Summer training report on Networking in kaizeninfoserve pvt.ltd.

Delhi

Submitted by:Laukesh Kumar B-Tech 4thyr(7th sem) Roll No:0810913403

ACKNOWLEDGEMENT
I extend my heart felt gratitude and my sincere thanks to Mrs.Kanchan Arora, manager of our company KAIZEN INFOSERVE PVT. LTD. for ary arrangement for doing the training. I wish to express my gratitude to Mr.Cinmaya Priydarshi, who is the networking engineer in this company, for giving us permission to carry out the training. Last but not least, I am debited to all people who have contributed in some way or the other in the completion of this training work.

Laukesh Kumar

Content
1-Campus area network (CAN) y Infrastructure of CAN y Working of CAN 2- Metropolitan Area Network (MAN) y Implementation of MAN 3- Wide Area Network (WAN) y Design options y Wireless design consideration y Site survey y WLAN roaming y Point to Pont survey y Implementing a WLAN Test Environment 4-TCP/IP y Link layer y Internet layer y Transport layer y Application layer y OSI and TCP/IP layering differences 5-Dynamic Host Configuration Protocol (DHCP) y Technical overview y Technical detail 6-Virtual Private Network y Component of VPN y How to install enable VPN y How to configure the VPN server y How to manages address and servers 7-Configuring RADIUS Authentication y RADIUS Overview y RADIUS in ORACLE environment y RADIUS Authentication modes 8-Window Server 2003 9-Microsoft Outlook y How to use Microsoft outlook 10-An Intriduction To Check point Firewall y Overview y Checkpoints 11-Network Switches 12-Routers 13-Wireless Route

Campus Area Network (CAN)

A campus area network known as (CAN) is used to inter-connect networks in limited geographical locality like university campus, military bases, or organizational campuses etc. It can be taken as the metropolitan network that has the specific settings at the small area just like a computer lab in the university. CAN (Campus Area Network) area is no doubt larger than a local area network but it is still smaller then a wide area network. These networks are designed for the particular place that hits the highest point level. For example, multiple labs, multiple offices in the buildings etc. most of the time, this term is referred as the university campus but when it is used at organizational level, we call it corporate campus network. As we have discussed above it is smaller than a wide area network and multiple Local Area Network (LAN) combines in one organization or regions to make a Campus Area Network (CAN). Therefore, whenever some one tells you about the networks within the specific area, you can easily guess that it is campus network.

Infrastructure of CAN (Campus Area Network):

In this kind of networking, the same technology along with the hardware is used in different buildings of one campus or one corporation. They follow the same terminologies like the local area networks but the difference is that they are interconnected between the multiple buildings at the particular location. Just imagine a university campus in which you have multiple departments such as information technology, electronics, mass communication and fine arts etc and in all these departments computer labs, they have implemented the same infra -structure of hardware and other technologies using the Local area network as the main tool, and one message sent by one department can be accessed by the other department, then we say that the network is following the techniques of Campus Area Network (CAN) . Same is the case with the corporation or organizations which have different departments in one locality and these departments can communicate with each other using the communication medium of CAN (Campus Area Network). In Campus Area Networking (CAN) system the same type of hardware means that routers, switches, hubs, cabling and even wireless connection points are same in the multiple buildings. We can say that theses all networking resources are owned by the same organization. If we talk about the internet connection companies, we see that one university uses the same connection for all of its departments. In CAN (Campus Area Network), just like the internet connection, one company has dealings with the entire organization.

How CAN (Campus Area Networks) Work, Uses of CAN

As we know that universities are the best example of this type of interconnection hence, different blocks of universities such as administrative office, educational departments, staff rooms, gymnasium, common room, hostels and conference halls when connected with each other combine to form the CAN (Campus Area Network). In most cases, corporate campuses are connected through the wireless communication mediums rather than cabling and wirings because they are more economical to use as compare to the long wiring and cabling. Organizations do follow this strategy because they always try to maintain the best outcome by investing less and with the wireless communication throughout their building offices, they can manage their budget that they may be spending on the wiring, hubs, switches etc. they can perform the same task by only connecting one or two devices at their main office and providing signals to other departments which they can use without any difficulty.

Campus Area networks (CAN) are economical, beneficial and easy to implement in the specific kilometers of locality. It is very helpful for the universities and other corporate organizations to work from any block and receive the same speed of data transfer. A metropolitan area network (MAN) is a computer network that usually spans a city or a large campus. A MAN usually interconnects a number of local area networ (LANs) using a highcapacity backbone technology, such as fiber-optical links, and provides up-link services to wide area networks (or WAN) and the Internet. The IEEE 802-2002 standard describes a MAN as being. A MAN is optimized for a larger geographical area than a LAN, ranging from several blocks of buildings to entire cities. MANs can also depend on communications channels of moderate-to-high data rates. A MAN might be owned and operated by a single organization, but it usually will be used by many individuals and organizations. MANs might also be owned and operated as public utilities. They will often provide means for internetworking of local networks.

Authors Kenneth C. Laudon and Jane P. Laudon(2001) of Management Information Systems: Managing the Digital Firm 10th ed. define a metropolitan area network as: A Metropolitan Area Network (MAN) is a large computer network that spans a metropolitan area or campus. Its geographic scope falls between a WAN and LAN. MANs provide Internet connectivity for LANs in a metropolitan region, and connect them to wider area networks like the Internet.

It can also be used in cable television.

Implementation
Some technologies used for this purpose are Asynchronous Transfer Mode (ATM), FDDI, and SMDS. These technologies are in the process of being displaced by Ethernet-based connections (e.g., Metro Ethernet) in most areas. MAN links between local area networks have been built without cables using either microwave, radio, or infra-red laser links. Most companies rent or lease circuits from common carriers due to the fact that laying long stretches of cable can be expensive. DQDB, Distributed-queue dual-bus, is the metropolitan area network standard for data communication. It is specified in the IEEE 802.6 standard. Using DQDB, networks can be up to 20 miles (30 km) long and operate at speeds of 34 to 155 Mbit/s. Several notable networks started as MANs, such as the Internet peering points MAE-West, MAE-East, and the Sohonet media network. A wide area network (WAN) is a telecommunication network that covers a broad area (i.e., any network that links across metropolitan, regional, or national boundaries). Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations. In essence this mode of telecommunication allows a business to effectively carry out its daily function regardless of location.[1] This is in contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs) which are usually limited to a room, building, campus or specific metropolitan area (e.g., a city) respectively.

Design options
WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet service providers, provide connections from an organization's LAN to the Internet. WANs are often built using leased lines. At each end of the leased line, a router connects to the LAN on one side and a hub within the WAN on the other. Leased lines can be very expensive. Instead of using leased lines, WANs can also be built using less costly circuit switching or packet switching methods. Network protocols including TCP/IP deliver transport and addressing functions. Protocols including Packet over SONET/SDH, MPLS, ATM and Frame relay are often used by service providers to deliver the links that are used in WANs. X.25 was an important early WAN protocol, and is often considered to be the "grandfather" of Frame Relay as many of the underlying protocols and functions of X.25 are still in use today (with upgrades) by Frame Relay. Academic research into wide area networks can be broken down into three areas: mathematical models, network emulation and network simulation.

Performance improvements are sometimes delivered via wide area file services or WAN optimization.

Wireless Design Considerations

The following sections discuss some items that should be considered when designing and provisioning a wireless network.

