Archive for the ‘Networking’ Category

There are around 5 types of routers:

– Wired Router: These are devices that connect directly to computers using cable. One of the ports on the Wired Router allows the router to connect to a modem for receiving internet, while the other set of ports transmits the data to computers using the network cable.

– Wireless Router: This is almost same as the wired router, this device connects to the Modem using wire, but while transmitting the data it can do it in two types, the Wired and Wireless. This device converts the data packets to radio signals.

– Core Routers: A core router is a wired or wireless router that distributes Internet data packets within a network, but does not distribute data packets between multiple networks.

– Edge Routers: an edge router is a wired or wireless router that distributes Internet data packets between one or more networks, but does not distribute data packets within a network.

– Virtual Router: Unlike a physical wired or wireless router, a virtual router acts as a default router for computers sharing a network. The router functions using the Virtual Router Redundancy Protocol (VRRP), which becomes active when a primary, physical router fails or otherwise becomes disabled.

Advertisements

A firewall is an important component of a larger overall security strategy. Windows 7 comes with a built-in firewall that’s turned on and working from the moment you first start your computer.

 

The firewall is automatically configured to prevent unsolicited Internet traffic from getting into your computer, thereby protecting you from worms and other hack attempts. The 7 firewall also provides advanced options for professional network and security administrators who need more granular control over its behavior. In Detail:

 

  • Exceptions in Windows Firewall are programs that are allowed to work through the firewall.
  • A firewall will not protect your computer from viruses, pop-up ads, or junk e-mail.
  • A firewall protects your computer from unsolicited network traffic, which is a major cause of worms and other hack attempts.
  • When you start an Internet program that needs access to the Internet through a closed port, you’ll be given a security alert with options to Unblock, or Keep Blocking, the port. You must choose Unblock to use that program.
  • Windows Firewall is one of the programs in the Security Center. To open Security Center, click the Start button and choose Control Panel ➪ Security ➪ Security Center.
  • You don’t need to configure the firewall to use standard Internet services such as the Web and e-mail. Those will work through the firewall automatically.
  • Professional network and security administrators can configure Windows Firewall through the Windows Firewall with Advanced Security console in Administrative Tools.
  • From the Start menu, you can search on the keyword fire to get to Windows Firewall configuration options.

It’s important to understand that a firewall alone is not sufficient protection against all Internet threats.

A firewall is just one component in a larger defense system. Specifically:

 

  • Windows firewall doesn’t protect you from spyware and viruses. See Chapter 8 for more information on that protection.
  • Windows firewall doesn’t protect you from attacks based on exploits. Automatic updates provide that protection.
  • A firewall doesn’t protect you from pop-up ads.
  • A firewall doesn’t protect you from phishing scams.
  • Windows firewall doesn’t protect you from spam (junk e-mail).

 

So, a firewall isn’t a complete solution. Rather, it’s an important component of a larger security strategy.

To understand what a firewall is, you need to first understand what a network connection is. Even though you have only one skinny set of wires connecting your computer to the Internet (through a phone line or cable outlet), that connection actually consists of 65,535 ports. Each port can simultaneously carry on its own conversation with the outside world. So, theoretically, you could have 65,535 things going on at a time. Of course, nobody ever has that much going on all at one time. A handful of ports are more like it.

The ports are divided into two categories: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP is generally used to send text and pictures (Web pages and e-mail), and includes some error checking to make sure all the information that’s received by a computer matches what the sending computer sent. UDP works more like broadcast TV or radio, where the information is just sent out and there is no error checking. UDP is generally used for real-time communications, such as voice conversations and radio broadcasts sent over the Internet.

Each port has two directions: incoming and outgoing. The direction is in relation to stuff coming into your computer from the outside: namely the Internet. It’s the stuff coming into your computer that you have to watch out for. But you can’t close all ports to all incoming traffic. If you did, there’d be no way to get the good stuff in. But you don’t want to let everything in.

