by udel_

Bookmark and Share

Front Back
Virtual Private Network
A virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. A virtual privae network is a network that uses a pulic telecommunication infrastructucture, such as the internet, to provide remote offices or individuals with secure accss to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.

A VPN works by usinh the shared public infrastructure while maintaiing privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data through a tunnel that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
What is Intranet VPN?
Intranet VPN connects computers at two sites of the same organization. Each site uses a VPN device for creating the VPN. This type of network is used to connect company's deadquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections.
What are security zones?
Security zones, which are found in Internet Explorer, allow a user or system administrator to divide websites that a user visits into several groups with a suitable security level. There are four security zones found in Internet Explorer: Internet, Local Intranet, Trusted Sites, and Restricted Sites. Each zone or group has four security levels: High, Medium, Medium-Low, and Low These levels determine the type of content a user can download and run. security zones allow users to set the appropriate level of security for the various types of Web contents that they are likely to visit. For and zone, a user can configure the security level, modify the security defaults, or use custome setting for other configurations. All the security zones with their default security levels are described as follows:
  •  Internet zones: All sites on the Internet that are not in the Trusted or Restricted Sites zones are included in this zone. The default security level for the zone is Medium.
  • Local Intranet zone: This zone includes all site inside an organization's firewall (for computers connected to a local network). The Local intranet zone is also home to Web applications that need access to the user's hard disk. The default security level for the zone is Medium-Low.
  • Trusted Site zone: this is the zone where a user specifies Internet sites, which are trusted by the user. These sites might include corporate subsidiaries or perhaps the website of a trusted business partner. The default security level for that zone is Low.
  • Restricted Sites zone: This is the zone where a user specifies sites that he does not trust and wants to restrict. The default security level for the zone is High.
Note: Except the Internet zone, all the other zones do not include websites by default. Websites must be places manually into these zones. A user or an administrator can assign a website to a zone with a suitable security level. Whenever one attempts to open or downlad any content from the Web, Internet Explorer alwars checks the security zone's setting and behaves according to the applied setting.
What are distributed firewalls?
Distributed firewalss are host-resident security software applications that protect the enterprise network's servers and end-user machines againt unwanted intrusion. They offer the advantage of filtering traffic from from both the Internet and the internal network. This enables them to prevent hacking attacks that originate from both the Internet and internal network. A feature of distributed firewalls is centralized management. The ablity to populate servers and end-users machines, to configure and "push out" consistenet security policies helps to maximize limited resources.
What is a stateful firewall?
A stateful firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.
What is an application firewall?
An application firewall is a form that controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially bloking the input, output, or system services calss that do not meet the configured policy of the firewall. The application firewall is trypically built to monitor one or more specific applications or services (such as a web or database service), unlike a stateful network firewall, which can provide some access controls for nearly any kind of netwrok traffic. There are two primary categories of application firewalls:
  • Network-based application firewalls
  • Host-based application firewalls. 
What is the dual-firewall architecture?
The dual-firewall architecture is more complex than the single-firewall architecture; however, it is also a more secure overall design and provides for a much more granular level of control over traffic traversing the firewalls. The most secure (and most expensive) option to implement a screened subnet is using two firewalss. in this case, the DMZ is placed between the two firewalls, as shown in the firgure below:
  • internet - firewall-dmz-fiewall - intranet
The use of two firewalls still allows the organization to offer services to Internet users through the use of a DMZ, but provides an addes layer of protection. It is very common for secutiry architects to implement this schemem using firewall technology from two different vendors. This provides an added level of security in the event ta malicious indiviual discoves a software-specific exploitable vulnerability.
What is the difference between VPNs and firewalls?
VPNs establish a secured connection and transmit data across that line, whereas firewallls sit at planned locations on the network and watch for certain types of traffic to block. An appropriately configured VPN can communicate through firewalls.
What is a perimeter network?
A perimeter network, also known as a demilitarized zone or DMZ, is positioned between the Internet and the intranet. It protects the network from unauthorized traffic. Servers, outers, and switches that maintain security by preventing the internal network from being exposed on the Internet are placed in the perimeter network. A firewall is used to protect the perimieter network.
Local Area Network (LAN) is a network with high data transfer rate. In this type of network, the computers are located in a campus and are connected to each other.
What is a private IP address?
Private IP addresses are basically used for host computers that require IP connectivity, but do not need to be visible on the public network. IANA has reserved a certain number of IP addresses for this putpose. Private addresses are not routable to the public network. Therefore, computers with a private IP address connect to the Internet by a proxy server or another Network Address Translation (NAT) device. Private IP Address Tanges are as following:
  • Class - From - To
  • Class A - -
  • Class B - - 172..31.255.254
  • Class C - - 
What is a loopback address?
A loopback address is a reserved TCP/IP address that is used for testing interna TCP/IP configurations on any computer. It is used with the PING command to verify whether TCP/IP is correctly installed on the computer or not. The loopback address is ay address in the range 127.x.y.z, and successful PING to a computer's loopback address verifies that TCP/IP is correctly installed on the computer.
What are VLAN maps?
VLAN maps help in controlling the access of all the traffic in a VLAN. VLAN maps are applied on the switch in order to control all the packets that are routed into or out of a VLAN. They are not defined by direction, i.e., input or output. VLAN maps can only restrict packets going through the switch. According to the action specified in the VLAN map, the forwarding packets are permitted or denied.
What is a WLAN?
Wireless Local Area Network (WLAN) is a nework that enables deices to connect to the network wirelessly. WLAN uses radiated energy, commonly called high-frequency radio waves, to communicate among nodes. IEEE  defines standards for WLAN through 802.11 family.
What is WLAN coverage area?
WLAN coverage area is the space in which two WLAN devices can sucessfully send data to each other. An Access Point (AP) creates a coverage area.
What is a leased line?
A leased line is a service contract between a provider and a customer, whereby the provider agrees to dliver a symmetric telecommunications line connecting two or more locations in exchange for a monthly rent (hence the term lease).

