,214 Class B | Midsize companies, universities, and so on | 128.123.x.x | 2^16=65,534 Class C | Small networks | 192.168.1.x | 2^8 =254 Class D | Reserved for multicast groups | 224.x.x.x | not applicable
wireless router
Device used to interconnect wireless networking devices and to give access to wired devices and establish the broadband Internet connection to the ISP. This device uses RF to connect to the networking devices. A wireless router typically contains a router, switch, and wireless access point and is probably the most common way to interconnect wireless LANs to the ISP's access device. Note that these devices also have wired network connections available on the system.
VPN
Establishes a secure network connection and is a way to protect your LAN's data from being observed by outsiders. Additionally, the VPN connection is encrypted, providing privacy for the data packets being transmitted.
NIC & Mac Address & OUI & ipconfig /all
How are the destination and source addresses for the data determined within a LAN? Networked devices, such as computers and network printers, each have an electronic hardware interface to the LAN called a network interface card (NIC) or integrated network port. The NIC contains a unique network address called the MAC address. MAC stands for "media access control." The MAC address is 6 bytes, or 48 bits, in length. The address is displayed in 12 hexadecimal digits. The first 6 digits are used to indicate the vendor of the network interface, also called the organizationally unique identifier (OUI), and the last 6 numbers form a unique value for each NIC assigned by the vendor. IEEE is the worldwide source of registered OUIs. The MAC address, also called the Ethernet, physical, hardware, or adapter address, can be obtained from computers operating under Microsoft Windows by typing the ipconfig /all command. Remember, each NIC contains a unique MAC address and the IP addresses are locally assigned by the network administrator.
private address
IP addresses set aside for use in private intranets
Range Extender & Hotspots
In some cases, the wireless signal might not be reaching all the areas that need coverage. In this case, a device called a range extender can be used. This device relays the wireless signals from an access point or wireless router into areas with a weak signal or no signal at all. This improves the wireless remote access from all points in the home. This same technology can also be used to improve connectivity in stores and warehouses and can also be used to provide excellent connectivity in public places such as hotspots. Hotspots are defined as a limited geographic area that provides wireless access for the public. Hotspots are typically found in airports, restaurants, libraries, and schools
IEEE
Institute of Electrical and Electronics Engineers, one of the major standards-setting bodies for technological development
application layer (7th layer)
Interacts with application programs that incorporate a communication component such as your Internet browser and email. This layer is responsible for logging the message in, interpreting the request, and determining what information is needed to support the request. Examples are Hypertext Transfer Protocol (HTTP) for web browsing, File Transfer Protocol (FTP) for transferring files, and Simple Mail Transfer Protocol (SMTP) for email transmission.
transport layer (4th layer)
Is concerned with message integrity between source and destination. It also segments/reassembles (the packets) and handles flow control. Examples of protocols working in this layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
IP address
It provides a solution to worldwide addressing through incorporating a unique address that identifies the computer's local network. IP network numbers are assigned by Internet Assigned Numbers Authority (lANA), the agency that assigns IP addresses to computer networks and makes sure no two different networks are assigned the same IP network address. IP addresses are classified as either IPv4 or IPv6. IP version 4 (IPv4) is the current TCP/IP addressing technique being used on the Internet. Address space for IPv4 is quickly running out due to the rapid growth of the Internet. The IP address (IPv4) is a 32-bit address that identifies on which network the computer is located and differentiates the computer from all other devices on the same network. The address is divided into four 8-bit parts. The format for the IP address is: A.B.C.D where the A.B.C.D values are written as the decimal equivalent of the 8-bit binary value. The range for each of the decimal values is 0-255. IP addresses can be categorized by class.
