Flashcards in C172 Network and Security Deck (172):
The set of rules established for users to exchange information.
The network architecture used to interconnect the networking equipment.
Access to the network is provided at fixed time intervals.
Token Ring Topology
A network topology configured in a logical ring that complements the token passing protocol.
The computers share the media (coaxial cable) for data transmission.
The most common networking topology in today's LANs where all networking devices connect to a central switch or hub.
Another name for a hub, a device that broadcasts messages to all devices connected to its ports, not just the intended one.
Forwards a frame of data to the port associated with the destination address instead of sending it to every port.
All networking devices are directly connected to each other.
Open Systems Interconnect. Developed in 1984 by the International Organization for Standardization. It represents the seven layers describing network functions. Application, Presentation, Session, Transport, Network, Data Link, and Physical.
1. Provides the electrical and mechanical connection to the network. NIC Card, Fiber Cable, Twister Pair Cable.
Data Link Layer
2. Handles error recovery, flow control (synchronization), and sequencing (which terminals are sending and which are receiving). This is where the MAC (media access control) Addressing is defined. The Ethernet 802.3 standard is defined in this area. MAC Addresses.
3. Accepts outgoing messages and combines messages or segments into packets, adding a header that includes routing information. It acts as the network controller. IP (Internet Protocol) and IPC (Internetwork Packet Exchange).
4. Is concerned with message integrity between source and destination. Segments/Reassembles the packets and handles flow control. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
5. Provides the control functions necessary to establish, manage, and terminate the connections as required to satisfy the user request. NFS (Network File System) and SQL (Structured Query Language).
6. Accepts and structures the messages for the application. It translates the message from one code to another if necessary. This layer is responsible for data compression and encryption. ASCII(American Standard code for Information Exchange) and JPEG (Joing Photographic Experts Group).
7. Interacts with application programs that incorporate a communication component such as your internet browser and email. This layer is responsible for logging the message in, interpreting the request, and determining what information is needed to support the request. HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and SMTP (Simple Mail Transfer Protocol).
Three basic steps in isolating a network problem
Is the connection to the machine down? (Layer 1)
Is the network down? (Layer 3)
Is a service on the specific machine down? (Layer 7)
The Ethernet LAN media-access method, carrier sense multiple access with collision detection.
The most common networking protocol used in modern computer networks. Basically, for a computer to "talk" on the Ethernet network, it first "listens" to see whether there is any data traffic (carrier sense). This means that any computer connected to the LAN can be "listening" for data traffic, and any of the computers on the LAN can access the network (multiple access). There is a chance that two or more computers will attempt to broadcast a message at the same time; therefore, Ethernet systems must have the capability to detect data collisions (collision detection).
A piece of information being transmitted that includes the header, data, and, trailer. Minimum length is 64 bytes from the destination MAC address through the frame check sequence. Maximum length is 1,518 bytes; 6 bytes for the destination MAC, 6 for source MAC 2 for length/type; 1,500 for data, and 4 for CRC.
Consists of the preamble (alternating pattern of 1s and 0s used for synchronization), start frame delimiter (a binary sequence of 10101011 that indicates the start of a frame), destination, and source address (MAC addresses), and length/type field (An indication of the number of bytes in the data field if this value is less than 1500. If this number is greater than 1500 it indicates the type of data format for example IP or IPX..
Actual Data being transmitted followed by the pad used to bring the number of bytes up to the minimum of 46.
4 byte CRC (cyclic redundancy check) value used for error checking.
Media Access Control. 6 Bytes (48 bits) displayed in 12 hexadecimal digits. The first 6 indicate the vendor of the interface, the last 6 form a unique value for each device assigned by the vendor. Also called the Ethernet, physical, hardware, or adapter address.
Internet Assigned Numbers Authority, the agency that assigns IP Addresses to computer networks and makes sure no two different networks are assigned the same IP network address.
44.x.x.x. Max number of hosts 16,777,214 Range 0.0.0.0-127.255.255.255.255
128.123.x.x. Max number of hosts 65,534. Range 126.96.36.199-188.8.131.52
192.168.1.x. Max number of hosts 254. Range 192.0.0.0-184.108.40.206
224.x.x.x Reserved for multicast groups. Range 220.127.116.11-18.104.22.168
The portion of the IP Address that defines which network the IP packet is originating from or being delivered to. If the address is class A 44.x.x.x the 44 is the network number.
The porting of the IP address that defines the address of the networking device connected to the network. If the address is class C 192.168.1.x the x is the host number.
Organizationally Unique Identifier. First 6 bytes of a MAC address, identifies the vendor of the device.
802.11a (Wireless-A): This standard can provide data transfer rates up to 54Mbps and an operating range up to 75 feet. It operates at 5GHz.
802.11b (Wireless-B): This standard can provide data transfer rates up to 11Mbps with ranges of 100-150 feet. It operates at 2.4GHz.
802.11g (Wireless-G): This standard can provide data transfer rates up to 54Mbps up to 150 feet. It operates at 2.4GHz.
802.11n (Wireless-N): This standard provides data transfer rates up to 4 x 802.11g speeds (200+Mbps). It operates either at 2.4GHz or 5GHz.
802.11ac (Wireless-AC): This is the latest wireless standard. It provides single-station data transfer rates of 500Mbps and operates in the 5GHz frequency band.
Where NAT translates the home network's private IP addresses to a single public IP address.
Port Address Translation. A port number is tracked with the client computer's private address when translating to a public address.
10Base2 10Mbps over coaxial cable up to 185 m, also called ThinNet (seldom used anymore)
10Base5 10Mbps over coaxial cable up to 500 m, also called ThickNet (seldom used anymore)
10BaseT 10Mbps over twisted-pair
10BaseF 10Mbps over multimode fiber-optic cable
10BaseFL 10Mbps over 850 nm multimode fiber-optic cable
100BaseT 100Mbps over twisted-pair (also called Fast Ethernet)
100BaseFX 100Mbps over fiber
1000BaseT 1000Mbps over twisted-pair
1000BaseFX 1000Mbps over fiber
10GE 10GB Ethernet
Transmit and receive signal pairs are crossed properly to properly align the transmit signal on one device with the receive signal on the other device.
