N

Thursday, September 06, 2012
8:32:58 a9/p9
1) Definition for Network and Networking?
A. B.
Network. Networking.
2) Types of networks.
A. PAN. B. LAN. C. MAN. D. WAM.
3) Network Devices.
A. B.
C.
Hub. Switch. Router Repeater. Network Interface Card (NIC). Wireless Access Point (AP). Firewall. Proxy Server. Load Balances.
D. E. F. G. H.
I.
4) Requirements of Networking.
A. NIC. B. Media.
i) Wire
Page 1
8:32:58 a9/p9
ii) Wireless
C. Topology.
i) Bus. ii) Ring. iii) Mesh. iv) Stare. v) Point to point. vi) Point to multipoint. vii) Hybrid. viii) C
D. Protocol.
i) 5 Layers Model. ii) 7 Layers Model.
E. IP Addressing.
5) Wireless Technologies.
i) Wireless Access Points. ii) Wireless Network Interface Card. iii) Wireless Antennas.
6) Authentications & Access Control. A. Access Control.
i) Access Control Lists.

Page 2
8:32:58 a9/p9
ii) Tunneling. iii) Virtual Private Network (VPN). iv) IPSec. v) Public Key Encryption (PKE).
B. Authentications.
i)
Public Key Infrastructure (PKI).
7) Network Threats & Mitigation.
A. Network Threats.
i) Denial of Service (DOS). ii) Viruses.
File Viruses. Macro Viruses. Boot-sector Viruses. Multipartite Viruses. Worms. IP Spoofing. Backdoors. Password Attacks. Brute-Force Attacks. Man-in-the-middle Attacks. Rogue Access Points.
B. Mitigation.
Page 3
8:32:58 a9/p9
i) Active Detection. ii) Passive Detection. iii) Security Policies. iv) Breaking Policy. v) Security Procedures. vi) Automatic Updates through Windows Update. vii) Updating Antivirus Components. viii) Scanning for Viruses.
ix) Fixing an infected Computer.
8) Physical & Hardware Security.
9) Command Line Tools.
i) Traceroute. ii) Ipconfig. iii) Ifconfig. iv) Ping. v) Arp Ping. vi) Arp. vii) Nslookup. viii) Hostname.
ix) Dig. x) Mtr. xi) Route. xii) Nbstat. xiii) Netstat.
10) Software & Hardware Tools.