Typically, leased lines are used by business to connect geographically distant offices. Unlike dail-up connections, a leased line is always active. The fee for the connection is a fixed monthly rate. The primary factors affexcting the monthly fee are the distance between end points and the speed of the circuit. Because the connection doesn't carry anybody else's communications, the carrier can assure a given level of quality.
What is a dail-up connection?
A dail-up connection is a method to access the Internet via telephone lines. The user's computer or router uses an attached modem connected to a telephone line to dial into an Internet service provider's (ISP) node to establish a modem-to-modem line, which is then used to route Internet Protocol packets between the user's equipment and hosts on the Internet.
What is ISDN?
Intergarated Service Digital Network (ISDN) is a digital telephone/telecommunication network that carries voice, data, and video over an existing telephone network infrastructure. It requires an ISDN modem at both the ends of a transmission. ISDN is designed to provide single interface for hooking up a telephone, fax machine, computer, etc.

ISDN has two levels of service, i.e., Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
What is the T-carrier systems?
The T-carrier system is a North American digital transission format. It provides dedicated and private line services for digital voice data transmission. The mazimum transmission rate is up to 45 Mbps for a T-carrier system. The T-carrier system is used to connect a LAN to a WAN. the basic unit of the T-carrier system is the DS0, which has a transmission rate of 64 kbps, and is commonly used for one voice circuit.
What is the E-carrier system?
E-carrier system is a digital telecommunication system where a single physical wire pair is used to carry multiple simultaneous voice conversations by time-division multiplexing. This system is standardized by the Wuropean Conference of Postal and Telecommunications Administrations (SEPT). There are five versions of E-carrier; however, in practice, only E1 and E3 are used. E-carrier duration. permanently allocate a capacity got a voice call for its entire duration. This ensures high call quality becuase the transmission arrives with the same short delay (also called latency)and capacity at all times. E1 circuits are commonly used in telephone exchanges and are used to connect to medium and large companies, to remote exchanges, and in many cases between exchanges. E3 lines are used between exchanges operators, and/or countries, and have a transmission speed of 34.368 Mbit/s.
What is DSL?
DSL (Digital Sunscriber Line) is a family of tachnologies that provides digital data transmission over the wires of a local telephone network. DSL originally stood for digital subscriber loop. The data throughtput of consumer DSL services typically ranges from 384 kbit/s to 20 Mbits/s in the direction to the customer, depending on the DSL technology, line conditions, and service-level implementation. DSL yses a second, higher frequency band (greater than 25 kHz) above the low frequency regime (5 kHz and below) used by voice communications. On the customer premises, a DSL filter is installed on each outlet for telephone handsets to remove the high frequency band, eliminating interference with the operation of the telephone set, and enableing simultaneous use.
Networking cables
Networking vables are used to connect one network device to another or to connect two or more computers to share printers, scanners etc. Different types of netwrk cables, like Coaxial cables, Optical fiber cables, and twisted Pair cables are used, depending on the network's topology, protocol, and size. The device can be separated by a few meters (e.g. via Ethernet) or nearly unlimited distances (e.g. via the inter-connections of the Internt).