Antispyware and antivirus software are good tools for keeping out viruses and other bad things that are attached to files coming into your computer. But hackers can actually sneak worms and other bad things in through unprotected ports without involving a file in the process. That’s where the firewall comes into play. A stateful firewall, such as the one that comes with Windows 7, keeps track of everything you request. When traffic from the Internet wants to come in through a port, the firewall checks to make sure the traffic is something you requested. If it isn’t, the firewall assumes this is a hacker trying to sneak something in without your knowing it, and therefore prevents the traffic from entering your computer.

 

System area networks (SANs) represent an area of computer architecture that has evolved quickly. The term SAN in this section refers to “system” (not “storage”) area networks. After various competing standardization efforts starting in the late 1990s, the state of the SAN field became temporarily unclear. However, the technology has emerged with a richer set of

features that promise to impact the server and clustering arena.

 

A SAN uses high-speed connections to attach high-performance computers in a cluster configuration. The configuration delivers very high bandwidth of 1+ GB/sec with very low latency. They are switched, with a typical hub What’s Next 579 supporting 4 to 8 nodes. Larger SANs are built with cascading hubs with cable length limitations that vary from a few meters to a few kilometers.

 

Interconnections in a SAN differ from other existing high-performance media (such as gigabit Ethernet and ATM) in several ways. SAN adapters implement reliable transport services that are similar to TCP or SPX, but directly in hardware. SANs have very low error rates. SANs are often made highly available by deploying redundant interconnect fabrics.

 

SANs provide bulk data transfer through a remote direct memory access (RDMA) mechanism. The performance within a SAN resembles more that of a memory subsystem than a traditional network (such as an Ethernet LAN). The initiator specifies a buffer on the local system and a buffer on the remote system. Data is then transferred directly between the local and remote systems by the network adapters without involving either of the host CPUs. Both read and write operations are supported in this manner.

 

 

Subnetting is a technique of dividing a full Class A, B, or C network into smaller networks. It defines how 1 or more bits are taken from the host portion and added to the network portion. Following are the advantages of this technique:

 

  •  Saves IP addresses —Avoids the need to assign an entire IP range within a network to one location.
  •  Simplifies network management—Smaller, independent subnets can be created by routers. Internal networks can be restructured without impacting DMZ or external networks.
  •  Reduces network traffic —Links with high network traffic can be isolated to a subnet. Examples are NFS and backup subnets. NFS client (such as a filer) interfaces can be on a one subnet and backup server and dedicated client NICs on another.
  •  Improves security —It is easy to keep DMZ and front-facing networks separated from internal networks.

 

Subnetting requires taking a bit from the host portion and giving it to the network portion. The more bits we steal from host portion, the more the number of subnets. But more subnets come at the expense of IPs that would otherwise be used for hosts. Each new subnet requires two IP addresses: one for the network ID and the other for its broadcast ID.

Hubs and switches are similar in many ways. Both contain connection ports into which twisted-pair RJ-45 connectors (similar to phone RJ-11 jacks) plug. They can be administered remotely. Either can be used to create a LAN, and they funnel messages to the network backbones.

 

There are salient differences between hubs and switches, however:

 

  • Shared or dedicated bandwidth —The main distinction is how they operate. Hosts in a hub-based network share the full bandwidth, but a switch is capable of creating independent full-speed connections for any two devices on the LAN that must communicate. Each connection operates at the full switch bandwidth.
  • How they handle signals —A hub acts like a repeater. It takes an incoming frame and retransmits it to all other attached hosts. Each hub port has a single host connected to it. Hubs are dumb devices and cannot learn. Switches examine incoming frames and immediately transmit them to one or more other ports. This process is very fast. Each switch port can have a single host or a LAN segment connected to it. Switches learn media access control (MAC) addresses and build a contentaddressable memory (CAM) table.
  •  Cost —Switches are more expensive than hubs for the same number of ports because they have more powerful hardware and software capabilities. Switches have more memory, a CPU, and a complete suite of software tools to manage them. Hubs have a trimmed-down version of the firmware code.

