Advanced Networking New
Advanced Networking New
(INSY 3072)
Instructor: Tsegaye B.
Chapter 1
SYSTEMS CONCEPTS
Outline
Information Systems
Management)
3
System theory
System
• A set of elements or components that interact
to accomplish goals
• A combination of components working
together
• A system is an orderly grouping of
interdependent components linked together
according to a plan to achieve a specific
objective.
4
System theory
a system is a set of interrelated elements, with
inputs and outputs, and with a set of
processes which convert inputs into outputs.
Control
6
System theory
A system is an entity which maintains its existence
through the mutual interaction of its parts. The key
emphasis here is one of "mutual interaction," in that
something is occurring between the parts, over time,
which maintains the system. A system is different than a
heap or a collection.
System is a collection of parts that interact with one
another to function as a whole. However, a system is
more than the sum of its parts – it is the product of their
interactions.
Characteristics of a System
Environment: A system does not exist in a vacuum, it exists and
functions in an environment containing other systems
Subsystem: A system that is a component of a larger system
Boundary: A system separated from its environment
Interface: Several systems may share the same environment
Open System: Interacts with other systems
Closed System: Does not interact
Adaptive System: Modify themselves to meet the demands of a
changing environment
8
Systems thinking
Systems thinking is a mind set or way of viewing
the world as a system.
11
Information System
29
Network
The term network
describes two or
more connected
computers that can
share resources
such as data, a
printer, an Internet
connection,
applications, or a
combination of
these.
30
Network Protocols
In order for data packets to travel from a source to a
destination on a network, it is important that all the
devices on the network speak the same language. This
language is called protocol.
A data communications protocol is a set of rules or an
agreement that determines the data format and how
transmission of data occurs.
A protocol is a set of rules that make communication
on a network more efficient.
31
Layered Models
A reference model (Layered Model) is a
conceptual blueprint of how communications
should take place.
It addresses all the processes required for
effective communication and divides these
processes into logical groupings called layers.
When a communication system is designed in
this manner, it is known as layered architecture.
32
Advantage of Layered Models
It divides the network communication process into
smaller and simpler components, thus aiding
component development, design, and troubleshooting.
It allows multiple-vendor development through
standardization of network components.
It encourages industry standardization by defining what
functions occur at each layer of the model.
It allows various types of network hardware and
software to communicate.
33
Types of Layered Models
34
The TCP/IP Model
The U.S. Department of Defense (DoD) created the
TCP/IP reference model, because it wanted to design a
network that could survive any conditions, including a
nuclear war.
In a world connected by different types of
communication media such as copper wires, microwaves,
optical fibers and satellite links, the DoD wanted
transmission of packets every time and under any
conditions.
This very difficult design problem brought about the
creation of the TCP/IP model.
35
The TCP/IP Model
The DoD model is basically a condensed version of the
OSI model
It’s composed of four, instead of seven, layers:
Application layer
Transport layer
Internet layer
Network Access layer
36
Two Models
37
Two Models: Side-By-Side
7 Application
Application
6 Presentation
5 Session
4 Transport Transport
3 Network Internet
38
39
TCP/IP vs OSI
Similarities include:
Both have layers.
Both have application layers, though they
include very different services.
Both have comparable transport and network
layers.
Both models need to be known by networking
professionals.
Both assume packets are switched.
40
TCP/IP vs OSI
Differences include:
TCP/IP combines the presentation and session layer
issues into its application layer.
TCP/IP combines the OSI data link and physical
layers into the network access layer.
TCP/IP appears simpler because it has fewer layers.
TCP/IP protocols are the standards around which
the Internet developed, so the TCP/IP model gains
credibility just because of its protocols.
41
TCP/IP vs OSI
Although TCP/IP protocols are the standards with which the
Internet has grown, the OSI model is useful for the following
reasons:
It is a generic standard.
It has more details, which make it more helpful for teaching
and learning.
It has more details, which can be helpful when
troubleshooting.
Networking professionals differ in their opinions on which
model to use. Due to the nature of the industry it is necessary
to become familiar with both.
42
TCP/IP Model
Application
Transport
Internet
Network
Access
43
The Application Layer
The application
layer of the
TCP/IP model
handles high-
level protocols,
issues of
representation,
encoding, and
dialog control.
44
The Transport Layer
The transport layer
provides transport services
from the source host to the
destination host. It
constitutes a logical
connection between these
endpoints of the network.
Transport protocols
segment and reassemble
upper-layer applications
into the same data stream
between endpoints.
The transport layer data
stream provides end-to-
end transport services.
45
The Internet Layer
The purpose of the
Internet layer is to
select the best
path through the
network for packets
to travel. The main
protocol that
functions at this
layer is the Internet
Protocol (IP). Best
path determination
and packet
switching occur at
this layer.
46
The Network Access Layer
The network access layer is
also called the host-to-
network layer. It is the layer
that is concerned with all of
the issues that an IP packet
requires to actually make a
physical link to the network
media. It includes LAN and
WAN details, and all the
details contained in the OSI
physical and data-link layers.
NOTE: ARP & RARP work at
both the Internet and
Network Access Layers.
47
The TCP/IP Protocol Suite
The DoD and OSI models are alike in design and concept and have similar
functions in similar layers.
48
48
The TCP/IP Protocol
49
The TCP/IP Protocol
53
Bits, Frame, IP Packet, TCP
Segment, UDP Segment
Reading Assignment
54
Networking Devices
NIC
Repeater
Hub
Bridge
Switch
Router
Brouter
Others?-Explore!
55
Network Interface Card (NIC)
At source:
Receives the data packet from the Network Layer
Attaches its MAC address to the data packet
Attaches the MAC address of the destination
device to the data packet
Converts data in to packets suitable for the
particular network (Ethernet, Token Ring, FDDI)
Converts packets in to electrical, light or radio
signals
Provides the physical connection to the media
56
NIC…
As a destination device
Provides the physical connection to the media
Translates the signal in to data
Reads the MAC address to see if it matches
its own address
If it does match, passes the data to the
Network Layer
57
Repeater
Allows the connection of segments
Extends the network beyond the maximum length of a single
segment
Functions at the Physical Layer of the OSI model
A multi-port repeater is known as a Hub
Connects segments of the same network, even if they use different
media
Has three basic functions
Receives a signal which it cleans up
Re-times the signal to avoid collisions
Transmits the signal on to the next segment
58
Advantages and
disadvantages
Repeater
Advantages – Can connect different types of
media, can extend a network in terms of
distance, does not increase network traffic
Disadvantages – Extends the collision domain,
can not connect different network architectures,
limited number only can be used in network
59
Hub
A central point of a star topology
Allows the multiple connection of devices
Can be more than a basic Hub – providing additional
services (Managed Hubs, Switched Hubs, Intelligent
Hubs)
In reality a Hub is a Repeater with multiple ports
Functions in a similar manner to a Repeater
Works at the Physical Layer of the OSI model
Passes data no matter which device it’s addressed to; and
this feature adds to congestion
60
Advantages and…
Hub
Advantages – Cheap, can connect different media
types
Disadvantages – Extends the collision domain, can
not filter information, passes packets to all
connected segments
61
Bridge
62
Bridge…
Uses the Spanning Tree Protocol (STP) – to decide whether to pass a packet
on to a different network segment
G Transmits to
B, bridge will
A Transmits to pass it to
C, bridge will Segment A
not pass it to
Segment B
64
Advantages and…
Bridge
Switch
Advantages - Limits the collision domain,
can provide bridging, can be configured to
limit broadcast domain
Disadvantages – More expensive than a
hub or bridge, configuration of additional
functions can be very complex
67
Router
69
Advantages and…
Router
Advantages – Limits the collision domain, can
function in LAN or WAN, connects differing
media and architectures, can determine best
path/route, can filter broadcasts
Disadvantages – Expensive, must use routable
protocols, can be difficult to configure (static
routing), slower than a bridge
70
Brouter
73
What is an IP Address?
74
What is an IP Address?
75
Binary Notation
Dotted-decimal notation
76
Change the following IP address from binary notation
to dotted-decimal notation.
129.11.11.239
77
Find the error in the following IP address
111.56.045.78
There are no leading zeroes in Dotted-decimal notation
(045)
75.45.301.14
In decimal notation each number <= 255
301 is out of the range
78
Finding the class in Binary notation
79
Show that Class A has
80
Hosts for Classes of IP
Addresses
82
IP Addresses as Decimal Numbers
83
Blocks in class A
84
Blocks in class B
85
Blocks in class C
87
PRIVATE and SPECIAL
IP Address Ranges
Class A: 10.0.0.0—10.255.255.255
Class B: 172.16.0.0—172.31.255.255
Class C: 192.168.0.0—192.168.255.255
91
Subnet Mask
It determines which part of an IP address is the
network field and which part is the host field
Follow these steps to determine the subnet mask:
1. Express the subnetwork IP address in binary form.
2. Replace the network and subnet portion of the
address with all 1s.
3. Replace the host portion of the address with all 0s.
4. Convert the binary expression back to dotted-decimal
notation.
92
Subnet Mask
93
Subnet Mask
• A mask is a 32-bit binary number.
94
AND operation
95
Default mask and subnet mask
96
Exercise
1. 192.168.3.55/24
What is the subnet mask?
What is the network address?
2. 192.168.3.55/28
What is the subnet mask?
What is the network address?
What is the broadcast address?
97
SUBNETTING
The process of splitting a network into smaller
networks is called subnetting, and the smaller
networks thus formed are known as subnets
Subnets are connected to the rest of the network
through address-resolving devices called
routers.
Subnets can be freely assigned within the
organization
Internally, subnets are treated as separate networks
Subnet structure is not visible outside the organization
98
Subnetting . . .
100
Advantages of Subnetting
Improves efficiency of IP addresses by not consuming
an entire address space for each physical network.
Reduces router complexity. Since external routers do
not know about subnetting, the complexity of routing
tables at external routers is reduced.
