network_admin_data
advertisement
Summer Youth Program: Computer/Network Architecture and Security Introduction to Networking Objectives: Understand the physical connection that has to take place for a computer to connect to the Internet. Recognize the components that comprise the computer. Install and troubleshoot network interface cards and/or modems. Use basic testing procedures to test the Internet connection. Demonstrate a basic understanding of the use of web browsers and plug-ins. Internet Connection Requirements Internet is the largest data network on earth Consists of many large and small networks that are interconnected Individual computers are the sources and destinations of information through the Internet Connection to the Internet can be broken down into three parts: Physical connection Logical connection Applications Computer Basics Electronic Components Transistor, Integrated circuit (IC), Resistor, Capacitor, Connector, and Light emitting diode (LED) PC Subsystems Printed circuit board, CD-ROM drive, Central processing unit (CPU), Floppy drive, Hard drive, Microprocessor, Motherboard, Bus, Random-access memory (RAM), Read-only memory (ROM), System unit, Expansion slot, Power supply, Backplane components Network interface card (NIC), Video card, Audio card, Parallel port, Serial port, Mouse port, Power cord Network Interface Card A NIC, or LAN adapter, provides network communication capabilities to and from a PC These considerations are important in the selection of a NIC: Protocols – Ethernet, Token Ring, or FDDI Types of media – Twisted-pair, coaxial, wireless, or fiber-optic Type of system bus – PCI or ISA NIC’s & Modems A modem, or modulator-demodulator, has two main functions: provides the computer with connectivity to a telephone line converts data from a digital signal to an analog signal that is compatible with a standard phone line A NIC provides a network interface for each host Situations that require NIC installation include the following: Installation of a NIC on a PC that does not already have one Replacement of a malfunctioning or damaged NIC Upgrade from a 10-Mbps NIC to a 10/100/1000-Mbps NIC Change to a different type of NIC, such as wireless Installation of a secondary, or backup, NIC for network security reasons Internet Connections for Consumers Requires use of a Modem Dial-up – slow Always on High Speed Connections DSL – Verizon Cable – Comcast, Charter, Road-Runner TCP/IP TCP/IP The operating system tools must be used to configure TCP/IP on a workstation Testing Connectivity with Ping Ping is a basic program that verifies a particular IP address exists and can accept requests. Ping stands for Packet Internet or Inter-Network Groper. How can ping be used? ping 127.0.0.1 - loopback test. It verifies the operation of the TCP/IP stack and NIC transmit/receive function. ping host computer IP address - verifies the TCP/IP address configuration for the local host and connectivity to the host. ping default-gateway IP address - verifies whether the router that connects the local network to other networks can be reached. ping remote destination IP address - verifies connectivity to a remote host. Information & Testing NIC MAC Address Verification http://standards.ieee.org/regauth/oui/index. shtml Traceroute Site: http://www.traceroute.org Web Browsers and Plug-ins A Web browser is software that interprets HTML, which is one of the languages used to code Web page content. Two of the most popular Web browsers are Internet Explorer (IE), Netscape Communicator, and FireFox Plug-ins are applications that work with the browser to launch the programs required to view special files: Flash – Plays multimedia files created by Macromedia Flash Quicktime – Plays video files created by Apple Real Player – Plays audio files IE vs. FireFox FireFox and all other Mozilla-based products are generally more secure than IE Reasons: It is not integrated with Windows, which helps prevent viruses and hackers from causing damage if they somehow manage to compromise FireFox. There is no support for VBScript and ActiveX, two technologies which are the reasons for many IE security holes. No spyware/adware software can automatically install in FireFox just by visiting a web site. FireFox doesn't use