Site Survey
Site surveys, originally introduced to make the most of scarce resources, are sometimes seen as unnecessary in this age of inexpensive WAPs, where wireless saturation seems so economical. Maybe the days of serious physical surveying, where one would look under the ceiling tiles, are long gone, but you should still perform surveying to determine the optimal locations for WAPs to minimize channel interference while maximizing the range. Whether you are performing an in-depth site survey or a rudimentary one, you should ask the following questions:
y y y y

Which wireless system is best suited for the application? Does a line-of-sight requirement exist between antennas? Where should the WAP be located so that it is as close as possible to clients? What potential sources of interference are in this building? Example sources are cordless phones, microwave ovens, natural interference, or other access points using the same channel. Should any federal, provincial, or local regulations and legislation be considered in this deployment?

Site Surveys Have Their Purpose Some WAPs have an autoconfiguration option with which, after listening on the network, they can autoconfigure themselves for the least-used wireless channel. This is not always desirable, though. For example, if a WAP is installed on the sixth floor of a multi-WAP, multistory building, it might select a channel that it perceived to be available. If that channel is already used by a WAP on the first floor, a client on the third floor could have difficulty staying connected because the channels overlap there. Overlapping channels in a wireless network perform similarly to an overcrowded wired network plagued by continuous collisions. Undoubtedly, performance will suffer and clients might not be able to establish consistent connectivity to the wireless network.

This problem could be more easily solved with rudimentary planning and by using nonoverlapping channels. Channels 1, 6, and 11 do not overlap, as mentioned in the "Wireless Standards" section, earlier in this chapter.

WLAN Roaming
WLANs are relatively inexpensive to deploy compared to wired networks, and because, as shown earlier in Figure, throughput is directly related to the proximity of WAPs, network managers often install WAPs to provide overlapping signals, as shown in Figure . Using this overlapping design, coverage (radius) area is traded for improved throughput.

Figure Overlapping Signals Eliminate Dead Spots Note that these overlapping signals must be in nonoverlapping channels. This scenario, however, requires WLAN roaming. WLAN roaming plans consider that as a user moves away from a WAP and is therefore losing signal strength, his connection should seamlessly jump to a WAP that provides a stronger signal.

Point-to-Point Bridging
It is not always feasible to run a network cable between two buildings to join their respective LANs into a single Layer 3 broadcast domain. If the two buildings are a reasonable distance apart and preferably in direct line of sight with each other, wireless bridges can be configured, as shown in Figure. It takes two WAPs to create one logical two-port bridge. In this mode, WAPs are operating in a dedicated point-to-point bridge mode and therefore are no longer operating as wireless access points for clients.

Figure Point-to-Point Bridging

Design Considerations for Wireless IP Phones

Because wireless IP phones have different coverage and wireless characteristics than common wireless clients, a system administrator should conduct another site survey. Another consideration for wireless IP phones is roaming. The roaming described in the "WLAN Roaming" section, earlier in this chapter, is Layer 2 roaming. With Layer 2 roaming, devices keep their IP address and therefore the changing to another switch would not be noticeable by users. Layer 3 roaming would mean that a device would have to change its IP address; this would mean an interruption in the user's connection. If the connection was to a wireless IP phone, the call would be disconnected; this scenario would likely be unacceptable to users. When wireless IP phones are used, the network needs to be equipped with a Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM). WLSM, an integral component of SWAN, provides aggregation of access point radio management information, thus enabling Layer 2 and Layer 3 roaming and client mobility management. Layer 2 roaming refers to an IP phone switching WAP within its subnet of origin. Layer 3 roaming refers to an IP phone switching connectivity from a WAP in its subnet to a WAP located in another subnet. Prior to WLSM, Layer 3 roaming was an issue because the phone would end up in a subnet to which its IP address and default gateway wouldn't belong.

Implementing a WLAN Test Environment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Before embarking on a full-scale WLAN deployment on your enterprise network, perform a trial deployment on a WLAN test network in your lab to familiarize yourself with how the technology works and resolve any issues that arise before deploying the enterprise WLAN. After setting up your WLAN test environment, perform a limited test to ensure that all components are working together under a simplified certificate infrastructure. Then expand the test environment, testing your Group Policy design and a three-tier CA infrastructure. Figure 11.7 shows the process for implementing a WLAN test environment.

TCP\IP
Definition: Transmission Control Protocol (TCP) and Internet Protocol (IP) are two distinct network protocols, technically speaking. TCP and IP are so commonly used together, however, that TCP/IP has become standard terminology to refer to either or both of the protocols. IP corresponds to the Network layer (Layer 3) in the OSI model, whereas TCP corresponds to the Transport layer (Layer 4) in OSI. In other words, the term TCP/IP refers to network communications where the TCP transport is used to deliver data across IP networks. The average person on the Internet works in a predominately TCP/IP environment. Web browsers, for example, use TCP/IP to communicate with Web servers

Layers in the TCP/IP model

Two Internet hosts connected via two routers and the corresponding layers used at each hop.

Encapsulation of application data descending through the TCP/IP layers

The layers near the top are logically closer to the user application, while those near the bottom are logically closer to the physical transmission of the data. Viewing layers as providing or consuming a service is a method of abstraction to isolate upper layer protocols from the nittygritty detail of transmitting bits over, for example, Ethernet and collision detection, while the lower layers avoid having to know the details of each and every application and its protocol. This abstraction also allows upper layers to provide services that the lower layers cannot, or choose not to, provide. Again, the original OSI Reference Model was extended to include connectionless services (OSIRM CL). For example, IP is not designed to be reliable and is a best

effort delivery protocol. This means that all transport layer implementations must choose whether or not to provide reliability and to what degree. UDP provides data integrity (via a checksum) but does not guarantee delivery; TCP provides both data integrity and delivery guarantee (by retransmitting until the receiver acknowledges the reception of the packet). This model lacks the formalism of the OSI reference model and associated documents, but the IETF does not use a formal model and does not consider this a limitation, as in the comment by David D. Clark, "We reject: kings, presidents and voting. We believe in: rough consensus and running code." Criticisms of this model, which have been made with respect to the OSI Reference Model, often do not consider ISO's later extensions to that model. 1. For multiaccess links with their own addressing systems (e.g. Ethernet) an address mapping protocol is needed. Such protocols can be considered to be below IP but above the existing link system. While the IETF does not use the terminology, this is a subnetwork dependent convergence facility according to an extension to the OSI model, the Internal Organization of the Network Layer (IONL).[6] 2. ICMP & IGMP operate on top of IP but do not transport data like UDP or TCP. Again, this functionality exists as layer management extensions to the OSI model, in its Management Framework (OSIRM MF) [7] 3. The SSL/TLS library operates above the transport layer (uses TCP) but below application protocols. Again, there was no intention, on the part of the designers of these protocols, to comply with OSI architecture. 4. The link is treated like a black box here. This is fine for discussing IP (since the whole point of IP is it will run over virtually anything). The IETF explicitly does not intend to discuss transmission systems, which is a less academic but practical alternative to the OSI Reference Model. The following is a description of each layer in the TCP/IP networking model starting from the lowest level.

Link Layer
The Link Layer (or Network Access Layer) is the networking scope of the local network connection to which a host is attached. This regime is called the link in Internet literature. This is the lowest component layer of the Internet protocols, as TCP/IP is designed to be hardware independent. As a result TCP/IP is able to be implemented on top of virtually any hardware networking technology. The Link Layer is used to move packets between the Internet Layer interfaces of two different hosts on the same link. The processes of transmitting and receiving packets on a given link can be controlled both in the software device driver for the network card, as well as on firmware or specialized chipsets. These will perform data link functions such as adding a packet header to prepare it for transmission, then actually transmit the frame over a physical medium. The TCP/IP model includes specifications of translating the network addressing methods used in the Internet Protocol to data link addressing, such as Media Access Control (MAC), however all other

aspects below that level are implicitly assumed to exist in the Link Layer, but are not explicitly defined. This is also the layer where packets may be selected to be sent over a virtual private network or other networking tunnel. In this scenario, the Link Layer data may be considered application data which traverses another instantiation of the IP stack for transmission or reception over another IP connection. Such a connection, or virtual link, may be established with a transport protocol or even an application scope protocol that serves as a tunnel in the Link Layer of the protocol stack. Thus, the TCP/IP model does not dictate a strict hierarchical encapsulation sequence.

