Académique Documents
Professionnel Documents
Culture Documents
ON
COMPUTER NETWORKS
1
DECLARATION
(Signature of student)
Harpreet Kaur
Registration no:-21300595018
Date : 22-Nov-2016
Certified that the above statement made by the student is correct to the
best of our knowledge and belief.
2
ACKNOWLEDGEMENT
Many people have helped to create this project and each of their
contribution has been valuable. The completion of this project is mainly
due to the interest and persuasion of Miss Aarti Dhawan who is our
teacher but also a good project guider. Our special thanks to Miss Aarti
Dhawan for their valuable Guidance and timely support.
First of all we would like to thank Miss Aarti Dhawan who motivated us
continuously and helped us at each step of project development, and
aided us to complete efficiently the assigned task.
Last but not the least, we express our gratitude to all the faculty members
and our parents. The kind blessings of who made us strong during ups
and downs while accomplishing the task in time.
Harpreet Kaur
Registration no:-21300595018
..
3
CERTIFICATE OF THE PROJECT GUIDANCE TO
WHOM IT MAY CONCERN
Project Guides:-
..
4
TABLE OF CONTENTS
Introduction to Networking
Types of Network
Network Models
Cables
Networking Devices
IP Addressing
LAN Solution
Router Internal
Firewall
WLAN
Intrusion Detection
Intergrated Server
WAN Solution
5
INTRODUCTION TO NETWORKING
A network consists of a:
Requirement of Networking
6
A computer network can provide a powerful communication medium along
widely separated employees.
The use of networks to enhance human-to-human communication will probably
prove more important than technical goals such as improved reliability.
These are the requirement with respect to companies but computer networking is
required even in the normal day to day life as we have to access the internet to get
information about what all new happening in the world, to have
communication with people staying far away using the e mail service.
These are the reasons that forced the inventerors to invent the networking
devices, models and protocols etc.
And the birth of Networking took place in 1844 when for the first time
Samuel Morse send the first telegraph message.
TYPES OF NETWORKS
7
LANs are restricted in size, which means that the worst-case transmission time is
bounded and known in advance.
LANs often use a transmission technology consisting of a single cable to which all
the machines are attached.
LANs run at speeds of 10 to 100 Mbps, have low delays, and make very few
errors.
LAN SETUP
IEEE has produced several standards for LANs. These standards collectively
known as IEEE 802 .
IEEE802.3 (Ethernet), IEEE802.4 (Token Bus), IEEE802.5 (Token Ring)
8
WAN (WIDE AREA NETWORK)
It is a Computer network that spans a relatively large geographical area, often a
country or continent. Typically a WAN consists of two or more Local Area
Network.
Computers connected to WAN are often connected through public networks such as
telephone systems. They can also be connected through leased lines or satellites.
The largest WAN in existence is Internet.
9
WAN SETUP
For most WANs, the long distance bandwidth is relatively slow: on the order of
kilobits per second (kbps) as opposed to megabits per second (Mbps) for
local-area networks (LANs). For example, an Ethernet LAN has a 10 Mbps
bandwidth; a WAN using part or all of a T1 carrier has a bandwidth of 1.544
Mbps .Three types of approaches are used to connect WANs:
1) Circuit switching, which provides a fixed connection (at least for the duration of a
call or session), so that each packet takes the same path. Examples of this
approach include ISDN, Switched 56, and Switched T1.
2) Packet switching, which establishes connections during the transmission
process so that different packets from the same transmission may take different
routes and may arrive out of sequence at the destination. Examples
of this approach are X.25, frame relay, and ATM.
3) Leased lines, which can provide a dedicated connection for private use.
10
NETWORK MODELS
11
OSI NETWORK MODEL
The OSI model describes how information makes its way from
application programs through a network medium to another
application program in other computer. It divides one big problem
in to seven smaller problems . Each problem is addressed by one of
the seven layers of the OSI model.
12
APPLICATION LAYER:-
PRESENTATION LAYER:-
SESSION LAYER:-
13
Examples are interactive login and file transfer connections, the session
would connect and re-connect if there was an interruption; recognize names
in sessions and register names in history.