NAT & Overloading & PAT
NAT translates the private IP address to a public address for routing over the Internet. For example, computer 1 in the home network (see Figure 1-24) might establish a connection to an Internet website. The wireless router uses NAT to translate computer l 's private IP address to the public IP address assigned to the router. The router uses a technique called overloading, where NAT translates the home network's private IP addresses to the single public IP address assigned by the ISP. In addition, the NAT process tracks a port number for the connection. This technique is called Port Address Translation (PAT). The router stores the home network's IP address and port number in a NAT lookup table. The port number differentiates the computer that is establishing a connection to the Internet because the router uses the same address for all computers. This port number is used when a data packet is returned to the home network. The port number identifies the computer that established the internet connection, and the router can deliver the data packet to the correct computer. For example, if computer 1 establishes a connection to a website on the Internet, the data packets from the website are sent back to computer 1 using the home network's routable public IP address. This first step enables the data packet to be routed back to the home network. Next, the router uses the NAT lookup table and port number to translate the destination for the data packet back to the computer 1 private IP address and original port number, which might be different. Figure 1-25 demonstrates an example of the NAT translation process for a home network. The home network has been assigned Class C private IP addresses (192.l68.0.x) by the router. The x is a unique number (from 1 to 254) assigned to each computer. The router translates the private IP addresses to the public routable IP address assigned by the ISP. Additionally, the router tracks a port number with the public IP address to identify the computer. For example, the computer with the private IP address of 192.168.0.64 is assigned the public IP address 128.123.246.55:1962, where 1962 is the port number tracked by the router
balanced mode
Neither wire in the wire pairs connects to ground. the balance of the two wire pairs helps maintain the required level of performance in terms of crosstalk and noise rejection.
link
Point from one cable termination to another
horizontal cabling
Permanent network cabling within a building is considered to be horizontal cabling, defined as the cabling that extends out from the telecommunications closet into the LAN work area.
PSACR
Power sum ACR uses all four wire pairs to obtain the measure of the attenuation-crosstalk ratio. This is a measurement of the difference between PSNEXT and attenuation (insertion loss). The difference is measured in dB, and higher PSACR dB values indicate better cable performance.
PSELFEXT
Power sum ELFEXT that uses all four wire pairs to obtain a combined ELFEXT performance measurement. This value is the difference between the test signal level and the cross-talk measured at the far end of the cable. A higher PSELFEXT value indicates better cable performance.
packet
Provides grouping of the information for transmission. The information in an Ethernet network is exchanged in a packet format. The packet provides grouping of the information for transmission that includes the header, data, and trailer. The header consists of the preamble, start frame delimiter, destination and source addresses, and length/type field. Next is the actual data being transmitted, followed by the pad used to bring the total number of bytes up to the minimum of 46 if the data field is less than 46 bytes. The last part of the frame is a 4-byte cyclic redundancy check (eRC) value used for error checking.
session layer (5th layer)
Provides the control functions necessary to establish, manage, and terminate the connections as required to satisfy the user request. Examples of technologies working in this layer are Network File System (NFS) and Structured Query Language (SQL).
physical layer (1st layer)
Provides the electrical and mechanical connection to the network. Examples of technologies working in this layer are Electronic Industries Alliance/Telecommunications Industry Association (EIA/TIA) related technologies, UTP, fiber, and network interface cards (NICs).
refractive index
Ratio of the speed of light in free space to its speed in a given material
CSMA/CD
The Ethernet LAN media-access method, carrier sense multiple access with collision detection. Basically, for a computer to "talk" on the Ethernet network, it first "listens" to see whether there is any data traffic (carrier sense). This means that any computer connected to the LAN can be "listening" for data traffic, and any of the computers on the LAN can access the network (multiple access). There is a chance that two or more computers will attempt to broadcast a message at the same time; therefore, Ethernet systems must have the capability to detect data collisions (collision detection).
Attenuation (Insertion Loss)
The amount of loss in the signal strength as it propagates down a wire
Propagation delay
This is a measure of the amount of time it takes for a signal to propagate from one end of the cable to the other. The delay of the signal is affected by the nominal velocity of propagation (NVP) of the cable. NVP is some percentage of the velocity of light and is dependent on the type of cable being tested. The typical delay value for CAT5/5e UTP cable is about 5.7 nsec per meter. The EIA/TIA specification allows for 548 nsec for the maximum 100-meter run for CAT5e, CAT6, CAT6a, CAT7, and CAT7A
switch
This is the best choice for interconnecting networking devices. It can establish a direct connection from the sender to the destination without passing the data traffic to other networking devices.