Microsoft's Java VM, which has a history of more flaws than other Java VMs. You have complete control over cookies. Data Networks Creation Data networks developed as a result of businesses and governments agencies needing to exchange electronic information across long distances. Businesses needed solution to: How to avoid duplication of equipment and resources How to communicate efficiently How to set up and manage a network The Creation of Standards One solution to incompatibility was to create standards within Local Area Neworks (LANs) LANs limitations prompted (Metropolitan Area Networks) MANs and (Wide Area Networks) WANs Data Networks with Respect to Distances Networking Devices Networking Devices: Repeaters and Hubs Repeaters Hubs Networking Devices: NICs and Bridges NICS Bridges Networking Devices: Switches Switches Networking Devices - Routers Routers Network Topology Network Topology: Bus & Star Topology STAR TOPOLOGY BUS TOPOLOGY Network Topology: Ring Topology RING TOPOLOGY Network Topology Cont: Partial & Full Mesh Partial Mesh Full Mesh MS VISIO Creating Network Diagrams MS Visio Network Example CONFIDENTIAL CONFIDENTIAL Network Diagam MaxPro SiliconGraphics LABORATORIES, INC. P O WER Computer Systems XL FILE SERVER SERIES EMAIL SERVER 3645 Main Street Critical Alarm Major Alarm High Capacity Bandwidth Manager Minor Alarm ON ON OFF PS1 10A OFF PS1 10A NEWBRIDGE A4 ABC 1 GHI LTR 3 MNO 5 TUV FUNCTION REDIAL/PAUSE 1 CODED DIAL 0 RESUME STOP START/COPY # AUTHENTICATION SERVER ALARM RECEIVE MODE RESOLUTION 9 SYMBOLS OPER CARTRIDGE 6 WXY 8 7 DEF 2 JKL 4 PRS * TONE < 2 > 3 PRINTER RESET 4 5 6 PRINTER OMNI SWITCH AV-CLIENT Designed by: TELNET CLIENT Designed by: MMX ä MMX ä Ò Ò Ò Ò Ò Microsof t Esc F1 P F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 F12 Print Scroll SysRq Back Space Scroll Lock Pause Num Lock Caps Lock R O C E S S O Ò Microsof t Ò Ò Windows NT Ò Windows 95 Ò Ò Windows NT Ò Windows 95 R Esc Scroll Lock F1 P F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 Break F12 Print Scroll SysRq Num Lock _ * Back Space Tab Scroll Lock Pause Num Lock Caps Lock O C E S S O R Scroll Lock Break Num Lock _ * Tab + Caps Lock + Caps Lock Enter Shift Shift Enter Shift Shift Enter Ctrl GCH_v.1.4 7/5/05 R Alt Alt Ctrl Enter Ctrl Alt Alt Ctrl Michigan Tech University’s CNSA Progam MS Visio Network Example #2 Network Diagam CONFIDENTIAL CONFIDENTIAL IP Cloud UTP- hopper ä Glass-hopper SY ST EM S, IN C . Technologies Group, Inc. Technologies Group, Inc. LINE OUT SYNC LINE IN LINE OUT SYNC SYNC STATUS LAN Analyzer SUPER STACK 3C9 30 11 10 00Base -SX Model ISDN 1000PA ISDN Basic Rate Interface Protocol Analyzer Model ISDN 1000PA ISDN Basic Rate Interface Protocol Analyzer LINE IN STATUS SYNC LAN Analyzer 3Com SUPER STACK 3C9 30 11 10 00Base -SX C onsole 3Com C onsole 10 00Base -SX 10 00Base -SX 10 00Base -SX 10 00Base -SX S up erSta ck II S up erSta ck II Switch 93 00 Switch 93 00 Glass-hopper Ethernet Switch Ò Ò BLACK BOXÒ Ethernet Switch Ò VGA Splitter 2-Channel MONITOR T YPE Ò VGA Splitter 2-Channel MONITOR T YPE POWER Fiber Splitter N C X 3E6 Michigan Tech University’s CNSA Progam System Status System Status BLACK BOXÒ VGA Splitter 2-Channel MONITOR T YPE POWER Fiber Splitter Ò Ò BLACK BOXÒ Next Generation Networks Ò Ò BLACK BOXÒ VGA Splitter 2-Channel MONITOR T YPE POWER N C X 3E6 Next Generation Networks Ò VGA Splitter 2-Channel MONITOR T YPE Circuit Status Ethernet Status POWER Fiber Splitter Fiber Splitter Fiber Splitter Ò BLACK BOXÒ POWER Circuit Status Ethernet Status TELECOM TELECOM System Status ATM Switch ATM Switch N C X 3E6 Next Generation Networks Circuit Status Ethernet Status Ò Ò BLACK BOXÒ Ò VGA Splitter 2-Channel MONITOR T YPE Fiber Splitter SUPER STACK 3C9 30 11 10 00Base -SX Ò BLACK BOXÒ VGA Splitter 2-Channel MONITOR T YPE POWER TELECOM ATM Switch 3Com POWER Fiber Splitter SUPER STACK 3C9 30 11 10 00Base -SX C onsole C onsole 10 00Base -SX 10 00Base -SX 10 00Base -SX 10 00Base -SX S up erSta ck II S up erSta ck II Switch 93 00 Switch 93 00 System Status Ethernet Switch Ethernet Switch N C X 3E6 Next Generation Networks Circuit Status Ethernet Status TELECOM GCH_v.2.7 7/5/05 ATM Switch 3Com MS Visio WAN Architecture Example CONFIDENTIAL WAN DIAGRAM CONFIDENTIAL ABC 2 