Reduced network traffic
Optimized network performance
Simplified management
102
Finding the Subnet Address
103
Finding the Subnet Address
106
Comparison of a default mask and a subnet mask
107
A company is granted the site address
201.70.64.0 (class C). The company needs
six subnets. Design the subnets.
108
The mask is
11111111 11111111 11111111 11100000
or
255.255.255.224
109
110
Exercise:
You have a network that needs 29 subnets while
maximizing the number of host addresses
available on each subnet.
How many bits must you borrow from the host
field to provide the correct subnet mask?
111
Class C subnetting
192.168.1.153/27
1. What is the subnet mask?
2. how many subnets?
3. how many hosts?
4. what are the valid hosts?
5. what are the valid subnet?
6. what are the broadcast address for each subnet?
112
Class B subnetting
172.16.0.0
255.255.255.224
1. how many subnets?
2. how many hosts?
3. what are the network address of each subnet?
4. what are the broadcast address for each subnet?
5. what are the valid hosts?
113
Class B subnetting
255.255.240.0/20
1. how many subnets?
2. how many hosts?
3. what are the valid subnet?
4. what are the broadcast address for each
subnet?
5. what are the valid hosts?
114
subnetting
255.255.0.0 (/20)
1. how many subnets?
2. how many hosts?
3. what are the valid subnet?
4. what are the valid hosts?
5. what are the broadcast address for each
subnet?
115
Subnetting
A company would like to break its Class B
private IP address 172.16.0.0 into as many
subnets as possible provided that they can get at
least 300 clients per subnet. Find ranges of IP
addresses for each subnet and new mask.
116
If an Ethernet port on a router were assigned an
IP address of 172.16.112.1/25, what would be
the valid subnet address of this host?
A.172.16.112.0
B.172.16.0.0
C.172.16.96.0
D.172.16.255.0
117
A company is granted the site address 181.56.0.0
(class B). The company needs 1000 subnets.
Design the subnets.
118
A company is granted the site address 181.56.0.0 (class B).
The company needs 1000 subnets. Design the subnets.
119
The mask is
120
See next slide
121
SUPERNETTING
Supernetting is combining a group of networks into
one large supernetwork.
Supernetting is the opposite of subnetting
Converting network bits to host bits
In subnetting you borrow bits from the host part,
Supernetting is done by borrowing bits from the
network side.
Supernetting is the process of summarizing a bunch of
contiguous Subnetted networks back in a single large
network.
Supernetting is also known as route summarization and
route aggregation
122
SUPERNETTING
Supernetting is mainly done for optimizing the routing
tables.
A routing table is the summary of all known networks.
Routers share routing tables to find the new path and
locate the best path for destination.
Without Supernetting, router will share all routes from
routing tables as they are.
With Supernetting, it will summarize them before
sharing.
Route summarization reduces the size of routing updates
dramatically.
123
A supernetwork
124
A supernetwork
125
Comparison of subnet, default, and supernet masks
126
Example 1
128
Example 3:
Four class C addresses appear to
networks outside as a single network
4 address-contiguous networks:
213.2.96.0 11010101.00000010.01100000.00000000
213.2.97.0 11010101.00000010.01100001.00000000
213.2.98.0 11010101.00000010.01100010.00000000
213.2.99.0 11010101.00000010.01100011.00000000
What is the Supernet mask?
255.255.252.0
What is the Supernet address?
213.2.96.0/22
11010101 . 00000010 . 011000 00 . 00000000
129
In subnetting, we need the first address
of the subnet and the subnet mask to
define the range of addresses.
In supernetting, we need the first
address of the supernet and the supernet
mask to define the range of addresses.
130
We need to make a supernetwork out of 16 class C
blocks. What is the supernet mask?
Solution
We need 16 blocks. For 16 blocks we need to change four 1s to 0s
in the default mask. So the mask is
11111111 11111111 11110000 00000000
or
255.255.240.0
131
A supernet has a first address of 205.16.32.0 and
a supernet mask of 255.255.248.0. A router
receives three packets with the following
destination addresses:
205.16.37.44
205.16.42.56
205.17.33.76
Which packet belongs to the supernet?
132
We apply the supernet mask to see if we can find
the beginning address.
205.16.37.44 AND 255.255.248.0 205.16.32.0
205.16.42.56 AND 255.255.248.0 205.16.40.0
205.17.33.76 AND 255.255.248.0 205.17.32.0
Only the first address belongs to this supernet.
133
A supernet has a first address of 205.16.32.0
and a supernet mask of 255.255.248.0. How
many blocks are in this supernet and what is
the range of addresses?
Solution
The supernet has 21 1s. The default mask has 24 1s. Since the difference is 3,
there are 23 or 8 blocks in this supernet.
The blocks are 205.16.32.0 to 205.16.39.0.
The first address is 205.16.32.0.
The last address is 205.16.39.255.
134
ARP (Address Resolution Protocol)
136
How ARP works?
ARP broadcasts a packet that contains the IP address and MAC
of the originating host; these can then be stored at the target
machine.
The target stores the address and responds with a packet that
contains its MAC address. The originating machine then stores
this in the local ARP cache. The two systems now have each
other’s IP and MAC addresses and can communicate.
ARP can resolve only the address of a local machine. When an IP
address is determined to be on a remote subnet, IP sends the
packet to the default gateway; in this case, ARP is used to find
the MAC address of the gateway.
137
How ARP works?
138
Internet Control Messaging Protocol
(ICMP)
Internet Control Message Protocol (ICMP), a part
of the Internet layer, is responsible for reporting
errors and messages regarding the delivery of IP
datagrams.
ICMP always reports error message to the
original source
It is a protocol for the exchange of error messages and
other vital information between (Physical) Internet
entities such as hosts and routers.
139
ICMP
ICMP warns you when a destination host is
unreachable, or informs you of how long it took to get
to a destination host.
ICMP Error messages include the following:
Destination unreachable
Source Quench
Time exceeded
Redirection
Parameter problem, etc…
140
ICMP
Destination unreachable
The ICMP destination unreachable message is generated by a
router to inform the source host that the destination address
is unreachable.
Source Quench
Source quench is a message from one host computer to another
telling it to reduce the pace at which it is sending packet to that host.
Time exceeded
The ICMP Time Exceeded message notifies a host when a packet it
sent has been discarded because it was "out of time.
141
ICMP
Redirection error
An ICMP redirect is an error message sent by a router
to the sender of an IP packet .
Redirects are used when a router believes a packet is
being routed sub optimally and it would like to inform the
sending host that it should forward subsequent packets to
that same destination through a different gateway
Parameter error
The Parameter Problem error message generally means that
something is wrong with the IP datagram itself, and that the
datagram is being discarded
142
VLAN- Virtual Local Area Network
A VLAN is a logical grouping of workstations, servers and network
devices that appear to be on the same LAN despite their geographical
distribution.
VLAN can be grouped by function, department, or application,
regardless of their physical segment location.
VLANs function by logically segmenting the network into
different broadcast domains so that packets are only switched
between ports that are designated for the same VLAN
The router interconnecting each shared hub typically provides
segmentation and can act as a broadcast firewall.
143
144
Why VLAN?
Routers in VLAN topologies provide
Broadcast filtering
Security
Traffic flow management
VLANs address
Scalability,
Security, and
Network management
Switches may not bridge any traffic between VLANs
Traffic should only be routed between VLANs.
145
VLAN
VLANs can be used to create broadcast domains
which eliminate the need for expensive routers.
Periodically, sensitive data may be broadcast on a
network. In such cases, placing only those users who
can have access to that data on a VLAN can reduce the
chances of an outsider gaining access to the data
A VLAN allows several networks to work virtually as
one LAN.
146
Routing
Routing is used for taking a packet from one
device and sending it through the network to
another device on a different network
Routers route traffic to all networks by selecting
the best route to reach remote network
Routers communicate with one another to
maintain their routing tables through the
transmission of routing update messages
147
Routing
A router is a network layer device that uses one
or more routing metrics to determine the
optimal path along which network traffic
should be forwarded.
Routers must maintain routing tables and make
sure other routers know of changes in the
network topology.
When packets arrive at an interface, the router
must use the routing table to determine where
to send them.
148
Routing
149
Routing Protocol
A routing protocol specifies how routers
communicate with each other to distribute
information that enables them to select routes
between any two nodes on a computer network
Routing protocols are created for routers
Routing protocols have been designed to allow
the exchange of routing tables between routers
Routing protocols use various combinations of
metrics for determining the best path for data.
150
Routing Protocol
Routing metrics are values used in determining the
advantage of one route over another such as
Hop count, Bandwidth, Load, Delay and reliability are
some of the metrics used to determine route
Some routing protocols transmit update messages
periodically, while others send them only when there
are changes in the network topology
Some protocols transmit the entire routing table in
each update message, and some transmit only routes
151
that have changed
Routing Metrics
Some of the routing metrics used to determine routes are:
Bandwidth – The data capacity of a link.
Delay – The length of time required to move a packet along
each link from source to destination
Load – The amount of activity on a network resource such as a
router or a link
Reliability – Usually a reference to the error rate of each
network link
Hop count – The number of routers that a packet must travel
through before reaching its destination.
Cost – A value based on bandwidth, monetary expense, or
other measurement, that is assigned by a network administrator
152
Routing Table
A routing table is a database that keeps track of paths,
like a map, and uses these to determine which way to
forward traffic.
A routing table is a data file in RAM that is used to
store route information about directly connected and
remote networks.
A routing table is a set of rules, often viewed in table
format, that is used to determine where data packets
traveling over an IP network will be directed.
153
Routing Table
All IP-enabled devices, including routers and switches, use
routing tables.
A routing table contains the information necessary to forward
a packet along the best path toward its destination.
Each packet contains information about its origin and
destination
A routing table does not contain a list of all possible
destinations. Rather, it contains a list of destinations that are
next in line to the router. Each router contains this list and
when it receive packets of data it directs that packet to the next
link or hop in the network until it reaches its final destination.