CAT7/7a and CAT6a
UTP cable standards that support 10GB data rates for a length of 100 meters
CAT6 (category 6) & Numerics & Ports & Crossover & Straight through & Uplink port & Link Light & Link Integrity Test & Link Pulses
Twisted-pair cables capable of carrying up to 1000Mbps (1 gigabit) of data up to a length of 100 meters. The connections from switch to computers and printer are made using twisted-pair patch cables. The cable type used here is CAT6 (category 6) twisted-pair cable. CAT6 twisted-pair cables have RJ-45 modular connectors on each end. Numerics are an alphanumeric description of a technology. For example, 1OOBaseT means that this is a 100-Mbps, baseband, twisted-pair technology. The RJ-45 plugs connect to the switch inputs via the RJ 45 jacks. Figure 1-28 shows a simple 8-port switch. The inputs to the switch are also called the input ports, which are the interfaces for the networking devices. The switch inputs marked with an "x" or uplink port [Figure l-28(b)] indicate that these devices are cross-connected, meaning the transmit and receive pairs on the twisted pair cable are crossed to properly align each for data communication. The term for a cable that has cross connected TXIRX data lines is crossover. Some of the switches might have the port labeled "Uplink," which indicates the cross-connect capability. Furthermore, some of the newer switches nowadays are equipped with automatic crossover detection, so the users don't have to worry about whether to use a straight-through cable or a crossover cable. Figure l-29(a) provides an example of this cross-connected concept. Switches usually have at least one port that can be switched or selected for use as either a cross-connected or straight-through input. A straight through port is also called an uplink port. The uplink port allows for the connection of a switch to a switch or hub without having to use a special cable. Devices requiring the cross-connected input port are computers, printers, and routers. Devices requiring a straight-through connection are uplink connections to other switches or hubs. Figure 1-29(b) provides a block diagram explaining the concept of a straight-through input. A networking connection can be verified by examining the link light on the switch or hub. The presence of a link light indicates that the transmit and receive pairs are properly aligned and the connected devices are communicating. Absence of the light indicates a possible cabling or hardware problem. The Ethernet protocol uses the link integrity test to verify that a communication link between two Ethernet devices has been established. The link light remains lit when communication is established and remains lit as long as there is a periodic exchange of link pulses from the attached devices. Link pulses are sent by each of the connected devices via the twisted-pair cables to indicate that the link is up, but the link pulses are not part of the Ethernet packet and are sent at regular intervals when data is not being transmitted.
access point
Used to interconnect wireless devices and provide a connection to the wired LAN. The data transfer speeds for access points are dictated by the choice of wireless technology for the clients, but this device will support Wireless-N.
wired network
Uses cables and connectors to establish the network connection. Advantages: Faster network data transfer speeds (within the LAN). Relatively inexpensive to set up. The network is not susceptible to outside interference. Disadvantages: The cable connections typically require the use of specialized tools. The cable installation can be labor-intensive and expensive.
wireless network and it's advantages and disadvantages
Uses radio signals to establish the network connection. Advantages: User mobility. Simple installations. No cables. Disadvantages: Security issues. The data transfer speed within the LAN can be slower than wired networks.
NEXT, crosstalk
When current travels in a wire, an electromagnetic field is created. This field can induce a voltage in adjacent wires resulting in crosstalk. Crosstalk is what you occasionally hear on the telephone when you can faintly hear another conversation. Near-end crosstalk, or NEXT, is a measure of the level of crosstalk, or signal coupling within the cable. The measurement is called nearend testing because the receiver is more likely to pick up the crosstalk from the transmit to the receiver wire pairs at the ends. The transmit signal levels at each end are strong, and the cable is more susceptible to crosstalk at this point. Additionally, the receive signal levels have been attenuated due to normal cable path loss and are significantly weaker than the transmit signal. A high NEXT (dB) value is desirable.
Wi-Fi
Wi-Fi Alliance-an organization that tests and certifies wireless equipment for compliance with the 802.11x standards.
network adapter
Wired and wireless network adapters are available. The type of network adapter used in desktop computers is called the network interface card (NIC). This type of NIC is inserted into an expansion slot on the computer's motherboard and is a wired-only adapter.
numerical aperature
a measure of a fiber's ability to accept light
token ring topology
a network topology configured in a logical ring that complements the token passing protocol.
patch cable
a patch cable is used to make the physical connection from the computer to the wall plate
network congestion
a slowdown on network data traffic movement
token passing
a technique where an electrical token circulates around a network - control of the token enables the user to gain access of the network. it's based on the IEEE 802.5 token ring standard...