1 DEF 3 E N T ABC 2 1 DEF 3 GHI 4 E JKL 5 TUV 8 OPER 0 MNO 6 JKL 5 MNO 6 E R N T GHI 4 PRS 7 * PRS 7 E TUV 8 WXY 9 R * WXY 9 OPER 0 # Ò # Ò Super Key Message OPERATE Hold Cancel Forward OPERATE Redial ABC 1 Ò 1 2 5 0 Ò DEF 3 JKL SETUP MNO 5 6 TUV WXY 8 OPER MNO 9 TUV 2 GHI 4 PRS 7 6 JKL 8 0 SETUP 3 DEF ABC 4 GHI 7 PQRS * 9 # WXYZ # Japan PBX New York Gateway PORT 1 PORT 1 10/100 ETH Model Serial No. MAC Address PORT 2 CONSOLE 10/100 ETH Model SYN Serial No. MAC Address ALM PORT 3 PORT 1 PORT 2 PORT 3 PORT 4 SYN SYN SYN ALM ALM ALM ALM PORT 3 PORT 4 PORT 1 CONSOLE ETHERNET PORT 2 PORT 3 PORT 4 SYN SYN SYN SYN ALM ALM ALM ALM MODULE EXPANSION SLOT POWER CONSOLE SYN ALM PSTN PORT 4 SYN PBX Gateway PORT 2 MODULE EXPANSION SLOT ISDN U TEL1 TEL2 POWER Router CONSOLE ETHERNET ISDN U TEL1 TEL2 Router Data Network Legend PSTN (Auto-switch) Japan to New York VoIP (On net call) Japan to New York POWER PORT 1 PORT 2 PORT 3 PORT 4 CONSOLE ETHERNET ISDN U TEL1 10/100 ETH Model Serial No. MAC Address TEL2 CONSOLE SYN ALM PORT 1 PORT 2 PORT 3 PORT 4 SYN SYN SYN SYN ALM ALM ALM ALM MODULE EXPANSION SLOT PSTN (Hop-off call) Japan to United States, Domestic long distance call ABC 2 1 DEF 3 E N T GHI 4 PRS 7 * JKL 5 TUV 8 OPER 0 MNO 6 E R WXY 9 # Ò ABC 1 DEF 2 OPERATE 3 Ò GHI JKL 4 M NO 5 PRS 6 TUV 7 0 SETUP WXY 8 OPER 9 # PSTN GCH_v.1.2 7/2/05 California MS Visio Switch Architecture Example CONFIDENTIAL CONFIDENTIAL SWITCHED ETHERNET NETWORK Public Internet Private Intranet CENTRAL OFFICE CHASSIS STATUS TEMPERATURE Output Good FAN Output Good POWER SUPPORT Output Good SYSTEM Output Good Output Good Output Good LMP TEST PBX PBX 1 2 N H B C P 8 B C P 8 L1 L1 L2 L2 L2 OMNI SWITCH 4 5 6 H B 4 1 B L1 4200 3 4200 S1 S1 S1 S2 S2 S2 S3 1 2 3 4 5 6 7 8 9 10 11 12 Public T1/E1 TDM or ATM Network BRANCH OFFICE BRANCH OFFICE ALARM ALARM CONSOLE CONSOLE 4200 OmniAccess OmniAccess 1518 IAD 1518 IAD PBX ORIGIN ON Y X 2 ON Y X 2 ON Y SiliconGraphics SiliconGraphics SiliconGraphics SiliconGraphics SiliconGraphics SiliconGraphics ORIGIN Ethernet Network 2000 ORIGIN 2000 ORIGIN 2000 X 2 SiliconGraphics SiliconGraphics SiliconGraphics 2000 ORIGIN SiliconGraphics 2000 SiliconGraphics Ethernet Network ORIGIN SiliconGraphics 2000 MS Visio Client Architecture Example Syrex Network Architecture CONFIDENTIAL VLAN_E CONFIDENTIAL VLAN_B R2 S0/0 BB1 S0/2 R1 ISDN S0/0 Frame Relay R4 S0/1 OSPF S1/1 S0/0 RIP v2 VLAN_A S0 R6 S0/0 controller T1 0 VLAN_C Sw1 R5 Sw2 controller T1 0 EBGP R9 BB3 VLAN_D Legend Fiber Optic 10/100 Ethernet ISDN Connection R7 EIGRP ATM ATM 138.10.78.0/ 24 R8 ATM Connection Frame Relay Connection GCH_ver3.7 6/11/05 Network Protocols Local-area Networks (LANs) Wide-area Networks (WANs) Metropolitan-Area Network (MANs) Storage-Area Networks (SANS) Virtual Private Networks (VPNs) VPN Architectures Client-Initiated Access VPN NAS-Initiated Access VPN Intranet and Extranet VPN Benefits of VPNs Importance of Bandwidth • Why is Bandwidth Important? • What are Bandwidth’s limitations? • What is Bandwidth’s effect on network performance? Bandwidth Pipe Analogy Bandwidth Highway Analogy Bandwidth Measurements Bandwidth Limitations Bandwidth Throughput Digital Transfer Calculation Cabling LANs and WANs LAN Physical Layer LAN Physical Layer Symbols Ethernet on a Campus There are several ways that Ethernet technologies can be used in a campus network: 10Mbps can be used at the user level Clients or servers that require more bandwidth can use 100-Mbps Ethernet Fast Ethernet is used as the link between user and network devices. Fast Ethernet can be used to connect enterprise servers. Fast Ethernet or Gigabit Ethernet should be implemented between backbone devices, based on affordability. Connection Media UTP Implementation Patch Panels used for Organization in Wiring Closets. Sometimes referred to as punch downs. UTP Cable •8 colored wires •2 twisted pair UTP Implementation Continued EIA/TIA T568-A or T568-B Standards Note: Only 4 wires being used for Tx and Rx UTP Implementation Straight-Through and Cross-Over Comparison Console Connections Used to manage a device, such as switch or router, locally Uses a DB-9 to RJ45 adapter Uses Rollover cable Straight-Through and CrossOver Comparison Continued Summer Youth Program: Computer/Network