Network : A colloection of devices which is used the resources for data sharing or data exchange
Protocol :- Predefined set of rules to communicate. (IP , HTTP)Network Applications
- Email
- Collaboration
- Messaging
- Web Browsing
- Databse applications
- Network Characteristics
- Speed = Data Rate
- Availability = Likelihood network is avialable
- Scalability= How well network can scale
- Topology= Physical components of network like cable, switches, router
Network
Security (Type of Attacks)
Passive
attack :- Sniffing
aata like capturing password on the wire or wireless Active
attack :- Actively
try to invade security , adding malicious code Inside
attack:- Attack
from authorised users Close
in Attack :- Attack
with in close physical proximityDistribution:-
Attack
launched during distribution phase of any hardware of software.
Access
Attack
- Password Attack
- Trust Exploitation
- Port Redirection
- Man-in-the Middle
- Buffer Overflow.
Application
Layer Attack
- Exploiting well known weekness in the software
- Trojon programms that loggs the key.
- Password stealing
- Java or activeX codes that work maliciously
Managament
/ Monitoring Protocols
- Telent (but information is sent in Plain txt)
- SSH (secure encrypted communication)
- Secure Socket Layer (SSL)
- Monitoring Protocols (SNMP, syslog, NTP, TFTP)
OSI
Reference Model
All
People
Seem
To
Need
Data
Processing (sentence to remember osi layer)
TCP
UDP = Transport
Layer (4TH LAYER)
Router,
ICMP, IGMP, IP = Network
Layer
802.3
802.2 Framerelay, HDLC = Data
Link Layer
PDU
PDU
Data
= Application Layer
Segment
=
Transport Layer
Packet
= Network Layer
Frames
=
Data Link Layer
Bits
= Physical Layer
TCP
Connection Orieneted (More overheads, Confrmation of delivery)
IP,
UDP Connection Less (best effort, no recovery of lost packet)
CLASS of IP Address
CLASS A: 1.0.0.0 to 126.0.0.0
Class
B: 128.0.0.0
to 191.255.0.0.
Class
C: 192.0.0.0
to 223.255.255.0.
Class
D: 224–239
Class
E: 240
- 255
RFC 1918 Private IP Address Range
172.16.0.0
to 172.31.255.255
192.168.0.0
to 192.168.255.255
IPV6
16
Octet
128
Bits
A524:72D3:2C80:DD02:0029:EC7A:002B:EA73
TCP
Header (Details)
URG:
Urgent Pointer field significant
ACK:
Acknowledgment field significant
PSH:
Push Function application need data to be pushed immediately
RST:
Reset the connection
SYN:
Synchronize sequence numbers
FIN:
No more data from sender
PORTS
- 0 to 1023 - Well known ports
- 1024 to 49151 are registered ports
- 49152–65535 are unregistered
TCP/IP
Applications
FTP
=
TCP based File transfer (TCP
21 Port)
TFTP=
UDP based used to transfer Cisco IOS or configuration (UDP
69 Port)
Telnet=
Terminal Emuletion Command line (TCP
23
SMTP=
Email delivery (TCP
25)
SNMP=
Network Manamgement Protocol. (UDP
161)
DHCP=
Assign IP address automatically
DNS=
Name to IP resolution (Both
TCP, UDP 53)
TCP 3 Way HandShake
LAN
Traffic Types
- Unicast (one to one communication)
- Broadcast (one to any Communication)
- Multicast (from one to Subnet of users)
Address
Translation
Inside
local address =IP
address assigned to a host on the inside networkInside
global address= A
public IP address assigned by the ISP that represents one or more
inside local IP addresses to the outside world.Outside
global address = IP
address assigned to a host on the outside networkOutside
local address = IP
address of an outside host as it appears to the inside
When
a host on an Ethernet LAN has information to send, the following
steps are taken:1.
A device with a frame to send listens until Ethernet is not busy
CSMA/CD.
2. When the Ethernet is not busy, the sender begins sending the frame.
3. The sender listens to make sure that no collision occurred.
4. Once the senders hear the collision, they each send a jamming signal, to ensure that all
stations recognize the collision.
5. After the jamming is complete, each sender randomizes a timer and waits that long.
6. When each timer expires, the process starts over with step 1.
2. When the Ethernet is not busy, the sender begins sending the frame.
3. The sender listens to make sure that no collision occurred.
4. Once the senders hear the collision, they each send a jamming signal, to ensure that all
stations recognize the collision.
5. After the jamming is complete, each sender randomizes a timer and waits that long.
6. When each timer expires, the process starts over with step 1.
MAC
Address
- Layer 2 address (48 bits)
- Hexa Decimal Formate
- 48 Bits = 24 bits of Vandor ID + 24 bits of Unique ID (OUI ID)
Wireless
IEEE
802.11a: 54 Mbps in the 5.7 GHz ISM band
IEEE 802.11b: 11 Mbps in the 2.4 GHz ISM band
IEEE 802.11g: 54 Mbps in the 2.4 GHz ISM band
IEEE 802.11n: 300 +Mbps in the 2.4 and 5GHz ISM band Wireless Security
IEEE 802.11b: 11 Mbps in the 2.4 GHz ISM band
IEEE 802.11g: 54 Mbps in the 2.4 GHz ISM band
IEEE 802.11n: 300 +Mbps in the 2.4 and 5GHz ISM band Wireless Security
- WEP (Basic Enryption , not good)
- 802.1x EAP (Use dynamic Keys, User authentication)
- WPA WiFi Protected access
- WPA2 (Most Strongest uses AES for Encryption)
Keypoints
- Switches increases the number of collisions domains in the network
- Switches are multiport bridges that allow you to create multiple broadcast domains
- Switches and bridges work on L2
- Primary functions of a router are: Packet Switching and Path Selection
- A straight-through cable is used to connect two different devices
- Layer 4 functions are error recovery and flow control
- Transport layer provides reliable networking via acknowledgments, sequencing,
and flow control. - HTTPS is the secured version of the HTTP application, which normally uses 128 bit SSL
encryption to secure the information uses port 443 - VOIP systems utilize UDP because it is faster and uses less overhead
- Spanning-Tree Protocol (STP) is a Layer 2 protocol
- STP is used to avoid switching loops
- CDP is a device discovery protocol that runs over Layer 2
- Crossover cable is used to connect two of the same device types
- 100BaseT (UTP, STP) has a distance restriction of 100 meter or 328 Feet
- IEEE 802.3z standard describes 1000BASE-SX (Gigabit Ethernet)
- Switches forward broadcast but routers do not forward broadcasts (by default)
- RIPv2 carries subnet mask information allowing for VLSM
- For point to point Link /30 IP address is used.
- Network Address Translation (NAT) can be used to hide the private IP addressing
- NVRAM-Nonvolatile RAM stores the initial or startup configuration file.
- 0x2102, is the normal config-register
No comments:
Post a Comment
If you have any doubt please let me know.