Internet Layer
The Internet Layer solves the problem of sending packets across one or more networks. Internetworking requires sending data from the source network to the destination network. This process is called routing. In the Internet Protocol Suite, the Internet Protocol performs two basic functions:
y y

Host addressing and identification: This is accomplished with a hierarchical addressing system (see IP address). Packet routing: This is the basic task of getting packets of data (datagrams) from source to destination by sending them to the next network node (router) closer to the final destination.

IP can carry data for a number of different upper layer protocols. These protocols are each identified by a unique protocol number: for example, Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are protocols 1 and 2, respectively. Some of the protocols carried by IP, such as ICMP (used to transmit diagnostic information about IP transmission) and IGMP (used to manage IP Multicast data) are layered on top of IP but perform internetworking functions. This illustrates the differences in the architecture of the TCP/IP stack of the Internet and the OSI model.

Transport Layer
The Transport Layers responsibilities include end-to-end message transfer capabilities independent of the underlying network, along with error control, segmentation, flow control, congestion control, and application addressing (port numbers). End to end message transmission or connecting applications at the transport layer can be categorized as either connection-oriented, implemented in Transmission Control Protocol (TCP), or connectionless, implemented in users Datagram Protocol (UDP). The Transport Layer can be thought of as a transport mechanism, e.g., a vehicle with the responsibility to make sure that its contents (passengers/goods) reach their destination safely and soundly, unless another protocol layer is responsible for safe delivery.

The Transport Layer provides this service of connecting applications through the use of servic ports. Since IP provides only a best effort delivery, the Transport Layer is the first layer of the TCP/IP stack to offer reliability. IP can run over a reliable data link protocol such as the HighLevel Data Link Control (HDLC). Protocols above transport, such as RPC, also can provide reliability. For example, the Transmission Control Protocol (TCP) is a connection-oriented protocol that addresses numerous reliability issues to provide a reliable byte stream:
y y y y y

data arrives in-order data has minimal error (i.e. correctness) duplicate data is discarded lost/discarded packets are resent includes traffic congestion control

The newer Stream Control Transmission Protocol (SCTP) is also a reliable, connection-oriented transport mechanism. It is Message-stream-oriented not byte-stream-oriented like TCP and provides multiple streams multiplexed over a single connection. It also provides multi-homing support, in which a connection end can be represented by multiple IP addresses (representing multiple physical interfaces), such that if one fails, the connection is not interrupted. It was developed initially for telephony applications (to transport SS7 over IP), but can also be used for other applications. User Datagram Protocol is a connectionless datagram protocol. Like IP, it is a best effort, "unreliable" protocol. Reliability is addressed through error detection using a weak checksum algorithm. UDP is typically used for applications such as streaming media (audio, video, Voice over IP etc) where on-time arrival is more important than reliability, or for simple query/response applications like DNS lookups, where the overhead of setting up a reliable connection is disproportionately large. Real-time Transport Protocol (RTP) is a datagram protocol that is designed for real-time data such as streaming audio and video. TCP and UDP are used to carry an assortment of higher-level applications. The appropriate transport protocol is chosen based on the higher-layer protocol application. For example, the File Transfer Protocol expects a reliable connection, but the Network File System (NFS) assumes that the subordinate Remote Procedure Call protocol, not transport, will guarantee reliable transfer. Other applications, such as VoIP, can tolerate some loss of packets, but not the reordering or delay that could be caused by retransmission. The applications at any given network address are distinguished by their TCP or UDP port. By convention certain well known ports are associated with specific applications. (See List of TCP and UDP port numbers.)

Application Layer
The Application Layer refers to the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol

(FTP) and the Simple Mail Transfer Protocol (SMTP).[9] Data coded according to application layer protocols are then encapsulated into one or (occasionally) more transport layer protocols (such as the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)), which in turn use lower layer protocols to effect actual data transfer. Since the IP stack defines no layers between the application and transport layers, the application layer must include any protocols that act like the OSI's presentation and session layer protocols. This is usually done through libraries. Application Layer protocols generally treat the transport layer (and lower) protocols as "black boxes" which provide a stable network connection across which to communicate, although the applications are usually aware of key qualities of the transport layer connection such as the end point IP addresses and port numbers. As noted above, layers are not necessarily clearly defined in the Internet protocol suite. Application layer protocols are most often associated with client server applications, and the commoner servers have specific ports assigned to them by the IANA: HTTP has port 80; Telnet has port 23; etc. Clients, on the other hand, tend to use ephemeral ports, i.e. port numbers assigned at random from a range set aside for the purpose. Transport and lower level layers are largely unconcerned with the specifics of application layer protocols. Routers and switches do not typically "look inside" the encapsulated traffic to see what kind of application protocol it represents, rather they just provide a conduit for it. However, some firewall and bandwidth throttling applications do try to determine what's inside, as with the Resource Reservation Protocol (RSVP). It's also sometimes necessary for Network Address Translation (NAT) facilities to take account of the needs of particular application layer protocols. (NAT allows hosts on private networks to communicate with the outside world via a single visible IP address using port forwarding, and is an almost ubiquitous feature of modern domestic broadband routers).

OSI and TCP/IP layering differences

The three top layers in the OSI modelthe Application Layer, the Presentation Layer and the Session Layerare not distinguished separately in the TCP/IP model where it is just the Application Layer. While some pure OSI protocol applications, such as X.400, also combined them, there is no requirement that a TCP/IP protocol stack needs to impose monolithic architecture above the Transport Layer. For example, the Network File System (NFS) application protocol runs over the eXternal Data Representation (XDR) presentation protocol, which, in turn, runs over a protocol with Session Layer functionality, Remote Procedure Call (RPC). RPC provides reliable record transmission, so it can run safely over the best-effort User Datagram Protocol (UDP) transport. The Session Layer roughly corresponds to the Telnet virtual terminal functionality[citation needed, which is part of text based protocols such as the HTTP and SMTP TCP/IP model Application Layer protocols. It also corresponds to TCP and UDP port numbering, which is considered as part of the transport layer in the TCP/IP model. Some functions that would have been performed by an OSI presentation layer are realized at the Internet application layer using the MIME standard, which is used in application layer protocols such as HTTP and SMTP.

Since the IETF protocol development effort is not concerned with strict layering, some of its protocols may not appear to fit cleanly into the OSI model. These conflicts, however, are more frequent when one only looks at the original OSI model, ISO 7498, without looking at the annexes to this model (e.g., ISO 7498/4 Management Framework), or the ISO 8648 Internal Organization of the Network Layer (IONL). When the IONL and Management Framework documents are considered, the ICMP and IGMP are neatly defined as layer management protocols for the network layer. In like manner, the IONL provides a structure for "subnetwork dependent convergence facilities" such as ARP and RARP. IETF protocols can be encapsulated recursively, as demonstrated by tunneling protocols such as Generic Routing Encapsulation (GRE). While basic OSI documents do not consider tunneling, there is some concept of tunneling in yet another extension to the OSI architecture, specifically the transport layer gateways within the International Standardized Profile framework.[10] The associated OSI development effort, however, has been abandoned given the overwhelming adoption of TCP/IP protocols. Introduction to Administering DNS Server This guide explains how to administer Domain Name System (DNS). These administration activities are part of the operations phase of the information technology (IT) life cycle. If you are not familiar with this guide, review the following sections of this introduction.