154
Routing Table
Routers use routing protocols to build and maintain
routing tables that contain route information
Routing protocols fill routing tables with a variety of
route information
155
Routing Table
Routing Table contains information like:
The network and the subnet mask –
specifies a range of IP addresses
Protocol type
Destination/next-hop associations
the IP address of the router used to reach that
network.
Outgoing interfaces: the outgoing interface the
packet should go out to reach the destination
network.
156
Routing Table
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 10
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.1 255.255.255.255 192.168.0.100 192.168.0.100 10
The column Network Destination and Netmask together describe the Network ID as mentioned earlier.
For example, destination 192.168.0.0 and netmask 255.255.255.0 can be written as network ID
192.168.0.0/24.
The Gateway column contains the same information as the Next hop, i.e. it points to the gateway through
which the network can be reached.
The Interface indicates what locally available interface is responsible for reaching the gateway. In this
example, gateway 192.168.0.1 (the internet router) can be reached through the local network card with
address 192.168.0.100.
Finally, the Metric indicates the associated cost of using the indicated route. This is useful for determining the
efficiency of a certain route from two points in a network. In this example, it is more efficient to communicate
with the computer itself through the use of address 127.0.0.1 (called “localhost”) than it would be through
192.168.0.100 (the IP address of the local network card).
157
Routing Table
158
Type of Routing protocols
(Individual Assignment)
1. Rip - Routing Information Protocol
2. IGP - Interior gateway protocol
3. IGRP - Interior Gateway Routing Protocol
4. EIGRP - Enhanced Interior Gateway Routing Protocol
5. BGP - Border Gateway Protocol
6. OSPF - Open Shortest Path First
7. RPT - Routing Protocols Timeline.
8. EGP - Exterior Gateway Protocol ()
9. IS-IS - Intermediate System-to-Intermediate System
159
Chapter 3
WIRELESS NETWORK
AND
WAN TECHNOLOGIES
WLAN- Wireless-LAN
A Wireless LAN is a wireless computer network
that links two or more devices using a wireless
distribution method within a limited area such as
a home, school, computer laboratory, or office
building.
WLAN gives users the ability to move around
within a local coverage area and yet still be
connected to the network.
161
Wireless LAN?
A wireless LAN or WLAN is a wireless local area
network that uses radio waves as its carrier.
To give a network connection to all users in a
building or campus, the last link with the users is
wireless.
The backbone network usually uses cables/wired
Wireless LANs have become popular for use in
the home, due to their ease of installation and
162
use.
Wireless-LAN
They are also popular in commercial complexes that
offer wireless access to their customers
163
WLAN Common Topologies
Infrastructure Wireless LAN Ad-hoc Wireless LAN
164
ad hoc Wireless LAN
ad hoc networks are self-organizing networks without any
centralized control
Suited for temporary situations such as meetings and
conferences.
A WLAN without an AP is called as Ad hoc network.
ad hoc wireless nodes communicate directly with one
another using the same radio frequency.
The physical size of the network is determined by the
maximum reliable propagation range of the radio signals.
an ad hoc network is an independent BSS (basic service set)
that contains no access points, which means they cannot
connect to any other basic service set.
165
Ad-Hoc Wireless LAN
166
Infrastructure Wireless LAN
The wireless LAN is connected to a wired LAN.
There is a need of an Access Point (AP) that
bridges wireless LAN traffic into the wired LAN.
The AP can also act as a repeater for wireless
nodes, effectively doubling the maximum
possible distance between nodes.
Infrastructure mode is an 802.11 networking
framework in which devices communicate with
each other by first going through an Access Point
(AP)
167
Infrastructure Wireless LAN
In the area of wireless computer networking, a
Base station is a wireless router/radio
receiver/transmitter that serves as the hub of the
WLAN, and may also be the gateway between a
wired network and the wireless network.
Base station network is connected to the Wired
Internet. Other nodes can be fixed or mobile
Wireless stations fall into two categories:
wireless access points, and clients.
168
169
Architecture
Stations
All components that can connect into a wireless medium in a
network are referred to as stations (STA). All stations are equipped
with wireless network interface controllers (WNICs).
AP (wireless routers) are base stations for the wireless network.
They transmit and receive radio frequencies (RF) for wireless
enabled devices to communicate with.
Wireless clients can be mobile devices such as laptops, personal
digital assistants, IP phones and other smartphones, or non-portable
devices such as desktop computers, printers, and workstations that
are equipped with a wireless network interface.
170
Architecture
Basic service set (BSS)
BSS is a set of all stations that can communicate with
each other at physical layer.
Every BSS has an identification (ID) called the BSS-ID,
which is the MAC address of the access point servicing
the BSS.
There are two types of BSS:
Independent BSS (IBSS)- ad hoc
Infrastructure BSS.
171
Architecture
Independent basic service set
An IBSS is a set of Stations configured in ad hoc (peer-to-peer)mode.
Extended service set
An extended service set (ESS) is a set of connected BSSs.
Access points in an ESS are connected by a distribution system.
Each ESS has an ID called the SSID which is a 32-byte (maximum) character
string.
Distribution system
A distribution system (DS) connects access points in an extended service set.
The concept of a DS can be used to increase network coverage through
roaming between cells.
DS can be wired or wireless. Current wireless distribution systems are mostly
based on WDS or MESH protocols, though other systems are in use.
172
173
How do wireless LANs work?
A WLAN serves the same purpose as a wired one — to
link a group of computers
WLAN uses the same networking protocols and
supporting most of the same applications.
Wireless networks operate using radio frequency
(RF) technology, a frequency within the
electromagnetic spectrum associated with radio wave
propagation
174
How are WLANs Different?
They use specialized physical and data link protocols
They integrate into existing networks through
Access Points (AP) which provide a bridging
function
They let you stay connected as you roam from one
coverage area to another
They have unique security considerations
They have specific interoperability requirements
They require different hardware
They offer performance that differs from wired
LANs.
175
Physical and Data Link Layers WLAN
Physical Layer:
The wireless NIC takes frames of data from the data link
layer, scrambles the data in a predetermined way, then uses
the modified data stream to modulate a radio carrier
signal.
Data Link Layer:
Uses Carriers-Sense-Multiple-Access with Collision
Avoidance (CSMA/CA). CSMA/CA in computer
networking, is a network multiple access method in which
carrier sensing is used, but nodes attempt to avoid collisions
by transmitting only when the channel is sensed to be idle
176
Integration With Existing Networks
178
Roaming
Roaming refers to the ability for a cellular
customer to automatically make and
receive voice calls, send and receive data,
or access other services, including
home data services, when travelling
outside the geographical coverage area
of the home network.
Users maintain a continuous connection as they roam
from one physical area to another
Mobile nodes automatically register with the new access
point.
Methods: DHCP, Mobile IP
179
WLAN Security
The IEEE 802.11 standard specifies optional security
called "Wired Equivalent Privacy" whose goal is that
a wireless LAN offers privacy equivalent to that
offered by a wired LAN.
The standard also specifies optional authentication
measures.
Common standard encryption schemes are
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
180
Interoperability
Before the IEEE 802.11, interoperability was based on
cooperation between vendors.
IEEE 802.11 only standardizes the physical and Medias
Access Control layers.
Vendors must still work with each other to ensure
their IEEE 802.11 implementations interoperate
Wireless Ethernet Compatibility Alliance (WECA)
introduces the Wi-Fi Certification to ensure cross-
vendor interoperability of 802.11b solutions
181
Hardware
Wireless router (AP)
Wire-based connections:
Wireless NIC: with antenna
182
Hardware
183
Wireless Technology Standards
Most modern Wireless Local Area Networks are based
on IEEE 802.11 standards and are marketed under the
Wi-Fi brand name.
IEEE 802.11 is a set of media access control (MAC)
and physical layer specifications for implementing
wireless local area network (WLAN) computer
communication.
184
Wireless Technology Standards
A family of wireless LAN (WLAN) specifications
developed by a working group at the Institute of
Electrical and Electronic Engineers (IEEE)
Versions:
802.11a
802.11b
802.11g
802.11e
802.11f
802.11i
185
802.11 - Transmission
Most wireless LAN products operate in
unlicensed radio bands
2.4 GHz is most popular
Available in most parts of the world
No need for user licensing
Most wireless LANs use spread-spectrum radio
Resistant to interference, secure
186
IEEE 802.11a
Ultra-high spectrum efficiency
5 GHz band
More data can travel over a smaller amount of
bandwidth
High speed
Up to 54 Mbps
Less interference
Fewer products using the frequency
2.4 GHz band shared by cordless phones,
microwave ovens, Bluetooth, and WLANs
187
IEEE 802.11b
Operates in 2.4GHz band.
Its speed is 11 Mbps.
It covers up to 300 feet distance.
It normally installed in both business and
homes
deployed in “hot spots” such as hotels,
airports and Starbucks.
188
802.11g
802.11g is a high-speed extension to 802.11b
Compatible with 802.11b
High speed up to 54 Mbps
2.4 GHz
offering greater performance (that is, speed and
range) and remains today's most common
wireless networking technology
189
Performance
802.11a offers speeds with a theoretically maximum
191
Access Point Placement and Power
Permanently attached.
Remote antennas connected using an antenna cable.
Coax cable has a high signal loss, should not be mounted
more than a 1 or 2 meters away from the device.
Placement: consider building construction, ceiling height,
obstacles.
Different materials (cement, steel) have different radio
propagation characteristics.
193
Connecting to the Wired LAN
195
WAN Technologies
196
WAN Technologies
A WAN is a data communications network that
covers a relatively broad geographic area and that
often uses transmission facilities provided by
common carriers, such as telephone companies.
