Definition/Overview: ... such as Bus network, Star network, Ring network, Mesh network, Star-bus network, Tree or Hierarchical topology network, ... the logical network topology is

  • Published on

  • View

  • Download


INTRODUCTION TO TELECOMMUNICATION NETWORKSTopic Objective:At the end of this topic students will be able to: Discuss By scale Discuss By connection method Discuss By functional relationship (Network Architectures) Discuss By network topology Discuss By protocol Discuss Common Types Of Computer NetworksDefinition/Overview:Computer Network: A computer network is an interconnected group of computers.Networks may be classified by the network layer at which they operate according to basicreference models considered as standards in the industry, such as the five-layer InternetProtocol Suite model. While the seven-layer Open Systems Interconnection (OSI) referencemodel is better known in academia, the majority of networks use the Internet Protocol Suite(IP).Key Points:1. Computer Networks Classification1.1. By scaleComputer networks may be classified according to the scale: Personal area network(PAN), Local Area Network (LAN), Campus Area Network (CAN), Metropolitan areanetwork (MAN), or Wide area network (WAN). As Ethernet increasingly is the standardinterface for networks, these distinctions are more important to the network administratorthan the user. Network administrators may have to tune the network, to correct delayissues and achieve the desired performance level.1.2. By connection methodComputer networks can also be classified according to the hardware technology that isused to connect the individual devices in the network such as Optical fibre, Ethernet, www.bssskillmission.inWWW.BSSVE.INWireless LAN, HomePNA, or Power line communication. Ethernets use physical wiringto connect devices. Often they employ hubs, switches, bridges, and/or routers. WirelessLAN technology is built to connect devices without wiring. These devices use a radiofrequency to connect.1.3. By functional relationship (Network Architectures)Computer networks may be classified according to the functional relationships whichexist between the elements of the network, e.g., Active Networking, Client-server andPeer-to-peer (workgroup) architecture.1.4. By network topologyComputer networks may be classified according to the network topology upon which thenetwork is based, such as Bus network, Star network, Ring network, Mesh network, Star-bus network, Tree or Hierarchical topology network, etc. Network Topology signifies theway in which intelligent devices in the network see their logical relations to one another.The use of the term "logical" here is significant. That is, network topology is independentof the "physical" layout of the network. Even if networked computers are physicallyplaced in a linear arrangement, if they are connected via a hub, the network has a Startopology, rather than a Bus Topology. In this regard the visual and operationalcharacteristics of a network are distinct; the logical network topology is not necessarilythe same as the physical layout.1.5. By protocolComputer networks may be classified according to the communications protocol that isbeing used on the network. See the articles on List of network protocol stacks and List ofnetwork protocols for more information. For a development of the foundations ofprotocol design.2. Common Types Of Computer NetworksBelow is a list of the most common types of computer networks in order of scale.2.1. Personal Area Network (PAN)A personal area network (PAN) is a computer network used for communication amongcomputer devices close to one person. Some examples of devices that are used in a PANare printers, fax machines, telephones, PDAs or scanners. The reach of a PAN is typicallywithin about 20-30 feet (approximately 6-9 meters) www.bssskillmission.inWWW.BSSVE.INPersonal area networks may be wired with computer buses such as USB and FireWire. Awireless personal area network (WPAN) can also be made possible with networktechnologies such as IrDA and Bluetooth.2.2. Local Area Network (LAN)A network covering a small geographic area, like a home, office, or building. CurrentLANs are most likely to be based on Ethernet technology. For example, a library willhave a wired or wireless LAN for users to interconnect local devices (e.g., printers andservers) and to connect to the internet. All of the PCs in the library are connected bycategory 5 (Cat5) cable, running the IEEE 802.3 protocol through a system ofinterconnection devices and eventually connect to the internet. The cables to the serversare on Cat 5e enhanced cable, which will support IEEE 802.3 at 1 Gbit/s.The staff computers can get to the color printer, checkout records, and the academicnetwork and the Internet. All user computers can get to the Internet and the card catalog.Each workgroup can get to its local printer. Note that the printers are not accessible fromoutside their workgroup.All interconnected devices must understand the network layer, because they are handlingmultiple subnets (the different colors). Those inside the library, which have only 10/100Mbit/s Ethernet connections to the user device and a Gigabit Ethernet connection to thecentral router, could be called "layer 3 switches" because they only have Ethernetinterfaces and must understand IP. It would be more correct to call them access routers,where the router at the top is a distribution router that connects to the Internet andacademic networks' customer access routers.The defining characteristics of LANs, in contrast to WANs (wide area networks), includetheir higher data transfer rates, smaller geographic range, and lack of a need for leasedtelecommunication lines. Current Ethernet or other IEEE 802.3 LAN technologies operateat speeds up to 10 Gbit/s. This is the data transfer rate. IEEE has projects investigating thestandardization of 100 Gbit/s, and possibly 40 Gbit/s.2.3. Campus Area Network (CAN)A network that connects two or more LANs but that is limited to a specific andcontiguous geographical area such as a college campus, industrial complex, or a militarybase. A CAN may be considered a type of MAN (metropolitan area network), but isgenerally limited to an area that is smaller than a typical MAN. This term is most oftenused to discuss the implementation of networks for a contiguous area. This should not beconfused with a Controller Area www.bssskillmission.inWWW.BSSVE.IN2.4. Metropolitan Area Network (MAN)A Metropolitan Area Network is a network that connects two or more Local AreaNetworks or Campus Area Networks together but does not extend beyond the boundariesof the immediate town, city, routers, switches & hubs are connected to create a MAN.2.5. Wide Area Network (WAN)A WAN is a data communications network that covers a relatively broad geographic area(i.e. one city to another and one country to another country) and that often usestransmission facilities provided by common carriers, such as telephone companies. WANtechnologies generally function at the lower three layers of the OSI reference model: thephysical layer, the data link layer, and the network layer.2.6. Global Area Network (GAN)Global area networks (GAN) specifications are in development by several groups, andthere is no common definition. In general, however, a GAN is a model for supportingmobile communications across an arbitrary number of wireless LANs, satellite coverageareas, etc. The key challenge in mobile communications is "handing off" the usercommunications from one local coverage area to the next. In IEEE Project 802, thisinvolves a succession of terrestrial Wireless local area networks (WLAN).2.7. InternetworkTwo or more networks or network segments connected using devices that operate at layer3 (the 'network' layer) of the OSI Basic Reference Model, such as a router. Anyinterconnection among or between public, private, commercial, industrial, orgovernmental networks may also be defined as an internetwork.In modern practice, the interconnected networks use the Internet Protocol. There are atleast three variants of internetwork, depending on who administers and who participatesin them:o Intraneto Extraneto InternetIntranets and extranets may or may not have