Transmit and receive signal pairs are aligned end-to-end. Uplink Port for connecting switches to other switches.
EIA/TIA 568-A Addendum 5.
Published in 1999, this addendum defined the transmission performance specifications for 4-pair 100 ohm category 5e twisted-pair cabling. TIA/EIA adopted new category 6 (CAT6) cable specifications in June 2002. This is the type of cabling recommended for use in today's computer networks,
Interconnected LANs within a limited geographic area.
Published in 2000. The three parts of the EIA/TIA 568-B are as follows:
EIA/TIA-568-B.1: Commercial Cabling Standard, Master Document
IA/TIA-568-B.2: Twisted-pair Media
EIA/TIA-568-B.3: Optical Fiber Cabling Standard
The point where the external cabling and wireless services interconnect with the internal building cabling. Also called the Entrance Facilities.
Equipment Room (ER)
A room set aside for complex electronic equipment such as the network servers and telephone equipment.
The location of the cabling termination points that includes the mechanical terminations and the distribution frames
Equipment Room. Cabling that interconnects telecommunication closets in the same building and between buildings
Cabling that extends out from the telecommunications closet into the LAN work area
The location of the computers and printers, patch cables, jacks, computer adapter cables, and fiber jumpers.
MC (Main Cross-Connect)
Usually connects two or more buildings and is typically the central telecommunications connection point for a campus or building. It is also called the main distribution frame (MDF) or main equipment room. The MC connects to Telco, an IS P, and so on. Another term for the MC is the campus distributor (CD).
IC (Intermediate Cross-Connect)
Also called the building distributor (BD), this is the building's connection point to the campus backbone. The IC links the MC to the horizontal cross-connect (HC).
HC (Horizontal Cross-Connect)
The connection between the building distributors and the horizontal cabling to the work area or workstation outlet—another term used for the HC is the floor distributors (FD).
Or Work Area Outlet (WO). Also called the TO (telecommunications outlet), it's used to connect devices to the cable plant. The cable type typically used is CAT3, CAT5, CAT5e, CAT6, CAT6A, and various coaxial cables. Devices typically connected to these outlets are PCs, printers, servers, phones, televisions, and wireless access points.
The proper term for the RJ-45 modular plug used in computer systems is actually 8P8C for both male and female connectors. 8P8C stands for 8-pin 8-conductors and is defined by ANSI/TIA-968-A and B but is commonly called RJ-45 by both professionals and end users.
Unshielded twisted-pair (UTP) cable plays an important role in computer networking. The most common twisted-pair standards used for computer networking today are category 6 (CAT6), category 6a (CAT6a), and category 5e (CAT5e). CAT6 cable is tested to provide the transmission of data rates up to 1000Mbps for a maximum length of 100 meters. CAT6a is an improved version of CAT6 and will support 10GB Ethernet.
CAT5e cable is an enhanced version of CAT5 and provides improved performance requirements of the cable. CAT6 provides improved performance and a bandwidth of 250MHz. CAT5/5e twisted-pair cable contains four color-coded pairs of 24-gauge wires terminated with an RJ-45 (8P8C) connector. CAT6 twisted-pair cable also contains four color-coded wires, but the wire gauge is 23AWG. CAT6 cable has a stiffer feel compared to CAT5e.
The precise manner in which the twist of CAT6/5e/5 cable is maintained, even at the terminations, provides a significant increase in signal transmission performance. CAT5/5e standards allow 0.5 inches of untwisted cable pair at the termination. CAT6 has an even tighter requirement that allows for only 3/8-inch of untwisted cable at the termination. The termination is the point where the cable is connected to terminals in a modular plug, jack, or patch panel.
CAT6/5e/5 twisted-pair cable contains four twisted wire pairs for a total of eight wires. In twisted-pair cable, none of the wires in the wire pairs are connected to ground. The signals on the wires are set up for a high (+) and low (-) signal line. The (+) indicates that the phase relationship of the signal on the wire is positive, and the (-) indicates that the phase of the signal on the wire is negative; both signals are relative to a virtual ground. This is called a balanced mode of operation—the balance of the two wire pairs helps maintain the required level of performance in terms of crosstalk and noise rejection.
Category 3 (CAT3) Telephone installations Class C Up to 16Mbps
Category 5 (CAT5) Computer networks Class D Up to 100MHz/100Mbps 100-m length
Enhanced CAT5 (CAT5e) Computer networks 100MHz/1000Mbps applications with improved noise performance in a full duplex mode
Category 6 (CAT6) Higher-speed computer Up to 250MHz networks Class E/1000Mbps
CAT6 supports 10Gbps but at distances fewer than 100 meters
Category 6a (CAT6a) Increased bandwidth Up to 500MHz networks Class Ea/10Gbps
Category 7 (CAT7) International Organization for Standardization (ISO ) standard, not an EIA/TIA standard Up to 600MHz speed computer networks Class F/10Gbps
Category 7a (CAT7a) ISO standard, not an EIA/TIA standard Up to 1000MHz speed computer networks Class FA/10Gbps
Computer system can transmit and receive at the same time
In some applications, a wire screen or metal foil shield is placed around the twisted-pair cable. Cable with the addition of a shield is called STP cable. The addition of this shield reduces the potential for electromagnetic interference (EMI) as long as the shield is grounded. EMI originates from devices such as motors and power lines and from some lighting devices such as fluorescent lights.
T568A and T568B Color Map
Pin # 568A Wire Color 568B Wire Color
1 White-Green White-Orange
2 Green Orange
3 White-Orange White-Green
4 Blue Blue
5 White-Blue White-Blue
6 Orange Green
7 White-Brown White-Brown
8 Brown Brown
Point from one cable termination to another
Consists of all the link elements from the wall plate to the hub or switch
Copper Attenuation (Insertion Loss)
This parameter defines the amount of loss in signal strength as it propagates down the wire. This is caused by the resistance of the twisted-pair cable, the connectors, and leakage of the electrical signal through the cable insulation. Attenuation also will increase with an increase in frequencies due to the inductance and capacitance of the cable. The cable test results will report a margin. Margin for attenuation (insertion loss) is defined as the difference between the measured value and the limit for the test. If the margin shows a negative value, the test has failed. A negative value is produced when the measured value is less than the limit. The limit for attenuation (insertion loss) for CAT6 is 21.3 dB, CAT6A is 20.9, CAT7 is 20.8, and CAT7a is 20.3. It is also important to note that UTP cables have a limit on how much the cable can be bent (bend radius). The limit on the bend radius is four times the outer jacket diameter. The reason for this is bends exceeding the limit can introduce attenuation loss.