Page 4
8:32:58 a9/p9
A. Software Tools.
i) Packet Sniffers. ii) IDS / IPS. iii) Prot Scanners.
B. Hardware Tools. i) Cable Testers. ii) Toner Probe. iii) Cable Stripper / Snips.
11) Network Trouble shooting.
i) Troubleshooting Steps.
ii) Troubleshooting Tips.
12) Management, Monitoring & Optimization.
Page 5
8:32:58 a9/p9
Page 6
8:32:58 a9/p9
1) Definition for Network and Networking?
A. Network.
Inter connection between 2 or more devices (computers, hub, switch, etc).
B. Networking.
Connecting between the devices (computer, hub, switch, etc).
Page 7
8:32:58 a9/p9
2) Types of networks.
A. Personal Area Network.
A personal area network (PAN) is the interconnection of information technology devices within the range of an individual person, typically within a range of 10 meters. For example, a person traveling with a laptop, a personal digital assistant (PDA), and a portable printer could interconnect them without having to plug anything in, using some form of wireless technology. Typically, this kind of personal area network could also be interconnected without wires to the Internet or other networks.
B. Local Area Network.
Page 8
8:32:58 a9/p9
LAN is a group of computers and associated devices that share a common communications line or wireless link. Typically, connected devices share the resources of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that are shared in common by multiple computer users. A local area network may serve as few as two or three users (for example, in a home network) or as many as thousands of users (for example, in an FDDI network).
C. Metropolitan Area Network.
MAN is a computer network that usually spans a city or a large campus. A MAN usually interconnects a number of local area networks (LANs) using a high-capacity backbone technology, such as fiber-optical links, and provides up-link services to wide area networks (or WAN) and the Internet.
Page 9
8:32:58 a9/p9
D. Wide Area Network.
WAN is a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the inclusion of public (shared user) networks. An intermediate form of network in terms of geography is a metropolitan area network (MAN).
3. Network Devices.
A.
Hub.
HUB is a device which we connect 2 or more systems by using stare topology. Hubs are the layer 1 devices while switches and routers are layer 2 and layer 3 devices respectively. All kinds of hubs have some
Page 10
8:32:58 a9/p9
common features that are determined primarily by the types of cabling attached to the system. Usually, it could be regarded as a network device that works within the standard parameters of the specific network that it actually is working within.
B.
Switch.
Switch is also a connecting devices as like a HUB but it main tens index file like a IP add, Mach Add, states and its recognize connected systems. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (layer 3) and above are often referred to as layer-3 switches or multilayer switches. The first Ethernet switch was introduced by Kaplan in 1990.
C.
Router
It is a gate way, it connects or acts as a midterm for the two or more networks. A router has two stages of operation called planes:
Control plane: A router records a routing table listing what route should be used to forward a data
packet, and through which physical interface connection. It does these using internal pre-configured addresses, called static routes.
Page 11
8:32:58 a9/p9
A typical home or small office router showing the ADSL telephone line and Ethernet network cable connections
Forwarding plane: The router forwards data packets between incoming and outgoing interface
connections. It routes it to the correct network type using information that the packet header contains. It uses data recorded in the routing table control plane.
D.
Repeater.
In digital communication systems, a repeater is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium. In electromagnetic media, repeaters overcome the attenuation caused by free-space electromagnetic-field divergence or cable loss. A series of repeaters make possible the extension of a signal over a distance. Repeaters remove the unwanted noise in an incoming signal. Unlike an analog signal, the original digital signal, even if weak or distorted, can be clearly perceived and restored. With analog transmission, signals are restrengthened with amplifiers which unfortunately also amplify noise as well as information.
Page 12
8:32:58 a9/p9
Because digital signals depend on the presence or absence of voltage, they tend to dissipate more quickly than analog signals and need more frequent repeating. Whereas analog signal amplifiers are spaced at 18,000 meter intervals, digital signal repeaters are typically placed at 2,000 to 6,000 meter intervals.
E.
Network Interface Card (NIC).
A NIC is a computer circuit board or card that is installed in a computer so that it can be connected to a network. Personal computers and workstations on a local area network (LAN) typically contain a network interface card specifically designed for the LAN transmission technology, such as Ethernet or token ring. Network interface cards provide a dedicated, full-time connection to a network. Most home and portable computers connect to the Internet through as-needed dial-up connection. The modem provides the connection interface to the Internet service provider.
Definition: Media Access Control (MAC) technology provides unique identification and access control for computers on an Internet Protocol (IP) network. In wireless networking, MAC is the radio control protocol on the wireless network adapter. Media Access Control works at the lower sublayer of the data link layer (Layer 2) of the OSI model. The IEEE 802.3 Ethernet and 802.5 token ring protocols specify that the MAC sub-layer must supply a 48-bit (6 byte) address. The MAC address is most frequently represented as 12hexadecimal digits.
F.
Wireless Access Point (AP).
Page 13
8:32:58 a9/p9
Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals. Access points used in home or small business networks are generally small, dedicated hardware devices featuring a built-in network adapter, antenna, and radio transmitter. Access points support Wi-Fi wireless communication standards.
Although very small WLANs can function without access points in so-called "ad hoc" or peer-to-peer mode, access points support "infrastructure" mode. This mode bridges WLANs with a wired Ethernet LAN and also scales the network to support more clients. Older and base model access points allowed a maximum of only 10 or 20 clients; many newer access points support up to 255 clients. G. Firewall.
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates.
Page 14
8:32:58 a9/p9
A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface for controlling the firewall. Computer security borrows this term from firefighting, where it originated. In firefighting, a firewall is a barrier established to prevent the spread of fire.
The difference between a Firewall and Anti-Virus Scanner and best one for your computer click this link: Firewall / Anti-Virus.
H.
Proxy Server.
In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.
Page 15
8:32:58 a9/p9
To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.) An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging. The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.
I.
Load Balances.
Page 16
8:32:58 a9/p9
Network Load Balancing Services (NLBS) is a Microsoft implementation of clustering and load balancing that is intended to provide high availability and high reliability, as well as high scalability. NLBS is intended for applications with relatively small data sets that rarely change (one example would be web pages), and do not have long-running-in-memory states. These types of applications are called stateless applications, and typically include Web, File Transfer Protocol (FTP), and virtual private networking (VPN) servers. Every client request to a stateless application is a separate transaction, so it is possible to distribute the requests among multiple servers to balance the load. One attractive feature of NLBS is that all servers in a cluster monitor each other with a heartbeat signal, so there is no single point of failure.
Page 17
8:32:58 a9/p9
Page 18
8:32:58 a9/p9
4. Requirements of Networking.
A.
NIC.
U can learn this thing in upper Network Devices Part.
B.
Media.
In the networked world, networking media might be some sort of physical cable, or it might be electromagnetic radiation (in the case of wireless networking).
C.
Topology.
In communication networks, a topology is a usually schematic description of the arrangement of a network, including its nodes and connecting lines. There are two ways of defining network geometry: the physical topology and the logical (or signal) topology. The physical topology of a network is the actual geometric layout of workstations. There are i) Bus. A bus network uses a multi-drop transmission medium, all node on the network share a common bus and thus share communication. This allows only one device to transmit at a time. A distributed access protocol determines which station is to transmit. Data frames contain source and destination addresses, where each station monitors the bus and copies frames addressed to it.
A bus topology connects each computer (nodes) to a single segment trunk (a communication line, typically coax cable that is referred to as the 'bus'. The signal travels from one end of the bus to the other. A
Page 19
8:32:58 a9/p9
terminator is required at each to absorb the signal so as it does not reflect back across the bus. A media access method called CSMA/MA is used to handle the collision that occurs when two signals placed on the wire at the same time. The bus topology is passive. In other words, the computers on the bus simply 'listen' for a signal; they are not responsible for moving the signal along. Advantages: Good compromise over the other two topologies as it allows relatively high rate of data transition. Well suited for temporary networks that must be set up in a hurry. Easy to implement and extend. Disadvantage: Does not cope well with heavy traffic rates Difficult to administer/troubleshoot. Limited cable length and number of stations. A cable brake can disable the entire network; no redundancy. Maintenance cost may be higher in the long run. Performance degrades as additional computers are added.
ii) Ring.
A ring topology is a network topology or circuit arrangement in which each network device is attached along the same signal path to two other devices, forming a path in the shape of a ring. Each device in the network that is also referred to as node handles every message that flows through the ring. Each node in the ring has a unique address. Since in a ring topology there is only one pathway between any two nodes, ring networks are generally disrupted by the failure of a single link.
The redundant topologies are used to eliminate network downtime caused by a single point of failure. All networks need redundancy for enhanced reliability. Network reliability is achieved through reliable equipment and network designs that are tolerant to failures and faults. The FDDI networks overcome the disruption in the network by sending data on a clockwise and a counterclockwise ring. In case there is a break in data flow, the
Page 20
8:32:58 a9/p9
data is wrapped back onto the complementary ring before it reaches the end of the cable thereby maintaining a path to every node within the complementary ring. The most well known example of a ring topology is Token Ring. Advantages An orderly network where every device has access to the token and the opportunity to transmit Under heavy network load performs better than a start topology. To manage the connectivity between the computers it doesnt need network server. Disadvantages One malfunctioning workstation can throw away the entire network. Moves, ads and changes of devices can affect the entire network. It is slower than an Ethernet network. iii) Mesh.
In a mesh network topology, each of the network node, computer and other devices, are interconnected with one another. Every node not only sends its own signals but also relays data from other nodes. In fact a true mesh topology is the one where every node is connected to every other node in the network. This type of topology is very expensive as there are many redundant connections, thus it is not mostly used in computer networks. It is commonly used in wireless networks. Flooding or routing technique is used in mesh topology. Types of Mesh Network topologies:-
1) Full Mesh Topology:-