TRANSPORT LAYER:-
Additional connection below the session layer
Manages the flow control of data between parties across the network
Divides streams of data into chunks or packets; the transport layer of the
receiving computer reassembles the message from packets
"Train" is a good analogy => the data is divided into identical units
Provides error-checking to guarantee error-free data delivery, with on losses
or duplications
Provides acknowledgment of successful transmissions; requests
retransmission if some packets dont arrive error-free
Provides flow control and error-handling TCP, ARP, RARP;
NETWORK LAYER:-
Translates logical network address and names to their physical address (e.g.
computer name ==> MAC address)
Responsible for addressing and determining routes for sending
Managing network problems such as packet switching, data congestion and
routing
If router cant send data frame as large as the source computer sends, the
network layer compensates by breaking the data into smaller units. At the
receiving end, the network layer reassembles the data
Think of this layer stamping the addresses on each train car IP; ARP;
RARP, ICMP; RIP; OSFP;
14
DATA LINK LAYER:-
Turns packets into raw bits 100101 and at the receiving end turns bits into
packets.
Handles data frames between the Network and Physical layers
The receiving end packages raw data from the Physical layer into data
frames for delivery to the Network layer
Responsible for error-free transfer of frames to other computer via the
Physical Layer
This layer defines the methods used to transmit and receive data on the
network. It consists of the wiring, the devices use to connect the NIC to the
wiring, the signaling involved to transmit / receive data and the ability to
detect signaling errors on the network media
PHYSICAL LAYER:-
Transmits raw bit stream over physical cable
Defines cables, cards, and physical aspects
Defines NIC attachments to hardware, how cable is attached to NIC
Defines techniques to transfer bit stream to cable
15
IP ADDRESSING
1) Network address
2) Host address
Individual IP address in same network all have a different value in the host part of
address, but they have identical value in network part, just as in town there are
different street address but same ZIP code.
Class A - This class is for very large networks, such as a major international
company. IP addresses with a first octet from 1 to 126 are part of this class. The
other three octets are each used to identify each host.
16
Net Host or Node
54. 24.54.43
Class C- Class C addresses are commonly used for small to mid-size business. IP
addresses with a first octet from192 to 223 are part of this class. Class C
addresses also include the second and third octets as part of Net identifier. The last
octet is used to identify each host.
Class D- It is used for multicast. It has first bit value of 1, second bit value of 1,
third bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify
the group of computers the multicast messages is intended for.
17
Net Host or Node
224 24.54.145
Private IP
It is not necessary that every time we make a network we are connected to some ISP
(Internet Service Provider). So in that case we require some private IP also which
can be used in indigenous networks .In each class a range of IP addresses
have been defined for this purpose
MASKING
Computers use a mask to define size of network and host part of an address. Mask
is a 32-bit number written in dotted decimal form. It provides us the network address
when we perform a Boolean AND of mask with the IP address. It also define
number of host bits in an address.
18
Class Of Size of network Size of host part Default mask
address part of address in address in for Each Class
in bits bits Of Network
A 8 24 255.0.0.0
B 16 16 255.255.0.0
C 24 8 255.255.255.0
SUBNETTING
And due to this mask changes to subnet mask and now the network address also
includes subnet address.
19
Example
20
sending data simultaneously collision will occur. Both PCs will wait for some
random time and then initiate the same process.
Unicast address: Fancy term for a MAC that represents a single LAN
interface.
21
PASSIVE COMPONENTS
Passive components are those devices which are used to provide connectivity
between different networking devices.
It includes
Cables
Patch Panel
Patch Cord
I/O box
Racks
RJ-45 Connectors
CABLES
Twisted pair
The wires are twisted around each other to minimize interference from other twisted
pairs in the cable. Twisted pair cables are available unshielded (UTP) or shielded
(STP). UTP is the most common type and uses a RJ-45 Connector.Typical lengths
are up to 100m.Twisted pair network uses a star topology.
22
Coaxial
Coaxial cable uses BNC connectors. The maximum cable lengths are
around 500m. Coaxial networks use a single bus topology
Fiber Optic
UTP and Co-axial cables are not capable for driving the data signals for long
distance i.e. UTP is capable of transmitting up to a distance 100 meters only By
using the Fiber cables it is possible to send the data about 10 kilometers. Fiber
optic cable uses SC, ST, LC connectors (most common in use is SC connector)
23
In fiber cables the data is converted to light signals and the signal is made to
propagate through the fiber cable. There are two types of Fibre optic cable
available.
