Tuesday, 29 March 2011

Stateful vs. Stateless Firewalls

A firewall can be described as being either Stateful, or Stateless.

STATELESS

Stateless firewalls watch network traffic, and restrict or block packets based on source and destination addresses or other static values. They are not 'aware' of traffic patterns or data flows. A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might be received by the firewall 'pretending' to be something you asked for.

STATEFUL

Stateful firewalls can watch traffic streams from end to end. They are are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledge or established), it can tell if the MTU has changed, whether packets have fragmented etc.

Neither is really superior and there are good arguments for both types of firewalls. Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful firewalls are better at identifying unauthorized and forged communications.

Monday, 28 March 2011

Useful Windows Commands

NETSTAT

The netstat command is used to display the TCP/IP network protocol statistics and information.

NSLOOKUP

The nslookup MS-DOS utility that enables a user to do a reverse lookup on an IP address of a domain or host on a network.

ROUTE

The route MS-DOS utility enables computers to view and modify the computer's route table

TRACERT / TRACEROUTE

The tracert command in MS-DOS / Windows or the traceroute command in Unix / Linux and variants is another commonly used network command to help determine network related issues or slowdowns. Using this command you can view a listing of how a network packet travels through the network and where it may fail or slow down. Using this information you can determine the computer, router, switch or other network device possibly causing your network issues.

ARP

Display or manipulate the ARP information on a network device or computer.
 

ARPING
The arping command sends Address Resolution Protocol (ARP) packets to test connectivity. Therefore, it can be used to test connectivity with a computer that blocks the Internet Control Messaging Protocol (ICMP). However, since ARP is not a routable protocol, the computers must be located on the same subnet. 
 

DIG
The dig command is used to retrieve information from a Domain Name System (DNS) server.

Autonomous System (AS)

On the Internet, an autonomous system (AS) is the unit of router policy, either a single network or a group of networks that is controlled by a common network administrator (or group of administrators) on behalf of a single administrative entity (such as a university, a business enterprise, or a business division). An autonomous system is also sometimes referred to as a routing domain.

Sunday, 20 March 2011

Link State VS Distance-Vector

Overview

"Distance Vector" and "Link State" are terms used to describe routing protocols which are used by routers to forward packets between networks. The purpose of any routing protocol is to dynamically communicate information about all network paths used to reach a destination and to select the from those paths, the best path to reach a destination network. The terms distance vector and link state are used to group routing protocols into two broad categories based on whether the routing protocol selects the best routing path based on a distance metric (the distance) and an interface (the vector), or selects the best routing path by calculating the state of each link in a path and finding the path that has the lowest total metric to reach the destination.

DISTANCE VECTOR


 

Distance

Distance is the cost of reaching a destination, usually based on the number of hosts the path passes through, or the total of all the administrative metrics assigned to the links in the path.

Vector

From the standpoint of routing protocols, the vector is the interface traffic will be forwarded out in order to reach an given destination network along a route or path selected by the routing protocol as the best path to the destination network.


 

Distance vector protocols use a distance calculation plus an outgoing network interface (a vector) to choose the best path to a destination network. The network protocol (IPX, SPX, IP, Appletalk, DECnet etc.) will forward data using the best paths selected.

Common distance vector routing protocols include:


 

* Appletalk RTMP

* IPX RIP

* IP RIP

* IGRP


 

Advantages of Distance Vector Protocols


 

Well Supported

Protocols such as RIP have been around a long time and most, if not all devices that perform routing will understand RIP.


 

LINK STATE


 

Link State protocols track the status and connection type of each link and produces a calculated metric based on these and other factors, including some set by the network administrator. Link state protocols know whether a link is up or down and how fast it is and calculates a cost to 'get there'. Since routers run routing protocols to figure out how to get to a destination, you can think of the 'link states' as being the status of the interfaces on the router. Link State protocols will take a path which has more hops, but that uses a faster medium over a path using a slower medium with fewer hops.


 

Because of their awareness of media types and other factors, link state protocols require more processing power (more circuit logic in the case of ASICs) and memory. Distance vector algorithms being simpler require simpler hardware.

Thursday, 17 March 2011

OSI MODEL

7. Application Layer – This layer supports the end-user processes, therefore the user is actually interacting with the protocols in the software application however this is not to get confused with the application itself, it just performs functions of the application layer. Quality of service is identified along with privacy and user authentication.

6. Presentation Layer – This is usually part of the operating system and can convert the data that is incoming and outgoing into a different format.

5. Session Layer – Once a connection has been established after it has set it up it can then coordinate and terminate the conversations, exchanges and dialogs between applications from each node.

4. Transport Layer – This layer determines whether or not all of the packets have arrived also dealing with error-checking. It will ensure complete data transfer so if data transfer does not complete you know that it is an issue with one of the previous layers.

3. Network Layer – This layer routes all of the data and will send outgoing packets to the right destination and receive packet level incoming traffic.

2. Data Link Layer – This layer is where data packets are encoded and decoded into bits of data. It deals with physical layer errors and allows the ability of flow control and frame synchronization.

1. Physical Layer – This is the electrical and mechanical level providing the sending and receiving of data from the hardware onto the carrier.

Wednesday, 16 March 2011

Wireless Standards

The 802.11a standard specifies wireless communication at 5 GHz. Due to the wavelength of the signal, the range is only 35 meters. However, it can offer transmission speeds of up to 54 Mbps.

The 802.11b standard operates at 2.4 GHz. It supports a range of up to 38 meters. However, its transmission speed is only 11 Mbps.