In this, like a true mesh, each component is connected to every other component. Even after considering the redundancy factor and cost of this network, its main advantage is that the network traffic can be redirected to other nodes if one of the nodes goes down. Full mesh topology is used only for backbone networks.
2) Partial Mesh Topology:This is far more practical as compared to full mesh topology. Here, some of the systems are connected in similar fashion as in mesh topology while rests of the systems are only connected to 1 or 2 devices. It can be said that in partial mesh, the workstations are indirectly connected to other devices. This one is less costly and also reduces redundancy.
Page 21
8:32:58 a9/p9
Advantages Data can be transmitted from different devices simultaneously. This topology can withstand high traffic. Even if one of the components fails there is always an alternative present. So data transfer doesnt get affected.
Expansion and modification in topology can be done without disrupting other nodes.
Disadvantages There are high chances of redundancy in many of the network connections.
Overall cost of this network is way too high as compared to other network topologies.
Set-up and maintenance of this topology is very difficult. Even administration of the network is tough.
iv) Stare.
Star Topology is the most common type of network topology that is used in homes and offices. In the Star Topology there is a central connection point called the hub which is a computer hub or sometimes just a switch. In a Star Network the best advantage is when there is a failure in cable then only one computer might get affected and not the entire network.
The Star Network Topology typically needs more cable to be networked than the usual Bus topology. A common cable that is used in Star Network is the UTP or the unshielded twisted pair cable. Another common cable that is used in star networks is the RJ45 or the Ethernet cables. In a Star Network the entire network is dependent on the hub so if the entire network is not working then there could be a problem with the hub. This feature makes it easy to troubleshoot by offering a single point for error connection ad at the same time the dependency is also very high on that single point.
Page 22
8:32:58 a9/p9
Advantages
A Star Network Topology is very easy to manage because of its simplicity in functionality. The problems can be easily located logically in a Star Topology and therefore is easy to troubleshoot also. The Star Topology is very simple in format so it is very easy to expand on the Star Topology.
Disadvantages
The Star Topology is fully dependant on the hub and the entire working of the network depends on the hub or the switch. If there are many nodes and the cable is long then the network may slow down.
v) Point to point.
Point-to-point topology is simplest and most straightforward. You must picture them as a chain of devices and another name for this type of connectivity is called daisy chaining. Most computers can daisy chain a series of serial devices from one of its serial ports. Network of routers are often configured as point-to point topologies.
vi) Point to multipoint.
This is not quite the same as a hub and spoke configuration. In a hub and spoke topology, all transmissions from all devices pass through the hub--the hub broadcasts all communication from any single device to all other devices connected to it. In a multipoint topology the hub can send to one or more systems based on an address. Frame Relay is the most common technology to implement this scheme, and it is typically used as a WAN technology. All the
Page 23
8:32:58 a9/p9
remote connection points are connected to a single Frame switch or router port, and communication between sites is managed by that central point. In hub and spoke, all spokes or only one spoke hears a given transmission. In point to multipoint, any number of remote stations can be accessed.
vii) Hybrid.
Hybrid networks use a combination of any two or more topologies in such a way that the resulting network does not exhibit one of the standard topologies (e.g., bus, star, ring, etc.). A hybrid topology is always produced when two different basic network topologies are connected.
Advantages It provides a better result by it. It can be designed in many ways for various purposes. Disadvantages It is costly. Difficult to identify the problem if the entire network shuts down. Viii) Daisy Chain
Page 24
8:32:59 a9/p9
Daisy chain may refer to a daisy garland created from daisy flowers, the original meaning and the one from which the following derive by analogy:
Daisy chain (electrical engineering) Daisy chain (information technology) Daisy chain (network topology) "Daisy Chain", a song by Pop Evil on the War of Angels album about group sex Daisy chain (climbing), a type of strap Daisy Chain (Record Label), a subsidiary of Almighty Records Daisy chain transplant, row of kidney transplants involving one matched donor, and an unmatched relative who donates in turn to a recipient who is a match Chain sinned, a series of knots for shortening a cable Daisy chaining DNA, a process resulting in concatenated next generation sequencing libraries The Daisy Chain (historical novel)
Logical (or signal) topology refers to the nature of the paths the signals follow from node to node.
In many instances, the logical topology is the same as the physical topology. But this is not always the case. For example, some networks are physically laid out in a star configuration, but they operate logically as bus or ring networks.
Topology Selection, Backbone and Segments Selection Each topology has its advantages and drawbacks. The process of selecting a topology can be much like buying a pair of shoes. Its a matter of finding something that fits, feels right, and is within your budget.
Page 25
8:32:59 a9/p9
Instead of asking what your shoe size is, ask questions such as, how much fault tolerance is necessary. And how often will I need to reconfigure the network? Creating a simple network for a handful of computers in a single room is usually done most efficiently by using a wireless access point and wireless network cards because they are simple and easy to install and dont require the running of cables. Larger environments are usually wired in a star because moves, ads, and changes to the network are performed more efficiently with a physical star than with any of the other topologies. If you need uptime to the definition of fault resistant (that is, 99.9-percent uptime or less than 8 hours total downtime per year), you should seriously consider a partial mesh layout. While you are thinking about how fault tolerant a full mesh network is, let the word maintenance enter your thoughts. Remember that you will have n(n1)/2 connections to maintain in a full mesh configuration and a subset of that for a partial mesh, which will quickly become a nightmare and could exceed your maintenance budget. Generally speaking, you should balance the following considerations when choosing a physical topology for your network: Backbone and Segments Backbone A backbone is the part of the network to which all segments and servers connect. A backbone provides the structure for a network and is considered the main part of any network. It usually uses a high-speed communications technology of some kind, such as Fiber Distributed Data Interface (FDDI) or 1 or 10 Gigabit Ethernet. All servers and all network segments typically connect directly to the backbone so that any segment is only one segment away from any server on that backbone. Because all segments are close to the servers, the network is more efficient. Segments Segment is a general term for any short section of the network that is not part of the backbone. Just as servers connect to the backbone, workstations connect to segments. Segments are connected to the backbone to allow the workstations on them access to the rest of the network. Cost Ease of installation Ease of maintenance Cable fault tolerance
D.
Protocol.
Page 26
8:32:59 a9/p9
In information technology, a protocol is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection. For example, there are protocols for the data interchange at the hardware device level and protocols for data interchange at the application program level. In the standard model known as Open Systems Interconnection (OSI), there are one or more protocols at each layer in the telecommunication exchange that both ends of the exchange must recognize and observe. Protocols are often described in an industry or international standard. The TCP/IP Internet protocols, a common example, consist of: Transmission Control Protocol (TCP), which uses a set of rules to exchange messages with other Internet points at the information packet level Internet Protocol (IP), which uses a set of rules to send and receive messages at the Internet address level Additional protocols that include the Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP), each with defined sets of rules to use with corresponding programs elsewhere on the Internet There are many other Internet protocols, such as the Border Gateway Protocol (BGP) and the Dynamic Host Configuration Protocol (DHCP).
i) 5 Layers Model.
The 5-layer model serves primarily the protocols known as Transmission Control Protocol (TCP) and Internet Protocol (IP), or jointly, TCP/IP. The User Datagram Protocol (UDP) is also served by this model. The 5-layer model was developed along with these protocols, antedating the 7-layer model, and is sometimes called the TCP Model. The layers in the 5-layer model are: Layer 5 4 Name Process & Applications Transport Function Provide applications services to users and programs
Handles data-consistency functions, i.e., provides a reliable byte stream between two nodes on a network. TCP and UDP work at this level. Provides network addressing and routing, and does so in such a way as Internet (sometimes also to provide a common address space across multiple lower-level 3 called the Network protocols. This makes possible the interconnection of networks that Layer) characterizes the Internet. The IP protocol operates at this level. Network (sometimes This layer contains whatever IP will run over, e.g., Ethernet, token-ring, 2 called the Data Link and Fiber Distributed Digital Interface (FDDI) networks. Individual Layer) network protocols, e.g., Ethernet, work at this level. Not really part of the model, since TCP and IP, as protocols, deal with 1 Physical software rather than hardware. This layer is generally thought of as referring to all hardware under the Network Layer. It is easy to see that the 5-layer model was developed primarily empirically, as people gained experience with the actual problems of working with inter-computer connections and with the solutions to those problems.
Page 27
8:32:59 a9/p9
ii) 7 Layers Model.
The BRM for OSI consists of 7 layers of protocols, i.e., of 7 different areas in which the protocols operate. In principle, the areas are distinct and of increasing generality; in practice, the boundaries between the layers are not always sharp. The model draws a clear distinction between a service, something that an application program or a higher-level protocol uses, and the protocols themselves, which are sets of rules for providing services. Here are the seven layers in the Basic Reference Model for Open Systems Interconnection:
Application Layer In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible. The application layer is not the application itself that is doing the communication. It is a service layer that provides these services: Makes sure that the other party is identified and can be reached If appropriate, authenticates either the message sender or receiver or both Makes sure that necessary communication resources exist (for example, is there a modem in the sender's computer?) Ensures agreement at both ends about error recovery procedures, data integrity, and privacy Determines protocol and data syntax rules at the application level
It may be convenient to think of the application layer as the high-level set-up services for the application program or an interactive user.
Protocols that operate on this layer include: TELNET, HTTP, FTP, TFTP, SMTP, NTP, SNMP and EDI.
Page 28
8:32:59 a9/p9
Presentation Layer In the Open Systems Interconnection (OSI) communications model, the presentation layer ensures that the communications passing through are in the appropriate form for the recipient. For example, a presentation layer program may format a file transfer request inbinary code to ensure a successful file transfer. Programs in the presentation layer address three aspects of presentation:

Data formats - for example, Postscript, ASCII, or binary formats Compatibility with the host operating system Encapsulation of data into message "envelopes" for transmission through the network
An example of a program that generally adheres to the presentation layer of OSI is the program that manages the Web's Hypertext Transfer Protocol (HTTP). This program, sometimes called the HTTP daemon, usually comes included as part of an operating system. It forwards user requests passed to the Web browser on to a Web server elsewhere in the network. It receives a message back from the Web server that includes a Multi-Purpose Internet Mail Extensions (MIME) header. The MIME header indicates the kind of file (text, video, audio, and so forth) that has been received so that an appropriate player utility can be used to present the file to the user. Specifications defined at this layer include: GIF, TIFF, JPEG, MPEG, MIME and ASCII.
Session Layer In the Open Systems Interconnection (OSI) communications model, the Session layer (sometimes called the "port layer") manages the setting up and taking down of the association between two communicating end points that is called a connection. A connection is maintained while the two end points are communicating back and forth in a conversation or session of some duration. Some connections and sessions last only long enough to send a message in one direction. However, other sessions may last longer, usually with one or both of the communicating parties able to terminate it. For Internet applications, each session is related to a particular port, a number that is associated with a particular upper layer application. For example, the HTTP program or daemon always has port number 80. The port numbers associated with the main Internet applications are referred to as well-known port numbers. Most port numbers, however, are available for dynamic assignment to other applications.
Page 29
8:32:59 a9/p9
Protocols/ APIs that operate on this layer include: RPC, SQL and NETBIOS.
Transport Layer In the Open Systems Interconnection (OSI) communications model, the Transport layer ensures the reliable arrival of messages and provides error checking mechanisms and data flow controls. The Transport layer provides services for both "connection-mode" transmissions and for "connectionless-mode" transmissions. For connection-mode transmissions, a transmission may be sent or arrive in the form of packets that need to be reconstructed into a complete message at the other end. The Transmission Control Protocol portion of TCP/IP is a program that can be mapped to the Transport layer. Protocols that operate on this layer: TCP, UDP, NETBEUI and SPX.
Network Layer In the Open Systems Interconnection (OSI) communications model, the Network layer knows the address of the neighboring nodes in the network, packages output with the correct network address information, selects routes and quality of service, and recognizes and forwards to the Transport layer incoming messages for local host domains. Among existing protocol that generally map to the OSI network layer are the Internet Protocol (IP) part of TCP/IP and NetWare IPX/SPX. Both IP Version 4 and IP Version 6 (IPv6) map to the OSI network layer. Examples of protocols defined at this layer: IP, IPX, Apple Talk, ICMP, RIP, OSPF, BGP, IGRP, EIGRP, NLSP, ARP, RARP and X.25. Devices that operate on this Layer: Routers, Layer 3 Switches.
Page 30
8:32:59 a9/p9
Data link Layer The Data-Link layer is the protocol layer in a program that handles the moving of data in and out across a physical link in a network. The Data-Link layer is layer 2 in the Open Systems Interconnect (OSI) model for a set of telecommunication protocols. The Data-Link layer contains two sub layers that are described in the IEEE-802 LAN standards: Media Access Control (MAC) Logical Link Control (LLC) The Data-Link layer ensures that an initial connection has been set up, divides output data into data frames, and handles the acknowledgements from a receiver that the data arrived successfully. It also ensures that incoming data has been received successfully by analyzing bit patterns at special places in the frames. Examples of devices that operate on this layer are Switches, Bridges, WAPs and NICs.
Physical Layer In the Open Systems Interconnection (OSI) communications model, the physical layer supports the electrical or mechanical interface to the physical medium. For example, this layer determines how to put a stream of bits from the upper (data link) layer on to the pins for a parallel printer interface, an optical fiber transmitter, or a radio carrier. The physical layer is usually a combination of software and hardware programming and may include electromechanical devices. It does not include the physical media as such.
Page 31
8:32:59 a9/p9
Devices that operate on this layer: HUBs/ Concentrators, Repeaters, NICs, and LAN and WAN interfaces such as RS-232, OC-3, BRI, V.24, V.35, X.25 and Frame Relay.
Data transformed through the OSI Model
E.
IP Addressing.
An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there." An IP address is slightly complex to understand in details for non-technical readers, so I try to explain briefly what they are. We see The uniqueness of an IP address over a network The IP structure of an IP address
Page 32
8:32:59 a9/p9
The network and host part of an IP address The scarcity of IP addresses and how they are assigned IP addresses and domain names Unique address for each machine An IP address should be unique over a network. On the Internet, you never get two machines with the same IP address. Over a LAN as well, there should never be two machines with the same IP address. In case there are, then, packets won't know exactly where to go. This is called IP conflict. The IP Address Structure All IP addresses are made up of four parts (quadrants) separated by dots, like this: XXX.XXX.XXX.XXX Where each XXX can be any number between 0 and 255. If you know binary, you will understand that each of these numbers are stored in 8 bits (binary digits), and the number of possibilities you can have is 2 raised to the power of 8, which is 256 (0-255). Examples of IP addresses are: 192.168.66.5 127.0.0.1 The second example above is the default IP address assign to any standalone machine. So, if your machine is not connected to any network, its address is 127.0.0.1. This is also called the localhost address. The two parts of an IP address An IP address consists of two parts: the network part and the machine part. Let us make an analogy to your house's address. It is made up of the country part, then the city part, then the street part. All people living in your locality will have the same country and city parts in their addresses. Only the house number and street parts will be different. For IP, all machines on a same network will have the same left (network) part. The right side varies based on machines. For example, right now, I am writing this within a LAN. The LAN router's IP address is 10.15.30.1; my machine's IP address is 10.15.30.5 and my fellow LAN-mate's IP address is 10.15.30.6. In this LAN, the network part is 10.15.30 and the machine part is the last quadrant. We can have a maximum of 256 machines on our LAN. Bigger networks have smaller network parts and bigger machine part, so as to accomodate more machines on the network. Dwindling IP addresses An IP address carries 32 bits (8 for each quadrant). This can give up to around 4.3 billion addresses. Unfortunately, many of these are wasted. During the early days of the Internet, big companies bought large chunks of IP addresses and till now can never use all of them. The current version of IP addresses in use is version 4, called IPv4. Since it is predicted that the time where IP addresses will start lacking on the Internet, a
Page 33
8:32:59 a9/p9
new version has been developed. IPv5 has been only for research purposes. The next version is version 6, IPv6. This takes 128 bits to store an IP address, so you are sure to get enough addresses for the next centuries! IPv6 will take some time to come. The transition fromo IPv4 to it is a challenge. How are IP addresses assigned So as not to have any duplication or inconsistent in the allocation of IP addresses, there is an independent organisation (like there are so many working on Internet technologies) that takes into charge the allocation of IP addresses. It is called the ICANN (International Company for the Assignment of Names and Numbers). Before the creation of the ICANN in the 90's, there was the InterNIC doing that work. Names to IP addresses If you have a network harboring a server, you need to have one or more IP addresses for these. You need one for the server, which will use for identifying the server over the net, and one or more for the machines on the network. Your network administrator will set the IP addresses to each machine on your network. If you have a web-site, it has to have a domain name, which, simply said, is the what you type to access its main page, e.g. about.com, google.com. Just like IP addresses, each of these domain names have to be unique. You cannot have two sites with the same name and address. Each name is attached to an IP address. The ICANN takes care to ensure that all names and IP addresses are unique. When a user types the address of a site on a browser, the name is converted, or rather matched, to its IP address at a DNS (Domain Name Server), which is there for domain name translation to IP address. Buying IP addresses If you want to get one or a set of IP addresses, you have to buy these from IANA (Internet Assigned Numbers Authority). But you do not necessarily need to do so directly. Say you want to create a web site and name it somethingelse.com, you can go to any of the hosting companies, where they ask you to choose a name (and they check whether somethingelse.com is unique) and you pay for their hosting services. They also assign an IP address to your site. They check all this with IANA. Dynamic Allocation of IP Addresses Now, your computer, router and IP phone do have IP addresses, which you never set. These addresses come automatically and they are not permanent. They change each time you start a new session. Your ISP has a pool of IP addresses which it distributes to a user once they connect. These addressed are recycled and redistributed to other users once they are free. This is carried out automatically using a protocol called DHCP (Dynamic Host Configuration Protocol). So, it is important you know that your device or computer will not keep its actual IP address forever. It changes after each session, or after regular time intervals for unlimited connections. IP address classes These IP addresses can further be broken down into classes. These classes are A, B, C, D, E and their possible ranges can be seen in Figure 2 below.
Page 34
8:32:59 a9/p9
Class A B C D E
Start address 0.0.0.0 128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0
Finish address 126.255.255.255 191.255.255.255 223.255.255.255 239.255.255.255 255.255.255.255
IP Sub-netting A subnet (short for "sub-network") is an identifiably separate part of an organization's network. Typically, a subnet may represent all the machines at one geographic location, in one building, or on the same local area network (LAN). Having an organization's network divided into subnets allows it to be connected to the Internet with a single shared network address. Without subnets, an organization could get multiple connections to the Internet, one for each of its physically separate sub-networks, but this would require an unnecessary use of the limited number of network numbers the Internet has to assign. It would also require that Internet routing tables on gateways outside the organization would need to know about and have to manage routing that could and should be handled within an organization. The Internet is a collection of networks whose users communicate with each other. Each communication carries the address of the source and destination networks and the particular machine within the network associated with the user or host computer at each end. This address is called the IP address (Internet Protocol address). This 32-bit IP address has two parts: one part identifies the network (with the network number) and the other part identifies the specific machine or host within the network (with the host number). An organization can use some of the bits in the machine or host part of the address to identify a specific subnet. Effectively, the IP address then contains three parts: the network number, the subnet number, and the machine number. The standard procedure for creating and identifying subnets is provided in Internet Request for Comments 950. The 32-bit IP address is often depicted as a dot address (also called dotted quad notation) - that is, four groups (or quads) of decimal numbers separated by periods. Here's an example: 130.5.5.25 Each of the decimal numbers represents a string of eight binary digits. Thus, the above IP address really is this string of 0s and 1s: 10000010.00000101.00000101.00011001 As you can see, we inserted periods between each eight-digit sequence just as we did for the decimal version of the IP address. Obviously, the decimal version of the IP address is easier to read and that's the form most commonly used.
Page 35
8:32:59 a9/p9
Some portion of the IP address represents the network number or address and some portion represents the local machine address (also known as the host number or address). IP addresses can be one of several classes, each determining how many bits represent the network number and how many represent the host number. The most common class used by large organizations (Class B) allows 16 bits for the network number and 16 for the host number. Using the above example, here's how the IP address is divided:
<--Network address--><--Host address--> 130.5. 5.25 If you wanted to add subletting to this address, then some portion (in this example, eight bits) of the host address could be used for a subnet address. Thus: <--Network address--><--Subnet address--><--Host address--> 130.5. 5. 25 To simplify this explanation, we've divided the subnet into a neat eight bits but an organization could choose some other scheme using only part of the third quad or even part of the fourth quad. Once a packet has arrived at an organization's gateway or connection point with its unique network number, it can be routed within the organization's internal gateways using the subnet number. The router knows which bits to look at (and which not to look at) by looking at a subnet mask, which is a screen of numbers that tells you which numbers to look at underneath. In a binary mask, a "1" over a number says "Look at the number underneath"; a "0" says "Don't look." Using a mask saves the router having to handle the entire 32 bit address; it can simply look at the bits selected by the mask.
IP Troubleshooting IP troubleshooting tips