connections to the Internet. If connected tothe Internet, the intranet or extranet is normally protected from being accessed from theInternet without proper authorization. The Internet is not considered to be a part of theintranet or extranet, although it may serve as a portal for access to portions of an www.bssskillmission.inWWW.BSSVE.IN2.8. IntranetAn intranet is a set of interconnected networks, using the Internet Protocol and uses IP-based tools such as web browsers and ftp tools, that isunder the control of a singleadministrative entity. That administrative entity closes the intranet to the rest of theworld, and allows only specific users. Most commonly, an intranet is the internal networkof a company or other enterprise. A large intranet will typically have its own web serverto provide users with browseable information.2.9. ExtranetAn extranet is a network or internetwork that is limited in scope to a single organizationor entity but which also has limited connections to the networks of one or more otherusually, but not necessarily, trusted organizations or entities (e.g. a company's customersmay be given access to some part of its intranet creating in this way an extranet, while atthe same time the customers may not be considered 'trusted' from a security standpoint).Technically, an extranet may also be categorized as a CAN, MAN, WAN, or other type ofnetwork, although, by definition, an extranet cannot consist of a single LAN; it must haveat least one connection with an external network.2.10. InternetA specific internetwork, consisting of a worldwide interconnection of governmental,academic, public, and private networks based upon the Advanced Research ProjectsAgency Network (ARPANET) developed by ARPA of the U.S. Department of Defensealso home to the World Wide Web (WWW) and referred to as the 'Internet' with a capital'I' to distinguish it from other generic internetworks.Participants in the Internet, or their service providers, use IP Addresses obtained fromaddress registries that control assignments. Service providers and large enterprises alsoexchange information on the reachability of their address ranges through the BorderGateway Protocol (BGP) www.bssskillmission.inWWW.BSSVE.INTopic : Network StandardsTopic Objective:At the end of this topic students will be able to: Discuss Standards govern the semantics and syntax of messages Discuss Reliability Discuss Connection-oriented versus connectionless Discuss Hybrid TCP/IP-OSI Architecture Discuss Hybrid TCP/IP-OSI Standards Architecture Discuss Ethernet Discuss Internet Protocol (IP) Discuss Vertical Communication on the Source Host Discuss Vertical Communication on the Destination Host Discuss Not All Devices Have All Layers Discuss OSI Architecture Discuss Other Standards ArchitecturesDefinition/Overview:All networking technologies have standards associated with them. These are usually highlytechnical documents, and often presume that the reader has a fair bit of knowledge aboutnetworking. If you aren't an expert, you will probably have some difficulty understandingnetworking standards. (Some people seem to think I am an expert, but I too have trouble withmost of the details in a typical networking standard.)Key Points:1. OverviewAn Internet Standard is a special Request for Comments (RFC) or set of RFCs. An RFC thatis to become a Standard or part of a Standard begins as an Internet Draft, and is later (usuallyafter several revisions) accepted and published by the RFC Editor as a RFC and labeled aProposed Standard. Later, an RFC is labelled a Draft Standard, and finally a www.bssskillmission.inWWW.BSSVE.INCollectively, these stages are known as the standards track, and are defined in RFC 2026. Thelabel Historic (sic) is applied to deprecated standards-track documents or obsolete RFCs thatwere published before the standards track was established.Only the IETF, represented by the Internet Engineering Steering Group (IESG), can approvestandards-track RFCs. Each RFC is static; if the document is changed, it is submitted againand assigned a new RFC number. If an RFC becomes an Internet Standard (STD), it isassigned an STD number but retains its RFC number. When an Internet Standard is updated,its number stays the same and it simply refers to a different RFC or set of RFCs. A givenInternet Standard, STD n, may be RFCs x and y at a given time, but later the same standardmay be updated to be RFC z instead. For example, in 2007 RFC 3700 was an InternetStandardSTD 1and in May 2008 it was replaced with RFC 5000, so RFC 3700 changed toHistoric status, and now STD 1 is RFC 5000. When STD 1 is updated again, it will simplyrefer to a newer RFC, but it will still be STD 1. Note that not all RFCs are standards-trackdocuments, but all Internet Standards and other standards-track documents are RFCs.In fact, many technologies have quite a number of standards associated with them. Anetworking technology may have more than one standard for any or all of the followingreasons: The original standard has been revised or updated; The technology is sufficiently complex that it needs to be described in more than onedocument; The technology borrows from or builds on documents used in related technologies; More than one organization has been involved in developing the technology.Standards documents created in the United Statesare usually developed in English, but arealso routinely translated into other languages. European standards are often publishedsimultaneously in English, French and German, and perhaps other languages as well.2. Standards govern the semantics and syntax of messages HTTP: Text request and response messages Data field, header, and trailer Header and trailer subdivided into www.bssskillmission.inWWW.BSSVE.IN3. Reliability In TCP, receiver sends ACKs Senders retransmit non-acknowledged segments4. Connection-oriented versus connectionless TCP is connection-oriented HTTP is connectionless5. Hybrid TCP/IP-OSI Architecture OSI is nearly 100% dominant at Layers 1 and 2 TCP/IP is 70% to 80% dominant at Layers 3 and 4 Situation at Layer 5 is complex6. Hybrid TCP/IP-OSI Standards Architecture Application layer (application-to-application) Transport layer (host-to-host) Internet layer (across an internet) Data link layer (across a switched network) Physical layer (between adjacent devices)7. Ethernet Source and destination addresses are 48 bits long Switches forward packets by destination addresses Data field encapsulates an IP packet Unreliable: if detects an error, drops the frame8. Internet Protocol (IP) 32-bit addresses Show 32 bits on each line Unreliable: checks headers for errors but www.bssskillmission.inWWW.BSSVE.IN9. Vertical Communication on the Source Host Layer process creates message and then sends the message to the next-lower layer Next-lower layer encapsulates the message in its own message This continues until the final frame at the data link layer10. Vertical Communication on the Destination Host Decapsulation and passing up11. Not All Devices Have All Layers Hosts have all five Routers have only the lowest three Switches have only the lowest two12. OSI Architecture Divides application layer into three layerso Sessiono Presentationo Application13. Other Standards Architectures IPX/SPX SNA www.bssskillmission.inWWW.BSSVE.INTopic : Physical Layer Propagation: Utp And Optical FiberTopic Objective:At the end of this topic students will be able to: Discuss Solid-Wire Versus Stranded-Wire UTP Discuss Patch Cords Versus Bulk Wire Discuss Cutting UTP Discuss Stripping the Cord Discuss Putting Wires in Order Discuss Connectorize the Cord Discuss RJ-45 Connector (Side View) Discuss Crimp the Wire into the Connector Discuss Connectorize Both Ends Discuss Test Your CordDefinition/Overview:The propagation speed of a medium refers to the speed that the data travels through thatmedium. Propagation delays differ between mediums, which affect the maximum possiblelength of the Ethernet topology running on that medium.Key Points:1. OverviewThe maximum propagation delay through the network can be calculated by dividing themaximum length by the speed. For 10Base2 thin coax network, this is 185 meters divided by195,000 km/sec, or 950 nanoseconds. If the actual propagation delay from one end of thenetwork to the other is greater than 950 nanoseconds, latecollisions may occur.In the following table, c refers to the speed of light in a vacuum, or 300,000 kilometers www.bssskillmission.inWWW.BSSVE.INMedium Propagation SpeedThick Coax .77c (231Thin Coax .65c (195Twisted Pair .59c (177Fiber .66c (198AUI Cable .65c (195Table 1: The Maximum Propagation Delay ThroughThe NetworkFrom these values, the size of a bit on 10BaseT can be calculated. 