> TCP/IP
Transmission
Control Protocol, A
connection based Internet protocol responsible for breaking data into packets,
which the IP protocol sends over the network. IP is located at the TCP/IP
Internet layer which corresponds to the network layer of the OSI Model. IP is
responsible for routing packets by their IP address.
IP is a connectionless protocol. which means, IP
does not establish a connection between source and destination before
transmitting data, thus packet delivery is not guaranteed by IP. Instead, this
must be provided by TCP. TCP is a connection based protocol and, is designed to
guarantee delivery by monitoring the connection between source and destination
before data is transmitted. TCP places packets in sequential order and requires
acknowledgment from the receiving node that they arrived properly before any
new data is sent.
TCP/IP model
Application
layer
|
DHCP -
DNS - FTP - HTTP - IMAP4 - IRC - NNTP - XMPP - MIME - POP3 - SIP - SMTP -
SNMP - SSH - TELNET - BGP - RPC - RTP - RTCP - TLS/SSL - SDP - SOAP - L2TP -
PPTP
|
Transport
layer
|
This
layer deals with opening and maintaining connections, ensuring that packets
are in fact received. This is where flow-control and connection protocols
exist, such as: TCP - UDP - DCCP - SCTP - GTP
|
Network
layer
|
IP
(IPv4 - IPv6) - ARP - RARP - ICMP - IGMP - RSVP - IPSec
|
Data
link layer
|
ATM -
DTM - Ethernet - FDDI - Frame Relay - GPRS - PPP
|
Physical
layer
|
Ethernet
physical layer - ISDN - Modems - PLC - RS232 - SONET/SDH - G.709 - Wi-Fi
|
Internetwork
Packet Exchange/Sequenced Packet Exchange developed by Novell and is used primarily on
networks that use the Novell NetWare network operating system. The IPX and SPX
protocols provide services similar to those offered by IP and TCP. Like IP, IPX
is a connectionless network layer protocol. SPX runs on top of IPX at the
transport layer and, like TCP, provides connection oriented, guaranteed
delivery.
IPX nodes do not have to be configured with a
unique node identifier; instead, they copy the MAC address of the network interface
card into the IPX node address field. The IPX header contains information about
which transport layer protocol receives a particular packet. With IPX, this
information is contained in the destination socket field. Servers have pre
specified destination socket numbers, so workstations always know what value to
use to send information to the server. In contrast, these workstations assign
source socket numbers dynamically for their own protocols outside the server
socket number's range.
IPX routing protocols
require each logical network to have a different network number in order to
forward IPX packets correctly. But, unlike IP, with IPX only servers and
routers must be configured with a network number. New network stations first
use dynamic Routing Information Protocol (RIP) routing packets to learn network
topography and configuration from servers and routers and then configure
themselves accordingly.
Because IPX is a
connectionless protocol, NetWare servers are unable to tell if a station's
connection to the server is currently active. To avoid reserving resources for
inactive users, the NetWare server sends a watchdog packet to a client after a
predetermined length of inactivity. The packet asks if the client is still
connected and, if the client does not respond, the server terminates the
connection.
SPX is connection oriented and, thus, does not
require the use of watchdog packets. However, network devices will keep an SPX
session open by sending keep alive packets to verify the connection.
> NetBEUI
NetBIOS Enhanced
User Interface was designed as a small, efficient protocol for use in
department-sized LANs of 20-200 computers that do not need to be routed to
other subnets. NetBEUI is used almost exclusively on small, non-routed
networks.
As an extension
of NetBIOS, NetBEUI is not routable, therefore networks supporting NetBEUI must
be connected with bridges, rather than routers, like NetBIOS, the NetBEUI
interface must be adapted to routable protocols like TCP/IP for communication
over WANs.
AppleTalk is a
LAN architecture built into all Apple Macintosh computers. While AppleTalk is a
proprietary network, many companies now market AppleTalk based products,
including Novell and Microsoft. Similarly, designed to be link layer
independent, AppleTalk supports Apple's LocalTalk cabling scheme, but also runs
over Ethernet (EtherTalk), Token Ring (TokenTalk), and Fiber Distributed Data
Interface, or FDDI (FDDITalk).
AppleTalk node addresses are assigned
dynamically to ensure minimal network administration overhead. When a node
running AppleTalk starts up, it generates a random network layer protocol
address and then sends out a broadcast to determine whether that particular
address is already in use. If it is, the node with the conflicting address
responds and the broadcasting node selects a new address and repeats the
inquiry process.
2.5
Identify the components and structure of IP (Internet Protocol) addresses
(IPv4, IPv6) and the required setting for connections across the Internet.
An IP is a
32-bit number comprised of a host number and a network prefix, both of which
are used to uniquely identify each node within a network. A shortage of
available IP addresses has prompted the creation of an addressing scheme known
as Classless Inter-Domain Routing (CIDR). Among other capabilities, CIDR allows
one IP address to designate many unique IP addresses within a network. In
addition, the current version of the IP address, IPv4, is being upgraded to
IPv6. The latter uses a 128-bit address, allowing for 2128 total IP addresses,
as opposed to IPv4's 232.
> Internet Protocol version 4
Is the fourth
iteration of the Internet Protocol (IP) and it is the first version of the
protocol to be widely deployed. IPv4 is the dominant network layer protocol on
the Internet and apart from IPv6 it is the only protocol used on the Internet.
IPv4 is a
data-oriented protocol to be used on a packet switched internetwork (e.g.,
Ethernet). It is a best effort protocol in that it doesn't guarantee delivery.
It doesn't make any guarantees on the correctness of the data; it may result in
duplicated packets and/or packets out-of-order.
> Internet Protocol version 6 (IPv6)
A network layer
protocol for packet-switched internetworks. It is designated as the successor
of IPv4, the current version of the Internet Protocol, for general use on the
Internet.