Near-End Crosstalk (NEXT)
When current travels in a wire, an electromagnetic field is created. This field can induce a voltage in adjacent wires resulting in crosstalk. Crosstalk is what you occasionally hear on the telephone when you can faintly hear another conversation. Near-end crosstalk, or NEXT, is a measure of the level of crosstalk, or signal coupling within the cable. The measurement is called near-end testing because the receiver is more likely to pick up the crosstalk from the transmit to the receiver wire pairs at the ends. The transmit signal levels at each end are strong, and the cable is more susceptible to crosstalk at this point. Additionally, the receive signal levels have been attenuated due to normal cable path loss and are significantly weaker than the transmit signal. A high NEXT (dB) value is desirable.
Power Sum NEXT (PSNEXT)
The enhanced twisted-pair cable must meet four-pair NEXT requirements, called PSNEXT testing. Basically, power sum testing measures the total crosstalk of all cable pairs. This test ensures that the cable can carry data traffic on all four pairs at the same time with minimal interference. A higher PSNEXT value is desirable because it indicates better cable performance.
Equal Level FEXT (ELFEXT)
This measurement differs from NEXT in that the measurement is for the far end of the cable. Additionally, the ELFEXT measurement does not depend on the length of the cable. This is because ELFEXT is obtained by subtracting the attenuation value from the far-end crosstalk (FEXT) loss. Higher ELFEXT values (dB) indicate the signals at the far end of the cable are larger than the cross-talk measured at the far end. A larger ELFEXT (dB) value is desirable. A poor ELFEXT can result in data loss.
Power sum ELFEXT that uses all four wire pairs to obtain a combined ELFEXT performance measurement. This value is the difference between the test signal level and the cross-talk measured at the far end of the cable. A higher PSELFEXT value indicates better cable performance.
This measurement compares the signal level from a transmitter at the far end to the crosstalk measured at the near end. A larger ACR indicates that the cable has a greater data capacity and also indicates the cable's ability to handle a greater bandwidth. Essentially, it is a combined measurement of the quality of the cable. A higher ACR value (dB) is desirable.
Power sum ACR uses all four wire pairs to obtain the measure of the attenuation-crosstalk ratio. This is a measurement of the difference between PSNEXT and attenuation (insertion loss). The difference is measured in dB, and higher PSACR dB values indicate better cable performance.
An equally important twisted-pair cable measurement is return loss. This measurement provides a measure of the ratio of power transmitted into a cable to the amount of power returned or reflected. The signal reflection is due to impedance changes in the cable link and the impedance changes contributing to cable loss. Cables are not perfect, so there will always be some reflection. Examples of the causes for impedance changes are non-uniformity in impedance throughout the cable, the diameter of the copper, cable handling, and dielectric differences. A low return loss value (dB) is desirable.
This is a measure of the amount of time it takes for a signal to propagate from one end of the cable to the other. The delay of the signal is affected by the nominal velocity of propagation (NVP) of the cable. NVP is some percentage of the velocity of light and is dependent on the type of cable being tested. The typical delay value for CAT5/5e UTP cable is about 5.7 nsec per meter. The EIA/TIA specification allows for 548 nsec for the maximum 100-meter run for CAT5e, CAT6, CAT6a, CAT7, and CAT7A
This is a measure of the difference in arrival time between the fastest and the slowest signal in a UTP wire pair. It is critical in high-speed data transmission that the data on the wire pair arrive at the other end at the same time. If the wire lengths of different wire pairs are significantly different, then the data on one wire will take longer to propagate along the wire, hence arriving at the receiver at a different time and potentially creating distortion of the data and data packet loss. The wire pair with the shortest length will typically have the least delay skew.
Alien Crosstalk (AXT)
Unwanted signal coupling from one permanent link to another
Technique used to reduce in the required bandwidth required to transport the data
Ratio of the speed of light in free space to its speed in a given material.
Light extending from 680 nm up to the wavelengths of the microwaves
Light frequencies from the infrared on up
Most Commonly Used Wavelengths in Fiber-Optic Systems
Multimode fiber: (850 and 1310) nm
Single mode fiber: (1310 and 1550) nm
Fiber to the home/business: 1600-1625 nm
Typical construction of a fiber-optic cable
The core is the portion of the fiber strand that carries the transmitted light. The cladding is the material surrounding the core. It is almost always glass, although plastic cladding of a glass fiber is available but rarely used. In any event, the refractive index for the core and the cladding are different. The cladding must have a lower index of refraction to keep the light in the core. A plastic coating surrounds the cladding to provide protection.
The numerical aperture is a basic specification provided by the manufacturer that indicates the fiber's ability to accept light and shows how much light can be off-axis and still propagate.
The difficulty of coupling significant light into such a small fiber led to development of fibers with cores of about 20 to 100 µm. These fibers support many waveguide modes and are called multimode fibers. The first commercial fiber-optic systems used multimode fibers with light at 800–900 nm wavelengths. A variation of the multimode fiber was subsequently developed, termed graded-index fiber. This afforded greater bandwidth capability.
Stretching of received pulse width because of multiple paths taken by the light. Limits the maximum distance and rate at which data (pulses of light) can be practically transmitted. You will also note that the output pulse has reduced amplitude as well as increased width. The greater the fiber length, the worse this effect will be. As a result, manufacturers rate their fiber in bandwidth per length, such as 400MHz/km. This means the fiber can successfully transmit pulses at the rate of 400MHz for 1 km, 200MHz for 2 km, and so on. In fact, current networking standards limit multimode fiber distances to 2 km.