10BaseT is twisted pair,which has a propagation delay of 177,000 km/sec. 177,000 km/sec divided by 10 million bitsper second is 17.7 meters, or the size of a single bit on a 10BaseT network.2. Solid-WireVersus Stranded-Wire UTP Solid-Wire UTPo Each of the eight wires is a solid wire surrounded by insulationo Solid wires have low attenuation and so can reach 100 meterso Easy to connectorize (add connectors to)o Brittle and easy to break if handled roughly. Not good for runs through open officeareas Stranded-Wire UTPo Each of the eight wires is really several thin strands of wire surrounded byinsulationo Flexible and rugged: ideal for running around an office www.bssskillmission.inWWW.BSSVE.INo Higher attenuation than solid-wire UTP so can only be used in short runsup to about10 meters3. Patch Cords Versus Bulk Wire Patch Cordso Cut to popular lengths and connectorized at the factoryo Tested for qualityo Use stranded-wire UTP, which is sufficiently rugged for open office areaso TIA/EIA-568 specifies patch cords for the run from the wall jack to the desktopbecause it is rugged and flexible Bulk Wireo Comes in spools of 50 meters or moreo Can be cut to precise lengths needed to connect deviceso Solid-wire UTP for longer distance and to make connectorization easiero Cut, connectorized, and tested by the user, by the organization, or by a LANinstaller4. Cutting UTP Cut a desired length of UTP Make it a little longer than you needo Adding a connector can take a few incheso If the connectorization doesnt test well, you will have to cut the end and install anew connectoro UTP cord should never be pulled tautly; it can beak if subjected to pulls. Should beslack after www.bssskillmission.inWWW.BSSVE.IN5. Stripping the Cord You must strip the jacket 3 to 5 cm (1 to 2 inches) at each end Stripper scores the jacket (cuts into the jacket without cutting through it) to avoid damagingthe wires inside the jacket Stripper is rotated once around the cord to score it evenly The tip of the cord is pulled off after the scoring, exposing 3 to 5 cm (one to two inches) ofthe wires6. Putting Wires in Order There are orange, green, blue, and brown pairs Each pair has one wire with solid-color insulation and one wire that is white with bands ofthe pairs color These wires will be placed in a particular order in the RJ-45 connector There are two popular color schemes in TIA/EIA-568o T568A and T568Bo T568B is the most commonly used color scheme in the United States we will use it Note that T568A is a part of the TIA/EIA-568 standard, as is T568B7. Connectorize the Cord Cut the wires straight across so that no more than 1.25 cm (a half inch) of wires are exposedfrom the jacketo This controls terminal cross-talk interference Be sure to cut straight across or the wires will not all reach the pins when you push them intothe connector in the next step!8. RJ-45 Connector (Side View) Hold the RJ-45 connector away from you (with the hole in the back toward you) and thespring clip www.bssskillmission.inWWW.BSSVE.IN Insert your wires into the connector, white-orange on left Push the wires all the way to the end Examine the Connectoro Are the wires in the correct order?o Hint: as a rough first check, the 1st, 3rd, 5th, and 7th wires from the left should bemostly whiteo If not, reinsertthem in the correct order9. Crimp the Wire into the Connector Get a good crimper Cheap ones often fail to make a good connection Should have a ratchet for tightening without breaking the connector Press down to make a good connection. If you press too lightly, the connection will not work Crimping forces the pins on the front of the RJ-45 connector though the insulation, into eachwireo Insulation displacementconnection (IDC) This also crimps the cord at the back end of the connector for strain relief to keep the cordfrom pulling out if the cord is pulled10. Connectorize Both Ends White-orange is on the left (in Pin 1) at BOTH ENDS of the cordo You do not reverse the order at the other end!11. Test Your Cord After you have connectorized both ends, test your cord Misconnection is very common, so every cord must be checked Inexpensive continuity testers make sure wires are connected electrically and in the www.bssskillmission.inWWW.BSSVE.IN Expensive performance testers test for the quality of propagation Continuity Testero Test for wires being in right slots and making good contacto Place connectors of cord into two endso Hit Test buttono Did it work? If It Didnt Worko Be sure you understand the problemo If an open connection, one or more of the wires was not pushed all the way to theend or the crimping did not push the pin all the way through the insulation. Nexttime, cut the wires straight across and crimp very firmlyo If miswired, see where it was miswiredo Cut off theends of the cord and reconnectorize Signal Testerso Expensive testerso Test for signal qualityo Test for breaks with time domain reflectometry (TDR), which sends signals andlooks for reflections that indicate breaks.In Section 2 of this course you will cover these topics:Ethernet LansWireless www.bssskillmission.inWWW.BSSVE.INTopic : Ethernet LansTopic Objective:At the end of this topic students will be able to: Discuss Ethernet Standards Setting Discuss Physical Layer Standards Discuss Ethernet MAC Layer Standards Discuss Ethernet MAC Layer Standards Discuss Switch Purchasing Considerations Discuss Advanced Switch Purchasing ConsiderationsDefinition/Overview:Ethernet: Ethernet was developed by the Xerox Corporation's Palo Alto ResearchCentre (known colloquially as Xerox PARC) in 1972 and was probably the first trueLAN to be introduced.Key Points:1. OverviewIn 1985, the Instituteof Electrical and Electronic Engineers (IEEE) in the UnitedStates of America, produced a series of standards for Local Area Networks (LANs)called the IEEE 802 standards. These have found widespread acceptability and nowform the core of most LANs. One of the IEEE 802 standards, IEEE 802.3, is astandard known as "Ethernet". This is the most widely used LAN technology in theworld today. Although IEEE 802.3 differs somewhat from the original standard (the"blue book" defined in September 1980) it is very similar, and both sets of standardsmay be used with the same LAN.The IEEE standards have been adopted by the International Standards Organisation(ISO), and is standardised in a series of standards known as ISO 8802-3. ISO wascreated in 1947 to construct world-wide standards for a wide variety of Engineeringtasks. Adoption of ISO standards allows manufacturers to produce equipment www.bssskillmission.inWWW.BSSVE.INis guarented to operate anywhere it is finally used. ISO standards tend to be based onother standards (such as those produced by the IEEE), the only problem is that theISO standards tend to be issued later, and are therefore less up to date.The simplest form of Ethernet uses a passive bus operated at 10 Mbps. The bus isformed from a 50 Ohm co-axial cable which connects all the computers in the LAN.A single LAN may have up to 1024 attached systems, although in practice mostLANs have far fewer. One or more pieces of coaxial cable are joined end to end tocreate the bus, known as an "Ethernet Cable Segment". Each segment is terminatedat both ends by 50 Ohm resistors (to prevent reflections from the discontinuity at theend of the cable) and is also normally earthed at one end (for electrical safety).Computers may attach to the cable using transceivers and network interface cards.Frames of data are formed using a protocol called Medium Access Control (MAC),and encoded using Manchesterline encoding. Ethernet uses a simple Carrier-SenseMultiple Access protocol with Collision Detection (CSMA/CD) to prevent twocomputers trying to transmit at the same time (or more correctly to ensure bothcomputers retransmit any frames which are corrupted by simultaneoustransmission).100 Mbps networks may operate full duplex (using a Fast Ethernet Switch) or halfduplex (using a Fast Ethernet Hub). 