 

Like switches, bridges are also layer 2 devices. They learn MAC addresses, filter and forward frames, and can be used to segment LANs. However, they usually have 16 or fewer ports. Much of the functionality of bridges has been moved to routers.

 

Just as routers have replaced bridges at layer 3, switches (as their cost continues to fall) may eventually replace hubs at layer 2, but that has not happened yet. Hubs, it must be pointed out, have become smarter, less expensive, and easier to set up and manage. As more and more LANs are being set up, network managers continue to deploy hubs as an easy and inexpensive way to connect printers, low-traffic servers, PCs, and management consoles. The number of installed hubs is increasing mainly because of cost and simplicity.

Virtual private networking (VPN) provides a way of making a secured, private connection from the client to the server over a public network such as the Internet. Unlike dial-up networking, in which a connection is made directly between client and server, a VPN connection is logical and tunneled through another type of connection. Typically, a remote user would connect to an Internet service provider (ISP) using a form of dial-up networking (particularly good for users with high-speed connections).

The Routing And Remote Access server would also be connected to the Internet (probably via a persistent, or permanent, connection) and would be configured to accept VPN connections. Once the client is connected to the Internet, it then establishes a VPN connection over that dial-up connection to the Routing and Remote Access server.

 

Automatic Private IP Addressing

 

Automatic Private IP Addressing (APIPA) is a feature introduced with Windows 2000; it is also included in Windows XP and Windows Server 2003.

 

APIPA allows a computer that is configured to obtain an automatic IP address to assign itself an address from a private range should no DHCP server be available. APIPA assigns addresses in the range 169.254.0.1 through 169.254.255.255—a range reserved by Microsoft for just this purpose.

 

APIPA is really designed for small networks that don’t use a DHCP server. APIPA allows computers running Windows 2000, Windows Server 2003, or Windows XP to plug into a network and recognize one another with little configuration necessary. If your network uses a DHCP server and you see that a client has been assigned an address in the APIPA range, it means the client could not locate a DHCP server.

 

Routing is the process of moving information along a path from a source to a destination.

On a TCP/IP network, the source and destination are called hosts and the information is broken apart into small packets that are transmitted between these hosts. The IP handles the routing of all these packets for the network.

 

Remember that a protocol such as TCP or UDP hands down a packet of data to the IP protocol for transmission to a remote host. IP must determine where the packet goes.

First, it compares the network ID of the local host with the network ID of the destination host identified in the packet. If the two network IDs match, the two hosts are on the same network segment and the packet can be sent directly to the destination host.

 

If IP determines that the network IDs of the local host and the remote host do not match, that means that the two hosts are on different network segments and the packet cannot be sent directly. Instead, IP must send the packet to a gateway, which is a router connecting one network segment to another. When this gateway receives the packet, its IP protocol goes through the process of comparing network IDs to determine the best place to send the packet. If the destination host is on one of the network segments to which the gateway is directly connected, the gateway can forward the packet straight to the destination host. Otherwise, the gateway forwards the packet on to another gateway, and then perhaps another, until the packet finally reaches its destination. Each time a packet crosses a gateway that is referred to as a hop. For example, if a packet must cross three routers to reach its destination that is considered three hops.

 

Usually, the source host is configured with the IP address of a default gateway, a router to which all packets are sent if the destination host is not found on the same network segment. Routers (and all devices with IP installed, for that matter) are able to consult routing tables that are stored in the router’s memory. A routing table holds information on preferred routes for various network IDs. This way, the router can determine the best gateway to which to send a packet based on the network ID of the packet’s destination host. There are two ways in which a router can build its routing table:

 

Static A static router has a routing table that is constructed and updated manually.

In other words, someone must actually access the routing table to create

routes the router can use.

 

Dynamic A dynamic router builds and updates its own routing table as it finds

appropriate routes. When it finds shorter routes, it favors those over longer routes.

Most important, dynamic routers can also share their information with other

routers on the network. Almost all the routers in use today are dynamic routers—

manual routers are just too much work. Dynamic routers use one of two common

routing protocols: Routing Information Protocol (RIP) and Open Shortest Path First

(OSPF).