When to use this guide

Use this guide when:
y y

You need to administer your DNS infrastructure, such as by managing zones or resource records. You need to configure your DNS infrastructure, such as by providing global single-label DNS name resolution.

This guide assumes a basic understanding of what DNS is, how it works, and why your organization uses it to provide name resolution. It also assumes a thorough understanding of how DNS is deployed and managed in your organization. This includes an understanding of the mechanisms that your organization uses to configure and manage DNS settings. This guide can be used by organizations that have deployed Windows Server 2008. It includes information that is relevant to different roles in an IT organization, including IT operations managers, administrators, and operators. This information includes management-level information about DNS and administrator-level information about the IT processes that are required to operate it. This guide contains detailed procedures that are designed for operators (or designated users) who have varied levels of expertise and experience. Although the procedures provide operator guidance from start to finish, operators must have a basic proficiency with Microsoft Management Console (MMC) and MMC snap-ins. Operators must also know how to start

administrative programs and access the command line. If operators are not familiar with DNS, it might be necessary for IT planners, managers, or administrators to review the relevant operations in this guide and provide the operators with the parameters or data that they must enter when they perform the operations.

How to use this guide

This guide includes the following types of topics:
y

y y

Objectives are high-level goals for administering DNS. Each objective consists of one or more high-level tasks that describe how the objective is accomplished. In this guide, Adding and Removing DNS Servers is an example of an objective. Tasks contain groups of procedures for achieving the goals of an objective. In this guide, Adding a DNS Server is an example of a task. Procedures provide step-by-step instructions for completing tasks. In this guide, Install a DNS Server is an example of a procedure topic.

If you are an IT manager who is delegating tasks to operators in your organization:

y y

Read through the objectives and tasks to determine how to delegate permissions. Determine whether you need to install tools before operators perform the procedures for each task. Before you assign tasks to individual operators, ensure that all the tools are installed where operators can use them. When necessary, create tear sheets for each task that operators perform in your organization. Cut and paste the task and its related procedures into a separate document. Then, you can either print this document or store it online

Dynamic Host Configuration Protocol

A DHCP Server

The Dynamic Host Configuration Protocol (DHCP) is an automatic configuration protocol used on IP networks. Computers that are connected to non-DHCP equipped IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address. In the absence of DHCP, hosts may be manually configured with an IP address. Alternatively IPv6 hosts may use stateless address autoconfiguration to generate an IP address. IPv4 hosts may use link-local addressing to achieve limited local connectivity. In addition to IP addresses, DHCP also provides other configuration information, particularly the IP addresses of local caching DNS resolvers. Hosts that do not use DHCP for address configuration may still use it to obtain other configuration information. There are two versions of DHCP, one for IPv4 and one for IPv6. While both versions bear the same name and perform much the same purpose, the details of the protocol for IPv4 and IPv6 are sufficiently different that they can be considered separate protocols.

Technical overview
Dynamic Host Configuration Protocol automates network-parameter assignment to network devices from one or more DHCP servers. Even in small networks, DHCP is useful because it makes it easy to add new machines to the network. When a DHCP-configured client (a computer or any other network-aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the name servers, other servers such as time servers, and so forth. On receiving a valid request, the server assigns the computer an IP address, a lease (length of time the allocation is valid), and other IP configuration parameters, such as the subnet mask and the default gateway. The query is typically initiated immediately after booting, and must complete before the client can initiate IP-based communication with other hosts. Depending on implementation, the DHCP server may have three methods of allocating IPaddresses:
y

dynamic allocation: A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN is configured to request an IP address from the DHCP server during network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim (and then reallocate) IP addresses that are not renewed. automatic allocation: The DHCP server permanently assigns a free IP address to a requesting client from the range defined by the administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had. static allocation: The DHCP server allocates an IP address based on a table with MAC address/IP address pairs, which are manually filled in (perhaps by a network administrator). Only requesting clients with a MAC address listed in this table will be allocated an IP address. This feature (which is not supported by all DHCP servers) is variously called Static DHCP Assignment (by DD-WRT), fixed-address (by the dhcpd documentation), Address Reservation (by Netgear), DHCP reservation or Static DHCP (by Cisco/Linksys), and IP reservation or MAC/IP binding (by various other router manufacturers).

Technical details
DHCP uses the same two ports assigned by IANA for BOOTP: UDP port 67 for sending data to the server, and UDP port 68 for data to the client. DHCP communications are connectionless in nature. DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgement.

DHCP clients and servers on the same subnet communicate via UDP broadcasts. If the client and server are on different subnets, IP discovery and IP request messages are sent via UDP broadcasts, but IP lease offer and IP lease acknowledgement messages are unicast.

Virtual private network

VPN Connectivity overview

A virtual private network (VPN) is a method of computer networking--typically using the public internet--that allows users to privately share information between remote locations, or between a remote location and a business' home network. A VPN can provide secure information transport by authenticating users, and encrypting data to prevent unauthorized persons from reading the information transmitted.[1] The VPN can be used to send any kind of network traffic securely.[2] VPNs are frequently used by remote workers or companies with remote offices to share private data and network resources. VPNs may also allow users to bypass regional internet restrictions such as firewalls, and web filtering, by "tunneling" the network connection to a different region. Technically, the VPN protocol encapsulates network data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network, to keep the data private as it passes through the connecting nodes of a local or wide area network.

Components of a VPN
A VPN in Windows 2000 consists of a VPN server, a VPN client, a VPN connection (the portion of the connection in which the data is encrypted), and the tunnel (the portion of the connection in which the data is encapsulated). The tunneling is done through one of the tunneling protocols included with Windows 2000, both of which are installed with Routing and Remote Access. The two tunneling protocols included with Windows 2000 are:
y y

Point-to-Point Tunneling Protocol (PPTP): Provides data encryption using Microsoft Point-to-Point Encryption. Layer Two Tunneling Protocol (L2TP): Provides data encryption, authentication, and integrity using IPSec.

Your connection to the Internet should use a dedicated line such as T1, Fractional T1, or Frame Relay. The WAN adapter must be configured with the IP address and subnet mask assigned for your domain or supplied by an Internet service provider (ISP), as well as the default gateway of the ISP router.

How to Install and Enable VPN

To install and enable a VPN server, follow these steps: 1. On the Microsoft Windows 2000 VPN computer, confirm that both the connection to the Internet and the connection to your local area network (LAN) are correctly configured. 2. Click Start, point to Administrative Tools, and then click Routing and Remote Access. 3. Click the server name in the tree, and click Configure and Enable Routing and Remote Access on the Action menu, and then click Next. 4. In the Common Configurations dialog box, click Virtual private network (VPN server), and then click Next. 5. In the Remote Client Protocols dialog box, confirm that TCP/IP is included in the list, click Yes, all of the available protocols are on this list, and then click Next. 6. In the Internet Connection dialog box, select the Internet connection that will connect to the Internet, and then click Next. 7. In the IP Address Assignment dialog box, select Automatically in order to use the DHCP server on your subnet to assign IP addresses to dialup clients and to the server. 8. In the Managing Multiple Remote Access Servers dialog box, confirm that the No, I don't want to set up this server to use RADIUS now checkbox is selected. 9. Click Next, and then click Finish. 10. Right click the Ports node, and then click Properties. 11. In the Ports Properties dialog box, click the WAN Miniport (PPTP) device, and then click Configure. 12. In the Configure Device - WAN Miniport (PPTP) dialog box, do one of the following: o If you do not want to support direct user dialup VPN to modems installed on the server, click to clear the Demand-Dial Routing Connections (Inbound and Outbound) check box.