1. High background 2. High amount of antibody eluting 3. No eluted target protein detected
High background Carryover of proteins that are not detergent soluble Remove supernatant immediately after centrifugations. This should leave insoluble proteins in the pellet. If resuspension occurs, centrifuge again. Incomplete washing Wash well at relevant stages by placing a lid on the tube and inverting several times before centrifuging. Non specific proteins are binding to the beads
Page 36
8:32:59 a9/p9
Beads are not pre-blocked enough with BSA. Make sure the BSA (fraction V) is fresh and incubate fresh beads 1 hour with 1% BSA in PBS. Wash 3-4 times in PBS before using them. Antibody used contains antibodies that are not specific enough Use an affinity purified antibody, preferably pre-adsorbed. Too much antibody used leading to non-specific binding Check the recommended amount of antibody suggested. Try using less antibody. Too many cells/too much protein in lysate leading to a lot of non-specific proteins in eluate Reduce the number of cells/lysate used. We recommend using 10-500 g cell lysate. Non-specific binding of proteins to antibody If there are many proteins binding non-specifically, then try reducing the amount of sample loaded onto the beads. You can also pre-clear the lysate by pre-incubating the prepared lysate with the beads before commencing with the immunoprecipitation (please see the protocol). This should clear the lysate of any proteins that are binding non-specifically to the beads. Some researchers also use an irrelevant antibody of the same species of origin and same Ig subclass to pre-clear the lysate. Antigen degrading during immunoprecipitation Ensure fresh protease inhibitors are added when sample is lysed. 2. High amount of antibody eluting Too much antibody eluting with the target protein Try reducing the amount of antibody. Crosslinking the antibody to the beads before the immunoprecipitation and eluting using a gentle glycine buffer gradient should significantly reduce the amount of antibody eluted. 3. No eluted target protein detected Target protein not expressed in sample used/Low level of target protein expression in sample used Check the expression profile of the target protein to ensure it will be expressed in the cells of your samples. If there is low level of target protein expression, increase the amount of lysate used. However, this may result in increased non-specific binding so it would be advisable to pre-clear the lysate before commencing with the IP procedure. Insufficient antibody for capture of the target protein Check that the recommended amount of antibody is being used. The concentration of antibody may require increasing for optimisation of results.
Page 37
8:32:59 a9/p9
Target protein has not eluted from the beads Ensure you are using the correct elution buffer and that it is at the correct strength and pH for elution of the protein. Antibody has not bound to immunoadsorbent beads Ensure you are using the correct beads for the antibody isotype used. Incorrect lysis buffer used. Check datsheet to see if the antibody detects denatured or native protein and ensure the correct lysis buffer is used (see protocol) IP Routing IP Routing is an umbrella term for the set of protocols that determine the path that data follows in order to travel across multiple networks from its source to its destination. Data is routed from its source to its destination through a series of routers, and across multiple networks. The IP Routing protocols enable routers to build up a forwarding table that correlates final destinations with next hop addresses. These protocols include:

BGP (Border Gateway Protocol) IS-IS (Intermediate System - Intermediate System) OSPF (Open Shortest Path First) RIP (Routing Information Protocol)
F.
Wireless Technologies.
i)
Wireless Access Points.
Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.
Page 38
8:32:59 a9/p9
ii)
Wireless Network Interface Card.
A wireless network interface controller (WNIC) is a network interface controller which connects to a radio-based computer network rather than a wire-based network such as Token Ring or Ethernet. A WNIC, just like other NICs, works on the Layer 1 and Layer 2 of the OSI Model. A WNIC is an essential component for wireless desktop computer. This card uses an antenna to communicate through microwaves. A WNIC in a desktop computer usually is connected using the PCI bus. Other connectivity options are USB and PC card.
iii)
Wireless Antennas.
Wireless Access Point Antenna, which can be either an Omni-directional antenna or multiple panel (directional) antennas mounted on a tall tower or building.
Page 39
8:32:59 a9/p9
5. Authentications & Access Control. A. Access Control.
i)
Access Control Lists.
An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novells Netware, Digital's OpenVMS, and UNIX-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system.
ii)
Tunneling.
Tunneling, also known as "port forwarding," is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network. Tunneling is generally done by encapsulating the private network data and protocol information within the public network transmission units so that the private network protocol information appears to the public network as data. Tunneling allows the use of the Internet, which is a public network, to convey data on behalf of a private network.
iii)
Virtual Private Network (VPN).
Page 40
8:32:59 a9/p9
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.
iv)
IPSec.
IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. Earlier security approaches have inserted security at the Application layer of the communications model. IPsec is said to be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. Cisco has been a leader in proposing IPsec as a standard (or combination of standards and technologies) and has included support for it in its network routers. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The specific information associated with each of these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley protocol.
Page 41
8:32:59 a9/p9
v)
Public Key Encryption (PKE).
Public key encryption is an extraordinary recent development that has made internet commerce possible. It allows people to encrypt and decrypt messages without having to share a password to unlock them. It is hard to believe that such a system could exist, yet this mode of encryption is widely used because it is so easy to set up. This activity works with two people, but it's most exciting with a whole class, with everybody else trying to intercept a message sent between two students. This activity is fairly demanding, and requires students to be careful in the way the encode messages. Also, the samples provided here are aimed at junior high students; some younger students may find it too difficult, and more capable or older students are likely to need more complex "maps" to make the encryption convincing, since the one provided can be solved relatively easily. Balancing the amount of tedious effort required for large maps against the insecurity of smaller maps needs to be done by the teacher, although this issue can be a discussion point for the class, since the goal is to understand the issues around encryption
B.
Authentications.
i) Public Key Infrastructure (PKI).
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.
Page 42
8:33:00 a9/p9
The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.) A public key infrastructure consists of:
A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public
key or information about the public key A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor One or more directories where the certificates (with their public keys) are held A certificate management system How Public and Private Key Cryptography Works In public key cryptography, a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA). The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet. You use the private key to decrypt text that has been encrypted with your public key by someone else (who can find out what your public key is from a public directory). Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate. When I receive it, I can use your public key to decrypt it. Here's a table that restates it:
To do this Send an encrypted message Send an encrypted signature Decrypt an encrypted message Decrypt an encrypted signature (and authenticate the sender)
Use whose
Kind of key
Use the receiver'sPublic key Use the sender's Private key Use the receiver'sPrivate key Use the sender's Public key
Page 43
8:33:00 a9/p9
Who Provides the Infrastructure A number of products are offered that enable a company or group of companies to implement a PKI. The acceleration of e-commerce and business-to-business commerce over the Internet has increased the demand for PKI solutions. Related ideas are the virtual private network (VPN) and the IP Security (IPsec) standard. Among PKI leaders are: RSA, which has developed the main algorithms used by PKI vendors VeriSign, which acts as a certificate authority and sells software that allows a company to create its own certificate authorities GTE Cyber Trust, which provides a PKI implementation methodology and consultation service that it plans to vend to other companies for a fixed price Xcert, whose Web Sentry product that checks the revocation status of certificates on a server, using the Online Certificate Status Protocol (OCSP) Netscape, whose Directory Server product is said to support 50 million objects and process 5,000 queries a second; Secure E-Commerce, which allows a company or extranet manager to manage digital certificates; and Meta-Directory, which can connect all corporate directories into a single directory for security management Pretty Good Privacy For e-mail, the Pretty Good Privacy (PGP) product lets you encrypt a message to anyone who has a public key. You encrypt it with their public key and they then decrypt it with their private key. PGP users share a directory of public keys that is called a key ring. (If you are sending a message to someone that doesn't have access to the key ring, you can't send them an encrypted message.) As another option, PGP lets you "sign" your note with a digital signature using your private key. The recipient can then get your public key (if they get access to the key ring) and decrypt your signature to see whether it was really you who sent the message.
6. Network Threats & Mitigation.
C. Network Threats.
Page 44
8:33:00 a9/p9
i) Denial of Service (DOS).
A denial of service (DOS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a bot-net) attack a single target.
A distributed denial-of-service (DDOS) attack can be detrimental to an organization, costing it time and money, by forcing corporate systems to essentially shut down. In this tip, gain a better understanding
ii) Viruses.
In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.
Page 45
8:33:00 a9/p9
File Viruses.
Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. Some can infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly-contained programs or scripts sent as an attachment to an e-mail note.
Macro Viruses.
These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Word application and typically insert unwanted words or phrases.
Boot-sector Viruses.
These viruses infect executable code found in certain system areas on a disk. They attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks. A typical scenario (familiar to the author) is to receive a diskette from an innocent source that contains a boot disk virus. When your operating system is running, files on the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk. (Allow several days for recovery.) This is why you should make sure you have a bootable floppy.
Multipartite Viruses.
A hybrid virus (sometimes called a multi-part or multipartite virus) is one that combines characteristics of more than one type to infect both program files and system sectors. The virus may attack at either level and proceed to infect the other once it has established itself. Hybrid viruses can be very difficult to eradicate and, unless completely eradicated, will often reinvest the host system repeatedly.
Worms. ` In a computer, a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. This term is not to be confused with WORM (write once, read many).
Page 46
8:33:00 a9/p9
IP Spoofing.
IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
Backdoors. Today internet is no more a safe mode of online transactions. It is no more safety to provide any of your personal information in online. There are many ways through which people hack your bank account even without reaching near your PC. All this is made possible through backdoor viruses. These are one kind of malicious programs which runs in the system without the users knowledge and gives access to your personal information to the hackers when you are connected to the internet. These viruses are designed in such a way which gives remote access to the hackers. These hackers can easily place these viruses into your system if you visit any unauthorized web pages. Try to the following Donts