The index of refraction is gradually varied with a parabolic profile. This results in low-order modes traveling through the constant-density material in the center. High-order modes see a lower index of refraction material farther from the core, and thus the velocity of propagation increases away from the center. Therefore, all modes, even though they take various paths and travel different distances, tend to traverse the fiber length in about the same amount of time. These fibers can therefore handle higher bandwidths and/or provide longer lengths of transmission before pulse dispersion effects destroy intelligibility and introduce bit errors.
Fiber cables with core diameters of about 7-10 µm; light follows a single path. Single-mode fibers are widely used in long-haul and wide area network (WAN) applications. They permit transmission of about 10Gbps and a repeater spacing of up to 80 km. These bandwidth and repeater spacing capabilities are constantly being upgraded by new developments.
Mode Field Diameter
Mode field diameter is the actual guided optical power distribution diameter. In a typical single-mode fiber, the mode field diameter is 1 µm or so larger than the core diameter. The actual value depends on the wavelength being transmitted. In fiber specification sheets, the core diameter is stated for multimode fibers, but the mode field diameter is typically stated for single-mode fibers.
The loss of power introduced by the fiber. This loss accumulates as the light is propagated through the fiber strand. The loss is expressed in dB/km (decibels per kilometer) of length. The loss, or attenuation, of the signal is due to the combination of four factors: scattering, absorption, macrobending, and microbending. Two other terms for attenuation are intrinsic and extrinsic.
Scattering is the primary loss factor over the three wavelength ranges. Scattering in telecommunication systems accounts for 96 percent of the loss and is the basis of the attenuation curves and values.
Absorption is the second loss factor, a composite of light interaction with the atomic structure of the glass. It involves the conversion of optical power to heat. One portion of the absorption loss is due to the presence of OH hydroxol ions dissolved in the glass during manufacture.
Macrobending is the loss caused by the light mode breaking up and escaping into the cladding when the fiber bend becomes too tight. As the wavelength increases, the loss in a bend increases. Although losses are in fractions of dB, the bend radius in small splicing trays and patching enclosures should be minimal.
Microbending is a type of loss caused by mechanical stress placed on the fiber strand, usually in terms of deformation resulting from too much pressure being applied to the cable. For example, excessively tight tie wraps or clamps will contribute to this loss. This loss is noted in fractions of a dB.
Dispersion, or pulse broadening, is the second of the two key distance-limiting parameters in a fiber-optic transmission system. It is a phenomenon in which the light pulse spreads out in time as it propagates along the fiber strand. This results in a broadening of the pulse. If the pulse broadens excessively, it can blend into the adjacent digital time slots and cause bit errors.
The diode laser is a preferred source for moderate-band to wideband systems. It offers a fast response time (typically less than 1 ns) and can couple high levels of useful optical power (usually several mW) into an optical fiber with a small core and a small numerical aperture. The DL is usually used as the source for single-mode fiber because LEDs have a low input coupling efficiency.
High Radiance LED
Some systems operate at a slower bit rate and require more modest levels of fiber-coupled optical power (50-250 W). These applications allow the use of high-radiance LEDs. The LED is cheaper, requires less complex driving circuitry than a DL, and needs no thermal or optical stabilizations.
An isolator is an inline passive device that allows optical power to flow in one direction only.
Attenuators are used to reduce the received signal level (RSL). They are available in fixed and variable configurations.
Branching devices are used in simplex systems where a single optical signal is divided and sent to several receivers, such as point-to-multipoint data or a CATV distribution system.
Splitters are used to split, or divide, the optical signal for distribution to any number of places.
Wavelength Division Multiplexer
Wavelength division multiplexers combine or divide two or more optical signals, each having a different wavelength. They are sometimes called optical beam splitters.
Optical Line Amplifiers
Optical-line amplifiers are analog amplifiers. Placement can be at the optical transmitter output, midspan, or near the optical receiver.
A long-term method where two fibers are fused or welded together
Two fibers joined together with an air gap, thereby requiring an index-matching gel to provide a good splice
Synchronous optical network; protocol standard for optical transmission in long-haul communication/synchronous digital hierarchy.
GBIC or SFP
Convert optical to electrical. Gigabit Interface Converter and Small Form factor Pluggable.
Logical Fiber Map
Shows how the fiber is interconnected and data is distributed throughout a campus
Physical Fiber Map
Shows the routing of the fiber but also shows detail about the terrain, underground conduit, and entries into buildings
Carrier sense multiple access/collision avoidance for wireless networks.
Beamforming is a technique that is used to direct transmission of the radio signal to a specific device. The benefit of this is increasing data throughput while reducing power consumption. 802.11n used beamforming, but it was not standardized. The transmit range for 802.11ac is similar to or better than 802.11n.
Bluetooth Connection Procedure
If a Bluetooth device is discovered, it sends an inquiry reply back to the Bluetooth device initiating the inquiry. Next, the Bluetooth devices enter the paging procedure. The paging procedure is used to establish and synchronize a connection between two Bluetooth devices. When the procedure for establishing the connection has been completed, the Bluetooth devices will have established a piconet. A piconet is an ad hoc network of up to eight Bluetooth devices such as a computer, mouse, headset, earpiece, and so on. In a piconet, one Bluetooth device (the master) is responsible for providing the synchronization clock reference. All other Bluetooth devices are called slaves.
(Worldwide Interoperability for Microwave Access) is a broadband wireless system that has been developed for use as broadband wireless access (BWA) for fixed and mobile stations and can provide a wireless alternative for last mile broadband access in the 2GHz-66GHz frequency range. BWA access for fixed stations can be up to 30 miles, whereas mobile BWA access is 3-10 miles. Internationally, the WiMAX frequency standard is 3.5GHz, while the United States uses both the unlicensed 5.8GHz and the licensed 2.5GHz spectrum. There are also investigations with adapting WiMAX for use in the 700MHz frequency range. Information transmitted at this frequency is less susceptible to signal blockage due to trees. The disadvantage of the lower frequency range is the reduction in the bandwidth.
Radio frequency identification (RFID) is a technique that uses radio waves to track and identify people, animal, objects, and shipments. This is done by the principle of modulated backscatter. The term "backscatter" is referring to the reflection of the radio waves striking the RFID tag and reflecting back to the transmitter source with its stored unique identification information.