1 Gbps networks usually operate between a pairof Ethernet Switches. (N.B.It is not possible to have a dual-speed hub, since a hubdoes not store and forward frames, however a number of manufacturers sell productsthey call "dual-speed hubs". In fact, such devices contain both a 10 Mbps and a 100Mbps hubs, interconnected by a store-and-forward bridge.)Ethernet LANs may be implemented using a variety of media (not just the coaxialcable described above). The types of media segments supported by Ethernet are: 10B5 Low loss coaxial cable (also known as "thick" Ethernet) 10B2 Low cost coaxial cable (also known as "thin" Ethernet) 10BT Low cost twisted pair copper cable (also known as Unshielded Twisted Pair(UTP), Category-5) 10BF Fibre optic cable 100BT Low cost twisted pair copper cable (also known as Unshielded Twisted www.bssskillmission.inWWW.BSSVE.IN(UTP), Category-5) 100BF Fibre Fast Ethernet 1000BT Low cost twisted pair copper cable (also known as Unshielded Twisted Pair(UTP), Category-5) 1000BF Fibre Gigabit Ethernet 10000BT Category 6 (Unshielded Twisted Pair (UTP), Category-6) 10000BT Fibre 10 Gigabit EthernetThe network design rules for 10 Mbps using these types of media are summarizedbelow:Segment type Max Number ofsystems per cablesegmentMax Distance of acable segment10B5 (Thick Coax) 100 500 m10B2 (Thin Coax) 30 185 m10BT (Twisted Pair) 2 100 m10BFL (Fibre Optic) 2 2000 mTable 1: Network Design Rules for Different types of CableThere is also a version of Ethernet which operates fibre optic links at 40 Gbps and at100 Gbps. Many LANs combine the various speeds of operation using dual-speedswitches which allow the same switch to connect some ports to one speed ofnetwork, and other ports at another speed. The higher speed ports are usually used toconnect switches to one another.2. Ethernet Standards Setting 802.3 Working Group Physical and data link layer standards OSI standards3. Physical Layer Standards BASE means www.bssskillmission.inWWW.BSSVE.IN 100BASE-TX dominates for access lines 10GBASE-SX dominates for trunk lines Link aggregation for small capacity increases Regeneration to carry signals across multiple switches4. Ethernet MAC Layer Standards Data link layer subdivided into the LLC and MAC layers The Ethernet MAC Layer Frameo Preamble and Start of Frame Delimiter fieldso Destination and Source MAC addresses fields Hexadecimal notationo Length fieldo Data field LLC subheader Packet PAD if neededo Frame Check Sequence field5. Ethernet MAC Layer Standards Switch operationo Operation of a hierarchy of switches Single possible path between any two computers Hierarchy gives low price per frame transmitted Single points of failure and the Spanning Tree www.bssskillmission.inWWW.BSSVE.INo VLANs and frame tagging to reduce broadcastingo Momentary traffic peaks: addressed by overprovisioning and priorityo Hubs and CSMA/CD6. Switch Purchasing Considerations Number and speed of ports Switching matrix (nonblocking) Store-and-forward versus cut-through switches Managed switches Ethernet securityo 802.1X Port-Based Access Controlo 802.1AE MACsec7. Advanced Switch Purchasing Considerations Physical size Fixed-Port-Speeches Stackable Switches Modular Switches Chassis Switches Pins in SwitchPorts and Uplink Ports Electrical Power (802.3af)Topic : Wireless LansTopic Objective:At the end of this topic students will be able to: Discuss Benefits Of Wireless LANs Discuss Local Wireless www.bssskillmission.inWWW.BSSVE.IN Discuss Radio Propagation Discuss Radio Propagation Discuss 802.11 Operation Discuss 802.11 WLAN Security Discuss WLAN Management Discuss BluetoothDefinition/Overview:Wireless LAN: A wireless LAN or WLAN is a wireless local area network, whichis the linking of two or more computers or devices without using wires. WLANutilizes spread-spectrum or OFDM modulation technology based on radio waves toenable communication between devices in a limited area, also known as the basicservice set. This gives users the mobility to move around within a broad coveragearea and still be connected to the network.Key Points:1. OverviewThe popularity of wireless LANs is a testament primarily to their convenience, costefficiency, and ease of integration with other networks and network components.The majority of computers sold to consumers today come pre-equipped with allnecessary wireless LAN technology.For the home user, wireless has become popular due to ease of installation, andlocation freedom with the gaining popularity of laptops. Public businesses such ascoffee shops or malls have begun to offer wireless access to their customers; someare even provided as a free service. Large wireless network projects are being put upin many major cities. Google is even providing a free service to Mountain View,California and has entered a bid to do the same for San Francisco. New York Cityhas also begun a pilot program to cover all five boroughs of the city with wirelessInternet access.2. Benefits Of Wireless LANsThe benefits of wireless LANs www.bssskillmission.inWWW.BSSVE.IN Convenience: The wireless nature of such networks allows users to access networkresources from nearly any convenient location within their primary networkingenvironment (home or office). With the increasing saturation of laptop-stylecomputers, this is particularly relevant. Mobility: With the emergence of public wireless networks, users can access theinternet even outside their normal work environment. Most chain coffee shops, forexample, offer their customers a wireless connection to the internet at little or nocost. Productivity: Users connected to a wireless network can maintain a nearly constantaffiliation with their desired network as they move from place to place. For abusiness, this implies that an employee can potentially be more productive as his orher work can be accomplished from any convenient location. Deployment: Initial setup of an infrastructure-based wireless network requires littlemore than a single access point. Wired networks, on the other hand, have theadditional cost and complexity of actual physical cables being run to numerouslocations (which can even be impossible for hard-to-reach locations within abuilding). Expandability: Wireless networks can serve a suddenly-increased number of clientswith the existing equipment. In a wired network, additional clients would requireadditional wiring. Cost: Wireless networking hardware is at worst a modest increase from wiredcounterparts. This potentially increased cost is almost always more than outweighedby the savings in cost and labor associated to running physical cables.3. Local Wireless Technologies 802.11 for Corporate WLANs Bluetooth for PANs Ultrawideband (UWB) www.bssskillmission.inWWW.BSSVE.IN RFIDs ZigBee Mesh Networks4. Radio Propagation Frequencies and Channels Antennas Propagation Problemso Inverse square law attenuationo Dead spots / shadow zoneso Electromagnetic interferenceo Multipath interferenceo Attenuation and shadow zone problems increase with frequency5. Radio Propagation Shannons Equation and the Importance of Channel Bandwidtho C = B Log2(1+S/N) WLANs use unlicensed Radio Bands Spread Spectrum Transmission to Reduce Propagation Problemso FHSS (up to 4 Mbps)o DSSS (up to 11 Mbps)o OFDM (up to 54 Mbps)o MIMO (100 Mbps to 600 Mbps) www.bssskillmission.inWWW.BSSVE.IN6. 802.11 Operation Wireless Access PointBridge to the Main Wired Ethernet LANo To reach servers and Internet access routerso Transfers packet between 802.11 and 802.3 frames Need for Media Access Control (Box)o CSMA/CA and RTS/CTSo Throughput is aggregate throughput Bandso 2.4 GHz band: Only 3 channels, lower attenuationo 5 GHz band: Around 24 channels, higher attenuationo More channels means less interference between nearby access points Standardso 802.11b: 11 Mbps, DSSS, 2.4 GHz bando 802.11a: 54 Mbps, OFDM, 2.4 GHz bando 802.11g: 54 Mbps, OFDM, 5 GHz bando 802.11n: 100 Mbps 600 Mbps, MIMO, Dual-Band7. 