If you do want to support direct user dialup VPN to modems installed on the server, click to select the Demand-Dial Routing Connections (Inbound and Outbound) check box. 13. Type the maximum number of simultaneous PPTP connections that you want to allow in the Maximum Ports text box. (This may depend on the number of available IP addresses. 14. Repeat steps 11 through 13 for the L2TP device, and then click OK.
o

How to Configure the VPN Server

To further configure the VPN server as required, follow these steps. Configuring the Remote Access Server as a Router For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server. To configure the server as a router: 1. 2. 3. 4. Click Start, point to Administrative Tools, and then click Routing and Remote Access. Right-click the server name, and then click Properties. On the General tab, click to select Enable This Computer As A Router. Select either Local area network (LAN) routing only or LAN and demand-dial routing, and then click OK to close the Properties dialog box.

How to Configure PPTP Ports

Confirm the number of PPTP ports that you need. To verify the number of ports or to add ports, follow these steps: 1. Click Start, point to Administrative Tools, and then click Routing and Remote Access. 2. In the console tree, expand Routing and Remote Access, expand the server name, and then click Ports. 3. Right-click Ports, and then click Properties. 4. In the Ports Properties dialog box, click WAN Miniport (PPTP), and then click Configure. 5. In the Configure Device dialog box, select the maximum number of ports for the device, and then select the options to specify whether the device accepts incoming connections only, or both incoming and outgoing connections.

How to Manage Addresses and Name Servers

The VPN server must have IP addresses available in order to assign them to the VPN server's virtual interface and to VPN clients during the IP Control Protocol (IPCP) negotiation phase of the connection process. The IP address assigned to the VPN client is assigned to the virtual interface of the VPN client. For Windows 2000-based VPN servers, the IP addresses assigned to VPN clients are obtained through DHCP by default. You can also configure a static IP address pool. The VPN server must also be configured with name resolution servers, typically DNS and WINS server addresses, to assign to the VPN client during IPCP negotiation.

How to Manage Access

Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections. NOTE: By default, users are denied access to dial-up.

Access by User Account

If you are managing remote access on a user basis, click Allow Access on the Dial-In tab of the user's Properties dialog box for those user accounts that are allowed to create VPN connections. If the VPN server is allowing only VPN connections, delete the default remote access policy called "Allow Access If Dial-In Permission Is Enabled." Then create a new remote access policy with a descriptive name, such as VPN Access If Allowed By User Account. For more information, see Windows 2000 Help.

CAUTION: After you delete the default policy, a dial-up client that does not match at least
one of the policy configurations you create will be denied access. If the VPN server is also allowing dial-up remote access services, do not delete the default policy, but move it so that it is the last policy to be evaluated.

Access by Group Membership

If you are managing remote access on a group basis, click the Control access through remote access policy radio button on all user accounts by using the Active Directory Users and Computers Console in Administrator Tools or MMC snap-in. Create a Windows 2000 group with members who are allowed to create VPN connections. If the VPN server allows only VPN connections, delete the default remote access policy called Allow Access If Dial-In Permission Is Enabled. Next, create a new remote access policy with a descriptive name such as VPN Access If Member Of VPN-Allowed Group, and then assign the Windows 2000 group to the policy. If the VPN server also allows dial-up networking remote access services, do not delete the default policy; instead move it so that it is the last policy to be evaluated.

How to Configure a VPN Connection from a Client Computer

To set up a connection to a VPN: 1. On the client computer, confirm that the connection to the Internet is correctly configured. 2. Click Start, point to Settings, and then click Network And Dial-Up Connections. 3. Double-click Make New Connection. 4. Click Next, and then click Connect To A Private Network Through The Internet, and then click Next. 5. Do one of the following: o If you use a dial-up connection to connect to the Internet, click Automatically Dial This Initial Connection and then select your dial-up Internet connection from the list. o If you use a full-time connection (such as a cable modem), click Do Not Dial The Initial Connection. 6. Click Next. 7. Type the host name (for example, Microsoft.com) or the IP address (for example, 123.123.123.123) of the computer to which you want to connect, and then click Next. 8. Click to select For All Users if you want the connection to be available to anyone who logs on to the computer, or click to select Only For Myself to make it available only when you log onto the computer, and then click Next. 9. Type a descriptive name for the connection, and then click Finish. NOTE: This option is available only if you are logged on as a member of the Administrators group. 10. Click Start, point to Settings, and then click Network And Dial-Up Connections. 11. Double-click the new connection. 12. Click Properties to further configure options for the connection:

If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows 2000 logon domain information before attempting to connect. o If you want the connection to be redialed if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.

To use the connection: 1. Click Start, point to Settings, and then click Network And Dial-Up Connections. 2. Double-click the new connection. 3. If you do not currently have a connection to the Internet, Windows offers to connect to the Internet. 4. Once the connection to the Internet is made, the VPN server prompts you for your user name and password. Enter your user name and password, click Connect, and your network resources should be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right-click the connection's icon, and then click Disconnect.

Configuring RADIUS Authentication

Authentication Dial-In User Service). RADIUS Overview RADIUS This chapter tells you how to configure Oracle8i for use with RADIUS (Remote (Remote Authentication Dial-In User Service) is a client-server security protocol most widely known for enabling remote authentication and access. The Oracle Advanced Security option uses this emerging standard in a client-server network environment. You can enable your network to use any authentication method that supports the RADIUS standard--including token cards and smartcards--simply by installing and configuring the RADIUS adapter. Moreover, when you use RADIUS, you can change your authentication method without modifying either the Oracle client or the Oracle server. From the user's perspective, the entire authentication process takes place seamlessly and transparently. When the user seeks access to an Oracle server, the Oracle server, acting as the RADIUS client, notifies the RADIUS server. The RADIUS server then:

y y y

looks up the user's security information passes authentication and authorization information between the appropriate authentication server(s) and the Oracle server logs--by means of the RADIUS accounting feature--such information as when, how often, and for how long the user logged on

RADIUS in an Oracle Environment

Figure 3 RADIUS in an Oracle Environment

In an Oracle environment (Figure 3-1), the Oracle server acts as the RADIUS client; it passes information between the Oracle client and the RADIUS server. Similarly, the RADIUS server passes information between the Oracle server and the appropriate authentication server(s). To secure authentication information during transport, RADIUS converts it to a hash value. The four components-- Oracle client, Oracle server/RADIUS client, RADIUS server, and authentication server--can reside on the same machine or on separate machines. When the Oracle client and Oracle server reside on the same machine, they share the same sqlnet.ora file.

RADIUS Authentication Modes

User authentication can take place in either of two ways:
y y

Synchronous Authentication Mode Challenge-Response (Asynchronous) Authentication Mode

Synchronous Authentication Mode In the synchronous mode, RADIUS allows you to use various authentication methods, including passwords, SecurID token cards, and smartcards. Figure shows the sequence in which synchronous authentication occurs.

Figure Synchronous Authentication Sequence

Example: Synchronous Authentication with SecurID Token Cards

With SecurID authentication, each user has a token card which displays a dynamic number that changes every sixty seconds. To gain access to the Oracle server/RADIUS client, the user enters a valid passcode which includes both a personal identification number (PIN) and the dynamic number currently displayed on his or her SecurID card. The Oracle server/RADIUS client passes this authentication information from the Oracle client to the RADIUS server, and the RADIUS server, in turn, passes it to the authentication server for validation. Once the authentication server (Security Dynamics ACE/Server) validates the user, it sends an "accept" packet to the RADIUS server. The RADIUS server passes this to the Oracle server/RADIUS client, which, in turn, passes it to the Oracle client. The user is now authorized and able to access the appropriate tables and applications.

Challenge-Response (Asynchronous) Authentication Mode

Figure 3-3 Asynchronous Authentication Sequence

Windows Server 2003

Windows Server 2003 (sometimes referred to as Win2K3) is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005. Its successor, Windows Server 2008, was released on 4 February 2008. According to Microsoft, Windows Server 2003 is more scalable and delivers better performance than its predecessor, Windows 2000.