WAN technologies are designed for WAN
infrastructures
WAN technologies generally function at the
lower three layers of the OSI reference model:
Network layer, Data link layer and Physical layer
197
WAN Technologies
198
WAN Physical Layer Terminology
CSU/DSU (Channel Service Unit/Data Service Unit)
Customer Premises Equipment (CPE)
Packet-Switching Exchange (PSE)
Data Communication Equipment (DCE)
Data Terminal Equipment (DTE)
Local Loop
Central Office (CO)
Toll Network
199
CPE- Customer Premises Equipment
201
DTE- Data Terminal Equipment
End systems that communicate across the WAN
technologies
The customer devices that pass the data from a customer
network or host computer for transmission over the
WAN
The DTE connects to the DCE through the local loop
They are usually terminals, personal computers or
network hosts and are located on the premises of
individual subscribers.
202
DCE- Data Communication Equipment
203
204
Local Loop
The actual copper or fiber cable that connects the CPE to the
central office (CO) of the service provider.
The local loop is sometimes called the last-mile
Central Office (CO)
The CO is the local service provider facility or building that
connects the CPE to the provider network
Toll Network
This consists of all digital, fiber optic communication lines,
switches, routers and other equipment inside the WAN
provider network
205
CSU/DSU-
Channel Service Unit/Digital Service Unit
A CSU/DSU is a digital-interface device that adapts the
physical interface on a DTE device to the interface of DCE
device in a switched-carrier network.
The CSU/DSU terminates the digital signals at customer
location.
CSU/DSU is required to prepare data traffic for digital lines
Can be used by a router to connect to digital line
WAN Switch-a multiport internetworking device used in service
provider networks
206
WAN Devices
207
208
Other WAN Devices
Dialup modem
WAN Switch
Router
Core Router
Access Server
Broadband modem
209
WAN Switching Technology
Circuit Switching
Packet Switching
Message Switching
Cell Switching
210
Circuit Switching
a circuit switched network is one that establishes a
dedicated circuit or channel between nodes and terminals
before the users may communicate/send data
Circuit switching dynamically establishes a dedicated
virtual connection (VC) for voice or data between a sender
and a receiver (example- Phone call)
Before communication can start, it is necessary to establish
the connection through the network of the service provider
The two most common types of circuit switched networks
The Public Switched Telephone Network (PSTN)
211
The Integrated Service Digital Network (ISDN)
Circuit Switching
212
Packet Switching
Packet switching splits traffic data in to packets that are
routed over a shared network.
Packet switched network do not require a circuit to be
established
The switches in packet switched network determine
the links that packets must be sent over based on the
addressing information in each packet
213
Packet Switching
Packet-switched networks move data in separate,
small blocks (packets) based on the destination
address in each packet.
When the circuit is established temporarily while a
packet is travelling through it, and then breaks
down again, it is called a virtual circuit (VC)
Because the internal links between the switches are
shared between many users, the cost of packet
switching network is lower than that of circuit-
switching network
214
Packet Switching
Packet switching is a WAN technology in which
users share common carrier resources.
Packet-switching networks include
Asynchronous Transfer Mode (ATM)
Frame Relay
Switched Multimegabit Data Services (SMDS)
X.25
215
Packet Switching
216
WAN Technologies
PPP
ISDN
ATM
Frame relay
DSL
X.25
217
PPP (Point-to-Point Protocol)
PPP link provides a pre-established WAN communications
path from the customer sites through the provider network to
a remote destination.
PPP lines are usually leased from a carrier and are called
leased lines because its established path is permanent and
fixed for each remote network reached through the carrier
facilities
PPPs commonly used as a layer 2 protocol on dedicated
Leased lines.
PPP is communications protocol used to establish a direct
connection between two routers without any host or any
218
other networking device in between.
219
ISDN-Integrated Services Digital Network
ISDN is a set of communication standards for
simultaneous digital transmission of voice, video, data,
and other network services over the traditional
circuits of the public switched telephone network
(PSTN).
Prior to ISDN, the telephone system was viewed as a
way to transport voice, with some special services
available for data.
The key feature of ISDN is that it integrates speech
and data (Internet) on the same lines, adding features
that were not available in the classic telephone system.
220
Integrated Services Digital Network
ISDN is a circuit-switched telephone network system
which provides a better voice quality than an analog
phone can provide.
ISDN supports multiple channels
B (Bearer) channels for 64 Kbps channels on a single
connection- basic traffic
D (Delta or data) channel for 16 Kbps for return
signaling data
ISDN is faster than telephone line connections
ISDN is consisting of ISDN switches
221
Integrated Services Digital Network
Offers a 1.472 Mbps data path over B channel and a 64 Kbps D channel
225
ATM -Asynchronous Transfer Mode
ATM is a telecommunications standards for carriage of a
complete range of user traffic including voice, data, image,
text and video signals.
ATM was developed to meet the needs of the Broadband
Integrated Services Digital Network (B-ISDN).
ATM works at the three lowest layers of the reference
model: network layer, data link layer, and physical layer
ATM is a core protocol used over the
Public switched telephone network (PSTN) and
Integrated Services Digital Network (ISDN)
226
ATM
ATM provides a permanent shared network technology
that offered very low latency and jitter at much higher
bandwidths.
ATM has data rates beyond 155 Mbps.
As with the other shared technologies, such as X.25
and Frame Relay, diagrams for ATM WANs look the
same.
A typical ATM line needs almost 20% greater
bandwidth than Frame Relay to carry the same volume
of network layer data.
227
ATM
ATM is a connection-oriented packet switching technique in
which a virtual circuit must be established between two
endpoints before the actual data exchange begins.
These virtual circuits(VC) may be
Permanent Virtual Circuit (PVC): dedicated
connections that are usually preconfigured by the
service provider
Switched Virtual Circuit (SVC): set up on a per-call
basis using signaling and disconnected when the call is
terminated.
ATM eventually became dominated by Internet Protocol
228
ATM
ATM is different from the others because it
uses small fixed size cells of 53 bytes(5 bytes
for header and 48 bytes for data), transmits
them over a physical medium using digital
signal technology, unlike the other packet
switched technologies, which uses variable
sized packets
Speeds on ATM networks can reach 10 Gbps
229
230
DSL (Digital Subscriber Line)
DSL technology is a broadband technology that uses
existing twisted-pair telephone lines to transport high-
bandwidth data to service subscribers.
The term xDSL covers a number of similar forms of
DSL technologies.
DSL technology allows the local loop line to be used
for
Normal telephone voice connection and
Instant network connectivity.
231
DSL (Digital Subscriber Line)
The two basic types of DSL technologies are
Asymmetric (ADSL)
Symmetric (SDSL).
All forms of DSL service are categorized as ADSL or
SDSL and there are several varieties of each type.
ADSL service provides higher download or downstream
bandwidth to the user than upload bandwidth.
SDSL service provides the same capacity in both
directions.
232
DSL (Digital Subscriber Line)
Asymmetric DSL
Voice and Data on the same line
Downstream: up to 8 Mbps
Upstream: up to 1.544 Mbps
Symmetric DSL
No simultaneous voice and data on the same line
Downstream: 1.168 Mbps
Upstream: 1.168 Mbps
Very high bit rate DSL
Downstream: up to 52 Mbps
233 Upstream: up to 12 Mbps
DSL
234
X.25
The first of these packet-switched networks was standardized as
the X.25 group of protocols.
X.25 provides a low bit rate shared variable capacity that may be
either switched or permanent circuits.
X.25 is a network-layer protocol and subscribers are provided
with a network address.
Virtual circuits can be established through the network with call
request packets to the target address. The resulting SVC is
identified by a channel number.
X.25 technology is no longer widely available as a WAN
technology
Frame Relay has replaced X.25 at many service provider
235 locations.
X.25
236
Summary
237
Other WAN Technologies
Individual Assignment
1. VPN
2. Synchronous Optical Network (SONET)
3. MPLS- Multiprotocol Label Switching
4. VPN-Virtual Private Network
5. SDLC protocol
6. POTS
7. HDLC- High-level Data Link Control
8. SMDS
9. LAPB
10. LRE/ Long Range Ethernet
11. T1/T2/E1/E2
12. WIMAX
13. GSM
14. CDMA
15. 4G LTE
16. SLIP
238
Chapter 4
NETWORK DESIGN
AND
IMPLEMENTATION
Network Design Overview
Computer networks are critical to the success of any
businesses.(Network-based Economy)
Computer networks connect people, support applications
and services, and provide access to the resources that keep
the businesses running.
To meet the daily requirements of businesses, networks
themselves are becoming quite complex.
There is a direct correlation between the network design
project and the company’s business success. Therefore,
Network design is the ultimate target of todays networking
240
Network Design Overview
Today, the Internet-based economy often demands
around-the-clock customer service.
Business networks must be available nearly 100 percent
of the time.
They must be smart enough to automatically protect
against unexpected security incidents.
These business networks must also be able to adjust to
changing traffic loads to maintain consistent application
response times.
Computer networks need careful planning and design.
241
Network Design Overview
Businesses have requirements for their network:
o The network should stay up all the time, even in
the event of failed links, equipment failure, and
overloaded conditions.
o The network should deliver applications and
provide reasonable response times from any host to
any host.
o The network should be easy to modify to adapt to
network growth and general business changes.
242
Network Design Overview
o The network should be secure. It should
protect the data that is transmitted over it and
data stored on the devices that connect to it.
o Because failures occasionally occur,
troubleshooting should be easy.
o Finding and fixing a problem should not be too
time-consuming.
243
Network Design Overview
Network design refers to the planning of
the implementation of a computer network
infrastructure.
Network design is generally performed by
network designers, network engineers, IT
administrators and other related staff.
It is done before the implementation of a
network infrastructure
244
Network Design Methodologies
Large network design projects are normally divided
into three distinct steps:
Step 1. Identify the network requirements
Step 2. Characterize the existing network
Step 3. Design the network topology and solutions
245
Network Design Methodologies
249
Building a Good Network
Good networks do not happen by accident.