A wireless network communications protocol technique similar to the Ethernet protocol. Used in RFID
Using wireless equipment to detect wireless management packets
Extensible Authentication Protocol and is used in both WPA and WPA2 by the client computer and the access point. Before a computer is authorized to a wireless network EAP messages are used to communicate between the computer and access point.
A Remote Authentication Dial-In User Service (RADIUS) service is sometimes used to provide authentication. This type of authentication helps prevent unauthorized users from connecting to the network. Additionally, this authentication helps to keep authorized users from connecting to rogue or unauthorized access points.
The bridge is a layer 2 device in the OSI model, meaning that it uses the MAC address information to make decisions regarding forwarding data packets. Only the data that needs to be sent across the bridge to the adjacent network segment is forwarded. This makes it possible to isolate or segment the network data traffic.
The bridge forwards the data traffic to all computers connected to its port.
Indicates that the destination address is for a networking device connected to one of the ports on the bridge
Layer 2 Switch
The layer 2 switch is an improved network technology that addresses the issue of providing direct data connections, minimizing data collisions, and maximizing the use of a LAN's bandwidth; in other words, that improves the efficiency of the data transfer in the network. The switch operates at layer 2 of the OSI model and therefore uses the MAC or Ethernet address for making decisions for forwarding data packets. The switch monitors data traffic on its ports and collects MAC address information in the same way the bridge does to build a table of MAC addresses for the devices connected to its ports.
Allows the network administrator to monitor, configure, and manage select network features
The length of time a MAC address remains assigned to a port
Content Adressable Memory (CAM)
A table of MAC addresses and port mapping used by the switch to identify connected networking devices
The term used to describe what happens when a switch doesn't have the destination MAC address stored in CAM.
In this mode, the entire frame of data is received before any decision is made regarding forwarding the data packet to its destination. There is switch latency in this mode because the destination and source MAC addresses must be extracted from the packet, and the entire packet must be received before it is sent to the destination. The term switch latency is the length of time a data packet takes from the time it enters a switch until it exits. An advantage of the store-and-forward mode is that the switch checks the data packet for errors before it is sent on to the destination. A disadvantage is lengthy data packets will take a longer time before they exit the switch and are sent to the destination.
In this mode, the data packet is forwarded to the destination as soon as the destination MAC address has been read. This minimizes the switch latency; however, no error detection is provided by the switch. There are two forms of cut-through switching—Fast-Forward and Fragment Free.
Fast-Forward: This mode offers the minimum switch latency. The received data packet is sent to the destination as soon as the destination MAC address is extracted.
Fragment-Free: In this mode, fragment collisions are filtered out by the switch. Fragment-collisions are collisions that occur within the first 64 bytes of the data packet. Recall from Lesson 1, "Introduction to Computer Networks," Table 1-1 that the minimum Ethernet data packet size is 64 bytes. The collisions create packets smaller than 64 bytes, which are discarded. Latency is measured from the time the first bit is received until it is transmitted.
Multilayer Switch (MLS)
An example is a layer 3 switch. Layer 3 switches still work at layer 2 but additionally work at the network layer (layer 3) of the OSI model and use IP addressing for making decisions to route a data packet in the best direction. The major difference is that the packet switching in basic routers is handled by a programmed microprocessor. The layer 3 switch uses application-specific integrated circuits (ASICs) hardware to handle the packet switching. The advantage of using hardware to handle the packet switching is a significant reduction in processing time (software versus hardware). In fact, the processing time of layer 3 switches can be as fast as the input data rate. This is called wire speed routing, where the data packets are processed as fast as they are arriving. Multilayer switches can also work at the upper layers of the OSI model. An example is a layer 4 switch that processes data packets at the transport layer of the OSI model.
The router is a layer 3 device in the OSI model, which means the router uses the network address (layer 3 addressing) to make routing decisions regarding forwarding data packets. Remember from Lesson 1, section 3, that the OSI model separates network responsibilities into different layers. In the OSI model, the layer 3 or network layer responsibilities include handling of the network address. The network address is also called a logical address, rather than being a physical address such as the MAC address. The physical address is the hardware or MAC address embedded into the network interface card. The logical address describes the IP address location of the network and the address location of the host in the network.
The term used to describe the network used by a large company.
Transmission Control Protocol/Internet Protocol. Has four layers Application, Transport, Internet, and Network Interface.
TCP/IP Application Layer
The top level of the TCP/IP stack is the application layer. This layer is used to process requests from hosts and to ensure a connection is made to an appropriate port. A port is basically an address used to direct data to the proper destination application.
There are 65,536 possible TCP/UDP ports. Ports 1-1023 are called well-known ports or reserved ports. These ports are reserved by Internet Corporation for Assigned Names and Numbers (ICANN). Ports 1024-49151 are called registered ports and are registered with ICANN. Ports 49152-65535 are called dynamic or private ports.
TCP/IP Transport Layer
The transport layer protocols in TCP/IP are very important in establishing a network connection, managing the delivery of data between a source and destination host, and terminating the data connection. There are two transport protocols within the TCP/IP transport layer, TCP and UDP. TCP, the Transmission Control Protocol, is a connection-oriented protocol, which means it establishes the network connection, manages the data transfer, and terminates the connection. The TCP protocol establishes a set of rules or guidelines for establishing the connection. TCP verifies the delivery of the data packets through the network and includes support for error checking and recovering lost data. TCP then specifies a procedure for terminating the network connection.
A unique sequence of three data packets is exchanged at the beginning of a TCP connection between two hosts, This is a virtual connection that is made over the network. This sequence is as follows:
The SYN (Synchronizing) packet
The SYN ACK (Synchronizing Acknowledgement) packet
The ACK (Acknowledgement) packet
the User Datagram Protocol, is a connectionless protocol. This means UDP packets are transported over the network without a connection being established and without any acknowledgement that the data packets arrived at the destination. UDP is useful in applications such as videoconferencing and audio feeds, where such acknowledgements are not necessary.