1. Single mode: In this mode typical length is up to 12km and data rate is
1000Mbps. The core diameter is about 9.25 nm cable is known as 1000 base LX
cable.
2. Multi mode: This mode is further categorised in two:
24
PATCH PANEL
We can label the patch panel so we know that which wire belongs to
whichlocation. Without a patch panel, it is chaotic. If we want to
disconnect a station from the switch, it's a lot easier if there's a label.
Most cabling is wired "straight-through" from end to end. But sometimes
we need to cross-wire some of the pairs between switch and station, like
with a cable modem , or cross-wire to connect two switches. With a
patch panel, all of this cross-wiring is done in the patch cable. If you
have to make any changes, like moving a station or switch, you just
move the patch cable with it, instead of having to reterminate the cable
run.
25
PATCH CORD
RACK
We have to mount the patch panel somehow. The best way is to buy
a rack. Basically, a rack is a pair of vertical rails with holes drilled in
them so that we can mount patch panels, hubs, and other network
equipment. This made it easy to access the back of the patch panel and
other networking components.
Cabling Guidelines
26
1. Attach one end of a twisted-pair cable segment to the devices RJ-45
connector.
Making Twisted-Pair Connections
2. The port where we are connecting the RJ-45 is a network card, attach
the other end of the cable segment to a modular wall outlet that is
connected to the wiring closet. Otherwise, attach the other end to an
available port on the switch. Make sure each twisted pair cable does not
exceed 100 meters (328 ft) in length.
27
3. Label the cables to simplify future troubleshooting.
28
NETWORKING DEVICES
A Network Interface Card (NIC) is a circuit board that plugs into both
clients and servers and controls the exchange of data between them (A
specific software driver must be installed depending on the make
of the NIC. A physical transmission medium, such as twisted pair or
coaxial cable interconnects all network interface cards to network hubs
or switches. Ethernet and Token Ring are common network interface
cards. Todays cards supports 10baseT and 100baseT with automatic
recognition.
HUB
When the need for interconnecting more then 2 devices together then a
device known as hub comes to picture . Basically hub is a layer one
device. i.e. it operates on the physical layer of the OSI model. It is
designed to do broadcasting i.e. when it gets any frame it broadcasts it
to every port irrespective that whether it is destined for that port or not.
Hub has no way of distinguishing which port a frame should be sent.
Broadcasting results in lot of traffic on the network which leads to
poor network response. If two PC simultaneously transmit there data
packets and both are connected to a HUB, then collision will occur, so
we can say, it creates a single collision domain. On the other hand
all PCs connected to a hub will get a same message so a single
broadcast domain will be created.
29
A 100/1000 Mbps hub must share its bandwidth with each and every
one of its ports. So when only one PC is broadcasting, it will have
access to the max available bandwidth. If, however, multiple PCs
are broadcasting, then that bandwidth will need to be divided
between all of these systems, which will degrade the performance.
They are usually Half-Duplex in nature.
SWITCH
Hubs are capable of joining more than two PC but having some
demerits like if two PC would want to communicate at a time then there
would be a collision and the both PC would have to send the data once
again. This shortcoming of Hub is overcome by Switches. Switches are
intelligent devices which work on the Layer2 of the OSI model.
Basically a switch keeps a record of MAC addresses of all the devices
connected to it. Using this information, it builds a MAC address table.
So when a frame is received, it knows exactly which port to send it
to, which increases the network response time.
1. At the time of initializing the switch the MAC address table is yet to
be built up. When a frame is send by some of the PC, it recognises the
source MAC address and update the MAC address table.
2. If the destination is available in the MAC table then forward
to the corresponding PC.
3. If the destination MAC address is not present in the table then
forwards in all the port available expect the incoming one. The
designated PC will respond for the data and it will send the
acknowledge for the data received. This acknowledged data will be
examined by the switch and the MAC address table would be up dated
accordingly.If two PC simultaneously transmit there data packets and
30
both are connected to a SWITCH, then collision will not occur, so we
can say, it creates a multiple collision domain.The switch supports
broadcast. Hence we can call switches create single broadcast
domain and multiple collision domains.
1) Managed
2) Unmanaged
1. Store-and-forward:- The switch fully receives all bits in the frame (store)
before forwarding the frame (forward). This allows the switch to check the FCS
before forwarding the frame. (FCS is in the Ethernet trailer.)