The 802.11g standard operates at 2.4 GHz. It also supports a range of up to 38 meters. Its transmission speed is 54 Mbps. Super G bonds two channels to raise the transmission speed to 108 Mbps.

The 802.11n standard is a proposed standard. It will operate at either 5 GHz or 2.4 GHz. It is anticipated that it will support 600 Mbps transmission over a range of approximately 70 meters. 802.11n supports channel bonding.

Monday, 14 March 2011

Ethernet Standards

Single-mode and Multi-mode fiber optics

Multimode fiber has a relatively large light carrying core, usually 62.5 microns or larger in diameter. It is usually used for short distance transmissions with LED based fiber optic equipment. Single-mode fiber has a small light carrying core of 8 to 10 microns in diameter. It is normally used for long distance transmissions with laser diode based fiber optic transmission equipment.


 


 

Base-X and Base-R standards run over fiber optics

Base-W standards run over fiber optic cables and are referred to as Wide Area Network Physical Layer (WAN PHY). Uses same type of fiber and supports same distance as 10GBase-R fiber optics however the Ethernet frames are encapsulated in SONET frames.

Base-T standards are run over twisted pair cable both shielded and unshielded.

Base-CX standards are run over shielded copper twisted pair cable.


 

10 Gigabit Ethernet Standards

10GBase-T is copper twisted pair with distances up to 100m with cat 6a or 55 meters with cat 6.


 

10GBase-SR and 10GBase-SW are multi-mode fiber with either a distance length of 26m or 82m depending on cable type, usually the preferred choice for optical cabling within buildings.


 

10GBase-LR and 10GBase-LW are single-mode fiber medium with a 10 KM maximum distance length usually used for transceivers.

10GBase-ER and 10GBase-EW are also single-mode fiber used for transceivers however the maximum distance is 40 KM.


 

Gigabit Ethernet Standards


 

1000BASE-T can be a maximum length of 100m per segment and must use Category 5 cable or better.

1000Base-CX balanced copper shielded twisted pair with maximum distances of 25m this being an initial standard for gigabit Ethernet connections.


 

1000base-ZX is single-mode optic fiber with a distance of 70 KM

1000base-SX is Multi-mode optic fiber with a 500m distance.


 

Fast Ethernet Standards


 

100Base-TX twisted-pair copper – CAT5 or above with lengths of 100m per segment. Run over two pairs, one pair of twisted wires in each direction. The most common for fast Ethernet


 

100Base-SX is multi-mode fiber for 300m distance, it uses two strands of MMF one for receiving and one for transmitting.

100Base-BX is single-mode fiber that has a maximum distance of 20 KM and uses single strand SMF.


 

Sunday, 13 March 2011

Port Mirroring

Port Mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.

Port Mirroring features, which is supported in nearly all enterprise class switches (managed switches), allows other computers to see a network traffic which is not visible to them in general case.

Thursday, 10 March 2011

What is a VLAN?

A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location.

Public Key Cryptography

Cryptography is the science of encrypting and decrypting data. Encryption being the technique used to convert source information into an unreadable format.

Encryption

Encryption is accomplished through algorithms that physically and mathematically transform the message being sent.

Ciphers

There are many ciphers and these are basically the different variations of algorithms and ways of encrypting and decrypting the information.

Keys

These are the pieces of information that know how to calculate the result of the algorithm. Keys can be symmetric or asymmetric. Symmetric is when the key uses the same encryption and decryption between sender and receiver while asymmetric using different encryption and decryption keys.

Data encrypted with the public key can only be decrypted with the private key and vice versa.

Public Key Infrastructure

Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

They offer two models for generating and administering public keys, these being centralized and decentralized management.

Centralized key-management

Kept by certificate authority (CA)

Decentralized key-management

Kept by individual

CHAP – Challenge Handshake Authentication Protocol

An authentication method used by point-to-point protocol (PPP) servers. CHAP validates the remote client's identity at the communication session start or at any time during the session.

CHAP uses a three-way handshake after establishing a link between the client and the server.



  1. A challenge message is sent from the authenticating server to the client.
  2. The client replies with a value computed using a one-way hash function
  3. When the authenticating server receives the response it checks the value against its own calculation of the expected hash value. If the value matches, the server responds telling the user it has been successful.

Content Switching

The main function of a content switch is to inspect the network data that it receives so that it can decide where on the network that data (or request) needs to be forwarded to. Once this is determined the data is sent to the appropriate server which can handle the data abed return a response if needed. At a network level the data in the request is divided up into packets.
In most cases the switch looks to see what type of application or software the request is targeted at. It does this by looking to see what port the requests is directed at. For example if the data is targeted at an ftp port then the request will be sent to an ftp sever. The main benefit of this approach is that the switch acts as a load ba lancer as it can balance data or requests across the different type of application servers used by the business. In simplified terms and application server is a server that runs an application like ftp or a mail server.
A second major function that this type of switch can perform is to look at the incoming requests and see which websites are targeted. This is important for large enterprises or hosting companies. If for example a web hosting company was hosting several thousand websites the switch could direct requests to the specific servers that the websites are running on. If this did not happen the hosting company would have to run every website on every server.
So in simple terms a content switch is a network device that is used to distribute incoming requests to the servers or websites that can handle the requests.

Load Balancers

A Load Balancer is a hardware device or software application that balances traffic between several servers to ensure that connections to the servers are evenly distributed. Load balancers can also be software-based, but perform much slower than hardware load balancers