ThinNet
a type of coaxial cable used to connect LANs configured with a bus topology
deterministic
access to the network is provided at fixed time intervals. a token ring network is a deterministic network.
mesh topology
all networking devices are directly connected to each other. This provides for full redundancy in the network data paths but at a cost. The additional data paths increase the cabling costs and the networking hardware cost.
ElA/TIA 568 standard
an important standard defining cabling for computer networks
bottlenecking
another term for network congestion
topology
architecture of a network
ipconfig
command used to display the computer's address
full duplex
computer system can transmit and receive at the same time
issues considered when planning for a home network
data speed, cost, ease of implementation, appearance, home access, public access
infrared light
light extending from 680 nm up to the wavelengths of the microwaves
optical spectrum
light frequencies from the infrared up
According to EIA/TIA, a guideline defining the six subsystems of a structured cabling system (Building Entrance, entrance facilities, Equipment Room/Backbone cabling, Telecommunications closet, TR, horizontal cabling, TCO, )
1. Building entrance: The point where the external cabling and wireless services interconnect with the internal building cabling in the equipment room. This is used by both public and private access (for example, Telco, satellite, cable TV, security, and so on). The building entrance is also called the entrance facilities (EF). Both public and private network cables enter the building at this point, and typically each has separate facilities for the different access providers. 2. Equipment room (ER): A room set aside for complex electronic equipment such as the network servers and telephone equipment. 3. Telecommunications closet: The location of the cabling termination points that includes the mechanical terminations and the distribution frames. The connection of the horizontal cabling to the backbone wiring is made at this point. This is also called the telecommunications room (TR) or telecommunications enclosure (TE). 4. Backbone cabling: Cabling that interconnects telecommunication closets, equipment rooms, and cabling entrances in the same building and between buildings. 5. Horizontal cabling: Cabling that extends out from the telecommunications closet into the LAN work area. Typically, the horizontal wiring is structured in a star configuration running to each area telecommunications outlet (TeO). This is the wall plate where the fiber or twisted-pair cable terminates in the room. In some cases, the TCO terminates telephone, fiber, and video in addition to data into the same wall plate. 6. Work area: The location of the computers and printers, patch cables, jacks, computer adapter cables, and fiber jumpers.
Steps to securing a home network
1. Change the default factory passwords 2. Change the default SSID 3. Turn encryption on 4. Turn off the SSID broadcast 5. Enable MAC address filtering Details: 1. Change the default factory passwords. Wireless equipment is shipped with default passwords that are set at the factory. These default settings are known by the public, including people who would like to gain access into your network and possibly change your settings. It is best that you select your own password that is a combination of alphanumeric characters. 2. Change the default SSID. The ssm is the name used to identify your network and is used by your access point or wireless router to establish an association. Establishing an association means that a wireless client can join the network. The SSID can be up to 32 characters and should be changed often so hackers who have figured out your SSID will no longer have access to your home network. 3. Turn encryption on. Probably the most important thing to do is turn on the security features that include data encryption. These options include Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and WPA2. WPA2 is a product certification issued by the Wi-Fi Alliance. It uses a stronger encryption than WPA and is also backward compatible with adapters using WPA. 4. Turn off the SSID Broadcast. Wireless systems broadcast the SSID so that the network can be easily identified as an available network. Hackers can use this information to possibly gain access to your network, so you should turn off the SSID broadcast. The exception to this is in hotspots where public access is available. Please note, hotspots make it easy for the user to gain wireless access but hackers can also be on the same network, so it is important to have encryption turned on. 5. Enable MAC address filtering. All computer devices use a unique MAC address for identifying the device. This can be used to select which devices can be allowed access to the network. When MAC address filtering is turned on, only wireless devices that have specific MAC addresses will be allowed access to the network.