Good networks are the result of hardworking by
network designers and technicians, who identify
network requirements and select the best
solutions to meet the needs of a business
250
Building a Good Network
Good Network Designs should:
Deliver services requested by users
Deliver acceptable throughput and response times
Be within budget and maximise cost efficiencies
Be reliable
Be expandable without major redesign
Be manageable by maintenance and support staff
Be well documented
251
What to be considered?
• Connections:
• Provided by Hardware that ties things together.
Wires/Wireless, Routers, Switches/Hubs, Computers,
Bridges, etc.
Communications/Protocols:
Provided by Software
A common language for two systems to communicate with
each other
TCP/IP (Internet/Windows ), IPX/SPX (Novell
Netware 4), AppleTalk, Other NOS
Services/Application:
The Heart of Networking .
Cooperation between two or more systems to perform some
function.
Applications such as Telnet, FTP, HTTP, SMTP
252
What to be considered?
To build a well-balanced network, a number of
factors must be taken into consideration
Desired network size (number of machines)
Layout/Topology
Amount of current traffic
Future traffic expectations
Security requirements
Base on these factors, a flexible solution with
budget and with sufficient room for expansion
can be designed
253
Network Design: Achievable?
Reliability
Business Growth
254
Types of Network Design
255
New Network Design
Designing a network from a scratch
Major driver is the budget
no compatibility issues to worry about
Methodologies
Planning/Feasibility study
Study Existing Situation
Rough proposal of the designed network
Requirements Analysis
Design
Specification of network items and Procurement
(Buying items)
Implementation (Installations and Administration)
256
Re-engineering Network Design
Modifications to an existing network to compensate
for original design problems.
Sometimes required when network users change
existing applications or functionality
More of the type of problems seen today
Network Expansion Design
Network designs that expand network capacity
Technology upgrades
Adding more users or networked equipment
257
Fundamental Design Goals
The four fundamental network design goals are:
Scalability: Scalable network designs can grow to
include new user groups and remote sites and can
support new applications without impacting the level
of service delivered to existing users.
Availability: A network designed for availability is
one that delivers consistent, reliable performance, 24
hours a day, 7 days a week. In addition, the failure of
a single link or piece of equipment should not
significantly impact network performance.
258
Fundamental Design Goals
Security: Security is a feature that must be designed
into the network, not added on after the network is
complete. Planning the location of security devices,
filters, and firewall features is critical to safeguarding
network resources.
Manageability: No matter how good the initial
network design is, the available network staff must be
able to manage and support the network. A network
that is too complex or difficult to maintain cannot
259 function effectively and efficiently.
Network Design Phase
263
Flat Network Design
A flat network topology is an unstructured type
of network designing , which is adequate in
designing a small-sized network.
It is a non-hierarchical designing model where
each inter-networking device performs the same
task.
This model is easy to plan, design and implement
for small-sized networks but it would be difficult
to scale up the network when a need for growth
264
arises.
Flat Network Design
• aims to reduce cost, maintenance and administration.
• aims to reduce the number of routers and switches
on a computer network by connecting the devices to
a single switch instead of separate switches.
265
Flat Network Design
lack of hierarchy makes network troubleshooting
and expansion difficult.
Devices in flat network design belongs to the
same broadcast domain and shares the same
bandwidth together, and receives a copy of every
message sent.
In the case of link failure, it is difficult to get an
alternative path to the destination.
266
267
Hierarchical Network Design
Hierarchical networks have advantages over flat network
designs.
The benefit of dividing a network into smaller, more
manageable hierarchical blocks is that local traffic remains
local.
Only traffic intended for other networks is moved to a higher
layer.
Layer 2 devices in a flat network provide little opportunity to
control broadcasts or to filter undesirable traffic.
As more devices and applications are added to a flat network,
response times degrade until the network becomes unusable.
268
Hierarchical Network Design
when an organization's network grows and becomes
more complex; the network designers might need to
consider building a network in a modular approach.
A modular designing helps to split the huge and
complex task by a specific function and makes the
design project more manageable.
For instance, a company network system might include
the company’s LANs, remote-access system, wireless
connection system and WAN functionalities, in such
scenario a hierarchical modelling methods fit well.
269
Hierarchical Network Design
Hierarchical model is a three-layer modular and
structural design technique used to design a LAN
or WAN network.
Hierarchical model design has three layers,
namely Core, Distribution and Access layers,
Each layer has its own functions and they are built
using network devices like routers or switches or
combined in single device.
270
Hierarchical Network Design
271
Hierarchical Network Design
Advantages in using a hierarchical model of
designing a network are
Scalability
Flexibility
Adaptability
Simplicity
Improved/high performance
Fault isolation and
Easier network manageability.
272
Advantage of Hierarchical Network Model
Access Layer
Distribution Layer
Core Layer
274
Hierarchical Network Design
275
Core layer
A core layer is a high-speed switching backbone
responsible for interconnecting distribution layer
devices.
This layer aggregates traffic from all distribution layer
devices and is responsible for forwarding a large amount
of data with a high speed over the network.
This layer is considered the backbone of the network and
includes the high-end Router/core switches and high-
speed cables such as fiber cables.
High-end routers and switches that are optimized
for availability and high speed
276
Core layer
no packet manipulation is done by devices in this layer.
This layer is concerned with speed and ensures reliable
delivery of packets.
The core layer needs to be highly reliable and fault
tolerant. This happens by establishing a full mesh
redundancy link between the core layer routers and
between the distribution layer routers and vice versa.
It is necessary to have backup power supplies in case of
power failures.
277
Goals of the Core Layer
The core layer design enables the efficient, high-
speed transfer of data between one section of the
network and another.
The primary design goals at the core layer are:
Provide 100% uptime.
Maximize throughput.
Facilitate network growth.
278
Core Layer Technologies
Technologies used at the core layer include the following:
Routers or multilayer switches that combine routing
and switching in the same device
Redundancy and load balancing
High-speed and aggregate links
Routing protocols that scale well and converge quickly,
such as:
Enhanced Interior Gateway Routing Protocol (EIGRP)
Open Shortest Path First (OSPF) Protocol
279
Redundant Links
Implementing redundant links at the core layer ensures
that network devices can find alternate paths to send data
in the event of a failure. When Layer 3 devices are placed
at the core layer, these redundant links can be used for
load balancing in addition to providing backup.
280
Mesh Topology
Most core layers in a network are wired in either a full-
mesh or partial-mesh topology.
A full-mesh topology is one in which every device has a
connection to every other device. Although full-mesh
topologies provide the benefit of a fully redundant
network, they can be difficult to wire and manage and
are more costly.
For larger installations, a modified partial-mesh topology
is used. In a partial-mesh topology, each device is
connected to at least two others, creating sufficient
redundancy without the complexity of a full mesh.
281
Redundancy in a Mesh Topology
282
Distribution Layer
The distribution layer is the middle (demarcation
point) layer between the access layer and core layer of a
network.
It is at this point where traffic flow control and access
control takes place.
Distribution layer is a preferred place for designing
virtual LANs (VLANs) to create one or more broadcast
domains and to configure network devices like routers
to route IP packets across VLANs.
This layer ensures that packets are properly routed
between subnets and VLANs in the enterprise.
This layer is also called the Workgroup layer
283
284
Distribution Layer
The distribution layer is commonly built using Layer 2 switching
technology.
Multilayer switches, located at the distribution layer, provide
many functions critical for meeting the goals of the network
design, including the following:
Filtering and managing traffic flows
Enforcing access control policies
Summarizing routes before advertising the routes to
the Core
Isolating the core from access layer failures
Routing between access layer VLANs
285
Access Layer
The main task of the access layer is to connect local users
to the network so that they can access network resources
and services.
This layer is designed to deliver local user packets to the
targeted end user computer and also to ensure a
legitimate access of network resources and services.
End devices such as personal computers, printers and IP
phones are connected to the access layer.
Interconnecting devices such as switches, hubs and
286
wireless access points are part of the access layer.
Access Layer
This layer connects users via hubs, switches, and other
devices
This layer is also called the desktop layer because it
focuses on connecting client nodes, such as workstations
to the network.
This layer ensures that packets are delivered to end user
computers.
287
Network Design and
Implementation Phases
Project Management
288
PDIOO Lifecycle Approach to Network
Design and Implementation
PDIOO stands for
Plan
Design
Implement
Operate
Optimize
PDIOO is a Cisco methodology phases that defines
the continuous life-cycle of services required for a
network design and Implementation
289
Plan Phase:
Network requirements are identified in this phase
business and technical requirements
Analysis of areas where the network will be installed
Identification of users who will require network
services
If there is an existing network in place, then the
project plan is developed (or updated), but only
after an audit of the existing infrastructure, sites and
operational environment is completed.
290
Plan Phase:
The typical deliverables from the Plan phase
include:
Site/location Requirements Specifications
Solutions Test Plan
Site Survey Form
Customer Requirements Document Response
291
Design Phase:
Accomplish the logical and physical design,
according to requirements gathered during the
Plan phase
The company develops (or updates) a
comprehensive network design.
It is important that the information gathered from
the first phases is used to ensure that the design
meets all of the business and technical
requirements that were previously developed.
292
Design Phase:
If everything has been completed correctly, the design
will provide a network that is able to manage the
everyday tasks that are required of it and meet or exceed
all expected availability, reliability, security, scalability,
and performance metrics.
Documents that are developed during this phase guide
the deployment, configuration, and commission of
network devices and services.
The typical deliverables from this phase include:
Low Level Design (LLD)
293
Implementation Phase:
Network is built according to the Design
specifications
Implementation also serves to verify the design
This method allows the implementers the ability
to find any potential problems; if found, these
problems are resolved inside this test bed before
full scale implementation continues.
294
Implementation Phase
Once the network has been implemented, a series of
tests should be run to ensure that the operation of the
new network is as expected and designed.
If any issues are found, it is best that they are handled as
early in the implementation as possible to ensure the
issue impacts as few parts of the network as possible.
The typical deliverables from this phase include:
Network Ready For Use
Network Ready For Use Test Report
Implementation Log
295
Operate Phase:
The Operate phase is by far the longest of the
PPDIOO phases; this is because in this phase a
company is operating without making major
changes to the network.