802.11 WLAN Security Wardrivers and Drive-By Hackers Core Securityo WEP (Unacceptably Weak) www.bssskillmission.inWWW.BSSVE.INo WPA (Lightened form of 802.11i)o 802.11i (The gold standard today)o 802.1X and PSK modes for WPA and 802.11i Rogue Access Points and Evil Twin Access Points8. WLAN Management Surprisingly Expensive Access Point Placemento Approximate layouto Site survey for more precise layout and power Remote Access Point Managemento Smart access points or WLAN switches and dumb access points9. Bluetooth PANs Cable Replacement Technology Limited Speeds and Distance Application Profiles UWB in the Future?In Section 3 of this course you will cover these topics:TelecommunicationsWide Area Networks www.bssskillmission.inWWW.BSSVE.INTopic : TelecommunicationsTopic Objective:At the end of this topic students will be able to: Discuss Modulation Discuss Channels Discuss Networks Discuss Analogue or digitalDefinition/Overview:Telecommunication: Telecommunication is the assisted transmission of signalsover a distance for the purpose of communication. In earlier times, this may haveinvolved the use of smoke signals, drums, semaphore, flags, or heliograph. Inmodern times, telecommunication typically involves the use of electronictransmitters such as the telephone, television, radio or computer. Early inventors inthe field of telecommunication include Antonio Meucci, Alexander Graham Bell,Guglielmo Marconi and John Logie Baird. Telecommunication is an important partof the world economy and the telecommunication industry's revenue has been placedat just under 3 percent of the gross world product.Key Points:1. OverviewA telecommunication system consists of three basic elements: A transmitter that takes information and converts it to a signal; A transmission medium that carries the signal; and, A receiver that receives the signal and converts it back into usable information.For example, in a radio broadcast the broadcast tower is the transmitter, free space isthe transmission medium and the radio is the receiver. Often telecommunicationsystems are two-way with a single device acting as both a transmitter and receiver ortransceiver. For example, a mobile phone is a www.bssskillmission.inWWW.BSSVE.INTelecommunication over a phone line is called point-to-point communicationbecause it is between one transmitter and one receiver. Telecommunication throughradio broadcasts is called broadcast communication because it is between onepowerful transmitter and numerous receivers.2. Analogue or digitalSignals can be either analogue or digital. In an analogue signal, the signal is variedcontinuously with respect to the information. In a digital signal, the information isencoded as a set of discrete values (for example ones and zeros). Duringtransmission the information contained in analogue signals will be degraded bynoise. Conversely, unless the noise exceeds a certain threshold, the informationcontained in digital signals will remain intact. This noise resistance represents a keyadvantage of digital signals over analogue signals.3. NetworksA collection of transmitters, receivers or transceivers that communicate with eachother is known as a network. Digital networks may consist of one or more routersthat route information to the correct user. An analogue network may consist of oneor more switches that establish a connection between two or more users. For bothtypes of network, repeaters may be necessary to amplify or recreate the signal whenit is being transmitted over long distances. This is to combat attenuation that canrender the signal indistinguishable from noise.4. ChannelsA channel is a division in a transmission medium so that it can be used to sendmultiple streams of information. For example, a radio station may broadcast at 96.1MHz while another radio station may broadcast at 94.5 MHz. In this case, themedium has been divided by frequency and each channel has received a separatefrequency to broadcast on. Alternatively, one could allocate each channel a recurringsegment of time over which to broadcastthis is known as time-division multiplexingand is sometimes used in digital www.bssskillmission.inWWW.BSSVE.IN5. ModulationThe shaping of a signal to convey information is known as modulation. Modulationcan be used to represent a digital message as an analogue waveform. This is knownas keying and several keying techniques exist (these include phase-shift keying,frequency-shift keying and amplitude-shift keying). Bluetooth, for example, usesphase-shift keying to exchange information between devices.Modulation can also be used to transmit the information of analogue signals athigher frequencies. This is helpful because low-frequency analogue signals cannotbe effectively transmitted over free space. Hence the information from a low-frequency analogue signal must be superimposed on a higher-frequency signal(known as a carrier wave) before transmission. There are several differentmodulation schemes available to achieve this (two of the most basic being amplitudemodulation and frequency modulation). An example of this process is a DJ's voicebeing superimposed on a 96 MHz carrier wave using frequency modulation (thevoice would then be received on a radio as the channel 96 FM).Topic : Wide Area Networks WansTopic Objective:At the end of this topic students will be able to: Discuss Virtual Private Networks (PVCs) Discuss Other PSDNs Discuss Frame Relay PSDNs Discuss Public Switched Data Networks Discuss Leased Line Networks Discuss WANsDefinition/Overview:Wide Area Network: Wide Area Network (WAN) is a computer network thatcovers a broad area (i.e., any network whose communications links crossmetropolitan, regional, or national boundaries ) www.bssskillmission.inWWW.BSSVE.INKey Points:1. OverviewWide Area Network (WAN) are less formally, a network that uses routers and publiccommunications links .Contrast with personal area networks (PANs), local areanetworks (LANs), campus area networks (CANs), or metropolitan area networks(MANs) which are usually limited to a room, building, campus or specificmetropolitan area (e.g., a city) respectively. The largest and most well-knownexample of a WAN is the Internet.WANs are used to connect LANs and other types of networks together, so that usersand computers in one location can communicate with users and computers in otherlocations. Many WANs are built for one particular organization and are private.Others, built by Internet service providers, provide connections from anorganization's LAN to the Internet. WANs are often built using leased lines. At eachend of the leased line, a router connects to the LAN on one side and a hub within theWAN on the other. Leased lines can be very expensive. Instead of using leasedlines, WANs can also be built using less costly circuit switching or packet switchingmethods. Network protocols including TCP/IP deliver transport and addressingfunctions. Protocols including Packet over SONET/SDH, MPLS, ATM and Framerelay are often used by service providers to deliver the links that are used in WANs.X.25 was an important early WAN protocol, and is often considered to be the"grandfather" of Frame Relay as many of the underlying protocols and functions ofX.25 are still in use today (with upgrades) by Frame Relay.Academic research into wide area networks can be broken down into three areas:Mathematical models, network emulation and network simulation. Performanceimprovements are sometimes delivered via WAFS or WAN Optimization.Transmission rate usually range from 1200 bits/second to 6 Mbit/s, although someconnections such as ATM and Leased lines can reach speeds greater than 156Mbit/s. Typical communication links used in WANs are telephone lines, microwavelinks & satellite channels.Recently with the proliferation of low cost of Internet connectivity many companiesand organizations have turned to VPN to interconnect their networks, creating www.bssskillmission.inWWW.BSSVE.INWAN in that way. Companies such as Cisco, New Edge Networks and Check Pointoffer solutions to create VPN networks.Option: Description Advantages DisadvantagesBandwidth rangeSampleprotocols usedLeasedlinePoint-to-Pointconnectionbetween twocomputersor LocalAreaNetworks(LANs)Most secure Expensive PPP,HDLC,SDLC,HNASCircuitswitchingA dedicatedcircuit pathis createdbetween endpoints. Bestexample