Never click on any screen pop ups Do not run connect to internet without updated antivirus installed in your system Never get into any unsecured website Never click any suspicious websites. Do not change the spelling of any website address Password Attacks.
A password attack is indicated by a series of failed logins within a short period of time by an attacker. Typically a user will get a note on screen regarding how many failed attempts have been at your account: If there is a series of failed attempts that you do not remember then it is quite probable that the attacker successfully reached your account. In the event of this happening, you should immediately change your password.
Types of password attacks
1. Password guessing. Page 47
Thursday, September 06, 2012 2. Password resetting. 3. Password cracking. 4. Password capturing.
8:33:00 a9/p9
Brute-Force Attacks.
A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match. Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is and how well the attacker knows the target
Man-in-the-middle Attacks. A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other. The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it. Man in the middle attacks are sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire.
Rogue Access Points.
The two most probable options of connecting to wireless network at work, when the company has no wireless capabilities are either buying your own wireless router or connecting to somebody elses access point. Both of these situations can be dangerous to the companys network and cause numerous potential security issues.
D. Mitigation.
Page 48
8:33:00 a9/p9
i)
Active Detection.
NIDS are increasingly focusing on active detection. This does not refer to how the NIDS detects potential problems, as you might expect. Instead it refers to how the NIDS responds to the situation once it is detected. (Sorry folks, this is the industry standard terminology. We didnt create it.) With active detection, the NIDS takes some action to mitigate the detected threat. Such options can include:
o o o o
Reconfigure a firewall or router to route traffic around a problem such as a DoS attack Break suspicious network connections Send a message to a host-based agent to shut down a vulnerable service on a particular host Attempt to collect more information about the intrusion
ii) Passive Detection. Most early NIDS focused on passive detection, which involves alerting someone to the detected threat so that they can take action, if desired. IDSs that use only passive detection do not take action against the threat themselves. Passive methods include:
o
Logging the event (most IDSs use a standardized, documented log format such as Syslog, tcpdump, or Snort for ease of mining data from the logs). Emailing or instant messaging an administrator. Paging an on-call administrator. Displaying an on-screen alarm. Sending an alert to a monitoring system. Sending an SNMP trap to flag the event. Interfacing with a local custom application to perform site-specific tasks like entering the data for the suspicious activity into a site trouble reporting system.
o o o o o o
iii) Security Policies.
In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living document", meaning that the document is never finished, but is continuously updated as technology and employee requirements change. A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made.
Page 49
8:33:00 a9/p9
iv) Breaking Policy.
v) Security Procedures.
Network Security Procedures click this link: Security Procedures.
vi) Automatic Updates through Windows Update.
vii) Updating Antivirus Components.
viii)
Scanning for Viruses.
ix) Fixing an infected Computer.
7. Physical & Hardware Security.
A. Physical Security Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism. Physical security is often overlooked (and its importance underestimated) in favor of more technical and dramatic issues such as hacking, viruses, Trojans, and spyware. However, breaches of physical security can be carried out with little or no technical knowledge on the part of an attacker. Moreover, accidents and natural disasters are a part of everyday life, and in the long term, are inevitable. There are three main components to physical security. First, obstacles can be placed in the way of potential attackers and sites can be hardened against accidents and environmental disasters. Such measures can include multiple locks, fencing, walls, fireproof safes, and water sprinklers. Second, surveillance and notification systems can be put in place, such as lighting, heat sensors, smoke detectors, intrusion detectors, alarms, and cameras. Third, methods can be implemented to apprehend attackers (preferably before any damage has been done) and to recover quickly from accidents, fires, or natural disasters. B. Hardware Security
Page 50
8:33:00 a9/p9
Security should be intertwined with every part of system; the hardware is no exception. The interaction between hardware and software must be carefully planned. In doing so, the security of the entire system is strengthened. Trusted computing Systems rely on Operating Systems and hardware. This collection of components comprises the core of the Trusted Computing Base (TCB). Systems fundamentally trust all actions that take place within the TCB. As Operating Systems become increasingly more complex, they are prone to faults and vulnerabilities. Hence, researchers seek to shrink the TCB. Recently, a consortium gathered to create an open trusted framework. The Trusted Computing Group's (TCG) Trusted Platform Module (TPM) has received much attention. While vendors such as Dell have announced the deployment of TPMs, privacy concerns remain. Such concerns must be addressed before wide-spread acceptance occurs. Our current research efforts aim to discover novel uses for the TPM while maintaining the privacy of users. Securing Non-Volatile Main Memory Non-volatile memories provide energy efficiency, tolerance against power failure, and "instant-on" power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed during hardware suspension. We propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token. We evaluated a MECU-enhanced architecture using the Simple Scalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead---the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 67 us of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory.
Page 51
8:33:00 a9/p9
8. Command Line Tools.
i) Traceroute Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. Traceroute is available on most operating systems. How to Use the Traceroute Command Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. It will list all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router takes. In Windows, select Start > Programs > Accessories > Command Prompt. This will give you a window like the one below. Enter the word tracert, followed by a space, then the domain name. The following is a successful traceroute from a home computer in New Zealand to mediacollege.com:
Page 52
8:33:00 a9/p9
Firstly it tells you that it's tracing the route to mediacollege.com, tells you the IP address of that domain, and what the maximum number of hops will be before it times out. Next it gives information about each router it passes through on the way to its destination. 1 is the internet gateway on the network this traceroute was done from (an ADSL modem in this case) 2 is the ISP the origin computer is connected to (xtra.co.nz) 3 is also in the xtra network 4 timed out 5 - 9 are all routers on the global-gateway.net.nz network (the domain that is the internet gateway out of New Zealand) 10 - 14 are all gnaps.net in the USA (a telecom supplier in the USA) 15 - 17 are on the nac network (Net Access Corporation, an ISP in the New York area) 18 is a router on the network mediacollege.com is and finally, line 19 is the computer mediacollege.com is hosted on (sol.yourhost.co.nz) hosted on
Each of the 3 columns are a response from that router, and how long it took (each hop is tested 3 times). For example, in line 2, the first try took 240ms (240 milliseconds), the second took 421 ms, and the third took 70ms.
Page 53
8:33:00 a9/p9
You will notice that line 4 'timed out', that is, there was no response from the router, so another one was tried (202.50.245.197) which was successful. You will also notice that the time it took quadrupled while passing through the global-gateway network. Where the connection fails. If you have a website hosted somewhere, it would be a good idea to do a traceroute to it when it is working, so that when it fails, you can do another traceroute to it (which will probably time out if the website is unreachable) and compare them. Be aware though, that it will probably take a different route each time, but the networks it passes through will generally be very similar. If the example above had continued to time out after line 9, you could suspect that global-gateway.co.nz was the problem, and not mediacollege.com. If it timed out after line 1, you would know there was a problem connecting to your ISP (in this case you would not be able to access anything on the internet). It is generally recommended that if you have a website that is unreachable, you should use both the traceroute and ping commands before you contact your ISP to complain. More often that not, there will be nothing to your ISP or hosting company can do about it.
ii) Ipconfig. Ipconfig (internet protocol configuration) in Microsoft Windows is a console application that displays all current TCP/IP network configuration values and can modify Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings. The standard path is %WINDIR%\System32\ipconfig.exe (which usually resolves to C:\WINDOWS\System32\ipconfig.exe). In most cases, the ipconfig command is used with the suffix /all. This results in more detailed information than ipconfig alone.
Syntax: IPCONFIG Shows Information of Ethernet adapter Local Area Connection and PPP adapter IPCONFIG /all Display full configuration information. IPCONFIG /release [adapter] Release the IP address for the specified adapter. IPCONFIG /renew [adapter] Renew the IP address for the specified adapter.
Page 54
8:33:00 a9/p9
IPCONFIG /flushdns Purge the DNS Resolver cache. IPCONFIG /registerdns Refresh all DHCP leases and re-register DNS names. IPCONFIG /displaydns Display the contents of the DNS Resolver Cache. IPCONFIG /showclassid adapter Display all the DHCP class IDs allowed for adapter. IPCONFIG /setclassid adapter[classid] Modify the dhcp class id. iii) Ifconfig.
Ifconfig (short for interface configuration) is a system administration utility in Unix-like operating systems to configure, control, and query TCP/IP network interface parameters from a command line interface (CLI) or in system configuration scripts. Ifconfig originally appeared in 4.2BSD as part of the BSD TCP/IP suite.
iv) Ping. Ping is a basic Internet program that allows a user to verify that a particular address exists and can accept requests. Ping is used diagnostically to ensure that a host computer the user is trying to reach is actually operating. Ping works by sending an Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waiting for a reply. Ping can be used for troubleshooting to test connectivity and determine response time. As a verb, ping means "to get the attention of" or "to check for the presence of" another party online. The computer acronym (for Packet Internet or Inter-Network Groper) was contrived to match the submariners' term for the sound of a returned sonar pulse. Tip: To find out the dot address (such as 205.245.172.72) for a given domain name, Windows users can go to their command prompt screen (start/run/cmd) and enter ping xxxxx.yyy (where xxxxx is the secondlevel domain name like "what is" and yyy is the top-level domain name like "com").
v) Arp Ping.
vi) Arp.
vii) Nslookup.
viii)
Hostname.
Page 55
8:33:00 a9/p9
ix) Dig.
x) Mtr.
xi) Route.
xii) Nbstat.
xiii)
Netstat.
9. Software & Hardware Tools.
A. Software Tools.
i) Packet Sniffers. ii) IDS / IPS. iii) Prot Scanners.
B. Hardware Tools.
i. Cable Testers.
ii. Toner Probe.
iii. Cable Stripper / Snips.
10. Network Trouble shooting.
i) Troubleshooting Steps.
Page 56
8:33:00 a9/p9
ii) Troubleshooting Tips.
11. Management, Monitoring & Optimization.
Technical Interview Questions