the advantages of optical communications links compared to copper
1. Extremely wide system bandwidth: The intelligence is impressed on the light by varying the light's amplitude. Because the best LEDs have a 5 ns response time, they provide a maximum bandwidth of about 100MHz. With laser light sources, however, data rates over 10Gbps are possible with a single-mode fiber. The amount of information multiplexed on such a system, in the hundreds of Gbps, is indeed staggering. 2. Immunity to electrostatic interference: External electrical noise and lightning do not affect energy in a fiber-optic strand. However, this is true only for the optical strands, not the metallic cable components or connecting electronics. 3. Elimination of crosstalk: The light in one glass fiber does not interfere with, nor is it susceptible to, the light in an adjacent fiber. Recall that crosstalk results from the electromagnetic coupling between two adjacent copper wires. 4. Lower signal attenuation than other propagation systems: Typical attenuation of a 1GHz bandwidth signal for optical fibers is 0.03 dB per 100 ft., compared to 4.0 dB for RG-5SU coaxial. 5. Lower costs: Optical fiber costs are continuing to decline. The costs of many systems are declining with the use of fiber, and that trend is accelerating. 6. Safety: In many wired systems, the potential hazard of short circuits requires precautionary designs. Additionally, the dielectric nature of optic fibers eliminates the spark hazard. 7. Corrosion: Given that glass is basically inert, the corrosive effects of certain environments are not a problem. 8. Security: Due to its immunity to and from electromagnetic coupling and radiation, optical fiber can be used in most secure environments. Although it can be intercepted or tapped, it is very difficult to do so.
full channel
Consists of all the link elements from the wall plate to the hub or switch
data link layer (2nd layer)
Handles error recovery, flow control (synchronization), and sequencing (which terminals are sending and which are receiving). It is considered the "media access control layer" and is where Media Access Control (MAC) addressing is defined. The Ethernet 802.3 standard is defined in this area, which is why the MAC address is sometimes called the Ethernet address.
Network Number & Host Number & Network Address
In an example of 44.x.x.x. The decimal numbers indicate the network number, which is the portion of the IP address that defines which network the IP packet is originating from or being delivered to. The x entries for each class represent the host number, which is the portion of the IP address that defines the address of the networking device connected to the network. The host number is also called the host address. The network number provides sufficient information for routing the data to the appropriate destination network. A device on the destination network then uses the remaining information (the x portion) to direct the packet to the destination computer or host. The x portion of the address is typically assigned by the local network system administrator or is dynamically assigned when users need access outside their local networks.
main cross-connect (MC) or intermediate cross-connect (IC), cross-connect, horizontal cross-connect,
The EF consists of the cabling, connector hardware, protection devices that are used as the interface between any external building cabling, and wireless services with the equipment room. This area is used by both public and private access providers (for example, Telco, satellite, cable TV, security, and so on). The ER and EF space is typically combined with the MC equipment room. Between the MC and the IC are the campus backbone cabling. This defines the connections between the MC and IC. A definition of a cross-connect is a space where you are going to take one or multiple cables and connect them to one or more cables or equipment. For example, you could be bringing in 60 UTP cables, with 50 that are cross-connected to a switch and 10 that are cross-connected to a backbone cable going to another location. Typical connections between the MC and IC are single-mode and multimode fibers and possibly coax for cable TV, although most installations are migrating to fiber. The building backbone cabling makes the connection between the IC and the TC/HC. TC is the telecommunications closet, and HC is thehorizontal cross-connect (HC). Usually this connection is CAT5 UTP or better, or possibly single- or multimode fiber or some combination. Fiber is the best choice for making these connections, although copper is sometimes used. The horizontal cabling is the cabling between the HC and the work area. It is usually CAT5 UTP or better or fiber. The standard currently specifies CAT6. Fiber is gaining acceptance for connecting to the work area outlets (WO).
core, cladding, coating
The core is the portion of the fiber strand that carries the transmitted light. The cladding is the material surrounding the core. It is almost always glass, although plastic cladding of a glass fiber is available but rarely used. In any event, the refraction index for the core and the cladding are different. The cladding must have a lower index of refraction to keep the light in the core. A plastic coating surrounds the cladding to provide protection.
Power Sum NEXT (PSNEXT)
The enhanced twisted-pair cable must meet four-pair NEXT requirements, called PSNEXT testing. Basically, power sum testing measures the total crosstalk of all cable pairs. This test ensures that the cable can carry data traffic on all four pairs at the same time with minimal interference. A higher PSNEXT value is desirable because it indicates better cable performance.
OSI model
These layers describe networking functions from the physical network interface to the software applications interfaces. The intent of the OSI model is to provide a framework for networking that ensures compatibility in the network hardware and software and to accelerate the development of new networking technologies.
Broadband modem/gateway
This describes the device used to provide highspeed data access via your cable connection or via a telephone company's DSL connection. A gateway combines a modem and a router into one network box.