Microsoft outlook
Use one of the following methods to configure the Internet E-mail information service, as appropriate for the version of Outlook that you are running.

1. From the Tools pull-down menu select the Accounts option. 2. Select the Mail tab. 3. Select Add and then Mail from the list provided. Follow In Microsoft Outlook, the Internet E-mail information service stores information that
allows you to log on to your Internet e-mail server. Outlook provides this service during a typical setup scenario. Your Internet service provider (ISP) provides the required settings that populate the configuration pages of the Internet E-mail information service. This article describes how to configure the Internet E-mail information service. You must correctly configure the Internet E-mail information service to send and receive messages in Outlook. To do this, you must have the following specific information about your email account to manually configure it in Outlook. Contact your ISP if needed to obtain the following information:
y y y y y y y y y y

Your full e-mail address. The type of e-mail account: POP3, IMAP or HTTP. Your user name. Your password. The SMTP server name or address. The POP3 server name or address. Is Secure Password Authentication (SPA) required? The port number that is used for SMTP. (Most ISPs use port 25.) o Is encryption (SSL is most common) required for the port? The port number that is used for POP3. (Most ISPs use port 110.) o Do you require encryption (SSL is most common) for the port? Does the outgoing e-mail server (SMTP) require authentication? o If so, do you use my normal e-mail name and password?

4. the instructions provided by the wizard. Some tips are provided below:

Incoming mail (POP3 or IMAP) server This is typically your domain name, for example yourcompany.com. o Select either POP3 or IMAP If you are unsure which to select, we recommend you select POP. o Outgoing mail (SMTP) server This is typically your domain name, for example yourcompany.com. o Account Name This should be your e-mail user name, for example bob for an e-mail address of bob@yourcompany.com. o Password This is be the password you associated with the Account Name above. 5. Click More Settings. 6. Check the My outgoing server (SMTP) requires authentication box. Use the same settings as your incoming mail server for SMTP-Auth.
o

Microsoft outlook express The following instructions will guide you through the process of configuring Microsoft Outlook Express to check your email. 1. Start Outlook Express and select Accounts from the Tools menu. 2. You will see a listing of all the different accounts that you have Outlook Express configured to use. Click on Add and select Mail... to add a new email account. 3. The Account Wizard will start up and guide you through the configuration process. Use the following information from your Virtual Server when prompted by the wizard. o When prompted for your E-mail address, enter your username at your Host domain name (for example, username@MY-DOMAIN.NAME. o When asked for your Type of mail server, select either POP3 or IMAP. o Use your Host domain name for the Incoming Mail and Outgoing Mail servers. o Use your username as the POP account name. o Use the password associated with your account username as the Password. 4. When you finish with the wizard, it will return you to the Internet Accounts window. Your e-mail account will be displayed. It is now ready to receive e-mail via POP or IMAP (depending on which configuration you selected). 5. Highlight the account and click the Properties button. The Properties Window displays. 6. Click the Servers tab and select the My server requires Authentication box at the bottom of the window. Click the Settings button, the Outgoing Mailserver window displays.

7. Select Use same settings as my incoming mail server and Click OK. Outlook Express is now configured to send e-mail via SMTP.

An Introduction to Checkpoint Firewall

This paper is an introduction to Checkpoints Firewall version 4.1. In this paper you will learn the basics of what Checkpoint is and how it works. You will also see a graphical installation of Checkpoint on an NT 4 server as well as creating a generic set of rules that would apply to a small business or home user. Through out my years of using Checkpoint, I have never seen HowTo instructions on Checkpoint like this other than what is taught in the Checkpoint classes. At the very end of this document, you will find some useful links to sites I have found helpful over the years. Please keep in mind that this is not meant to be a comprehensive, allinclusive tutorial on Checkpoint, but simply a quick get up to speed small business paper.

A brief overview of Firewalls

There are 3 basic types of Firewall systems used today:
y y y

Packet Filtering Application Gateway Proxy Stateful Inspection

A Packet Filtering Firewall examines each packet that passes through it up to the network layer. This means that the upper four layers (Application, Presentation, Session, and Transport) are allowed into an internal network. The Packet Filtering Firewall looks at each packet and determines what to do with it based on a rulebase you define. This type of Firewall technique is popular because its inexpensive, transparent to applications and is quicker than most application layer gateways. However, it provides low security, has a limited ability to manipulate information, is difficult to configure, and is subject to IP Spoofing. The types of Firewalls can usually be found on routers. Application Layer Gateway, or better known as Proxies, function on the application level. Proxies are being challenged today in that outside networks are continually growing and introducing new protocols, services and applications all the time. As this happens, the Proxy has a difficult time handling these extreme communications on networks. Proxy Firewalls remain popular today because they offer a decent level of security, are relatively inexpensive and provide full application-layer awareness. However, each service requires its own application layer gateway, meaning scalability is horrible. Running at the application level

is critical to performance and they are vulnerable to operating system and application level bugs and exploits. Stateful Inspection is the third type of firewall used today. Stateful Inspection gathers, stores, and manipulates information pertaining to all communication layers and from other applications. In other words, imagine a giant spreadsheet. Every packet that is allowed through the firewall is entered into that spreadsheet and kept there for a pre-determined amount of time, creating a Stateful Inspection Table. The benefits of this are excellent security, full application-layer awareness, high performance and scalability.

What is Checkpoint?
Checkpoint Firewall-1 uses the stateful inspection technology. Checkpoint analyzes all packet communication layers and extracts the relevant communication and application state information. Firewall-1 has an inspection module that lives in the operating system kernel. This is below the network layer at the lowest software level. This is the most ideal location because, by analyzing all traffic at this level, the Inspection Module inspects all traffic before they reach the OS. This saves the OSs processing time and resources. Also, a final note, by placing its kernel module between the Network Interface Cards and the TCP/IP stack itself, Firewall-1 protects the TCP/IP stack. Preparing an NT 4.0 server For this paper, I focus on installing the Checkpoint Firewall-1 software on an NT 4 server. I do this because most small businesses have NT. When using Checkpoint software on an NT server, I recommend you make two different drives, for example a C: drive and D: drive. The reason for this is to maintain the firewall logs. One of the most important features of a firewall is the logs it generates. These logs will grow and grow as traffic is accepted, denied or rejected on you firewall. As these logs grow, they take up more and more space, and can fill up your entire drive. This would crash your Windows NT box and cause the firewall to fail. The end result here being no more connectivity through that firewall.

After you have created two drives, I recommend formatting both with the NT File System (NTFS). This brings a level of security on the box up and allows you to look it down even tighter. Not only do you have to consider the rulebase to protect your network, you should consider the physical location of the firewall. Who will have access to it? Who will know the Administrators password? NTFS will help you secure the box from a casual employee or friend from coming over and playing with your configurations.

I recommend installing your Operating System (OS), on the C: drive. Then install Checkpoint on the D: drive. Installing Checkpoint When installing Checkpoint, it is important to have a clear understanding of what you need first, before you begin. I have created a small checklist of items I used to create this paper:
y y y y y y y

Checkpoint 4.1 media Checkpoint License from Checkpoint Legal IP address for external interface 2 or more Network cards An NT server An internet connection Four port hub

I also recommend that you create a network diagram before making any rules. This helps in creating a rulebase. Below is the network we will configure for:

In this example, we will connect a small home/office to the internet using Checkpoint Firewall1. The network will connect to a hub, which connects to an internal Network Interface Card (NIC) on the Firewall server. The second NIC on the Firewall will be our external NIC and will connect to our Cable modem and that in turn connects to the internet.