802.11a is an amendment to the IEEE 802.11 specification that added a higher data rate of up to 54 Mbit/s using the 5 GHZ band. It has seen widespread worldwide implementation, particulary within the corporate workspace.
What is the 802.11b?
The 802.11b standard for wireless local area networks (WLANs), often called Wi-Fi, is part of the 802.11 series of WLAN standards from the Institute of Electrical and Electronics Engineers (IEEE). 802.11b is backward compatible with 802.11.

Like other 802.11 standards, 802.11b uses the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance for path sharing. The modulation used in 802.11 has historically been phase-shift keying (PSK). The modulation method selected for 802.11b is known as complementary code keying (CCK), which allows higher data speed and is less susceptible to multipath-progagtion inteference.
What is 802.11g?
802.11g is an amendment to the IEEE 802.11 specification that extended throughput to up to 54 Mbit/s using the same 2.4 GHz band as 802.11b. This specification under the marketing name of Wi-Fi has been implemented all all over the world.
What is 802.11n?
802.11n is an amendment to the IEEE 802.11 - 2007 wireless networking standard to improve network throughput over the two previous standards  802.11a and 802.11g - with a significant increase in the maximum raw data rate from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz.
What is Network security?
Network security is the specialist area, which consists of the provisions and policies adopted by the Network Administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA and WPA2 is a ceritification program developed by Wi-Fi Alliance to indicate compliance with the security protocol created by Wi-Fi Alliance to secure wireless computer networks. The Alliance defined the protocol in response to several serious weaknesses that researchers hd found in the previos system, WEP. The WPA protocol implements the majority of the IEEE 802.11i standard. The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the preparation of 802.11i. Specifically, the Temporal Key Integrity Protocol was brought into WPA.
The 802.1X standard, defined by IEEE, is designed to enhance the security of wireless local area networks (WLANs) that follow the IEEE 802.11 standard. 802.1X provides an authentication framework for wireless LANs. It allows a user to be authenticated by a central authority. It uses the Extensible Authentication Protocol (EAP) that works on Ethernet, Token Ring, or wireless LANs to exchange messages for the authentication process.

When a user requests access to an access point, the access point changes the user's status to an unauthorized state. It allows the client to send only an EAP start message. The access point returns an EAP message requesting for the user's identity. The client point returns an EAP message requesting for the user's identity. The client returns the identity, which is then forwarded by the access point to the aurhentication server. The authentication server uses an algorithm (multiple algorithm is possible) to authenticate the user and then returns accept or reject message to the access point. If the access point receives an accept message, it changes the user's status to the authorized state, which allows notmal traffic to take place. In case of rejection, the client is disallowed to access the network.
Point-to-Point (P2P) wireless
A point-to-point wireless network is one of the simplest networks as it only involves two nodes. It is a type of network in which when a message is sent from one computer to another, it usually has to be sent though other computers in the network. A point-to-point wireless network contains many connections between individual pairs of computers.