isdialupconnectionsLessExpensiveCall Setup 28 Kb/s -144 Kb/sPPP,ISDNPacketswitchingDevicestransportpackets viaa sharedsingle point-to-point orpoint-to-multipointlink across acarrierinternetworkShared mediaacross www.bssskillmission.inWWW.BSSVE.IN. Variablelengthpackets aretransmittedoverPermanentVirtualCircuits(PVC) orSwitchedVirtualCircuits(SVC)CellrelaySimilar topacketswitching,but usesfixed lengthcells insteadof variablelengthpackets.Data isdivided intofixed-lengthcells andthentransportedacrossvirtualcircuitsbest forsimultaneous use ofVoice anddataOverhead canbeconsiderableATMTable 1 : Several options are available for WAN www.bssskillmission.inWWW.BSSVE.IN2. WANs Wide Area Networkso Carry data between different sites, usually within a corporationo High-cost and low-speed lines 128 kbps to a few megabits per secondo Carrierso Purposes Internet access, site-to-site connections, and remote access forIndividualso Technologies Leased line networks, public switched data networks, andvirtual private networks3. Leased Line Networks Leased Lines are Long-Term Circuitso Point-to-Pointo Always Ono High-speeds Device at Each Siteo PBX for leased line voice networkso Router for leased line data networks Pure Hub-and-Spoke, Full Mesh, and Mixed www.bssskillmission.inWWW.BSSVE.IN Many Leased Line Speedso Fractional T1, T1, and bonded T1 dominateo Slowest leased lines run over 2-pair data-grade UTPo Above 3 Mbps, run over optical fibero Below about 3 Mbps, 2-pair data grade UTPo Above 3 Mbps, optical fibero North American Digital Hierarchy, CEPT, and other standards below 50Mbpso SONET/SDH above 50 Mbpso Symmetrical DSL lines with QoS4. Public Switched Data Networks PSDNso Services offered by carrierso Customer does not have to operate or manageo One leased line per site from the site to the nearest POPo By reducing corporate labor, typically cheaper than leased line networkso Service Level Agreementso Virtual circuits5. Frame Relay PSDNs Frame Relayo Most popular www.bssskillmission.inWWW.BSSVE.INo 56 kbps to about 40 Mbpso Access devices, CSU/DSUs, leased access lines, POP ports, virtualcircuits, management Usually POP port speed charges are the biggest cost component Second usually are PVC chargeso Leased line must be fast enough to handle the speeds of all of the PVCsmultiplexed over it6. Other PSDNs ATMo High speed and costo Cell switchingo Low use Metro Etherneto Extending Ethernet to MANso Very attractive speeds and priceso Small but growing rapidly Carrier IP Networkso Essentially, private Internets with QoS and securityo Carriers want to use it to replace Frame Relay7. Virtual Private Networks (PVCs) The Internet is inexpensive and www.bssskillmission.inWWW.BSSVE.INo VPNs add security to transmission over the Internet (or any other untrustednetwork) IPseco The strongest security for VPNso Tunnel mode between sites is inexpensiveo Transport mode between computers is expensive SSL/TLSo First for browser communication with a single webservero SSL/TLS gateways make it a full remote access VPNIn Section 4 of this course you will cover these topics:Tcp/Ip InternetworkingSecurityTopic : Tcp/Ip InternetworkingTopic Objective:At the end of this topic students will be able to: Discuss Layer 3 Switches Discuss Port Numbers and Sockets in TCP and UDP Discuss The User Datagram Protocol (UDP), Transmission Control Protocol (TCP) ,Internet Protocol (IP) and Internet Control Message Protocol (ICMP) Discuss Domain Name System (DNS) Discuss Multiprotocol Label www.bssskillmission.inWWW.BSSVE.IN Discuss Address Resolution Protocol and Dynamic Routing Protocols Discuss Routing Decisions and Routing of Packets Discuss Router Operation Discuss Hierarchical IP Address parts Discuss InternetworkingDefinition/Overview:The Internet evolved from the ARPANET , an early wide-area network developedby the USmilitary for military and academic communication. Amongst the designaims was the ability to provide a scalable internetwork of heterogeneous networks.The result was the TCP/IP-based Internet, which is based on several fundamentalprinciples: Hosts in the Internet are identified by unique (32-bit) addresses assigned by anumber of central authorities. The address consists of a network part and a host part.All hosts on the same network have the same network part to their address, butunique host parts. Clearly, a host which is connected to more than one network(called a multi-homed host) has more than one address. A drawback of this approachis that moving hosts between networks requires their addresses to be changed. Onthe other hand, the approach has numerous advantages that more than compensatefor this. Interconnection among networks is provided by multi-homed hosts called gatewaysor routers (a firewall is a special type of gateway). A gateway relays network trafficbetween two or more networks. These networks may have further gateways,resulting in further relaying. To reduce the amount of information needed bygateways, decisions about where to relay traffic (called routing decisions) are basedon the network part of the destination address; the host part is only used to routetraffic once it reaches the destination network. All networks are treated equally. LANs, WANs and point-to-point links are eachseparate networks and are treated in a uniform fashion.The network protocol used for transferring traffic across the Internet is IP (InternetProtocol), and the 32-bit addresses are known as IP www.bssskillmission.inWWW.BSSVE.INKey Points:1. OverviewThe TCP/IP model is a specification for computer network protocols created in the1970s by DARPA, an agency of the United States Department of Defense. It laid thefoundations for ARPANET, which was the world's first wide area network and apredecessor of the Internet. The TCP/IP Model is sometimes called the InternetReference Model, the DoD Model or the ARPANET Reference Model.The TCP/IP Suite defines a set of rules to enable computers to communicate over anetwork. TCP/IP provides end to end connectivity specifying how data should beformatted, addressed, shipped, routed and delivered to the right destination. Thespecification defines protocols for different types of communication betweencomputers and provides a framework for more detailed standards.TCP/IP is generally described as having four abstraction layers (five if the bottomphysical layer is included). The layer view of TCP/IP is based on the seven-layerOSI Reference Model written after the original TCP/IP specifications, and is notofficially recognized. Regardless, it provides an analogy for understanding theoperation of TCP/IP, and comparison of the models is common.The TCP/IP model and related protocols are currently maintained by the InternetEngineering Task Force (IETF).An early architectural document, RFC 1122, emphasizes architectural principlesover layering. End-to-End Principle: This principle has evolved over time. Its original expressionput the maintenance of state and overall intelligence at the edges, and assumed theInternet that connected the edges retained no state and concentrated on speed andsimplicity. Real-world needs for firewalls, network address translators, web contentcaches and the like have forced changes in this Principle. Robustness Principle: "Be liberal in what you accept, and conservative in what yousend. Software on other hosts may contain deficiencies that make it unwise www.bssskillmission.inWWW.BSSVE.INexploit legal but obscure protocol features".Even when the layers are examined, the assorted architectural documentsthere is nosingle architectural model such as ISO 7498, the OSI reference modelhave fewer,less rigidly defined layers than the commonly referenced OSI model, and thusprovides an easier fit for real-world protocols. In point of fact, one frequentlyreferenced document does not contain a stack of layers. The lack of emphasis onlayering is a strong difference between the IETF and OSI approaches. It only refersto the existence of the "internetworking layer" and generally to "upper layers"; thisdocument was intended as a 1996 "snapshot" of the architecture: "The Internet andits architecture have grown in evolutionary fashion from modest beginnings, ratherthan from a Grand Plan. While this process of evolution is