TCP/IP Internet Layer
The TCP/IP Internet layer defines the protocols used for addressing and routing the data packets. Protocols that are part of the TCP/IP Internet layer include IP, ARP, ICMP, and IGMP.
The IP (Internet Protocol) defines the addressing used to identify the source and destination addresses of data packets being delivered over an IP network. The IP address is a logical address that consists of a network and a host address portion. The network portion is used to direct the data to the proper network. The host address identifies the address locally assigned to the host. The network portion of the address is similar to the area code for a telephone number. The host address is similar to the local exchange number. The network and host portions of the IP address are then used to route the data packets to the destination.
Address Resolution Protocol (ARP) is used to resolve an IP address to a hardware address for final delivery of data packets to the destination. ARP issues a query in a network called an ARP request, asking which network interface has this IP address. The host assigned the IP address replies with an ARP reply, the protocol that contains the hardware address for the destination host.
The Internet Control Message Protocol (ICMP) is used to control the flow of data in the network, to report errors, and to perform diagnostics. A networking device, such as a router, sends an ICMP source-quench packet to a host that requests a slowdown in the data transfer.
An important troubleshooting tool within the ICMP protocol is ping, the packet Internet groper. The ping command is used to verify connectivity with another host in the network. The destination host could be in a LAN, in a campus LAN, or on the Internet.
IGMP is the Internet Group Management Protocol. It is used when one host needs to send data to many destination hosts. This is called multicasting. The addresses used to send a multicast data packet are called multicast addresses and are reserved addresses not assigned to hosts in a network. An example of an application that uses IGMP packets is when a router uses multicasting to share routing tables.
Another application of IGMP packets is when a host wants to stream data to multiple hosts. Streaming means the data is sent without waiting for any acknowledgement that the data packets were delivered. In fact, in the IGMP protocol, the source doesn't care whether the destination receives a packet. Streaming is an important application in the transfer of audio and video files over the Internet. Another feature of IGMP is that the data is handed off to the application layer as it arrives. This enables the appropriate application to begin processing the data for playback.
TCP/IP Network Interface Layer
The network interface layer of the TCP/IP model defines how the host connects to the network. Recall that the host can be a computer or a networking device such as a router. The type of network to which the host connects is not dictated by the TCP/IP protocol. The host could be a computer connected to an Ethernet or token-ring network or a router connected to a frame relay wide area network. TCP/IP is not dependent on a specific networking technology; therefore, TCP/IP can be adapted to run on newer networking technologies such as asynchronous transfer mode (ATM). In the network interface layer every TCP/IP data packet must have a destination and a source MAC address in the TCP/IP header. The MAC or hardware address is found on the host's network interface card or connection and is 12 hexadecimal characters in length.
Private IP Addresses
Address ranges in class A, B, and C have been set aside for private use. These addresses, called private addresses, are not used for Internet data traffic but are intended to be used specifically on internal networks called intranets.
Identifies the network/subnet portion of an IP address. Subnets are created by borrowing bits from the host portion of the IP address. Assume that the network has an IP address of 192.168.12.0. The 2 bits are borrowed from the host portion of the IP address to create the 4 subnets. The class C network has 24 network bits and 8 host bits. Then 2 bits are borrowed from the host address to create the 4 subnets. The network plus subnet portion of the IP address is now 24 + 2, or 26 bits in length, and the host portion is now 6 bits.
Breaking down the 192.168.12.0 network into four subnets requires borrowing two host bits. Therefore, x = 2, and because this is a class C network, y = 8.
x = 2 (the number of bits used from the host)
y = 8 (number of bits for a class C network)
Applying these values yields
The number of subnets created = 2^x = 2^(2) = 4
The number of hosts/subnet = 2^(y - x) = 2^(8 - 2) = 64
When creating subnets, it is important to note that each subnet will have both a network and a broadcast address. Taking this into consideration, the equations for calculating the number of hosts/subnet are modified to account for the number of usable hosts/subnet.
The modified equations are as follows:
The number of usable hosts/subnet = 2^(y - x) - 2
IP addresses and subnets are within the same network.
Allows multiple networks to be specified by one subnet mask.
Supernetting required a simpler way to indicate the subnet mask. The technique developed is called classless interdomain routing (CIDR). CIDR (pronounced "cider") notation specifies the number of bits set to a 1 that make up the subnet mask. For example, the Class C size subnet mask 255.255.255.0 is listed in CIDR notation as /24. This indicates the 24 bits are set to a 1. A Class B size subnet is written as /16, and a Class A subnet is written as /8. CIDR can also be used to represent subnets that identify only part of the octet bits in an IP address.
Prefix Length Notation
another shorthand technique for writing the subnet mask. For example, the subnet mask 255.255.255.192 is written as /26. This notation shows the number of network and host bits being used to create the subnet mask. In the case of a /26 subnet mask, 24 network bits and 2 host bits are being used. Yes, this is basically the same as the CIDR except class boundaries are not being crossed and network bits are not being borrowed.
The group of networks defined by CIDR notation is called a CIDR block. When you group two or more classful networks together, they are called supernets. This term is synonymous with CIDR blocks. The group of four IP addresses from 192.168.76.0 to 192.168.79.0 with a CIDR of /22 is a supernet. The supernet uses a CIDR subnet mask (/22) that is shorter than the number of network bits for Class C network (/24). Another example of a supernet is 172.16.0.0/12. 172.16.0.0 is a Class B address, and the CIDR subnet mask (/12) is less than the 16 bits for the network portion of a Class B address.
IPv6 uses a 128-bit address technique
IPv6 uses seven colons (:) as separators to group the 32 hex characters into eight groups of four. Some IPv6 numbers will have a 0 within the address. In this case, IPv6 allows the number to be compressed to make it easier to write the number. For example, assume that an IPv6 number is as follows:
Consecutive 0s can be dropped and a double-colon notation can be used:
IPV6 Unicast Address
Used to identify a single network interface address, and data packets are sent directly to the computer with the specified IPv6 address
IPV6 Multicast Address
Data packets sent to a multicast address are sent to the entire group of networking devices, such as a group of routers running the same routing protocol. Multicast addresses all start with the prefix FF00::/8 The next group of characters in the IPv6 multicast address (the second octet) are called the scope. The scope bits are used to identify which ISP should carry the data traffic.