Point-to-point wireless networking is introduced in order to avoid the mess of wires. Wireless Internet is one of the most common examples of this point-to-point wireless networking. The point-to-point wireless networking is common in computer, mobile, wireless pones industries.
What is a wireless bridge?
A wireless bridge is a hardware component that is used to connect two or more network segments (LANs or part of a LAN), which are physically and logically (by protocol) separated. It does not always nee to be a hardware device, as some operating system (such as Windows, Linux, Mac OS X and FreeBSD) provide software to bridge different protocols. This is seen commonly in protocols over wireless to cable. Hence, the computer acts as a bridge by using bridging O/S software.
What is a hybrid network topology?
A hybrid network topology is a combination of two or more different types of network topologies. In this topology, different topologies are combined into a single network.

The image above displays a hybrid topology, a combination of bus and star topologies. A hybrid topology is always produced when two different basic network topologies are connected.
What is a peer-to-peer network model?
A peer-to-peer network model, also known as workgroup model, provides a way to connect a small group of computers, so that users can share printing resources and files. In this model, all the computers act as both clients and servers. This model does not support centralized administration or provide user-level security. It is inexpensive and can be easily setup.
Wireless Technologies
  • 802.11: This is the latest networking specification for wireless local area networks (WLANs), developed by the Institute of Electrical and Electronic Engineers. It contains several sub specifications, and the IEEE is constantly adding new specifications. This specification uses Carrier Sense Multiple Access with Collision Avoidance (CSMS/CA) media access control mechanism. 802.11 supports 1 or 2 Mbps transmission in the 2.4 GHz ISM band using Frequency Hopping Spread Spectrum (FHSS).
  • 802.11x: It contains various specifications for the 802.11 family of Wireless LAN network standards. Some of the specifications in this family are still under development. The 802.11b specification uses Direct Sequence Spread Spectrum (DSSS) and supports 11 Mbps transmission in the 2.4 GHz band.
  • Infrared: Infrared technology uses invisible infrared radiations to transmit signals to short distances. There are two types of networks communication possible: one in which the sender and the receiver are visible to each other and are situated in a straight line. This is known as line-of-sight mode; the other type of communication known as diffuse mode does not require the sender and receiver to be directly visible to each other. This technology is used in TV sets, cordless microphones, laptops, remote modems, printers, and other peripheral devices. Infrared networks use frequencies in the terahertz range and support transmission speeds of 1 to 2 Mbps.
  • Bluetooth: Bluetooth technology uses short-range radio frequencies to transmit voice and data signals at the speed of I Mbps on a frequency of 2.4 Ghz. Bluetooth is used to automatically synchronize information among different types of computers like desktops, laptops, and palmtops, or connecting to the Internet through a cell phone.
A switch is a network connectivity device that brings media segments together in a central location. It reads the destination's MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This reduces the network traffic. Switches operate at the data-link layer of the OSI model.
Function of switch
The network switch plays an integral part in most modern Ethernet local area networks (LANs). Mid-to-large sized LANs contain a number of linked managed switched. Small office/home office (SOHO) applications typically use a single switch or an all-purpose converged device, such as DSL or cable Internet. In most cases, the end-user device contains a router and components that interface to particular physical broadband technology. User devices may also include a telephone interface for VoIP.
Layer 1
A network hub or a repeater is a layer 1 network device. Hubs do not manage any traffic that comes through them. Any packet entering a port is broadcast out or "repeated" on every other port, except for the port of entry. Since every packet is repeated on every other port, packet collisions affect the entire network, limiting its capacity.