i) What is an IP address? An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. ii) What is a subnet mask?
iii) What is ARP?
iv) What is ARP Cache Poisoning?

Page 57
8:33:00 a9/p9
v) What is the AND ing process?
vi) What is a default gateway? What happens if I don't have one?
vii) Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
viii)
What is a subnet?
ix) What is APIPA?
x) What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind them)
xi) What is RFC 1918?
xii) What is CIDR?
xiii) You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?
xiv) You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use?
xv) You need to view at network traffic. What will you use? Name a few tools
xvi)
How do I know the path that a packet takes to the destination?
xvii)
What does the ping 192.168.0.1 -l 1000 -n 100 command do?
Page 58
8:33:00 a9/p9
xviii)
What is DHCP? What are the benefits and drawbacks of using it?
xix)
Describe the steps taken by the client and DHCP server in order to obtain an IP address.
xx) What is the DHCPNACK and when do I get one? Name 2 scenarios.
xxi)
What ports are used by DHCP and the DHCP clients?
xxii)
Describe the process of installing a DHCP server in an AD infrastructure.
xxiii)
What is DHCPINFORM?
xxiv)
Describe the integration between DHCP and DNS.
xxv)
What options in DHCP do you regularly use for an MS network?
xxvi)
What are User Classes and Vendor Classes in DHCP?
xxvii)
How do I configure a client machine to use a specific User Class?
xxviii) What is the BOOTP protocol used for, where might you find it in Windows network infrastructure?
xxix)
DNS zones describe the differences between the 4 types.
xxx)
DNS record types describe the most important ones.
xxxi)
Describe the process of working with an external domain name
Page 59
8:33:00 a9/p9
xxxii)
Describe the importance of DNS to AD.
xxxiii)
Describe a few methods of finding an MX record for a remote domain on the Internet.
xxxiv)
What does "Disable Recursion" in DNS mean?
xxxv)
What could cause the Forwarders and Root Hints to be grayed out?
xxxvi)
What is a "Single Label domain name" and what sort of issues can it cause?
xxxvii)
What is the "in-addr.arpa" zone used for?
xxxviii)
What are the requirements from DNS to support AD?
xxxix)
How do you manually create SRV records in DNS?
xl) Name 3 benefits of using AD-integrated zones.
xli) What are the benefits of using Windows 2003 DNS when using AD-integrated zones?
xlii) in DNS. xliii)
You installed a new AD domain and the new (and first) DC has not registered its SRV records Name a few possible causes.
xliv)
What are the benefits and scenarios of using Stub zones?
xlv)
What are the benefits and scenarios of using Conditional Forwarding?
Page 60
8:33:00 a9/p9
xlvi) What are the differences between Windows Clustering, Network Load Balancing and Round Robin, and scenarios for each use?
xlvii)
How do I work with the Host name cache on a client computer?
xlviii)
How do I clear the DNS cache on the DNS server?
xlix)
What is the 224.0.1.24 address used for?
l) What is WINS and when do we use it?
li) Can you have a Microsoft-based network without any WINS server on it? What are the "considerations" regarding not using WINS?
lii) Describe the differences between WINS push and pull replications.
liii)What is the difference between tomb stoning a WINS record and simply deleting it?
liv) Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS.
lv) Describe the role of the routing table on a host and on a router.
lvi) What are routing protocols? Why do we need them? Name a few.
lvii)
What are router interfaces? What types can they be?
lviii)
In Windows 2003 routing, what are the interface filters?
lix) What is NAT?

Page 61
8:33:00 a9/p9
lx) What is the real difference between NAT and PAT?
lxi) How do you configure NAT on Windows 2003?
lxii)
How do you allow inbound traffic for specific hosts on Windows 2003 NAT?
lxiii)
What is VPN? What types of VPN does Windows 2000 and beyond work with natively?
lxiv)
What is IAS? In what scenarios do we use it?
lxv)
What's the difference between mixed mode and Native mode in AD when dealing with RRAS?
lxvi)
What is the "RAS and IAS" group in AD?
lxvii)
What are Conditions and Profile in RRAS Policies?
lxviii)
What types or authentication can a Windows 2003 based RRAS work with?
lxix)
How does SSL work?
lxx)
How does IPSec work?
lxxi)
How do I deploy IPSec for a large number of computers?
lxxii)
What types of authentication can IPSec use?
lxxiii)
What is PFS (Perfect Forward Secrecy) in IPSec?

Page 62
8:33:00 a9/p9
lxxiv)
How do I monitor IPSec?
lxxv)
Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?
lxxvi)
What can you do with NETSH?
lxxvii)
How do I look at the open ports on my machine?
Page 63

N

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

N

Hochgeladen von

Copyright:

Verfügbare Formate

Thursday, September 06, 2012

1) Definition for Network and Networking?

A. PAN. B. LAN. C. MAN. D. WAM.

Thursday, September 06, 2012

i) 5 Layers Model. ii) 7 Layers Model.

6) Authentications & Access Control. A. Access Control.

i) Access Control Lists.

Thursday, September 06, 2012

Public Key Infrastructure (PKI).

7) Network Threats & Mitigation.

i) Denial of Service (DOS). ii) Viruses.

Thursday, September 06, 2012

ix) Fixing an infected Computer.

8) Physical & Hardware Security.

9) Command Line Tools.

ix) Dig. x) Mtr. xi) Route. xii) Nbstat. xiii) Netstat.

10) Software & Hardware Tools.

Thursday, September 06, 2012

i) Packet Sniffers. ii) IDS / IPS. iii) Prot Scanners.

11) Network Trouble shooting.

ii) Troubleshooting Tips.

12) Management, Monitoring & Optimization.

Thursday, September 06, 2012

Thursday, September 06, 2012

1) Definition for Network and Networking?

Inter connection between 2 or more devices (computers, hub, switch, etc).

Connecting between the devices (computer, hub, switch, etc).

Thursday, September 06, 2012

A. Personal Area Network.

B. Local Area Network.

Thursday, September 06, 2012

C. Metropolitan Area Network.

Thursday, September 06, 2012

D. Wide Area Network.

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Network Interface Card (NIC).

Wireless Access Point (AP).

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

U can learn this thing in upper Network Devices Part.

Thursday, September 06, 2012

Thursday, September 06, 2012

1) Full Mesh Topology:-

Thursday, September 06, 2012

Thursday, September 06, 2012

vi) Point to multipoint.

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

ii) 7 Layers Model.

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Thursday, September 06, 2012

Data transformed through the OSI Model