IPV6 Anycast Address
Is obtained from a list of addresses, but is only delivered to the nearest node
A technique that enables IPv6 hosts to communicate over the IPv4 Internet
Stateless Address Autoconfiguration (SLAAC)
another important feature of IPv6. This feature allows for a server-less basic network configuration of the IPv6 computers. With IPv4, a computer generally obtains its network settings from a DHCP server. With IPv6, a computer can automatically configure its network settings without a DHCP server by sending a solicitation message to its IPv6 router. The router then sends back its advertisement message, which contains the prefix information that the computer can use to create its own IPv6 address. This feature significantly helps simplify the deployment of the IPv6 devices, especially in transient environments such as airports, train stations, stadiums, hotspots, and so on.
his is a way for an intruder to gain enough information from people to gain access to the network. As an example, an attacker calls a user on a network and claims he is from the computer support division of the network. The attacker tells the user that there is a problem with the user's account and then asks for the user's name and password
Brute Force Attack
Attacker uses every possible combination of characters for the password
Packet sniffing assumes that the attacker can see the network data packets. The attacker will have to insert a device on the network that allows her to see the data packets. The attacker then watches the data packets until a telnet or FTP data packet passes (or one from many of the other applications that have unencrypted logins). Many of these applications pass the username and password over the network in plain text.
IP security (Ipsec)
Security can also be implemented at layer 3 using IP security (Ipsec). In IPsec each packet is encrypted prior to transmission across the network link. IPsec is also a method used to encrypt VPN tunnels
he buffer overflow occurs when a program attempts to put more data into a buffer than it was configured to hold and the overflow writes past the end of the buffer and over adjacent memory locations. The program stack contains data plus instructions that it will run. Assume, for example, that a program includes a variable size of 128 bytes. It is possible that the programmer didn't include instructions to check the maximum size of the variable to make sure it is smaller than 128 bytes. An attacker will look through pages and pages of source code searching for a vulnerability that allows her to issue a buffer overflow. The attacker finds the variable and sends data to the application assigned to that variable. For example, a web application could have a vulnerability with long URLs assigned to a variable within it. If the attacker makes the URL long enough, then the buffer overflow could allow her code to be placed in the stack. When the program counter gets to the inserted code, the inserted code is run and the attacker then has remote access to the machine
The command netstat -a can be used to display the ports currently open on the Windows operating system. This command shows who is connected to your machine and the port numbers.
Another useful command is netstat -b, which shows the executable involved in creating the connection or listening port.
Denial of Service (DoS)
Denial of service (DoS) means that a service is being denied to a computer, network, or network server. Denial of service attacks can be on individual machines, on the network that connects the machines, or on all machines simultaneously.
A denial of service attack can be initiated by exploiting software vulnerabilities. For example, a software vulnerability can permit a buffer overflow, causing the machine to crash. This affects all applications, even secure applications.
The vulnerable software denial of service attack attacks the system by making it reboot repeatedly. DoS attacks can also occur on routers via the software options available for connecting to a router. For example, SNMP management software is marketed by many companies and is supported by many computer platforms. Many of the SNMP packages use a similar core code that could contain the same vulnerability.
Another denial of service attack is a SYN attack. This refers to the TCP SYN (synchronizing) packet (introduced in Lesson 6, "TCP/IP"). An attacker sends many TCP SYN packets to a host, opening up many TCP sessions. The host machine has limited memory set aside for open connections. If all the TCP connections are opened by the SYN attack, other users are kept from accessing services from the computer because the connection buffer is full. Most current operating systems take countermeasures against the SYN attack.
The attacker sent a small packet and got many packets in return. The attacker would pick a victim and an intermediate site. The intermediate site has subnets of 10.10.1.0 and 10.10.2.0. The victim is at 10.10.1.0. The attackers send a packet to 10.10.1.255, which is a broadcast address for the 10.10.1.0 subnet. The attacker then spoofs the source address information, making it look as if the packet came from the victim's network. All the machines on the 10.10.1.0 subnet send a reply to the source address. Remember, the attacker has spoofed the source address so the replies are sent to the victim's network. If this attack were increased to all the subnets in the 10.0.0.0 network, an enormous amount of data packets are sent to the victim's network. This enables the attacker to generate a lot of data traffic on the victim's network without requiring the attacker to have many resources.
Distributed Denial of Service Attack
The number of packets that can be generated by a single packet as in the Smurf attack can be limited on a router; however, attackers now use worms to distribute an attack. In a distributed denial of service (DDoS) attack, the attacker will do a port scan and look for an open port or a software application that is vulnerable to an attack. The machine is hacked (attacked) and distributes the malicious software. The attacker will repeat this for many victim machines. After the software is on the victim machines, the attacker can issue a command or an instruction that starts the attack on a specific site. The attack comes from a potentially massive amount of machines the worm has infected.
In packet filtering, a limit is placed on the packets that can enter the network. Packet filtering can also limit information moving from one segment to another. ACLs are used to enable the firewall to accept or deny data packets. The disadvantages of packet filtering are:
Packets can still enter the network by fragmenting the data packets.
It is difficult to implement complex ACLs.
Not all network services can be filtered.
A proxy server is used by clients to communicate with secure systems using a proxy. The client gets access to the network via the proxy server. This step is used to authenticate the user, establish the session, and set policies. The client must connect to the proxy server to connect to resources outside the network. The disadvantages of the proxy server are:
The proxy server can run very slowly.
Adding services can be difficult.
There can be a potential problem with network failure if the proxy server fails or is corrupted.
In a stateful firewall the inbound and outbound data packets are compared to determine if a connection should be allowed. This includes tracking the source and destination port numbers and sequence numbers as well as the source and destination IP addresses. This technique is used to protect the inside of the network from the outside world but still allow traffic to go from the inside to the outside and back. The firewall needs to be stateful to accomplish this.