one of the main reasonsfor the technology's success, it nevertheless seems useful to record a snapshot of thecurrent principles of the Internet architecture."No document officially specifies the model, another reason to deemphasize theemphasis on layering. Different names are given to the layers by differentdocuments, and different numbers of layers are shown by different documents.There are versions of this model with four layers and with five layers. RFC 1122 onHost Requirements makes general reference to layering, but refers to many otherarchitectural principles not emphasizing layering. It loosely defines a four-layerversion, with the layers having names, not numbers, as follows: Process Layer or Application Layer: this is where the "higher level" protocols suchas SMTP, FTP, SSH, HTTP, etc. operate. Host-To-Host (Transport) Layer: this is where flow-control and connectionprotocols exist, such as TCP. This layer deals with opening and maintainingconnections, ensuring that packets are in fact received. Internet or Internetworking Layer: this layer defines IP addresses, with many routingschemes for navigating packets from one IP address to another. Network Access Layer: this layer describes both the protocols (i.e., the OSI DataLink Layer) used to mediate access to shared media, and the physical protocols andtechnologies necessary for communications from individual hosts to a medium.The Internet protocol suite (and corresponding protocol stack), and its www.bssskillmission.inWWW.BSSVE.INmodel, were in use before the OSI model was established. Since then, the TCP/IPmodel has been compared with the OSI model numerous times in topics, whichoften results in confusion because the two models use different assumptions,including about the relative importance of strict layering.2. Internetworking Internetworking involves the internet and transport layers Packets are encapsulated in frames in single networks. Transport layer is end-to-end Internet layer is hop-by-hop between routers IP, TCP, and UDP are the heart of TCP/IP internetworking3. Hierarchical IP Address parts Network, subnet, and host parts4. Router Operation Border routers connect networks Internal routers connect subnets We focused on TCP/IP routing, but multiprotocol routing is crucial Router meshes give alternative routes, making routing very expensive5. Routing of Packets Routing tables IP address range governed by a rowusually a route to a network or subnet Metric to help select best matches Next-hop router to be sent the packet nexto Can be a local host on one of the routers subnets Processo Final all possible routes through row www.bssskillmission.inWWW.BSSVE.INo Select by length of match, then metric if tieo Send out to next-hop router in the best-match row6. Detailed Look at Routing Decisions IP address rangeo Destinationo Masko If the masked destination IP address in an arriving packet matches thedestination value, the row is a match Next-Hop Routero Interfaceo Next-hop router or destination host7. Dynamic Routing Protocols Interior dynamic routing protocols within an autonomous systemo RIP, OSPF, EIGRP Exterior dynamic routing protocols between autonomous systemso BGP8. Address Resolution Protocol Router knows the IP address of the next-hop router or destination host Must learn the data link layer address as well9. Multiprotocol Label Switching Routing decisions are based on labels rather than destination IP www.bssskillmission.inWWW.BSSVE.IN Reduces routing costs10. Domain Name System (DNS) General hierarchical naming system for the Internet11. Internet Control Message Protocol (ICMP) General supervisory protocol at the internet layer Error advisements and Pings (echo requests/replies)12. The Internet Protocol (IP) Detailed look at key fields Protocol field lists contents of the data field 32-bit IP addresses IPv4 is the current version IPv6 offers 128-bit IP addresses to allow many more IP addresses to serve the world13. The Transmission Control Protocol (TCP) Sequence and acknowledgement numbers Flag fields that are set or not set Window size field allows flow control Options are common Three-way openings (SYN, SYN/ACK, and ACK) Four-way normal closings (FIN, ACK, FIN, ACK) One-way abrupt closing (RST)14. The User Datagram Protocol (UDP) Simple four-field header15. Port Numbers and Sockets in TCP and UDP Applications get well-known port numbers on servers Connections get ephemeral port numbers on www.bssskillmission.inWWW.BSSVE.IN Socket is an IP address, a colon, and a port number This designates a specific application (or connection) on a specific server (or client)16. Layer 3 Switches Fast, inexpensive, and limited routersTopic : SecurityTopic Objective:At the end of this topic students will be able to: Discuss Cryptographic Systems Discuss Firewalls Discuss Security Management Discuss The Threat Environment Discuss Attributes of a secure network Discuss Comparison with computer securityDefinition/Overview:Network security: Network security consists of the provisions made in anunderlying computer network infrastructure, policies adopted by the networkadministrator to protect the network and the network-accessible resources fromunauthorized access and the effectiveness (or lack) of these measures combinedtogether.Key Points:1. Comparison with computer securitySecuring network infrastructure is like securing possible entry points of attacks on acountry by deploying appropriate defense. Computer security is more like providingmeans to protect a single PC against outside intrusion. The former is better www.bssskillmission.inWWW.BSSVE.INpractical to protect the civilians from getting exposed to the attacks. The preventivemeasures attempt to secure the access to individual computers--the network itself--thereby protecting the computers and other shared resources such as printers,network-attached storage connected by the network. Attacks could be stopped attheir entry points before they spread. As opposed to this, in computer security themeasures taken are focused on securing individual computer hosts. A computer hostwhose security is compromised is likely to infect other hosts connected to apotentially unsecured network. A computer host's security is vulnerable to userswith higher access privileges to those hosts.2. Attributes of a secure networkNetwork security starts from authenticating any user, most likelyan username and apassword. Once authenticated, a state firewall enforces access policies such as whatservices are allowed to be accessed by the network users. Though effective toprevent unauthorized access, this component fails to check potentially harmfulcontents such as computer worms being transmitted over the network. An intrusionprevention system (IPS) helps detect and prevent such malware. IPS also monitorsfor suspicious network traffic for contents, volume and anomalies to protect thenetwork from attacks such as denial of service. Communication between two hostsusing the network could be encrypted to maintain privacy. Individual eventsoccurring on the network could be tracked for audit purposes and for a later highlevel analysis.Honeypots, essentially decoy network-accessible resources, could be deployed in anetwork as surveillance and early-warning tools. Techniques used by the attackersthat attempt to compromise these decoy resources are studied during and after anattack to keep an eye on new exploitation techniques. Such analysis could be used tofurther tighten security of the actual network being protected by the honeypot.3. The Threat Environment Many threats Malware: viruses versus worms, payloads, etc. Social www.bssskillmission.inWWW.BSSVE.IN Spam, credit card theft, identity theft, adware, spyware Human Break-Inso Definition of hackingauthorizationo Scanning phase; the exploito After the Break-in: deleting log files, backdoors, damage at leisure Human attackso Denial-of-Service (DoS) Attack with zombieso Bots Traditional attackerso Hackers, virus writers, script kiddieso Disgruntled employees and ex-employees Criminal attackers now dominate on the Internet Cybercrime and cyberwar4. Security Management Security is a management issue, not a technical issue Comprehensive security and centralized management Defense in depth