The main
improvement brought by IPv6 (Internet Protocol version 6) is the increase in
the number of addresses available for networked devices, allowing, for example,
each mobile phone and mobile electronic device to have its own address. IPv4
supports 232 (about 4.3 billion) addresses, which is inadequate for giving even
one address to every living person, let alone supporting embedded and portable
devices. IPv6, however, supports 2128 addresses; this is approximately 5×1028
addresses for each of the roughly 6.5 billion people alive today.
2.6
Identify classful IP (Internet Protocol) ranges and their subnet masks (For
example: Class A, B and C).
Systems that
have interfaces to more than one network require a unique IP address for each
network interface. The first part of an Internet address identifies the network
on which the host resides, while the second part identifies the particular host
on the given network. This creates the two-level addressing hierarchy.
The leading portion of each IP address
identifies the network prefix. All hosts on a given network share the same
network prefix but must have a unique host number. Similarly, any two hosts on
different networks must have different network prefixes but may have the same
host number.
Address Class
|
Decimal Notation Ranges
|
Class A
Class B
Class C
|
1.xxx.xxx.xxx
through 126.xxx.xxx.xxx
128.0.xxx.xxx
through 191.255.xxx.xxx
192.0.0.xxx
through 223.255.255.xxx
|
The “xxx” represents the host number field of
the address that is assigned by the local network administrator.
Class A - addresses are intended for very large networks
and can address up to 16,777,216 (224) hosts per network. The first digits of a
Class A addresses will be a number between 1 and 126, the network ID start bit
is 0 and default subnet mask is 255.0.0.0
Class B - addresses are intended for moderate sized
networks and can address up to 65,536 (216) hosts per network. The first digits
of a Class B address will be a number between 128 and 191, the network ID start
bit is 10 and the default subnet mask is 255. 255.0.0
Class C - intended for small networks and can address
only up to 254 (28-2) hosts per network. The first digits of a Class C address
will be a number between 192 and 223, the network ID start bit is 110 and their
default subnet mask is 255. 255. 255.0
Basic Class A,
B, and C Network Address's
Class A |
Class B |
Class C |
||
Router A
10.10.0.0
|
Router B
128.28.0.0
|
Router C
192.28.0.0
|
||
 |
|
|
||
Switch
10.10.0.1
|
Switch
128.28.0.1
|
Switch
192.28.0.1
|
||
|
 |
|
||
10.10.0.2
|
128.28.0.2
|
192.28.0.2
|
2.7 Identify the purpose of subnetting.
A subnet mask is
used to mask a portion of the IP address, so that TCP/IP can tell the
difference between the network ID and the host ID. TCP/IP uses the subnet mask
to determine whether the destination is on a local or remote network.
Advantages
of subnetting a network include the following:
· Reducing network congestion by limiting the
range of broadcasts using routers
· Enabling different networking architectures to
be joined
2.8
Identify the differences between private and public network addressing schemes.
> Public IP Addresses
For a computer
to be visible on the Internet, it must be reachable through a public IP
address. The IANA assigns ranges of public IP addresses to organizations that
can then assign IP addresses within those ranges to individual computers. This
prevents multiple computers from having the same IP address.
The public IP
address can be assigned through a Dynamic Host Configuration Protocol (DHCP)
server, configured manually, or provided by an Internet service provider (ISP).
> Authorized Private IP Addresses
The IANA has
reserved a certain number of IP addresses that are never used on the global
Internet. These private IP addresses are used for networks that do not want to
directly connect to the Internet but nevertheless require IP connectivity. For
example, a user wanting to connect multiple Windows based computers in a home
network can use the Automatic Private IP Addressing (APIPA) feature to allow
each computer to automatically assign itself a private IP address. The user
does not need to configure an IP address for each computer, nor is a DHCP
server needed.
Computers on a
network using authorized private IP addressing can connect to the Internet
through the use of another computer with either proxy or network address
translator (NAT) capabilities.
> Unauthorized Private IP Addresses
It is possible,
when there is an absolute certainty that your network will never access the
Internet, to assign to a node a 32-bit unauthorized private IP address of your
choosing. Keep in mind that if any Internet connectivity is ever established
with any node on your network, these unauthorized private IP addresses could
generate significant problems that would require you to immediately change the
IP address of every node that you had assigned in this manner.
2.9
Identify and differentiate between the following IP (Internet Protocol)
addressing methods:
> Static / Dynamic
An IP network is
somewhat similar to the telephone network in that you have to have the phone
number to reach a destination. The big difference is that IP addresses are
often temporary (dynamic).
Each device in
an IP network is either assigned a permanent address (static) by the
network administrator or is assigned a temporary address (dynamic) via
DHCP software. Routers, firewalls and proxy servers use static addresses as do
most servers and printers that serve multiple users. Client machines may use
static or dynamic IP addresses. The IP address assigned to your service by your
cable or DSL Internet provider is typically dynamic IP. In routers and
operating systems, the default configuration for clients is dynamic IP.
> Self-assigned (APIPA (Automatic Private
Internet Protocol Addressing))
Automatic
Private IP Addressing (APIPA) is a feature of Windows-based operating systems
(included in Windows 98, ME, 2000, and XP) that enables a computer to
automatically assign itself an IP address when there is no Dynamic Host Configuration
Protocol (DHCP) server available to perform that function.
Using APIPA, a
Windows based client assigns itself an IP address from a range reserved for
authorized private class B network addresses (169.254.0.1 through
169.254.255.254), with a subnet mask of 255.255.0.0. A computer with an
authorized private address cannot directly communicate with hosts outside its
subnet, including Internet hosts. APIPA is most suitable for small,
single-subnet networks, such as a home or small office. APIPA is enabled by
default if no DHCP servers are available on the network.
Note APIPA assigns only an IP address and subnet
mask; it does not assign a default gateway, nor does it assign the IP addresses
of DNS or WINS servers. Use APIPA only on a single-subnet network that contains
no routers. If your small office or home office network is connected to the
Internet or a private intranet, do not use APIPA.