2. Cut-through:- The switch performs the address table lookup as soon as the
destination address field in the header is received. The first bits in the frame can be
sent out the outbound port before the final bits in the incoming frame are
received. This does not allow the switch to discard frames that fail the FCS
check. (FCS is in the Ethernet trailer.)
3. Fragment Free:- This performs like cut-through switching, but the switch waits
for 64 bytes to be received before forwarding the first bytes of the outgoing
frame. According to Ethernet specifications, collisions should be detected during
the first 64 bytes of the frame; frames in error because of a collision will not be
forwarded. The FCS still cannot be checked.Bridge is another device like switch
which also operates basing on the MAC address. But the Basic difference
between the bridge and the switch is that bridge works on software bases, but the
switch works on hardware basic. The Switch works on ASICs ( Application Specific
Integrated Circuits)
31
ROUTER
32
Comparison between Hub, Bridge, Switch & Router
33
LAN SOLUTION
CUSTOMER REQUIREMENT
There is a company, which has 2 offices. And the offices are 200 meters apart.
The connectivity between these two offices is the main requirement to be fulfilled.
In each office there are three different departments each department at different
floor.
In building Ist At each floor there are 20 users and also at 3rd floor there are 2
Servers. In building IInd At floor 1st and 2nd there are 20 users each. And at 3rd floor
there are 40 users.
The bandwidth requirement of each user is 100 Mbps while the bandwidth
requirement for the server is 1 Gbps. All floors must be connected to a central
switch to be placed at IInd floor in office 2nd. And connectivity should be via optical
fiber.
SOLUTION
By looking at the requirement it is clear that we require a switch that has got 20
ports and also 2 GBIC slots (one for optical fiber connectivity and one free slot is
demanded for future use).
Keeping this point into consideration we can use HCL 24 Port Managed
Stackable Switch as this switch has got 24 ports and 2 GBIC slots and this switch is
managed switch also.And with this 24 port switch we will use 24 port HCL made
Patch PanelAnd for connectivity of patch panel with switch we require 3 ft Patch
Cord. As structured cabling is must so we require UTP cable and I/O box and to
connect PCs with I/O box we require 7ft Patch Cord.Here we will use Cat5e UTP
cable because bandwidth requirement is 100 Mbps This trend of connecting the
users to the switch will be followed at each and every floor but at floor 3 rd of
building IInd there are 40 user so here instead of 1 switch we require 2 switches.
At 3rd floor of building 1st 2 servers are also present whose bandwidth
requirement is 1Gbps. So now we have two options either to connect with UTP
cable or Fiber optic cable. But here we will use fiber optic as we are already
using it so thee is no need to waste money on UTP Cat 6 Cable. So here we will
simply use the fiber optic patch cord to connect the server to switch.
34
Now only one thing is left i.e. connection of switches to a central switch placed at
2nd floor of IInd building.As the connection requirement is via optical fiber so we
at central location we require a switch having all its ports as GBIC slots and no of
ports should not be more than 8 as there are only 7 24 port switches in use (one
optical cable line from each switch)
Now here as the distance between the two offices is only 200 meters so here we will
use multimode optical fiber and that too FX type and as the cable is to be laid in
open so outdoor armored cable will be use The connectivity diagram, the bill of
material and the specification sheet for the solution is given in the following pages.
SPECIFICATION SHEET
HCL-24TMS-2S-W
MAC Addresses- 4K
BANDWIDTH- 12Gbps
SWITCHING RATE- 6.6Mbps
SNMP(Simple Network Management Protocol)- Yes, and
supports RFC1157
WEB MANAGEABLE- Yes
PC-C305-E
CAT 5 e CABLE
35
Enhanced CAT 5 350 MHz UTP Bulk Cable
4 Pairs
Solid Grey
Length: 305 Meters
PC-JP24-E
PATCH PANEL
Unshielded 24 Port RJ-45 jack for performance @ rated 100 Mbps Fully
Complied to e CAT 5 T568A/B standards
1.6mm metallic Patch Panel 19'' Rack Mount frame 1U Fully
powder coated
Black
PC-MC3-GE
PC-MC7-GE
PF-CM6-A-OM2
36
PF-PMSC-SC-3D-50
PF-COSC-M
PF-CPSC-M
PF-LIU-12U
PF-LIU-6U
37
ROUTER
ROUTER INTERNAL COMPONENTS
Like a computer, a router has a CPU that varies in performance and capabilities
depending upon router platform. It has typically 4 types of memory in it.:
ROM- It is used to store the routers bootstrap startup program, operating system
software, and power-on diagnostic tests programs. We can also upgrade our
ROM
NVRAM- It is used to store the routers startup configuration file. It does not lose
data when power is switched off. So the contents of startup configuration files are
maintained even when we switch off or restart the router.