Now insert your media and we are ready to begin. There are 2 pieces that you need to install: The Firewall and the Management Console. For this installation, we will install both on the same machine. However, if the firewall is in an inconvenient location, or you will be monitoring

it often or making rule changes, it may make more sense to install the management console closer to you. The management console allows you to configure, add, remove rules, create objects, examine the logs, and check the status of the Logs.

Network switchs
A network switch or switching hub is a computer networking device that connects network segments. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (Layer 3) and above are often referred to as Layer 3 switches or multilayer switches. The first Ethernet switch was introduced by Kalpana in 1990. Function The network switch plays an integral part in most modern Ethernet local area networks (LANs). Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office (SOHO) applications typically use a single switch, or an all-purpose converged device such as a gateway to access small office/home broadband services such as DSL or cable internet. In most of these cases, the end-user device contains a router and components that interface to the particular physical broadband technology. User devices may also include a telephone interface for VoIP. An Ethernet switch operates at the data link layer of the OSI model to create a separate collision domain for each switch port. With 4 computers (e.g., A, B, C, and D) on 4 switch ports, A and B can transfer data back and forth, while C and D also do so simultaneously, and the two conversations will not interfere with one another. In the case of a hub, they would all share the bandwidth and run in half duplex, resulting in collisions, which would then necessitate retransmissions. Using a switch is called microsegmentation. This allows computers to have dedicated bandwidth on a point-to-point connections to the network and to therefore run in full duplex without collisions.

Role of switches in networks

Switches may operate at one or more layers of the OSI model, including data link, network, or transport (i.e., end-to-end). A device that operates simultaneously at more than one of these layers is known as a multilayer switch. In switches intended for commercial use, built-in or modular interfaces make it possible to connect different types of networks, including Ethernet, Fibre Channel, ATM, ITU-T G.hn and

802.11. This connectivity can be at any of the layers mentioned. While Layer 2 functionality is adequate for bandwidth-shifting within one technology, interconnecting technologies such as Ethernet and token ring are easier at Layer 3. Interconnection of different Layer 3 networks is done by routers. If there are any features that characterize "Layer-3 switches" as opposed to general-purpose routers, it tends to be that they are optimized, in larger switches, for high-density Ethernet connectivity. In some service provider and other environments where there is a need for a great deal of analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall,[2][3] network intrusion detection,[4] and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules.[5] In other cases, the switch is used to create a mirror image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, network hubs can be useful for fanning out data to several read-only analyzers, such as intrusion detection systems and packet sniffers.

DES-1008D 8-Port 10/100Mbps Desktop Switch

Wireless
Wireless telecommunications, is the transfer of information between two or more points that are physically not connected. Distances can be short, as a few meters as in television remote control; or long ranging from thousands to millions of kilometers for deep-space radio communications. It encompasses various types of fixed, mobile, and portable two-way radios, cellular telephones, personal digital assistants (PDAs), and wireless networking. Other examples of wireless technology include GPS units, Garage door openers or garage doors, wireless computer mice, keyboards and Headset (telephone/computer), headphones, satellite television, broadcast television and cordless telephones.

Working in a wireless world

It seems just like yesterday that we were running a project on "The Business Benefits of Wired Working". And weren't we urging commuters to "work down the wire, rather than down the road"? Even then, a couple of years back, it was a kind of shorthand, of course. Various shades of wireless working have been around for years. Now we shall have to abandon the "wired" metaphor altogether. The concept is starting to look decidedly dated, as we find ourselves at the beginning of a wireless revolution. Over the next 2-3 years a brace of new technologies and standards are set to liberate us from our dependence on wires and cables. The cord is about to be well and truly cut. Basically there are two areas of innovation that underpin this "revolution":
y y

the development of new standards and technologies for wireless intercommunication between electronic devices the emergence of broadband wireless telecommunication standards and services

Together these developments create a framework for adding new dimensions to location independent working. And they will make for many other changes in the way we organise our lives.

Wireless networks
Look around any home or office and you will find yards of cabling: tangles of spaghetti behind the TV/video/set-top box, or connecting the PC/monitor/keyboard/mouse/modem/joystick/camera printer/scanner... What if you could do away with it all, and still have the different devices in the system work together? Well, now we can. In fact, some of the technologies for doing so have been with us for some time. We are all familiar with infra-red (IR), at least with the TV remote control. The InfraRed Data Association (IRDA) aims to promote infrared standards to connect appliances: many laptops and mobile phones already have an infrared connection capability. Infrared however depends on line-of-sight for connection, which makes it less suitable for networks as opposed to simple point-to point connection. Perhaps less well-known are HomeRF which enables cordless radio connection between devices in the home, and the IEEE 802.11 wireless networking standard. The new generation of Apple computers and some PCs have for a while been shipped with 802.11 wireless networking capability, though few people seem to take advantage of this. However, the majority of industry heavyweights seem to be lining up behind the two emerging standards of Bluetooth and Wi-Fi. Over the next couple of years Bluetooth or Wi-Fi capability (sometimes both) is expected be built into thousands of electronic devices, bringing the wireless/cordless dream closer to reality.

Bluetooth
"Bluetooth" is the somewhat eccentric branding of a specification for low-cost short-range radio links between electronic devices - laptops, PCs, mobile phones, digital cameras, computer peripherals etc. Expectations are that some 900 million devices could be Bluetooth-enabled by 2005. The technology, first developed by Ericsson, is championed by a consortium also including IBM, Intel, Nokia, Toshiba, Lucent, Microsoft, Motorola and 3Com, and is supported by some 1800 other companies. The name is a reference to the Viking king Harald Bluetooth, who united Denmark and Norway in the 10th century. "Uniting" seems to be the salient reference: around 1000 years before Marconi it was no doubt wireless too. Bluetooth will enable the creating of a Personal Area Network ("PAN", like WAN and LAN) whenever Bluetooth devices come within range of each other. The advantages of this are fairly self-evident, e.g.
y y y

connecting home entertainment and/or communication devices without having to plug in wires everywhere exchanging information between portable devices without having to make any physical connection between them linking computing devices to nearby peripherals

linking notebook computers to mobile phones anywhere, anytime, to connect to the Internet or other systems.

Increased efficiency can be brought to work processes using wireless connection. Take the following scenario: An insurance assessor might visit 10 claimants in one day, covering 1000 miles. At the end of the day, he needs to type up reports and email them to the claims dept. He also has to wait for camera film containing images he has taken on site to be developed. If these images need to be in a computerised format, they have to be scanned, all of which takes time and effort. However, by changing the way in which devices connect, the same assessor can cover the same distance, but at the end of the day, everything will already be at the office. He could use a Bluetooth equipped digital camera to take the pictures. These could then be immediately transferred to a Bluetooth equipped laptop. He could then type up and electronically sign his report whilst still at the client's premises. He then attaches the pictures to the report ready for emailing to the office. Back in the car, a Bluetooth-enabled GPRS phone finds the email and transmits it to the office in a format that can be instantly processed.

Wi-Fi
Wi-Fi (for wireless fidelity) is the name given by the Wireless Ethernet Compatibility Alliance to the IEEE 802.11b standard for wireless networking. 802.11b is an advance on the 802.11 standard mentioned above, allowing greater range, and faster data transfer. There is some overlap with Bluetooth, in that both provide radio connection between electronic devices. But where Bluetooth is designed to be ideal for the Personal Area Network, and ad hoc networking of devices, Wi-Fi's strength is in enabling a Wireless Local Area Network (WLAN). There are two main areas where this will have a significant impact:
y

Home networking of devices, e.g. linking the home office computer and the kids' computers to shared devices such as printer, scanner, cable modem etc - or linking intelligent household devices as homes become more automated Office networking of devices - which probably already exists, but Wi-Fi will not only enable spaghetti elimination but also make the office LAN more flexible and accessible.