Operation is the final test of the effectiveness of the
design
The network is monitored during this phase for
performance problems and any faults, to provide input
into the Optimize phase
296
Operate Phase:
During this phase, the company spends the majority
of their funds managing the network which includes
proactive and reactive monitoring, performance
management, trouble management, security
management, and capacity planning and monitoring,
among others.
The typical deliverables from this phase include:
Root Cause Analysis Reports
Support Contract Analysis
297
Optimize Phase:
Based on proactive network management which
identifies and resolves problems before network
disruptions arise, the optimize phase may lead to a
network redesign if too many problems arise
due to design errors, or as network
performance degrades over time as actual use
and capabilities diverge
Redesign may also be required when
requirements change significantly
298
Retire Phase:
299
Chapter 5
307
Network configuration tools
Netstat- display network summary information for the device
Network performance status
Netstat [-n] -a
Arp-show/modify IP Its job is to map IP addresses to MAC addresses.
arp -a
Ndp (Neighbor Discovery Protocol)-Show debug
Route- is used to show/modify the routing table
-Set/Display gateway
route [-n] get default
Mtr-combines ping and traceroute
Mtr [hostname or IP]
nslookup – DNS lookups/DNS Queries
netsh – Change Interface Settings/Display or modify the network
configuration of a computer that is currently running
308
Types of Administrations
In a larger company, the following types of administrations may all be in
separate positions within Information Services department.
In a smaller group, they may be shared by a few sysadmins, or even a single
person.
Network Administration
User administration
Mail administration
Web administration
FTP administration
Database systems administration
Remote access administration
Backup administration
DNS/DHCP administration
Proxy server administration
309
310
Network Administration
Network administration normally includes the
deployment, configuration, maintenance and
monitoring of active network gears:
Switches
Routers
Firewalls
Other network attached infrastructures
A person who is involved in computer network
and that carry out network administration is
called network administrator or network
specialist or network analyst.
311
312
Network Administration
Network administration activities includes:
Network address assignment
Assignment of routing protocols and routing table
configuration
Configuration of authentication and authorization
Maintenance of personal computers, printers, etc.
Maintenance of network servers such as file server, VPN
gateways, intrusion detection system, etc
Network design and security
Troubleshooting and debugging network related problems.
313
Directory Service
(User Administration)
Directory Service - is a software application that stores
and organizes information about a computer network's
users and network resources, and that allows network
administrators to manage users' access to the resources.
LDAP (Lightweight Directory Access Protocol) is the
directory service for Unix.
Active Directory (AD) is the directory service for
Windows Server. It stores information about objects on
the network and makes this information easy for
administrators and users to find and use.
314
Directory Service
(User Administration)
With a single network logon, administrators can
manage directory data and organization throughout
their network, and authorized network users can
access resources anywhere on the network.
Server-client architecture
User Account management
Accounting and restrictions
User IDs
Home directories (Quotas, Drive capacities)
Permission, group membership
315
Disabling/ removing user accounts
Mail Administration
Install/configure/manage e-mail software
mail transfer agents, mail readers.
Managing E-mail servers
Email servers are open by design to accept email from
anyone
Spam can be a problem to manage
Specific utilities can be used to help minimize spam
Viruses are commonly sent by email
Use virus detection software and keep it updated
316
Web Administrators
Systems administrators may specialize in maintaining
websites, which requires constant observation and
maintenance.
These administrators monitor the speed of the website and
approve all content before it is published.
As part of their mission to constantly improve the website,
web administrators analyze data regarding the site’s traffic
patterns and may implement changes based on user feedback
A web administrator maintains web server services that
allow for internal or external access to web sites.
Web server administrators focus on the internet
Need to work with ISPs and web page developers
317
Web Administration
Web server provides information to anyone who
requests it over the internet
Tasks of web administrators include
managing multiple sites
administering security
Control access to webpages
configuring necessary components and software.
Responsibilities include software change
management.
318
Web
Hypertext Transfer Protocol (HTTP) works with the World
Wide Web. A Web browser is a client-server application
A Web browser presents data in multimedia formats on Web
pages that use text, graphics, sound, and video. The Web
pages are created with a format language called Hypertext
Markup Language (HTML). HTML specifies locations for
the placement of text, files, and objects that are to be
transferred from the Web server to the Web browser.
Hyperlinks make the World Wide Web easy to navigate
A hyperlink is an object, word, phrase, or picture, on a Web
page
319
Web
When that hyperlink is clicked, it directs the browser to a
new Web page
The Web page contains, often hidden within its HTML
description, an address location known as a Uniform
Resource Locator (URL)
In the URL http://www.cisco.com/edu/,
the "http://" tells the browser which protocol to use.
The "www.cisco.com ", is the hostname or name of a
specific machine with a specific IP address.
The /edu identifies the specific folder location on the
server that contains the default web page.
320
FTP Administration
FTP is a commonly used protocol for exchanging files
over any network that supports the TCP/IP protocol
(such as the Internet or an intranet).
There are two computers involved in an FTP transfer: a
FTP server and FTP client.
client can do a number of file manipulation operations
(if he has the authority) such as uploading files to the
server, download files from the server, rename or delete
files on the server and so on.
321
FTP Administration
Usually users are asked to enter a username and
password to access an FTP site.
Many sites that run FTP servers enable so called
"anonymous ftp". Under this arrangement, users do
not need an account on the server.
FTP administrator are responsible to Install and
Configure Internet Information Services (IIS) to make
the ftp server accessible
322
Database Administration
Maintaining a database system and insuring the integrity
of the data and the efficiency and performance of the
system is called database administration
A person who is responsible for the environmental
aspect of a database is called a database administrator
(DBA)
The duties of DBA vary and depend on the job
description, corporate and IT policies and the technical
features and capability of the DBMS being administered.
323
Database Administration
The roles of DBA include
Disaster recovery (backup)
Performance analysis and tuning
Installation of database software
Configuration of hardware and software with the
system administrator
Secure the database
Data analysis, database design and data modeling
and optimization
324
Security Administration
Security administration needs a person who is specialist
(security administrator) in computer and network
security including the administration of security devices
such as firewall as well as consulting on general security
measures.
Ensures that the organization's systems are secure and
very difficult to hack.
protecting security breaches.
Becoming a very big deal!
325
Security Administration
May keep watch over employees for inappropriate
network usage.
Dealing with viruses that threaten core equipment.
In-depth firewall knowledge is required, as well as a
solid understanding of system hacking.
In case a security breach could not be averted, it is the
security administrator’s responsibility to close the
systems, determine damages, trace the culprit and
ensure that it doesn’t happen again.
326
DNS/DHCP Administration
DHCP
DHCP stands for Dynamic Host Configuration
Protocol
It is an Internet protocol for automating the
configuration of computers that use TCP/IP
DHCP can be used to automatically assign IP addresses,
to deliver TCP/IP stack configuration parameters such
as the subnet mask and default router, and to provide
other configuration information such as the addresses
for printer, time and news servers.
327
DHCP Administration
Under DHCP, a computer is designated as the DHCP
server. All of the other computers on the network that
need an IP address - will be DHCP clients (computers
that already have a permanently set IP address don't
need to participate).
The network administrator needs to initially configure
the DHCP server.
Part of that configuration process involves assigning the
DHCP server a block of IP address numbers that it can
dispense to nodes that need IP addresses.
328
How DHCP Works?
When a new node comes onto the network assuming it
is capable of being a DHCP client, it will broadcast a
request for an IP address.
The DHCP server will respond by checking its table of
address assignments, selecting the next available
address, and sending a response back to the requesting
node.
The requesting node sends acknowledgement to the
server hose offer is accepted.
329
330
DHCP clients obtain a DHCP lease for an IP address, a subnet mask,
and various DHCP options from DHCP servers in a four-step process:
1. DHCPDISCOVER: The client broadcasts an IP request for a DHCP server.
2. DHCPOFFER: DHCP servers on the network offer an IP address to the client.
3. DHCPREQUEST: IP address selection
4. DHCPACK: IP address Acknowledgment
331
DNS Administration
DNS:
DNS stands for Domain Name System
It helps users to find their way around the Internet
Every computer on the Internet has a unique address –"IP
address". But it is hard to remember everyone's IP address
The DNS makes it easier by allowing a familiar string of
letters (the "domain name") to be used instead of the
arcane IP address
So instead of typing 192.0.34.65, you can type
www.icann.org. It is a "mnemonic" device that makes
addresses easier to remember
332
DNS Administration
Translating the domain name into the IP address is
called "resolving the domain name.“
The goal of the DNS is for any Internet user any place
in the world to reach a specific website IP address by
entering its domain name.
These logical names are connected to their IP address.
The logical name that is associated to an IP address is
also referred to as the domain name.
333
How DNS Works?
When a client computer wishes to communicate with
the host computer, it must translate its logical name
into its IP address
It does this via a domain name lookup query, which
asks a domain name server (DNS) the IP address of the
destination host given the domain name.
The domain name server has a set of static tables that it
uses to find the IP address associated with a domain
name.
334
Remote Access Administration
Remote administration refers to any method of
controlling a computer from a remote location.
Software that allows remote administration is becoming
increasingly common and is often used when it is
difficult or impractical to be physically near a system in
order to use it.
A remote location may refer to a computer in the next
room or one on the other side of the world. It may also
refer to both legal and illegal (i.e. hacking) remote
administration.
335
Remote Access Administration
Any computer with an Internet connection,TCP/IP or
on a Local Area Network can be remotely administered.
For non-malicious administration, the user must install
or enable server software on the host system in order to
be viewed. Then the user/client can access the host
system from another computer using the
installed software.
Usually, both systems should be connected to the
internet, and the IP address of the server system must
be known.
336
Proxy Server Administration
A proxy server is a computer system or router that functions
as a relay between client and server.