38
Ethernet or Token Ring interface are configured to allow connection to a
LAN.
Synchronous serial interfaces are configured to allow connections to WANs.
ISDN BRI interfaces are configured to allow connection to an ISDN WAN.
All cisco routers have a console port that provides an EIA/TIA-232
asynchronous serial connection.
Console port can be connected to computers serial connection to gain terminal
access to router.
Most routers also have an auxiliary port that is very similar to console port
but, is typically used for modem connection for remote router management.
39
There are three methods for configuring the router:
1) Through console port:- The console port is used for configuring a router locally
with the help of a PC or a Laptop. The console port of the router is connected to
the serial i.e COM port of the router. The detailed configuration is given in
the section.
2) Through the AUX port:- The aux ( auxiliary ) port is accessed from a
modem located faraway from a router through the PSTN ( Public Switched
Telephone Network ) and the configuration is done.
3) Through Telnet:- Line vty ( virtual terminal ) 0 to 4 are used for the
configuring the router by telnet.
9600
8
N
1
On/off
40
Connect to the device of the PC
COM 1 Setting
41
Hyper terminal Screen
After connecting the router that will boot and after booting the following
procedures will be adopted.
Router> enableNow automatically prompt asking for password will appear on the
screen like this:
Password:Now write password over here. This is done to secure access to router.
After this
Router#
will appear on the screen this shows that we are in privileged mode and now we try
to enter in configuration mode.
42
Now we will assign IP address to each and very interface connected to router.
Subnet mask should be given with a proper care. Following steps are to be
followed:
ROUTING PROTOCOLS
ROUTING INFORMATION PROTOCOL (RIP)
RIP is a dynamic, distance vector routing protocol. RIP uses UDP port 520 for
route updates. RIP calculates the best route based on hop count. This makes RIP
very fast to converge
RIP sends full table updates at regular intervals specified by the route-update
timer (30 seconds is the default). This means that a RIP router summarizes all
routes it knows along classful boundaries and sends the summary information to
all other RIP routing devices. RIP updates can contain up to 25 messages.
RIP TIMERS
43
timeout 180 sec. Interval a route should stay 'live' in the routing table.
This counter is reset every time the router hears an update for this
route.
The routing-update timer controls the time between routing updates. Default is
usually 30 seconds, plus a small random delay to prevent all RIP routers from
sending updates simultaneously.
The route-timeout timer controls when a route is no longer available. The default
is usually 180 seconds. If a router has not seen the route in an update during this
specified interval, it is dropped from the router's announcements. The route is
maintained long enough for the router to advertise the route as down (hop count
of 16).The route-flush timer controls how long before a route is completely flushed
from the routing table. The default setting is usually 120 seconds.
router> enable
Password:
router# conf t
router(config)#interface ethernet 0
router(config-if)# ip address 192.168.42.1 router(config-if)# interface ethernet 1
router(config-if)# ip address 192.168.43.1 router(config-if)# exit
router(config)# router rip
router(config-router)# network 192.168.42.0 router(config-router)# network
192.168.43.0
router(config-router)# exit
router(config-router)# ^z
router#
The example above assumes that the interfaces that will be running RIP have IP
addresses on them that fall within the 192.168.42.0, and 192.168.43.0 class C
ranges.
44
IGRP
IGRP is a distance-vector routing protocol that considers a composite metric
which, by default, uses bandwidth and delay as parameters instead of hop count.
IGRP is not limited to the 15-hop limit of RIP. IGRP has a maximum hop limit of
100, by default, and can be configured to support a network diameter of 255.
With IGRP, routers usually select paths with a larger minimum-link bandwidth
over paths with a smaller hop count. Links do not have a hop count. They are
exactly one hop.