2.10
Define the purpose, function and use of the following protocols used in the TCP
/ IP (Transmission Control Protocol / Internet Protocol) suite:
> TCP (Transmission Control Protocol)
Transmission
Control Protocol, A connection based Internet protocol responsible for breaking
data into packets, which the IP protocol sends over the network. IP is located
at the TCP/IP Internet layer which corresponds to the network layer of the OSI
Model. IP is responsible for routing packets by their IP address.
IP is a
connectionless protocol. which means, IP does not establish a connection
between source and destination before transmitting data, thus packet delivery
is not guaranteed by IP. Instead, this must be provided by TCP. TCP is a
connection based protocol and, is designed to guarantee delivery by monitoring
the connection between source and destination before data is transmitted. TCP
places packets in sequential order and requires acknowledgment from the
receiving node that they arrived properly before any new data is sent.
> UDP (User Datagram Protocol)
User Datagram
Protocol runs on top of IP and is used as an alternative to TCP. UDP does not,
however, provide any error checking for guaranteeing packet delivery. Because
UDP is not as complex as TCP, it is also faster. It is often used for broadcast
messages and for streaming audio and video. UDP is a connectionless transport
protocol.
All upper layer
applications that use TCP or UDP have a port number that identifies the
application. This enables the port number to identify the type of service that
one TCP system is requesting from another.
Some commonly
used ports
Port Number
|
Service
|
80
|
HTTP
|
21
|
FTP
|
110
|
POP3
|
25
|
SMTP
|
23
|
Telnet
|
> FTP (File Transfer Protocol)
An Internet
standard application-level TCP/IP protocol that can be used for transferring
files between hosts on a TCP/IP internetwork.
File Transfer
Protocol (FTP) is one of the earliest Internet protocols, and is still used for
uploading and downloading files between clients and servers. An FTP client is
an application that can issue FTP commands to an FTP server, while an FTP
server is a service or daemon running on a server that responds to FTP commands
from a client. FTP commands can be used to change directories, change transfer
modes between binary and ASCII, upload files, and download files.
> SFTP (Secure File Transfer Protocol)
SSH File
Transfer Protocol or SFTP is a network protocol that provides file transfer and
manipulation functionality over any reliable data stream. It is typically used
with the SSH-2 protocol to provide secure file transfer, but is intended to be
usable with other protocols as well. The sftp program provides an interactive
interface similar to that of traditional FTP clients.
> TFTP (Trivial File Transfer Protocol)
Trivial File
Transfer Protocol is a file transfer protocol that transfers files to and from
a remote computer running the TFTP service. TFTP was designed with less
functions than FTP.
> SMTP (Simple Mail Transfer Protocol)
Simple Mail
Transfer Protocol, is used to transfer messages between two remote computers.
It is used on the Internet, and is part of the TCP/IP protocol stack.
> HTTP (Hypertext Transfer Protocol)
Hypertext
Transfer Protocol is the underlying protocol for the World Wide Web. HTTP
defines how all resources on the web are transferred and what action web
servers and browsers should take in response to commands.
HTTP is a
"stateless" protocol, meaning each command is executed independently,
without any knowledge of the commands that came before it.
> HTTPS (Hypertext Transfer Protocol Secure)
The secure
hypertext transfer protocol is a communications protocol designed to transfer
encrypted information between computers over the World Wide Web. HTTPS is HTTP
using a Secure Socket Layer (SSL). A secure socket layer is an encryption
protocol invoked on a Web server that uses HTTPS. Most implementations of the
HTTPS protocol involve online purchasing or the exchange of private
information. Accessing a secure server often requires some sort of
registration, login, or purchase. The successful use of the HTTPS protocol
requires a secure server to handle the request.
> POP3 / IMAP4 (Post Office Protocol version 3 /
Internet Message Access Protocol version 4)
Post Office
Protocol, used to retrieve e-mail from a mail server. Most e-mail applications
use the POP protocol, although some use the newer IMAP (Internet Message Access
Protocol).
This older POP2
requires SMTP to send messages. While POP3, can be used with or without SMTP.
> Telnet
Short for
Telecommunication Network, a virtual terminal protocol allowing a user logged
on to one TCP/IP host to access other hosts on the network.
> SSH (Secure Shell)
Secure Shell or
SSH is a set of standards and an associated network protocol that allows
establishing a secure channel between a local and a remote computer. It uses
public-key cryptography to authenticate the remote computer and (optionally) to
allow the remote computer to authenticate the user. SSH provides
confidentiality and integrity of data exchanged between the two computers using
encryption and message authentication codes (MACs). SSH is typically used to
log into a remote machine and execute commands, but it also supports tunneling,
forwarding arbitrary TCP ports and X11 connections; it can transfer files using
the associated SFTP or SCP protocols. An SSH server, by default, listens on the
standard TCP port 22.
> ICMP (Internet Control Message Protocol)
Internet Control
Message Protocol is a maintenance protocol in the TCP/IP suite, required in
every TCP/IP implementation, that allows two nodes on an IP network to share IP
status and error information. ICMP is used by the ping utility to determine the
readability of a remote system.
> ARP / RARP (Address Resolution Protocol /
Reverse Address Resolution Protocol)
Address
Resolution Protocol, is a TCP/IP protocol used to convert an IP address into a
physical address, such as an Ethernet address. A host wishing to obtain a
physical address broadcasts an ARP request onto the TCP/IP network. The host on
the network that has the IP address in the request then replies with its
physical hardware address.
> NTP (Network Time Protocol)
The Network Time
Protocol is used to synchronize the time of a computer client or server to
another server or reference time source, such as a radio or satellite receiver
or modem. It provides accuracy's typically within a millisecond on LANs and up
to a few tens of milliseconds on WANs.
> SNMP
Simple Network
Management Protocol, is a TCP/IP protocol for monitoring networks and network
components. SNMP uses small utility programs called agents to monitor behavior
and traffic on the network, in order to gather statistical data.
These agents can
be loaded onto managed devices such as hubs, NIC's, servers, routers, and
bridges. The gathered data is stored in a MIB (management information base).