Enumerating and prioritizing assetso Asset control plans: authentication, authorization, and auditing Authenticationo Applicant and verifier Central authentication server for www.bssskillmission.inWWW.BSSVE.INo Password authentication Poor password discipline is common Passwords need to be long and complexo Biometrics Fingerprint, iris, face, etc. Error rates and deceptiono Digital certificate authentication Public key / private key pairs, digital certificates The strongest form of authentication Need both an applicant calculation and a digital certificate forauthorization5. Firewalls Filter, drop, or pass incoming and outgoing packets Stateful inspection firewallso Default rules for connection-opening attemptso ACLs to modify the default ruleso Other packetsaccept if part of connection Firewalls, IDSs and IPSs IPSs have the strongest filtering www.bssskillmission.inWWW.BSSVE.IN6. Cryptographic Systems To protect streams of messages Initial authentication Message-by-message protections: encryption for confidentiality, digital signature forauthentication and message integrity Symmetric key encryption Public key encryptiono Hardening Clients and Serverso Vulnerability Testingo Incident Response Detecting the attack, stopping the attack, repairing the damage,punishing the attacker Major attacks and CSIRTs Disasters and disaster recoveryIn Section 5 of this course you will cover these topics:Network ManagementNetworked ApplicationsTopic : Network ManagementTopic Objective:At the end of this topic students will be able to: Discuss Network www.bssskillmission.inWWW.BSSVE.IN Discuss IP Subnetting Discuss Directory Servers Discuss Configuring Routers Discuss Network Management Utilities Discuss Simple Network Management Protocol (SNMP) Discuss Traffic ManagementDefinition/Overview:Network management: Network management refers to the activities, methods,procedures, and tools that pertain to the operation, administration, maintenance, andprovisioning of networked systems.Key Points:1. OverviewFunctions that are performed as part of network management accordingly includecontrolling, planning, allocating, deploying, coordinating, and monitoring theresources of a network, network planning, frequency allocation, predeterminedtraffic routing to support load balancing, cryptographic key distributionauthorization, configuration management, fault management, security management,performance management, bandwidth management, and accounting management.A large number of access methods exist to support network and network devicemanagement. Access methods include the SNMP, Command Line Interfaces (CLIs),custom XML, CMIP, Windows Management Instrumentation (WMI), TransactionLanguage 1, CORBA, netconf, and the Java Management Extensions - JMX.Schemas include the WBEM and the Common Information Model amongst others.Data for network management is collected through several mechanisms, includingagents installed on infrastructure, synthetic monitoring that simulates transactions,logs of activity, sniffers and real user monitoring. In the past network managementmainly consisted of monitoring whether devices were up or down; todayperformance management has become a crucial part of the IT team's role www.bssskillmission.inWWW.BSSVE.INbrings about a host of challenges -- especially for global organizations. Operation deals with keeping the network (and the services that the networkprovides) up and running smoothly. It includes monitoring the network to spotproblems as soon as possible, ideally before users are affected. Administration deals with keeping track of resources in the network and how theyare assigned. It includes all the "housekeeping" that is necessary to keep the networkunder control. Maintenance is concerned with performing repairs and upgrades - for example,when equipment must be replaced, when a router needs a patch for an operatingsystem image, when a new switch is added to a network. Maintenance also involvescorrective and preventive measures to make the managed network run "better", suchas adjusting device configuration parameters. Provisioning is concerned with configuring resources in the network to support agiven service. For example, this might include setting up the network so that a newcustomer can receive voice service.2. Network Simulation Study before you install equipment There is a process to follow What Is versus What If3. IP Subnetting Must balance number of subnets with number of hosts per subnet A part with N bits can support 2N-2 subnets or hosts4. Directory Servers Centralized storage of information Hierarchical organization LDAP is the protocol for data www.bssskillmission.inWWW.BSSVE.IN5. Configuring Routers Cisco IOS command line interface (CLI) Worked through a simple example6. Network Management Utilities Diagnose a network connection for a client PC7. Simple Network Management Protocol (SNMP) Protocol for managing network devices remotely Manager, managed device, agent, RMON probe Management information base (MIB) SNMP messages: commands and responses, traps8. Traffic Management Overprovisioning Priority QoS reservations Traffic shaping: prevent congestion from occurringTopic : Networked ApplicationsTopic Objective:At the end of this topic students will be able to: Discuss Application Architectures Discuss E-Mail Discuss HTTP and www.bssskillmission.inWWW.BSSVE.IN Discuss E-Commerce Discuss Software as a Service (SAS)Definition/Overview:Network applications: Network applications are simply the things networks areused for.Key Points:1. OverviewThere are many ways we can classify and talk about network applications, forexample: Who created the application content? Is the content created by users, a companyrunning a Web site, a third party? Who creates the content on MySpace? Whocreates the content on Amazon? An increasing proportion of Internet content iscreated by users. How much did it cost to create and deliver the content? An email is nearly free. Astudio movie or recording is quite expensive. The Internet is disrupting manyindustries by bringing the cost of content creation and delivery down rapidly. Who was the application intended for? The general public? A small group with acommon interest? An individual? What was the content creator's goal? To sell something? To teach? To persuade? How is the application paid for? Subscription? One time sales? Advertising? Is the application on the public Internet or a restricted-access intranet or extranet? www.bssskillmission.inWWW.BSSVE.INType Definition ExampleInternet a global, public TCP/IP network used byover a billion peopleSending email to a friendIntranet a TCP/IP network with access restrictedto members or employees of a singleorganizationAccessing your record inthe employee personnelfileExtranet a TCP/IP network with access restrictedto members or employees of a two ormore organizationsChecking availability ofinventory from an outsidesupplierTable 1: Client-Server Applications That Use The TCP/IPCommunicationProtocols2. Application Architectures Terminal-host Client/servero File server program accesso Client/server processing with request/response cycle Peer-to-peer (P2P) Evolution of architectures driven by growing desktop computer power3. E-Mail Sending: Simple Mail Transfer Protocol (SNMP) Retrieving: POP and IMAP Document format standards: RFC 822/2822, HTML, and UNICODE Viruses, worms, and Trojan horseso Where to do antivirus filtering? www.bssskillmission.inWWW.BSSVE.IN4. HTTP and HTML Webpages consist of an HTML document and multiple graphics, etc. files Message transfer: HTTPo Multiple downloads for the multiple files in a webpage MIME5. E-Commerce E-Commerce : webservice with additional functionality Webserver interacts with customer browser Application server interacts with back-end databases, passes webified response tothe webserver for delivery to the customer DMZ and SSL/TLS security6. Software as a Service (SAS) Regular webservice: retrieve stored files SAS: use HTTP and extended HTML to handle program-to-program interactions ondifferent machines SOAP request message passes parameters to a service object on another machine SOAP response message brings the reply SOAP messages are written in www.bssskillmission.inWWW.BSSVE.IN


View more >