There are specialuzed applications where a hub can be useful, such as copying traffic to multiple network sensors.
Layer 2
A network bridge operating at the dat link layer (Layer 2) may inter-connect small number of devices in a home or in the office. This is trival case of bridging in which the bridge learns the MAC address of each connected device.
Layer 3
Within the confines of the Ethernet phyical layer, a layer 3 switch can perform some or all of the functions normally performed by a router. The most common layer-3 capability is awareness of IP multicast through IGMP snooping. With this awareness, a Layer-3 switch can increase the efficiency by delivering the traffic of a multicast group only to ports where the attached device has signaled that it wants to listen to that group.
Layer 4
While the exace meaning of the term Layer-4 switch is vendor-dependent, it almost always starts with the capability for network address translation, but then adds some types of load distribution, based on TCP sessions.
Layer 7
Layer 7 Switchs may distribute loads based on the URL or by some installation-specific techniques to recognize application-level transactions. A Layer 7 switch may include a Web cache and participate in a content delivery network.
What are unmanaged switches?
Unmanaged switches have no configutation interface or options; they are plug and play. They are typically the least expensive found in homes, SOHO, or small business. They can either be desktop or rack mounted.
What are managed switches?
Managed switches have one or more methods to modify the operation of switches. Two sub-classes of managed switches are marketed today:
  • Smart (or intelligent) switches: These are managed switches with a limited set of management features.
  • Enterprise Managed (or fully managed) switches: These have a full set of management features, including CLI, SNMP agent, and Web interface. They may have additional features to manipule configurations, such as the ability to display, modify, backup, and restore configurations. 
 Define transmission speed
Transmission speed is defined as the rate at which data are moved across a communications channel. Data are moved across a communications channel at different rates and these rates are reffered to as the bandwidth. 
  • LAN Technologies  && Bandwidth
  • Ethernet && 10 Mbps/100 MBPS (shared)
  • Switched Ethernet && 10 Mbps/100 Mbps
  • Gigabit Ethernet && 1,000 Mbps
  • 10 Gigabit Ethernet && 10,000 Mbps
  • Token Ring && 4, 16 Mbps
  • Fast Token Ring && 100, 128 Mbps
  • FDDI/CDDI && 100 Mbps 
State the number of uplinks
In computer networking, an unlink is a connection from a device or smaller local network to a larger network. Number of uplinks depends on how many devices or smaller local network are connected to a larger network.
Discuss the speed of uplinks
The uplink speed of a switch is defined as the speed of the data going out the switch to the Internet or to another network. Ethernet standards on uplink speeds are of 10 Mbps, 100 Mbps, 1000 Mbps/1Gbps, 10Gbps. 

In order to calculate the speed of the uplinks, a user needs to perform two operations, one with small files and another with large files. The test for calculating the uplink speed for switch is better done with only two computer systems connected to the switch, one that sends the data and the other that receive the data. 

  1. First disconnect all the computer systems from the switch.
  2. Connect a computer system to one of the local ports of the switch with a network card whose speed is above that of the rated uplink speed. If the uplink speed is 100 MB, a user will need a network card on the computer that can go 1 GB.
  3. Now connect a computer system to the uplink port of the switch with a network card speed above that of the uplink port speed.
  4. Turn on the computer systems and the switch and ensure the two computers can ping each other.
Small Files

  1. Copy 500 to 10000 small files under 500 KB in a folder on the sending computer system.
  2. Choose all the small files, right-click on them and choose "Properties." Mention the total size of the files in MB.
  3. Open a connection with the receiving computer system.
  4. Send the files to the other computer system and note the time (in seconds) taken to transfer the files.
  5. Take the size in MB of the files. To find the speed in MB per second, divide the size of the files by the number of seconds the transfer took.
Large Files

  1. Copy one file larger than 1 GB to a folder on the sending computer system.
  2. Choose the file, right-click on it and select "Properties." Mention down its size in MB.
  3. A user should use computer explorer to open a connection with the receiving computer.
  4. Send the files to the other computer system and note the time (in seconds) taken to transfer the files.
  5. To find the speed in MB per second, divide the size in MB of the files by the number of seconds the transfer took.
Backplane speed defines the bandwidth of the module-to-module interconnect in large multi-modeule switches.
What is packet Swithing?
Packet switching is a digital networking communication method that groups all transmitted data regardless of the content, type, or structure into suitable sized blocks called packets. Packet switching features delivery of variable-bit rate data streams (sequences of packets) over a shared network.
What is circuit swtching?
Circuit switching is the methodology of implementing a telecommunication network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate.
What is message switching?
In telecommunications, message switching is the precursor of packet switching, where messages are routed in their entirety, and one hop at a time. Each message is treated as a separate entitiy and each message contains addressing information; at each switch, this information is read and the transfer path to the next switch is decided.
x of y cards Next > >|