To collect the
information in a usable form, a management program console polls these agents
and downloads the information from their MIB's, which then can be displayed as
graphs, charts and sent to a database program to be analyzed.
> NNTP (Network News Transport Protocol)
The Network News
Transfer Protocol or NNTP is an Internet application protocol used primarily
for reading and posting Usenet articles, as well as transferring news among
news servers.
> SCP (Secure Copy Protocol)
Secure Copy or
SCP is a means of securely transferring computer files between a local and a
remote host or between two remote hosts, using the Secure Shell (SSH) protocol.
The protocol
itself does not provide authentication and security; it expects the underlying
protocol, SSH, to secure this.
The SCP protocol
implements file transfers only. It does so by connecting to the host using SSH
and there executes an SCP server (scp). The SCP server program is typically the
very same program as the SCP client.
> LDAP (Lightweight Directory Access Protocol)
Lightweight
Directory Access Protocol, or LDAP, is a networking protocol for querying and
modifying directory services running over TCP/IP.
A directory is a
set of information with similar attributes organized in a logical and
hierarchical manner. The most common example is the telephone directory, which
consists of a series of names organized alphabetically, with an address and
phone number attached.
An LDAP
directory often reflects various political, geographic, and/or organizational
boundaries, depending on the model chosen. LDAP deployments today tend to use
Domain Name System (DNS) names for structuring the topmost levels of the
hierarchy. Deeper inside the directory might appear entries representing
people, organizational units, printers, documents, groups of people or anything
else which represents a given tree entry.
> IGMP (Internet Group Multicast Protocol)
The Internet
Group Management Protocol is a communications protocol used to manage the
membership of Internet Protocol multicast groups. IGMP is used by IP hosts and
adjacent multicast routers to establish multicast group memberships. It is an
integral part of the IP multicast specification, like ICMP for unicast
connections. IGMP can be used for online video and gaming, and allows more
efficient use of resources when supporting these uses.
> LPR (Line Printer Remote)
The Line Printer
Daemon protocol/Line Printer Remote protocol (or LPD, LPR) also known as the
Berkeley printing system, is a set of programs that provide printer spooling
and network print server functionality for Unix-like systems. The most common
implementations of LPD are the official BSD UNIX operating system and the LPRng
project. The Common Unix Printing System (or CUPS), which is more common on
modern Linux distributions, borrows heavily from LPD.
A printer that supports LPD/LPR is sometimes
referred to as a "TCP/IP printer" (TCP/IP is used to establish
connections between printers and workstations on a network), although that term
seems equally applicable to a printer that supports CUPS.
2.11
Define the function of TCP / UDP (Transmission Control Protocol / User Datagram
Protocol) ports.
> Transmission Control Protocol
A connection
based Internet protocol responsible for breaking data into packets, which the
IP protocol sends over the network. IP is located at the TCP/IP Internet layer
which corresponds to the network layer of the OSI Model. IP is responsible for
routing packets by their IP address.
> User Datagram Protocol
Runs on top of
IP and is used as an alternative to TCP. UDP does not, however, provide any error
checking for guaranteeing packet delivery. Because UDP is not as complex as
TCP, it is also faster. It is often used for broadcast messages and for
streaming audio and video. UDP is a connectionless transport protocol.
2.12
Identify the well-known ports associated with the following commonly used
services and protocols:
Protocol
|
Common Port
|
FTP (File Transfer Protocol)
|
20, 21
|
SSH (Secure Shell)
|
22
|
Telnet
|
23
|
SMTP (Simple Mail Transfer Protocol)
|
25
|
DNS (Domain Name Service)
|
53
|
TFTP (Trivial File Transfer Protocol)
|
69
|
HTTP (Hypertext Transfer Protocol)
|
80
|
POP3 (Post Office Protocol version 3)
|
110
|
NNTP (Network News Transport Protocol)
|
119
|
NTP (Network Time Protocol)
|
123
|
IMAP4 (Internet Message Access Protocol version 4)
|
143
|
HTTPS (Hypertext Transfer Protocol Secure)
|
443
|
2.13 Identify the purpose of network services and protocols:
> DNS (Domain Name Service)
DNS name
resolution is used on the Internet to map friendly names to IP addresses, and
vice versa. For example instead of trying to remember an IP address composed of
numbers, such as 198.46.8.34 you could with the DNS type HTTP://www.microsoft.com.
In Microsoft
Windows 2000, Microsoft Windows Server™ 2003, and Microsoft Windows XP
environments, DNS is the default name resolution method.
> NAT
(Network Address Translation)
(Network Address Translation)
Network Address
Translation is a process that lets an entire network connect to a PPP server
and appear as a single IP address, thus helping to conceal IP addresses from
external hackers and to alleviate address space shortage.
> ICS (Internet Connection Sharing)
You can choose
one computer to share an Internet connection with the rest of the computers on
your home or small office network. This computer is called the Internet
Connection Sharing (ICS) host computer.
To determine
which computer should be your ICS host computer, use the following guidelines:
· The computer must be one that you can leave on
at all times so that other computers on the network can access the Internet. If
the computer is turned off, the connection to the Internet will not be
available.
· If one computer has a DSL or cable modem, use
that computer as the ICS host computer.
· If you plan to use a shared printer for your
network, the printer should be installed on the ICS host computer.
> WINS (Windows Internet Name Service)
While DNS
resolves host names to IP addresses, WINS resolves NetBIOS names to IP
addresses. Windows Internet Name Service provides a dynamic database of IP
address to NetBIOS name resolution mappings.
WINS, determines
the IP address associated with a particular network computer. This is called
name resolution. WINS supports network client and server computers running
Windows.
WINS uses a
distributed database that is automatically updated with the names of computers
currently available and the IP address assigned to each one.
DNS is an
alternative for name resolution suitable for network computers with fixed IP
addresses.