It helps prevent an attacker from invading a private network
and is one of several tools used to build a firewall.
The word proxy means "to act on behalf of another," and a
proxy server acts on behalf of the user
By using the proxy server you can hide, conceal and
make your network id anonymous by hiding your IP
address.
A server that sits between a client application, such as a
Web browser, and a real server
337
Proxy Server Administration
A Proxy server administration is to configure a proxy
server on Windows, and Windows applications so that
the network traffic will pass through the proxy server.
338
Backup Administration
In information technology, a backup, or
the process of backing up, refers to the
copying into an archive file of computer data
so it may be used to restore the original
after a data loss even
The primary purpose is to recover data after
its loss, be it by data deletion or corruption.
339
Backup Administration
The Backup Administrator is responsible for
installing, configuring and managing data on disk
storage devices and magnetic tape and associated
libraries.
They are also responsible for ensuring that the data is
accessible and recoverable, ensuring that there is
available capacity for allocation of new data and
archiving or removing obsolete data from the system,
performance using appropriate reporting &
monitoring tools.
340
Challenges of System/Network
Administration
• Systems or Network Administration is
more than just installing computers or
networks.
• It is about planning and designing an
efficient community of computers that
allow users to get their jobs done.
341
Challenges of Administration
Design Logical, Efficient networks
Easily deploy & update many machines
Decide what services are needed
know the business tasks & customers
Plan and implement adequate security
Provide comfortable User environment
Be able to fix errors and problems
Keep track of & be able to use knowledge
342
Ethics for system and network
administrators
The task of systems and network administration is a
balancing act. It requires patience, understanding,
knowledge and experience.
Codes of ethics for systems and network admin
Professionalism- Treat people professionally
Personal integrity- be honest, unbiased
Privacy- protect the confidentiality of any
information
Laws and policies
343
Ethics for system and network
administrators
Communication
System integrity- available the system
Education
Responsibility to computing community
Social responsibility
Ethical responsibility
344
Ethics for system and network
administrators
A Sysadmin is a customer service agent!
The Sysadmin must be able to communicate with
technical and non-technical users.
The Sysadmin should be patient, and have a sense of
humor.
The Sysadmin must be able to solve difficult technical
problems.
The Sysadmin must be able to work in a group setting.
The Sysadmin must document activities in order to
reproduce the results.
345
Network Certifications
levels of Cisco network certification:
Entry
Associate
Professional
Expert
Architect
346
Entry
347
Associate
The Associate level of Cisco Certifications can begin directly with
CCNA (Cisco Certified Network Associate) for network installation,
operations and troubleshooting or
CCDA (Cisco Certified Design Associate) for network design.
Think of the Associate Level as the foundation level of networking
certification.
CCDA
CCNA Cloud
CCNA Collaboration
CCNA Cyber Ops
CCNA Data Center
CCNA Industrial
CCNA Routing and Switching
CCNA Security
CCNA Service Provider
CCNA Wireless
348
Professional
The Cisco Certified Network Professional (CCNP) level is an
advanced level of certification that shows more expertise with
networking skills. Each certification covers a different technology to
meet the needs of varying job roles.
CCDP- Cisco Certified Design Professional
CCNP Cloud
CCNP Collaboration
CCNP Data Center
CCNP Routing and Switching
CCNP Security
CCNP Service Provider
CCNP Wireless
349
Expert
The Cisco Certified Internetwork Expert (CCIE) certification is
accepted worldwide as the most prestigious networking
certification in the industry.
CCDE- Cisco Certified Design Expert
CCIE Collaboration
CCIE Data Center
CCIE Routing and Switching
CCIE Security
CCIE Service Provider
CCIE Wireless
350
Architect
Cisco Certified Architect is the highest level of
accreditation achievable and recognizes the
architectural expertise of network designers who
can support the increasingly complex networks of
global organizations and effectively translate
business strategies into evolutionary technical
strategies.
CCAr - Cisco Certified Architect
351
Chapter 6
COMPUTER SECURITY
Outline
What is Computer Security?
Security Threats
Security Solutions
353
What is Security?
The quality or state of being secure—to be free from
danger.
Security is about the well-being of computer systems
and data
Computer security is the protection of data, networks
and computing power.
Security is the prevention and protection of computer
assets from unauthorized access, use, alteration,
degradation, destruction, and other threats.
354
What is Security?
Computer security, also known as cyber security or
IT security, is the protection of computer systems
from theft to the:
Computer hardware
Computer software
Information or Data
disruption or misdirection of the services they
provide
Computer systems should have a set of protection
policies to restrict and control the system resources
355
Why Computer Security?
Computer security is required because most organizations
can be damaged by software or intruders.
The damages include:
o Damage or destruction of computer systems.
o Damage or destruction of internal data.
o Loss of sensitive information to hostile parties.
o Damage to the reputation of an organization.
o Use of sensitive information to steal items of
monetary value.
o Losing the ability to use the system
356
Importance of Security?
357
Who is vulnerable?
Financial institutions and banks
Internet service providers
Educational Institutions
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK/INTERNET
358
Computer Security
359
Computer Security Goals
Computer security addresses the following goals:
oConfidentiality
oIntegrity
oAvailability Confidentiality
Integrity
Availability
360
Confidentiality
Confidentiality refers to protecting
information from being accessed by
unauthorized parties.
only authorized people can gain access to
sensitive data
It is concerned with having secret data
remain secret
Privacy is the ability to keep things
private/confidential
361
Integrity
Integrity refers to the trustworthiness of data
or resources within a computer system
Unauthorized users should not be able to
modify any data without the owners
permission
It refers to information protection from
modifications, change or destruction.
Modification occurs when an unauthorized
users change data or adding false data
362
Availability
Availability refers to the ability to use the
computer system and information resources at
desired times by authorized parties.
nobody can disturb the system to make it
unusable
Availability is an important aspect of reliability
Unavailable system is at least as bad as no system
at all.
Interruption occurs when an unauthorized party
reduces the availability of or to a resource.
363
Security Threats
A threat is a potential violation of security
A computer security threat is any person,
act, or object that poses a danger to
computer security.
The effects of threats can be an affect on the
Confidentiality of data
Integrity of data
Availability of a system.
364
Causes of Security Threats
Physical Threats:
Weather, natural disaster, bombs, power failures,
terrorism, etc.
Human Threats:
stealing, fraud, bribery, spying, sabotage,
accidents.
Software Threats:
viruses, Trojan horses, denial of service.
365
Types of Security Threats/Attacks
366
Fraud and Theft
An illegal taking of another’s physical,
electronic, or intellectual property
Insiders or outsiders can commit computer fraud
and theft.
Insiders can be both general users (such as clerks)
and technical staff members.
An organization’s former employees, with their
knowledge of an organization's operations, may
also pose a threat, particularly if their access is
not terminated promptly.
367
Fraud and Theft
Example of fraud and theft
individuals may use a computer to skim small amounts of
money from a large number of financial accounts, assuming that
small discrepancies may not be investigated.
Targets of fraud and theft
Financial systems
Time and attendance systems
inventory systems
school grading systems
long distance telephone systems
Insiders (i.e., authorized users of a system) are
responsible for the majority of fraud.
368
Loss of Physical and Infrastructure Support
Power failures
Outages
a period when a power supply is not available
Spikes
contain very high voltages
Brownouts
reduction in the availability of electrical power
Disasters (natural and man-made)
369
Malicious Hackers (Intruders)
The term malicious hackers, sometimes called crackers, refer to
those who break into computers without authorization.
They can include both outsiders and insiders.
Much of the rise of hacker activity is often attributed to increases
in connectivity in both government and industry.
One 1992 study of a particular Internet site (i.e., one computer
system) found that hackers attempted to break in at least once
every other day.
The hacker threat should be considered in terms of past and
potential future damage.
Although current losses due to hacker attacks are significantly
smaller than losses due to insider theft and sabotage, the hacker
problem is widespread and serious.
370
Malicious Hackers (Intruders)
Intruders are usually trying to gain access to a
system, or to increased privileges to which they are
not entitled, often by obtaining the password for a
legitimate account.
Hacking: is any attempt to intrude or gain
unauthorized access to a system.
It can be via some operating system flaw or other
means.
It may or may not be for malicious purposes.
371
Malicious Hackers (Intruders)
Cracking: is hacking conducted for malicious
purposes
A cracker is one who breaks into or otherwise
violates the system integrity of remote machines
with malicious intent
372
Threats to Personal Privacy
Personal Privacy: The right of the
individual to be protected against intrusion
into his personal life or affairs, or those of
his family, by direct physical means or by
publication of information.
Threat to individual privacy has arisen as a
danger of the modern information age.
373
Malicious Software
The most sophisticated threats to computer systems are
through malicious software, sometimes called malware.
Malware attempts to cause damage to, or consume the
resources of a target system.
Malicious code can attack personal computers and other
platforms.
Malicious Software refers to
Virus Multi-Partite
Trojan Horse Companion Virus
Worm Boot sector or MBR virus
Logic bomb Stealth Virus
Trap door Macro Virus
Zombie
374
The effects of malicious software
Corrupt or destroy data
Format the hard disk
Degrade system performance
Manipulate the directory contents
Rename all files with different name
Corrupting the systems data
Increasing file size
375
Virus
A small program that replicates and hides itself
inside other programs usually without your
knowledge
A virus is a program that can ”infect” other
programs by modification, as well as causing
local damage.
Such modification includes a copy of the virus,
which can then spread further to other programs.
376
Virus
It gets attached to some part of an operating
system or any other computer program
(executable code)
The new copy of the virus is executed when a
user executes the new host program.
Similar to biological virus: Replicates and Spreads
377
Worm
Worm is an independent program that
spreads via network connections, typically
using either email, remote execution etc.
Worm reproduces by copying itself from one
computer to another and causes it to execute;
no user intervention is required
It can do as much harm as a virus
It often creates denial of service (DoS)
378
Trojan Horse
A Trojan (or Trojan Horse) is a program which
carries out an unauthorized function while hidden
inside an authorized program.