IGRP will load-balance traffic if there are several paths with equal cost to the
destination
IGRP sends its routing table to its neighbors every 90 seconds. IGRP's default
update period of 90 seconds is a benefit compared to RIP, which can consume
excessive bandwidth when sending updates every 30 seconds. IGRP uses an
invalid timer to mark a route as invalid after 270 seconds (three times the update
timer). As with RIP, IGRP uses a flush timer to remove a route from the routing
table; the default flush timer is set to 630 seconds (seven times the update period
and more than 10 minutes).
If a network goes down or the metric for the network increases, the route is
placed in holddown. The router accepts no new changes for the route until the
holddown timer expires. This setup prevents routing loops in the network. The
default holddown timer is 280 seconds (three times the update timer plus 10
seconds).
45
IP ACCESS LIST
IP access lists cause a router to discard some packets based on criteria defined by
the network engineer. The goal of these filters is to prevent unwanted traffic in the
networkwhether to prevent hackers from penetrating the network, or just to
prevent employees from using systems
that they should not be using.
Packets can be filtered as they enter an interface, before the routing decision.
Packets can be filtered before they exit an interface, after the routing decision.
Deny is the term used in Cisco IOS software to imply that the packet will be
filtered.
Permit is the term used in Cisco IOS software to imply that the packet will not be
filtered.
The filtering logic is configured in the access list.
At the end of every access list is an implied deny all traffic statement.
Therefore, if a packet does not match any of your access list statements, it is
blocked.
Access lists have two major steps in their logic: matching and action. Matching
logic examines each packet and determines whether it matches the access-list
statement. As soon as an access-list statement is matched, there are two actions to
choose from: deny and permit. Deny means to discard the packet, and permit implies
that the packet should continue on its way.
FIREWALL
A firewall is a device of some kind that separates and protects our network - in
most cases, from the Internet. It restricts traffic to only what is acceptable, and
monitors that what is happening. Every firewall has at least two network
interfaces, one for the network it is intended to protect, and one for the network it
is exposed to. A firewall sits at the junction point or gateway between the two
networks, usually a private network and a public network such as the Internet.
46
It may be a hardware device or a software program running on a secure host
computer.
A firewall examines all traffic routed between the two networks to see if it
meets certain criteria. A firewall filters both inbound and outbound traffic.
Technologies
1) Packet Filtering
2) Proxy
3) Stateful Inspection
Packet Filtering
A packet filtering firewall simply inspects incoming traffic at the transport layer of
the OSI model. The packet filtering firewall analyzes TCP or UDP packets and
compares them to a set of established rules called as Access Control List (ACL).
Packet filtering inspects packet only for following elements
Source IP address
Source Port
Destination IP address
Destination Port
Protocol
Proxy
When a firewall is installed then no PC makes direct connection to the outside
world. In that case they use proxy i.e each PC first of all sends request to proxy
which then forwards the request to the internet or outside world for connection or
data transfer.
47
Stateful Inspection
It is a combination of Packet filtering and proxy services. This is the most secure
technology and provides the most functionality because connections are not only
applied to ACL, but are logged into a static table. After a connection is
established, all session data is compared to the static table. If the session data
does not match the state table information for that connection, then connection is
dropped.
Interface Command
The interface command identifies the interface hardware card, sets the speed of the
interface and enables the interface all in one command.
Nameif command
It is used to name an interface and assign security level from 1 to 99.
The outside and inside interfaces are named by default and have default security
values of 0 and 100, respectively. By default, the interfaces have their hardware
ID. Ethernet 0 is the outside interface, and Ethernet 1 is the inside interface
SYNTAX: nameif hardware_id if name security level
Hardware_id Indicates the interfaces physical location on the Firewall. if name The
name by which we refer to this interface.
Security level A numerical value from 1 to 99 indicating the security level. Examples:
Nameif ethernet0 outside security0
48
Nameif ethernet1 inside security100
nameif ethernet2 dmz security20
We can see the configuration by using show nameif command.
ip address Command
net mask The appropriate network mask. If the mask value is not entered, the
firewall assigns a classful network mask.
Example: ip address inside 10.10.10.14 255.255.255.0
We can see the configuration by using show ip command.
Nat Command
The Nat (Network Address Translation) command translates a set of IP
addresses to another set of IP addresses.
SYNTAX: Nat ( if name) nat_id local_ip [netmask]
(if name) The internal network interface name.
nat_id The ID number to match with the global address pool.
local_ip The IP address that is translated. This is usually the inside network IP
address.