> SNMP (Simple Network Management Protocol)
Simple Network
Management Protocol, is a TCP/IP protocol for monitoring networks and network
components. SNMP uses small utility programs called agents to monitor behavior
and traffic on the network, in order to gather statistical data.
These agents can
be loaded onto managed devices such as hubs, NIC's, servers, routers, and
bridges. The gathered data is stored in a MIB (management information base).
To collect the
information in a usable form, a management program console polls these agents
and downloads the information from their MIB's, which then can be displayed as
graphs, charts and sent to a database program to be analyzed.
> NFS (Network File System)
Network File
System (NFS) is a distributed file system that allows users to access files and
directories located on remote computers and treat those files and directories
as if they were local.
> Zeroconf (Zero configuration)
Zero
Configuration Networking is a set of techniques that automatically create a
usable IP network without configuration or special servers. This allows
unknowledgeable users to connect computers, networked printers, and other items
together and expect them to work automatically. Without Zeroconf or something
similar, a knowledgeable user must either set up special servers, like DHCP and
DNS, or set up each computer's network settings manualy.
Zeroconf
currently solves three problems :
· Choose numeric network addresses for networked
items
· Figure out which computer has a certain name
· Figure out where to get services, like printing.
> SMB (Server Message Block)
A file-sharing
protocol designed to allow networked computers to transparently access files
that reside on remote systems over a variety of networks. The SMB protocol
defines a series of commands that pass information between computers. SMB uses
four message types: session control, file, printer, and message. It is mainly
used by Microsoft Windows equipped computers.
SMB works
through a client-server approach, where a client makes specific requests and
the server responds accordingly. One section of the SMB protocol is
specifically for filesystem access, such that clients may make requests to a
file server. The SMB protocol was optimised for local subnet usage, but one
could use it to access different subnets across the Internet on which MS Windows
file-and-print sharing exploits usually focus.
Client computers
may have their own hard disks, which are not publicly shared, yet also want
access to the shared file systems and printers on the server, and it is for
this primary purpose that SMB is best known and most heavily used.
> AFP (Apple File Protocol)
The file sharing
protocol used in an AppleTalk network. In order for non-Apple networks to
access data in an AppleShare server, their protocols must translate into the
AFP language.
AFP versions 3.0
and greater rely exclusively on TCP/IP (port 548 or 427) for establishing
communication, supporting AppleTalk only as a service discovery protocol. The
AFP 2.x family supports both TCP/IP and AppleTalk for communication and service
discovery.
> LPD (Line Printer Daemon) and Samba).
LPD is the
primary UNIX printing protocol used to submit jobs to the printer. The LPR
component initiates commands such as "print waiting jobs,"
"receive job," and "send queue state," and the LPD
component in the print server responds to them.
The most common
implementations of LPD are in the official BSD UNIX operating system and
the LPRng project. The Common Unix Printing System (or CUPS), which is more
common on modern Linux distributions, borrows heavily from LPD.
Unix and Mac OS
X Servers use the Open Source SAMBA to provide Windows users with Server
Message Block (SMB) file sharing.
2.14
Identify the basic characteristics (For example: speed, capacity and media) of
the following WAN (Wide Area Networks) technologies:
> Packet switching
Packet switching
offers more efficient use of a telecommunication provider's network bandwidth.
With packet switching, the switching mechanisms on the network route each data
packet from switch to switch individually over the network using the
best-available path. Any one physical link in a packet-switched network can
carry packets from many different senders and for many different destinations.
Where as in a circuit switched connection, the bandwidth is dedicated to one
sender and receiver only.
> Circuit switching
With circuit
switching, data travels over a fixed path that is established at the beginning
of the connection and remains open until the connection is terminated. A
telephone call is an example of a circuit switched link. When you dial a number
the telecommunication provider, establishes an open circuit between your phone
and the phone of the person you are calling. No other calls can be placed over
this circuit until you hang up.
> ISDN (Integrated Services Digital Network)
Integrated
Services Digital Network adapters can be used to send voice, data, audio, or
video over standard telephone cabling. ISDN adapters must be connected directly
to a digital telephone network. ISDN adapters are not actually modems, since
they neither modulate nor demodulate the digital ISDN signal.
Like standard
modems, ISDN adapters are available both as internal devices that connect
directly to a computer's expansion bus and as external devices that connect to
one of a computer's serial or parallel ports. ISDN can provide data throughput
rates from 56 Kbps to 1.544 Mbps using a T1 service.
ISDN hardware
requires a NT (network termination) device, which converts network data signals
into the signaling protocols used by ISDN. Some times, the NT interface is included,
or integrated, with ISDN adapters and ISDN-compatible routers. In other cases,
an NT device separate from the adapter or router must be implemented.
ISDN works at
the physical, data link, network, and transport layers of the OSI Model.
> FDDI (Fiber Distributed Data Interface)
Fiber
Distributed Data Interface, shares many of the same features as token ring,
such as a token passing, and the continuous network loop configuration. But
FDDI has better fault tolerance because of its use of a dual, counter-rotating
ring that enables the ring to reconfigure itself in case of a link failure.
FDDI also has higher transfer speeds, 100 Mbps for FDDI, compared to 4 - 16
Mbps for Token Ring.
Unlike Token Ring, which uses a star topology,
FDDI uses a physical ring. Each device in the ring attaches to the adjacent
device using a two stranded fiber optic cable. Data travels in one direction on
the outer strand and in the other direction on the inner strand. When all
devices attached to the dual ring are functioning properly, data travels on
only one ring. FDDI transmits data on the second ring only in the event of a
link failure.
Media
|
MAC Method
|
Signal
Propagation Method
|
Speed
|
Topologies
|
Maximum
Connections
|
Fiber-optic
|
Token passing
|
Forwarded from device to device (or port to port
on a hub) in a closed loop
|
100 Mbps
|
Double ring Star
|
500 nodes
|
> T1 (T Carrier level 1)
A 1.544 Mbps
point to point dedicated, digital circuit provided by the telephone companies.
T1 lines are widely used for private networks as well as interconnections
between an organizations LAN and the telco.