The greater range of Wi-Fi may makes it more appropriate for regular use in office environments, for example by enabling a laptop to be taken between rooms while maintaining its link to office systems. In the home environment Wi-Fi faces a serious challenge from HomeRF which is being promoted as the standard for consumer electronic devices. But proponents of Wi-Fi see in the growth of the SOHO (small office/home office) market and the increase in home working a factor in its favour: people are likely to want the same systems at home that they use at work.

What is important for flexible working is the development of a seamless wireless environment where people can just set up and work, wherever they are, having access to all the information and systems they need.

New types of wireless broadband telecommunciations

The combination of wireless networking with new higher bandwidth phone services will add a new dimension to "anywhere, anytime" working. Recently telecoms companies across Europe have been investing $billions in licences for "Third Generation" (3G) telecommunications. Great hopes are held out for the Universal Mobile Telecommunications System (UMTS). This will allow broadband services to mobile phones and other handheld devices, enabling fast mobile access to the Internet, video, gaming and other multimedia applications. Coming on stream ahead of that, however, is the General Packet Radio Service (GPRS), characterised as a "generation 2.5" telecoms technology. GPRS is a non-voice service that allows data to be transferred over the current GSM mobile phone network at reasonable speeds. It is seen by many as a halfway house or stepping stone towards Third Generation mobile communications, but some analysts think it may be more enduring due to the costs of rolling out 3G services. Either way, broadband "always available" data connectivity is pretty much upon us. Using Bluetooth or one of the other technologies plus the new mobile telephony creates the potential for any compatible device to link to any other, anywhere.

wireless router
A wireless router is a device that performs the functions of a router but also includes the functions of a wireless access point and a network switch. They are commonly used to allow access to the Internet or a computer network without the need for a cabled connection. It can function in a wired LAN (local area network), a wireless only LAN (WLAN), or a mixed wired/wireless network. Most current wireless routers have the following characteristics:
y y

LAN ports which function in the same manner as the ports of a network switch A WAN port to connect to a wide area network, typically one with Internet access. External destinations are accessed using this port. If it is not used, many functions of the router will be bypassed. A wireless antenna allows connections from other wireless devices (NICs (network interface cards), wireless repeaters, wireless access points, and wireless bridges, for example), usually using the Wi-Fi standard.

Some wireless routers also include a DSL or cable modem in addition to their other components.

Working
A wireless router works in a similar manner as a wireless mobile phone. It is connected to a broadband cable or a Digital Subscriber Line (DSL) Internet connection and makes use of radio frequency wireless waves in place of telephone cables to broadcast and collect wireless signals. It allows data communication from one place to another. The information from the computer system is converted into a wireless radio signal before its communication. The wireless router interprets the radio signal after collecting it and subsequently transmits the data to the Internet through a wired connection. It can also accept data from the web, transform it into a radio signal, and then send it to a computer. A wireless network functions as a two-way radio communication system. It uses a similar method wherein radio and television programs are aired.

Models
It is necessary that you take a look at different models of wireless routers and check their specifications. Companies like D-Link have come out with some excellent high-performance wireless routers. Some other companies manufacturing wireless routers are Linksys, NETGEAR, and Belkin. Routers from these companies have excellent performance ratings.

Types
There are different types of wireless routers. The Linksys wireless-G broadband router and the Belkin router work in similar ways. These routers have a wireless access point that allows the consumer to connect to the G and B wireless connections. The routers also help connect wired Ethernet devices to the network. The devices on the network can share a high-speed Internet connection. The Linksys wireless-B broadband router is another very popular router. It acts as a kind of a splitter for an existing Internet connection. So, as long as the Internet connection is attached to the router, all the computers that are located in your house or office will be able to use the Internet connection simultaneously. All the computers on the network will be able to connect to one another with the help of the wireless-B router.

Product Reviews
Before buying a wireless router, read the product reviews. Along with the wireless router, broadband VoIP technology is also available for long-distance communications. VoIP connections help to connect to the Internet as well as to use voice communications over the network. The wireless router antenna is a very important accessory for the wireless router. The antenna is used to intensify the radio signals emitted from other devices on the network. Hence, a long-range wireless router will definitely make use of the antenna.

Manufacturers
Companies like Micronet are venturing into manufacturing wireless networking products. Micronet has come out with its new SP916GK wireless router. This router is rated very highly for its excellent performance, and it features the latest technology in wireless routers for home and office users. Multiple users can share a internet connection through a single ADSL connection. The router has an embedded DHCP server, a very simplified IP management system, as well as a firewall for security of the entire LAN.

router
(row ter) A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP??s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers.

How To Set Up a Network Router

This guide explains how to set up a router for home computer networks. The exact names of configuration settings on a network router vary depending on the model and whether it is wired or wireless. However, this general procedure will guide you through the process for the common kinds of home network equipment. 1- Choose a convenient location to begin installing your router such as an open floor space or table. This does not need to be the permanent location of the device. Particularly for wireless routers, you may find it necessary to re-position the unit after installing it as the cables / signals may not reach all areas needed. At the beginning, its better to choose a location where it's easiest to work with the router and worry about final placement later. 2- Plug in the router's electrical power source, then turn on the router by pushing the power button.

3- Connect your Internet modem to the router. Most network modems connect via an Ethernet cable but USB connections are becoming increasingly common. The cable plugs into the router jack named "WAN" or "uplink" or "Internet." After connecting the cable, be sure to power cycle (turn off and turn back on) the modem to ensure the router recognizes it. 4- Connect one computer to the router. Even if the router is a wireless model, connect this first computer to the router via a network cable. Using a cable during router installation ensures the maximum reliability of the equipment. Once a wireless router installation is complete, the computer can be changed over to a wireless connection if desired. 5- Open the router's administration tool. From the computer connected to the router, first open your Web browser. Then enter the router's address for network administration in the Web address field and hit return to reach the router's home page. Many routers are reached by either the Web address "http://192.168.1.1" or "http://192.168.0.1" Consult your router's documentation to determine the exact address for your model. Note that you do not need a working Internet connection for this step. 6- Log in to the router. The router's home page will ask you for a username and password. Both are provided in the router's documentation. You should change the router's password for security reasons, but do this after the installation is complete to avoid unnecessary complications during the basic setup. 7- If you want your router to connect to the Internet, you must enter Internet connection information into that section of the router's configuration (exact location varies). If using DSL Internet, you may need to enter the PPPoE username and password. Likewise, if you have been issued a static IP address by your provider (you would need to have requested it), the static IP fields (including network mask and gateway) given to you by the provider must also must be set in the router. 8- If you were using a primary computer or an older network router to connect to the Internet, your provider may require you to update the MAC address of the router with the MAC address of the device you were using previously. Read How to Change a MAC Address for a detailed description of this process. 9- If this is a wireless router, change the network name (often called SSID). While the router comes to you with a network name set at the factory, you will never want to use this name on your network. Read How to Change the Router SSID for detailed instructions. 10- Verify the network connection is working between your one computer and the router. To do this, you must confirmed that the computer has received IP address information from the router. See How to Find IP Addresses for a description of this process.

11-(If applicable) Verify your one computer can connect to the Internet properly. Open your Web browser and visit a few Internet sites such as http://compnetworking.about.com/. 12-Connect additional computers to the router as needed. If connecting wirelessly, ensure the network name (SSID) of each is computer matches that of the router. 13-Finally, configure additional network security features as desired to guard your systems against Internet attackers. These WiFi Home Network Security Tips offer a good checklist to follow. 1-When connecting devices with network cables, be sure each end of the cable connects tightly. Loose cables are one of the most common sources of network setup problems.

*************************************