1) Static: For ex. There is a Google server and we dont want to make its IP
address public so we change its IP address using Nat command in firewall
and now user will logon to this new IP. This results in more security as
every time it has to pass through firewall.
2) Dynamic: If there are lots of PCs in a network and all want to access the
internet, it is not easy that every PC is being provided with independent
public IP so at firewall level we change every PCs pvt Ip with public IP.
Examples:
nat (inside) 1 10.10.10.0 255.255.255.0
nat (inside) 1 172.16.1.0 255.255.255.0
49
Global Command
The global command is used to define the address or range of addresses that the
addresses defined by the nat command are translated into. It is important that
the nat_id be identical to the nat_id used in the nat command. The nat_id pairs the
IP address defined by the global and nat commands so that network translation
can take place.
Nat_id Identifies the global address and match it with the nat command it
is pairing with.
An IDS is a security counter measure. It monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases
the IDS may also respond to anomalous or malicious traffic by taking action such as
blocking the user or source IP address from accessing the network
A firewall simply blocks openings into your network/system, but cannot
distinguish between good/bad activity. Therefore, if you need to allow an opening to
a system (like a web-server), then a firewall cannot protect against intrusion
attempts against this opening. In contrast, intrusion detection systems can
monitor for hostile activity on these openings.
HIDS
50
NIDS
1) Anomaly detection
2) misuse detection (signature detection)
3) target monitoring
Anomaly Detection
An example of this would be if a user logs on and off of a machine 20 times a day
instead of the normal 1 or 2. Also, if a computer is used at 2:00 AM when
normally no one outside of business hours should have access, this should raise
some suspicions. At another level, anomaly detection can investigate user patterns,
such as profiling the programs executed daily. If a user in the graphics department
suddenly starts accessing accounting programs or compiling code, the system can
properly alert its administrators.
51
Target Monitoring
These systems do not actively search for anomalies or misuse, but instead look
for the modification of specified files. This is more of a corrective control,
designed to uncover an unauthorized action after it occurs in order to reverse it.
One way to check for the covert editing of files is by computing a cryptographic
hash beforehand and comparing this to new hashes of the file at regular
intervals. This type of system is the easiest to implement, because it does not
require constant monitoring by the administrator. Integrity checksum hashes can
be computed at whatever intervals you wish, and on either all files or just the
mission/system critical files
Passive IDS
A passive IDS simply detects and alerts. When suspicious or malicious traffic is
detected an alert is generated and sent to the administrator or user and it is up to
them to take action to block the activity or respond in some way.
Reactive IDS
A reactive IDS will not only detect suspicious or malicious traffic and alert the
administrator, but will take pre-defined proactive actions to respond to the threat.
Typically this means blocking any further network traffic from the source IP
address or user.
52
WAN SOLUTION
REQUIREMENT
SOLUTION
53
WLAN (WIRELESS LAN)
STANDARDS
54
TOPOLOGIES
INFRASTRUCTURE NETWORK
55
ADHOC NETWORK
56
Integrated Services Digital Network (ISDN )
B channel
D channel
D channels are used for signaling. They are used to establish the session
before the data is actually transfer.
57
ISDN INTERFACES
Both BRI and PRI provide multiple digital bearer channels over which
temporary connections can be made and data can be sent.
BRI: ISDN Basic Rate Interface (BRI, also known as 2B+1D) service
provides two B channels and one D channel. The BRI B-channel
service operates at 64Kbps and carries data, while the BRI D-channel
service operates at 16Kbps and usually carries control and signaling
information.
PRI: According to American standards , the ISDN Primary Rate
Interface (PRI, also known as 23B+D1) service delivers 23 64Kbps B
channels and one 64Kbps D channel for a total bit rate of up to
1.544Mbps.
2.048Mbps.
58
Router A is ordered with an ISDN BRI U reference point, referring to the I.430
reference point defining the interface between the customer premises and the
ISP.
Router B is bought with an ISDN BRI S/T interface, implying that it must
be cabled to a function group NT1 device. An NT1 function group device must be
connected to the ISP line through a U reference point; the S/T interface defines
the connection to Router B. Router B is called a TE1 (Terminal Equipment 1)
function group device.
59
Function Groups:
Reference Points:
60
Bibliography
INTERNET SURFING
www.google.com
www.scribed.com
www.wikkipidia.com
www.egnou.com
www.nhindia.com
61
62