A T1 line uses
two pairs of wire one to transmit, and one to receive. and time division
multiplexing (TDM) to interleave 24 64-Kbps voice or data channels. The
standard T1 frame is 193 bits long, which holds 24 8-bit voice samples and one
synchronization bit with 8,000 frames transmitted per second. T1 is not
restricted to digital voice or to 64 Kbps data streams. Channels may be
combined and the total 1.544 Mbps capacity can be broken up as required.
> T3 (T Carrier level 3)
A T3 line is a
super high-speed connection capable of transmitting data at a rate of 45 Mbps.
A T3 line represents a bandwidth equal to about 672 regular voice-grade
telephone lines, which is wide enough to transmit real time video, and very
large databases over a busy network. A T3 line is typically installed as a
major networking artery for large corporations, universities with high-volume
network traffic and for the backbones of the major Internet service providers.
> OCx (Optical Carrier)
Optical Carrier,
designations are used to specify the speed of fiber optic networks that
conforms to the SONET standard.
designations are used to specify the speed of fiber optic networks that
conforms to the SONET standard.
Level
|
Speed
|
OC-1
|
51.85
Mbps |
OC-3
|
155.52
Mbps |
OC-12
|
622.08
Mbps |
OC-24
|
1.244
Gbps |
OC-48
|
2.488
Gbps |
> X.25
An X.25 network
transmits data with a packet-switching protocol, bypassing noisy telephone
lines. This protocol relies on an elaborate worldwide network of
packet-forwarding nodes that can participate in delivering an X.25 packet to
its designated address.
Network
Connections supports X.25 by using packet assemblers/disassemblers (PADs) and
X.25 cards. You can also use a modem and special dial-up X.25 carriers (such as
Sprintnet and Infonet) in place of a PAD or X.25 smart card on your computer.
Remote access
clients running Windows XP Professional or Windows 2000 Server or later can use
either an X.25 card or dial in to an X.25 PAD to create connections. To accept
incoming connections on a computer using X.25 running Windows XP Professional
or Windows 2000 Server or later, you must use an X.25 card.
2.15
Identify the basic characteristics of the following internet access
technologies:
> xDSL (Digital Subscriber Line)
xDSL is a term
referring to a variety of new Digital Subscriber Line technologies. Some of
these varieties are asymmetric with different data rates in the downstream and
upstream directions. Others are symmetric. Downstream speeds range from 384
Kbps (or "SDSL") to 1.5-8 Mbps (or "ADSL").
Asymmetric
Digital Subscriber Line (ADSL) A high-bandwidth digital transmission technology that uses existing
phone lines and also allows voice transmissions over the same lines. Most of
the traffic is transmitted downstream to the user, generally at rates of 512
Kbps to about 6 Mbps.
> Broadband Cable (Cable modem)
Cable modems use
a broadband connection to the Internet through cable television infrastructure.
These modems use frequencies that do not interfere with television
transmission.
> POTS / PSTN (Plain Old Telephone Service /
Public Switched Telephone Network)
POTS /
PSTN use modem's,
which is a device that makes it possible for computers to communicate over
telephone lines. The word modem comes from Modulate and Demodulate. Because
standard telephone lines use analog signals, and computers digital signals, a
sending modem must modulate its digital signals into analog signals. The
computers modem on the receiving end must then demodulate the analog signals
into digital signals.
Modems can be
external, connected to the computers serial port by an RS-232 cable or internal
in one of the computers expansion slots. Modems connect to the phone line using
standard telephone RJ-11 connectors.
> Wireless
A wireless
network consists of wireless NICs and access points. NICs come in different
models including PC Card, ISA, PCI, etc. Access points act as wireless hubs to
link multiple wireless NICs into a single subnet. Access points also have at
least one fixed Ethernet port to allow the wireless network to be bridged to a
traditional wired Ethernet network, such as the organization’s network
infrastructure. Wireless and wired devices can coexist on the same network.
· WLAN (Wireless Local Area Network) A group of computers and associated devices that
communicate with each other wirelessly.
· WPA (Wi-Fi Protected Access) A security protocol for wireless networks that
builds on the basic foundations of WEP. It secures wireless data transmission
by using a key similar to WEP, but the added strength of WPA is that the key
changes dynamically. The changing key makes it much more difficult for a hacker
to learn the key and gain access to the network.
· WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security
and provides a stronger encryption mechanism through Advanced Encryption
Standard (AES), which is a requirement for some government users.
· WPA-Personal A version of WPA that uses long and constantly
changing encryption keys to make them difficult to decode.
· WPA-Enterprise A version of WPA that uses the same dynamic
keys as WPA-Personal and also requires each wireless device to be authorized
according to a master list held in a special authentication server.
2.16
Define the function of the following remote access protocols and services:
> RAS (Remote Access Service)
Remote Access
Service A service that provides remote networking for telecommuters, mobile
workers, and system administrators who monitor and manage servers at multiple
branch offices. Users with RAS can dial in to remotely access their networks
for services such as file and printer sharing, electronic mail, scheduling, and
SQL database access.
> PPP (Point-to-Point Protocol)
An industry
standard suite of protocols for the use of point-to-point links to transport
multiprotocol datagrams.
Point to point
Protocol facilitates Internet connections over serial lines, including modem
connections. PPP software requires only a destination address usually a phone
number for modem connections and a user login in order to negotiate a complete
configuration for each session.
PPP support
enables computers to dial in to remote networks through any server that
complies with the PPP standard. PPP also enables remote access clients to use
any combination of IPX, TCP/IP, NetBEUI, and AppleTalk. Remote access clients
running Windows NT and Windows 2000, Windows 98, and Windows 95 can use any
combination of TCP/IP, IPX, and NetBEUI and programs written to the Windows
Sockets, NetBIOS, or IPX interface. Microsoft remote access clients do not
support the use of the AppleTalk protocol over a remote access connection.