Seems to do something good but covertly doing
something else
Secretly downloading a virus or some other type
of malware on to your computers.
Popular mechanism for hiding a virus or a worm
379
Spy-wares
A software that literally spies on what you do on
your computer.
Spyware is unwanted software that penetrates
your computing device, stealing your internet
usage data and sensitive information.
Spyware is designed to gain access to or
damage your computer, often without your
knowledge
Example: Simple Cookies and Key Loggers
380
381
Logic Bomb
One of oldest types of malicious software
code embedded in legitimate program
Activated when specified conditions met
presence/absence of some file
particular date/time
particular user
particular series of keystrokes
when triggered typically damage system
modify/delete files/disks
382
Trap door/Backdoor
A trap door is a secret entry point into a program that
allows someone that is aware of the trap door to gain
access without going through the usual security access
procedures
Is a mechanism built into a system by its designer
A trapdoor usually gives the designer away to sneak
back into the system
Gives the original designer a secret route into the
system
A backdoor is a method of bypassing normal authentication
or encryption in a computer
383
Other Malwares
A. Multi-Partite
o A virus that attempts to attack both the boot sector and the executable, or program, files at the
same time.
o When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the
virus attaches to the files, it will in turn infect the boot sector.
o Such viruses are highly infectious.
B. Companion Virus
A virus which infects executable files by creating a ‘companion’ file with the same name but an
.COM extension.
Since DOS executes .COM files, followed by .EXE files, and finally .BAT files, the virus loads
before the executable file.
C. Boot sector or MBR virus
A virus which infects the boot sector of disks
Boot sector
Hard disk drives, floppy diskettes, and logical drives (partitions) all have boot sectors where
critical drive information is stored.
Master Boot Record
On all PC fixed disks, the first physical sector is reserved for a short bootstrap program. This
sector is the master Boot (MBR).
384
Other Malware
D. Stealth Virus
A computer virus that actively hides itself from antivirus software by either
masking the size of the file that it hides in or temporarily removing itself from
the infected file and placing a copy of itself in another location on the drive,
replacing the infected file with an uninfected one that it has stored on the hard
drive.
A stealth virus is one that conceals the changes it makes
A stealth virus is programmed as such that it is able to conceal itself from
discovery or defends itself against attempts to analyze or remove it
E. Macro Virus
A macro virus is a virus written in one of the many macro languages.
The macro viruses spread via infected files, which can be documents,
spreadsheets, databases, or any computer program which allows use of a
macro language.
At present these viruses can infect Microsoft Word and Lotus AmiPro
documents.
This virus attaches itself to a word processing or spreadsheet file(mainly
Microsoft Word or Excel file)
385
DoS- Denial of Service Attack
DoS attack is a cyber-attack in which the
perpetrator seeks to make a machine or network
resource unavailable to its intended users by
disrupting services of a host connected to the
Internet
Is blocking access of legitimate users to a service.
It aims to inhibit the normal use of communication
facilities
Make a network service unusable, usually by
overloading the server or network
386
Denial of Service Attack
Simple illustration of DoS attack
Web Server X
Ping
Ping
Ping
Logical security
388
Physical security:
refers to the issues related to the physical security
of the equipment that comprises or is connected
to the network.
Keeping rooms locked
Keeping computers locked
A combination of locks and alarms is an
excellent theft prevention system for computer
labs
Surge protectors and uninterruptable power
supplies (UPS) are a low cost investment that
can save very costly equipment damage.
389
Logical security
Logical security is concerned with security of
data stored on devices connected to the network.
It involves
controlling passwords and password policies
controlling access to data on servers
controlling access to backup tapes
preventing sources outside the network from
gaining access to the network
390
Security Solutions
There are a number of basic ways that a computer can be
made more secure.
Backups/disaster recovery
Encryption
Cryptography
Authentication
Validation
Data Protection
Anti-Viruses
Firewall
Intrusion Detection System (IDS)
391
Backups (redundancy/disaster recovery)
The purpose of a backup is to make a copy of data,
which is unlikely to be lost or destroyed.
If we want a backup to be protected from the some
accidents that would destroy the data, we have to
store it in a different physical location.
Backups can be done on tapes, disks and at a
different physical location by using network
copying.
392
Backups
The key principle of backups is redundancy.
Redundancy is like an insurance policy.
Redundancy means making multiple copies of
data, so that we always have something to fall
back on
We can have backups of data, but we can also
have backup of services, in case we lose an
important piece of hardware.
393
Backups
There are two kinds of backup
Full dump: copies every file on a source medium to a
backup medium.
Incremental or differential dump: copies files
according to the level of the dump.
A level 0 dump copies everything.
A level 1 dump copies everything, which has
changed since the last level 0 dump.
A level 2 dump copies everything which has changed
since the last level 1 dump or level 0 dump and so
on.
394
Encryption
Encryption is a process that encodes a message or file so
that it can be only be read by certain people.
Process of converting plaintext (readable data) into
ciphertext (unreadable characters) to prevent unauthorized
parties from viewing or modifying it.
Encryption uses an algorithm to scramble, or encrypt,
data and then uses a key for the receiving party to
unscramble, or decrypt, the information
Encryption key specifies the transformation of plaintext
into ciphertext, and vice versa for decryption algorithms
To read the data, the recipient must decrypt, or decipher the
data
395
Encryption- Authentication
Authentication is the process of logging in, signing on in a
manner that proves his or her identity
The most common example of authentication is the use
of username and password to gain access to a system,
network or web site.
The username and password combination is often
referred to as a person’s credentials and it is frequently
sent over networks.
396
Encryption- Authentication
Encryption is used to protect these credentials. If no
encryption is used to protect the information as it is sent
over the network, an attacker could capture those
credentials and assume the identity of the originator.
Item that you must carry to gain access to computer or
facility are called personal identification number (PIN)
Fingerprint, hand geometry, voice, signature, and iris are
a means of authentication
397
Encryption- Validation
Validation describes the ability to provide
assurance that a sender’s identity is true and that a
message, document or file has not been modified.
Encryption can be used to provide validation by
making a digital fingerprint of the information
contained within a message.
A digital fingerprint is a code that uniquely
identifies a file or a message by reflecting the
content of the file with tremendous specificity.
398
Encryption- Data Protection
Encryption of files protects the data that is written to the hard disk on
the computer.
Data protection is vital in the event of theft of the computer itself or
if an attacker successfully breaks into the system.
file encryption becomes more difficult to use and manage if the
encryption key is shared among multiple employees..
The more people who have access to encryption keys, the less
effective encryption becomes.
The risk of loss, theft or compromise of information rises as the
number of users increases.
Files that have been encrypted are also vulnerable to employees who
leave the organization
399
Antiviruses
To prevent viruses from entering a system
there are two options.
Isolate the machine
disconnect it from the Internet or any other
network, not using USB disks or any other
removable disks.
This way one can be sure that no virus enters
into the computer.
400
Antiviruses
401
Antiviruses
Most Antivirus programs include an
auto-update feature that enables the
program to download profiles of new
viruses so that it can check for the new
viruses as soon as they are discovered.
AVG, Norton, Kaspersky, AVAST and
McAfee are some of the examples of
Antivirus programs.
402
Functions of Anti-virus
Identification of known viruses
Detection of suspected viruses
Blocking of possible viruses
Disinfection of infected objects
Deletion infected objects
Overwriting of infected objects
403
Firewall
A firewall is a security system consisting of
hardware and/or software that prevents
unauthorized network access
A firewall provides a security barrier between
networks or network segments.
Firewalls are generally set up to protect a
particular network or network component from
attack, or unauthorized penetration by outside
invaders.
Limits network access b/n trusted and untrusted
hosts
404
Firewall
A firewall also may be set up to protect vital
corporate or institutional data or resources
from internal attacks or incompetence.
Internal firewalls are generally placed
between administrative, or security, domains
in a corporate or institutional network.
405
Firewall
All traffic to or from the protected network
must go through the firewall; the firewall is
designed to allow only authorized traffics
If the firewall does its filtering job
successfully, attacks will never even reach the
protected network.
If a received packet is legitimate, the firewall
will pass on the traffic to the appropriate
machine.
406
Firewalls
They are configured with a table of destination’s IP
addresses that characterize the packets they will, and
will not, forward.
It gives the IP address and TCP (or UDP) port number
for both the source and destination.
a firewall divides a network into a more-trusted zone
internal to the firewall, and a less-trusted zone
external to the firewall. These are
The internal network
The DMZ (“demilitarized zone”)
The rest of the Internet.
Firewall
Three broad categories of firewall are distinguished
Packet-filtering
pass or drop packets based on their source or
destination addresses or ports.
Application filtering
filters screen traffic involving specific applications or
services (ftp, Http)
Circuit-level
looks not only at source and destination addresses but
also at the circuits that have been established for a
connection.
408
Personal firewall utility
409
Firewall
Internet DMZ
Web server, email
server, web proxy,
etc
Firewall
Firewall Intranet
410
Firewall
411
Intrusion Detection System (IDS)
An IDS gathers and analyzes information from
various areas within a computer or a network to
identify possible security breaches
Used to monitor for “suspicious activity” on a
network
It detects both intrusions and misuse
412
Intrusion Detection System (IDS)
Intrusion detection functions include
Monitoring and analyzing both user and system
activities
Analyzing system configurations and
vulnerabilities
Assessing system and file integrity
Ability to recognize patterns typical of attacks
Analysis of abnormal activity patterns
Tracking user policy violations
413
Network Security Tools
Nessus- vulnerability scanners
Wireshark-- packet sniffers
Snort (IDS- - intrusion detection system
Netcat-- Netcat)
Metasploit -Framework (vulnerability exploitation tools)
HPing2 -- packet crafting tools
Kismet -- wireless tools or packet sniffers
TCPDump --- packet sniffers
Cain and Abel (password crackers or packet sniffers)
John The Ripper (password crackers)
414