DSL modem
This device is used to make a broadband network connection from your home network to the ISP using the telephone line. Broadband access to the Internet is provided via the phone company or a separate ISP. The DSL connection requires the placement of filters on all telephone lines except the one going into the modem to prevent interference.
Cable modem
This device is used to make a broadband network connection from your home network to the ISP using your cable connection. This setup requires a splitter to separate the cable TV from the home network. Access to the Internet is typically provided by the cable TV service provider.
Delay skew
This is a measure of the difference in arrival time between the fastest and the slowest signal in a UTP wire pair. Itis critical in high-speed data transmission that the data on the wire pair arrive at the other end at the same time. If the wire lengths of different wire pairs are significantly different, then the data on one wire will take longer to propagate along the wire, hence arriving at the receiver at a different time and potentially creating distortion of the data and data packet loss. The wire pair with the shortest length will typically have the least delay skew.
hub
This is used to interconnect networking devices. A drawback to the hub is that it broadcasts the data it receives to all devices connected to its ports. The hub has been replaced by the network switch in most modern networks.
ACR
This measurement compares the signal level from a transmitter at the far end to the crosstalk measured at the near end. A larger ACR indicates that the cable has a greater data capacity and also indicates the cable's ability to handle a greater bandwidth. Essentially, it is a combined measurement of the quality of the cable. A higher ACR value (dB) is desirable.
Equal Level FEXT (ELFEXT)
This measurement differs from NEXT in that the measurement is for the far end of the cable. Additionally, the ELFEXT measurement does not depend on the length of the cable. This is because ELFEXT is obtained by subtracting the attenuation value from the far-end crosstalk (FEXT) loss. Higher ELFEXT values (dB) indicate the signals at the far end of the cable are larger than the cross-talk measured at the far end. A larger ELFEXT (dB) value is desirable. A poor ELFEXT can result in data loss.
TCL, ELTCTL, LCL, TCTL, PSANEXT, PSAACRF
Transmission of data over twisted-pair cabling relies on the signals being "balanced" over the wire pairs. The balance or symmetry of the signal over the wire pairs helps minimize unwanted leakage of the signal. There are two parameters now defined for CAT6 and better cabling that address the issue of balanced data. The first is TCL (Transverse Conversion Loss), and the other is ELTCTL (Equal Level Transverse Conversion Transfer Loss). The TCL measurement is obtained by applying a common-mode signal to the input and measuring the differential signal level on the output. TCL is sometimes called LCL (Longitudinal Conversion Loss). The ELTCTL value (expressed in dB) is the difference between the TCTL (Transverse Conversion Transfer Loss) and the differential mode insertion loss of the pair being measured. TCTL is the loss from a balanced signal at the near-end to the unbalanced signal at the far end. The newer tests also require additional Power-Sum tests. These are PSANEXT (Power-Sum Alien Near-End Cross-Talk) and PSAACRF (Power-Sum Alien Attenuation Cross-talk Ratio Far-end). These tests have been developed to help ensure cable compatibility with data transmission and reception that requires the use of all four wire-pairs. Both gigabit and ten gigabit require the use of all four wire pairs.
switch
used to minimize unnecessary data traffic and isolate sections of the network. A switch stores the hardware or physical address for each device connected to its ports. The storage of the address enables the switch to directly connect two communicating devices without broadcasting the data to all devices connected to its ports. basically, it forwards a frame it receives directly out the port associated with its destination address. The use of a switched connection greatly improves the efficiency of the available bandwidth. It also permits additional devices in the LAN to simultaneously communicate with each other without tying up network resources. remember - does not broadcast data packets...
The most common IEEE wireless standards
• 802.11a (Wireless-A): This standard can provide data transfer rates up to 54Mbps and an operating range up to 75 feet. It operates at 50Hz. • 802.11b (Wireless-B): This standard can provide data transfer rates up to 11Mbps with ranges of 100-150 feet. It operates at 2.40Hz. • 802.11g (Wireless-G): This standard can provide data transfer rates up to 54Mbps up to 150 feet. It operates at 2.40Hz. • 802.110 (Wireless-N): This is the next generation of high-speed wireless connectivity promising data transfer rates up to 4 x 802.11g speeds (200+Mbps). It operates at 2.40Hz.