PPP
connection sequence
When you connect
to a remote computer, PPP negotiation accomplishes the following:
· Framing rules are established between the remote
computer and server. This allows continued communication (frame transfer) to
occur.
· The remote access server then authenticates the
remote user by using the PPP authentication protocols (MS-CHAP, EAP, CHAP,
SPAP, PAP). The protocols that are invoked depend on the security
configurations of the remote client and server.
· Once authenticated, if callback is enabled, the
remote access server hangs up and calls the remote access client.
· The Network Control Protocols (NCPs) enable and
configure the remote client for the desired LAN protocols.
> SLIP (Serial Line Internet Protocol)
An older
industry standard that is part of Windows remote access client to ensure
interoperability with other remote access software.
> PPPoE (Point-to-Point Protocol over Ethernet)
A specification
for connecting users on an Ethernet network to the Internet through a broadband
connection, such as a single DSL line, wireless device, or cable modem. Using
PPPoE and a broadband modem, LAN users can gain individual authenticated access
to high-speed data networks. By combining Ethernet and Point-to-Point Protocol
(PPP), PPPoE provides an efficient way to create a separate connection for each
user to a remote server.
> PPTP (Point-to-Point Tunneling Protocol)
Networking
technology that supports multiprotocol virtual private networks (VPNs),
enabling remote users to access corporate networks securely across the Internet
or other networks by dialing into an Internet service provider (ISP) or by
connecting directly to the Internet. The Point-to-Point Tunneling Protocol
(PPTP) tunnels, or encapsulates, IP, IPX, or NetBEUI traffic inside of IP packets.
This means that users can remotely run applications that are dependent upon
particular network protocols.
> VPN (Virtual Private Network)
Virtual private
network A remote LAN that can be accessed through the Internet by using PPTP
(see above)
> RDP (Remote Desktop Protocol)
Remote Desktop
Protocol (RDP) is a multi-channel protocol that allows a user to connect to a
computer running Microsoft Terminal Services. Clients exist for most versions
of Windows (including handheld versions), and other operating systems such as
Linux, FreeBSD, Solaris Operating System and Mac OS X. The server listens by
default on TCP port 3389.
· Version 4.0 was introduced with Terminal
Services in Windows NT 4.0 Server, Terminal Server Edition.
· Version 5.0, introduced with Windows 2000
Server, added support for a number of features, including printing to local
printers, and aimed to improve network bandwidth usage.
· Version 5.1, introduced with Windows XP
Professional, included support for 24-bit color and sound.
· Version 5.2, introduced with Windows Server
2003, included support for console mode connections, a session directory, and
local resource mapping.
· Version, 6.0, introduced with Windows Vista and
Windows Server includes a significant number of new features, most notably
being able to remotely access a single application instead of the entire
desktop, and support for 32 bit color.
2.17
Identify the following security protocols and describe their purpose and
function:
> IPSec (Internet Protocol Security)
Is a set of
protocols used to support secure exchange of packets at the IP layer.
IPsec supports
two encryption modes: Transport and Tunnel. Transport mode encrypts only the
data portion of each packet, but leaves the header untouched. The more secure
Tunnel mode encrypts both the header and the data portion.
For IPsec to
work, the sending and receiving devices must share a public key. This is
accomplished through a protocol known as Internet Security Association and Key
Management Protocol/Oakley, which allows the receiver to obtain a public key
and authenticate the sender using digital certificates.
IPsec protocols
operate at the network layer, layer 3 of the OSI model. Other Internet security
protocols in widespread use, such as SSL and TLS, operate from the transport
layer up (OSI layers 4 - 7). This makes IPsec more flexible, as it can be used
for protecting both TCP and UDP based protocols
> L2TP (Layer 2 Tunneling Protocol)
Layer 2
Tunneling Protocol is a tunneling protocol used to support virtual private
networks VPNs. L2TP is an extension to the PPP protocol that enables ISPs to
operate Virtual Private Networks. L2TP combines the best features of two other
tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems.
> SSL (Secure Sockets Layer)
Secure Sockets
Layer is a protocol that supplies secure data communication through data
encryption and decryption. SSL enables communications privacy over networks by
using a combination of public key, and bulk data encryption.
> WEP (Wired Equivalent Privacy)
Wired
Equivalent Privacy is a
scheme that is part of the IEEE 802.11 wireless networking standard to secure
IEEE 802.11 wireless networks. Because a wireless network broadcasts messages
using radio, it is particularly susceptible to eavesdropping.
WEP was intended
to provide comparable confidentiality to a traditional wired network and thus
it does not protect users of the network from each other.
> WPA (Wi-Fi Protected Access)
A security
protocol for wireless networks that builds on the basic foundations of WEP. It
secures wireless data transmission by using a key similar to WEP, but the added
strength of WPA is that the key changes dynamically. The changing key makes it
much more difficult for a hacker to learn the key and gain access to the
network.
WPA2
(Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security and provides a stronger
encryption mechanism through Advanced Encryption Standard (AES), which is a
requirement for some government users.
> 802.11x
IEEE 802.11 also known by the brand Wi-Fi,
denotes a set of Wireless LAN/WLAN standards developed by working group 11 of
the IEEE LAN/MAN Standards Committee (IEEE 802). The term 802.11x is also used
to denote this set of standards and is not to be mistaken for any one of its
elements. There is no single 802.11x standard.
Protocol
|
Release Date
|
Op. Frequency
|
Data Rate (Typ)
|
Data Rate (Max)
|
Range (Indoor)
|
Range (Outdoor)
|
802.11a
|
1999
|
5.15-5.35/5.47-5.725/5.725-5.875
GHz
|
25
Mbit/s
|
54
Mbit/s
|
~25
meters
|
~75
meters
|
802.11b
|
1999
|
2.4-2.5
GHz
|
6.5
Mbit/s
|
11
Mbit/s
|
~35
meters
|
~100
meters
|
802.11g
|
2003
|
2.4-2.5
GHz
|
25
Mbit/s
|
54
Mbit/s
|
~25
meters
|
~75
meters
|
802.11n
|
2007
|
2.4 GHz
or 5 GHz bands
|
200
Mbit/s
|
540
Mbit/s
|
~50
meters
|
~125
meters
|
2.18 Identify authentication protocols:
> CHAP (Challenge Handshake Authentication Protocol)
Challenge
Handshake Authentication Protocol is a challenge-response authentication
protocol that uses the industry-standard Message Digest 5 (MD5) hashing scheme
to encrypt the response. CHAP is used by various vendors of network access
servers and clients.