A secure VPN connection between two endpoints is known as an IP tunnel. A tunnel is created by an encapsulation technique, which encapsulates the data inside a known protocol (IP) that is agreed upon by the two end points. A tunnel creates a virtual circuit-like between the two endpoints and makes the connection appear like a dedicated connection even though it spans over the Internet infrastructure. Two types of VPNs are commonly used today:
Remote access VPN: A remote access VPN is used to facilitate network access for users in remote office networks or for remote users that travel a lot and need access to the network. The client usually initiates this type of VPN connection.
Site-to-site VPN: A site-to-site VPN is used to create a virtual link from one site to the other. It essentially replaces the traditional WAN-type connection used in connecting typical sites. This type of VPN requires network hardware like a router or a firewall to create and maintain the connection.
Generic Routing Encapsulation (GRE)
One of the original tunneling protocols is the Generic Routing Encapsulation (GRE). GRE was developed by Cisco in 1994 and is still being used today. GRE is commonly used as a site-to-site VPN solution because of its simplicity and versatility. It is the only tunneling protocol that can encapsulate up to 20 types of protocols. In the past when protocols such as AppleTalk, Novell IPX, and NetBEUI roamed the network, GRE was the tunneling protocol of choice to carry these protocols to other remote sites.
PPP Point to Point Protocol
In the days when modems and dial-ups were kings, PPP was the key to the remote access solution; it was the de facto protocol of the dial-up networking. In those days, people would make a dialup connection to their ISP and establish a PPP session to the Internet. Even though authentication is optional for PPP, most implementations of PPP provide user authentication using protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). PAP is a simple, clear-text (unencrypted) authentication method, which is superseded by CHAP, an encrypted authentication method that uses the MD5 hashing algorithm. Related to MD5 is SHA, which is the secure hash algorithms required by law for use in certain government applications. This includes cryptographic algorithms and protocols that are used for the protection of sensitive, unclassified information. SHA comes in many types: SHA-0, -1, -2, and -3.
Extensible Authentication Protocol (EAP)
Extensible Authentication Protocol (EAP) was introduced as another PPP authentication method. During the PPP authentication phase, the ISP dial-up server collects the user authentication data and validates it against an authentication server like a RADIUS server. RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is an IETF standard protocol that is widely used for authenticating remote users and authorizing user access. The RADIUS server supports many methods of user authentication including PAP, CHAP, and EAP. Even though PPP dial-up is not as prevalent today, the concepts of central authentication still lend themselves to many technologies and applications.
Point to Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP) was developed jointly by Microsoft, 3Com, and Alcatel-Lucent in 1996. It has never been ratified as a standard. Microsoft was a big advocate of PPTP and made PPTP available as part of Microsoft Windows Dial-up Networking. A PPTP server was included in Microsoft NT 4.0 server, and PPTP was widely used as a remote access solution. PPTP was designed to work in conjunction with a standard PPP. A PPTP client software would establish a PPP connection to an ISP, and once the connection is established, it would then make the PPTP tunnel over the Internet to the PPTP server. The PPTP tunnel uses a modified GRE tunnel to carry its encapsulated packet for IP transmission. PPTP does not have any authentication mechanism, so it relies heavily on the underlying PPP authentication.
Layer 2 Forwarding Protocol (L2F)
Layer 2 Forwarding Protocol (L2F) was developed by Cisco around the same time as PPTP. L2F was not used widely in the consumer market due to its requirement of L2F hardware. Unlike PPTP where the VPN client software is installed and initiated from the client, L2F does not require any VPN client software. A L2F connection is intended to be done by L2F hardware. This hardware is designed to be at the ISP. A client would make a typical PPP connection to the ISP. The ISP will then initiate the L2F tunnel connection on UDP port 1701 to the L2F server at the corporate headquarters. This requires coordination between the ISP and the corporate network. L2F relies on the PPP authentication to be passed on to the corporate authentication server.
Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP) was developed by the Internet Engineering Task Force (IETF) in 1999. L2TP was created with the intention of merging two incompatibles proprietary tunneling protocols, PPTP and L2F. L2TP is considered to be an enhancement of the two previous protocols. L2TP does not require a specific hardware. It can be initiated directly from the client. L2TP Tunnel encapsulation is done on UDP port 1701. L2TP allows for tunnel authentication, so it does not have to rely heavily on the underlying PPP. If L2TP is used over an IP network where PPP is not used, the tunnel can be created with its own authentication mechanism.
An encryption can guarantee data confidentiality in the tunnel. IPsec offers encryption features that the others lack. IPsec was designed for the purpose of providing a secure end-to-end connection. The VPN can take advantage of IPsec to provide network layer encryption as well as authentication techniques. IPsec are versatile in that it can be implemented easily as a remote access VPN or as a site-to-site VPN. For IPv6, IPsec becomes an even more integral part as it is embedded within the IPv6 packets. There are two primary security protocols used by IPsec. They are Authentication Header (AH) and Encapsulating Security Payload (ESP). AH guarantees the authenticity of the IP packets. It uses a one-way hash algorithm such as Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1) to ensure the data integrity of the IP packets. ESP provides confidentiality to the data messages (payloads) by ways of encryption. It uses symmetrical encryption algorithms like Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES).
Internet Key Exchange (IKE)
Before an IPsec tunnel can be established, quite a few security parameters have to be negotiated and agreed upon by both ends. IPsec uses the Internet Key Exchange (IKE) protocol to manage such process. IKE is a hybrid protocol that encompasses several key management protocols, most notably Internet Security Association and Key Management Protocol (ISAKMP). Many times, the term IKE and ISAKMP are often mentioned alongside each other. There are two negotiation phases that the two network nodes must perform before the IPsec tunnel is complete. The IKE Phase 1 is a phase where both network nodes authenticate each other and set up an IKE SA (Security Association). In phase 1, the Diffie-Hellman key exchange algorithm is used to generate a shared session secret key to encrypt the key exchange communications. This phase is essentially to set up a secure channel to protect further negotiations in phase 2. IKE Phase 2 uses the secure channel established in phase 1 to negotiate the unidirectional IPsec Sas—inbound and outbound—to set up the Ipsec tunnel. This is where the parameters for AH and ESP would be negotiated.
the wireless network is overwhelmed with wireless traffic, thereby jamming the network and preventing authorized users to access the network.