> MS-CHAP (Microsoft Challenge Handshake
Authentication Protocol)
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is a
nonreversible, encrypted password authentication protocol. The challenge
handshake process works as follows:
· The remote access server or the IAS server sends
a challenge to the remote access client that consists of a session identifier
and an arbitrary challenge string.
· The remote access client sends a response that
contains the user name and a nonreversible encryption of the challenge string,
the session identifier, and the password.
· The authenticator checks the response and, if
valid, the user's credentials are authenticated.
> PAP (Password Authentication Protocol)
Password
Authentication Protocol uses plaintext passwords and is the least sophisticated
authentication protocol. It is typically negotiated if the remote access client
and remote access server cannot negotiate a more secure form of validation.
> RADIUS (Remote Authentication Dial-In User
Service)
Is an AAA
(authentication, authorization and accounting) protocol for applications such
as network access or IP mobility. It is intended to work in both local and
roaming situations.
Some ISPs
(commonly modem, DSL, or wireless 802.11 services) require you to enter a
username and password in order to connect on to the Internet. Before access to
the network is granted, this information is passed to a Network Access Server
(NAS) device over the Point-to-Point Protocol (PPP), then to a RADIUS server
over the RADIUS protocol. The RADIUS server checks that the information is
correct using authentication schemes like PAP, CHAP or EAP. If accepted, the
server will then authorize access to the ISP system and select an IP address.
RADIUS is also
widely used by VoIP service providers.
> Kerberos and EAP (Extensible Authentication Protocol)).
An
authentication system, Kerberos is designed to enable two parties to
exchange private information across an open network. It works by assigning a
unique key, called a ticket, to each user that logs on to the network. The
ticket is then embedded in messages to identify the sender of the message.
Extensible Authentication Protocol, or EAP, is a universal authentication
framework frequently used in wireless networks and Point-to-Point connections.
Although the EAP protocol is not limited to wireless LANs and can be used for
wired LAN authentication, it is most often used in wireless LANs. Recently, the
WPA and WPA2 standard has officially adopted five EAP types as its official authentication
mechanisms.
3.1
Identify the basic capabilities (For example: client support, interoperability,
authentication, file and print services, application support and security) of
the following server operating systems to access network resources:
> UNIX / Linux
The UNIX
operating systems are built around the TCP/IP protocols, and while all have
certain similarities, they vary greatly in their capabilities. This is due to
the variations in the additional software included with the operating system
and the commercial (or non-commercial) nature of the various products. Some
UNIX variants are commercial products marketed by large software companies,
such as Hewlett Packard, Sun Microsystems, and IBM. Others are developed and
maintained as part of the open source movement, in which volunteer programmers
work on the software in their spare time, usually communicating with their
colleagues over the Internet, and freely releasing their work to the public
domain. There are many different UNIX operating systems that you can download
from the Internet free of charge, such as FreeBSD, NetBSD, and various forms of
Linux.
UNIX is
primarily an application server platform, and is typically associated with
Internet services, such as Web, FTP, and e-mail servers. As with Windows, UNIX
systems can function as both servers and clients at the same time.
Interoperability
Open source
software such as SAMBA is used to provide Windows users with Server Message
Block (SMB) file sharing.
Authentication
Centralized
login authentication
File and
Print Services
Network File
System (NFS) is a distributed file system that allows users to access files and
directories located on remote computers and treat those files and directories
as if they were local.
LPR/LPD is the
primary UNIX printing protocol used to submit jobs to the printer. The LPR
component initiates commands such as "print waiting jobs,"
"receive job," and "send queue state," and the LPD
component in the print server responds to them.
Security
With most Unix
operating systems, the network services can be individually controlled to
increase security.
> MAC OS X Server
Client
Support
TCP/IP file
sharing with Macintosh clients using Network File System (NFS), and File
Transfer Apple File Protocol 3.0
Interoperability
Mac OS X Server
uses the Open Source SAMBA to provide Windows users with Server Message Block
(SMB) file sharing. Network File System (NFS) lets you make folders available
to UNIX and Linux users.
File and
Print Services
Mac OS X Server
provides support for native Macintosh, Windows, UNIX, and Linux file sharing.
Protocols supported include:
· Apple file services (AFP 3.0) from any
AppleShare client over TCP/IP
· Windows (SMB/CIFS) file sharing using Samba
· Network File System (NFS) for UNIX and Linux
file access
· Internet (FTP)
Built-in print
services can spool files to any PostScript-capable printer over TCP/IP,
AppleTalk, or USB. Macintosh customers can use the LPR support in Print Center
or the Desktop Printer utility to connect to a shared printer. Windows users
can use their native SMB/CIFS protocol to connect to a shared printer.
Print services
for OS X Server
Macintosh and
UNIX (LPR/LPD)
Windows
(SMB/CIFS)
Security
· Multiple-user architecture and user-level access
privileges.
· Secure Sockets Layer (SSL) support provides encrypted
and authenticated client/server communications.
· Secure Shell (SSH) provides encryption and
authentication for secure remote administration.
· Kerberos support for centralized login
authentication.
> Netware
NetWare 5
Client
Support
NetWare 5 comes with
Novell Client software for three client platforms: DOS and Windows 3.1x,
Windows 95/98, and Windows NT.
Interoperability
You can set the
Novell Clients for Windows 95/98 and Windows NT to work with one of three
network protocol options: IP only, IP and IPX, or IPX only.
Authentication
Centralized
login authentication