Architecture and Security Using Layers to Analyze Problems Using Layers to Describe Data Communication OSI Model Layer 1 Layer 2 •Provides reliable transit of data across a physical link •Provides physical address •Error correction, best effort delivery. Layer 3 Layer 4 Layer 5 Layer 6 Layer 7 Peer-to-Peer Communication TCP/IP Model Encapsulation & Decapsulation Names for Data at Each Layer Network Environments Peer-to-Peer Networks All Peers are equal 10 Host max (recommended) Client/Server Environment network services are located on a dedicated computer called a server Peer-to-Peer vs. Client/Server Advantages Advantages of a Peer-to-Peer Network Advantages of a Client/Server Network Less expensive to implement Provides for better security Does not require additional specialized network administration software Easier to administer when the network is large due to centralized administration Does not require a dedicated network administrator All data can be backed up on one central location Peer-to-Peer vs. Client/Server Disadvantages Disadvantages of a Peer-toPeer Network Disadvantages of a Client/Server Network Does not scale well to a large networks and administration becomes unmanageable Requires expensive specialized network administrative and operational software Each user must be trained to perform administrative tasks Requires expensive, more powerful hardware for the server machine Less secure Requires a professional administrator All machines sharing resources negatively impacts performance Has a single point of failure. User data is unavailable if the server is down Ethernet Switching Layer 2 Bridging What is a Bridge? What is the Bridging process? Bridge Types Bridge Operations Switches Switching Table Latency What is Latency? How does it affect a network? Switch Modes Store-and-forward switching Cut-through switching Fragment-free switching Collision Domains and Broadcast Domains How to reduce the impact of broadcasts and collisions on the performance of the network? Types of Networks Data Collisions When two bits are propagated at the same time on the same network, a collision will occur. Collisions and Collision Domains Extended by a hub and repeater Segmentation Breaking Up Collision Domains Using Segmentation Segmenting with Bridges Segmenting with Switches Segmenting with Routers Layer 2 Broadcasts Layer 2 devices must flood all broadcast and multicast traffic. The accumulation of broadcast and multicast traffic from each device in the network is referred to as broadcast radiation. Broadcast Domains A group of collision domains that are connected by Layer 2 devices Controlled at Layer 3 (router) Routers do not forward broadcasts Data Flow Network Segment If the segment is used in TCP, it would be defined as a separate piece of the data. If segment is being used in the context of physical networking media in a routed network, it would be seen as one of the parts or sections of the total network. Routing Fundamentals And Subnets Routable and Routed Protocols A routed protocol allows the router to forward data between nodes on different networks. In order for a protocol to be routable, it must provide the ability to assign a network number and a host number to each individual device. These protocols also require a network mask in order to differentiate the two numbers. The reason that a network mask is used is to allow groups of sequential IP addresses to be treated as a single unit. IP as a Routed Protocol IP is a connectionless, unreliable, best-effort delivery protocol. As information flows down the layers of the OSI model; the data is processed at each layer. IP accepts whatever data is passed down to it from the upper layers. Packet Propagation and Switching Within a Router Packet Propagation and Switching Within a Router As a frame is received at a router interface. The MAC address is checked to see if the frame is directly addressed to the router interface, or a broadcast. The frame header and trailer are removed and the packet is passed up to Layer 3. The destination IP address is compared to the routing table to find a match. The packet is switched to the outgoing interface and given the proper frame header. The frame is then transmitted. Internet Protocol (IP): Connectionless The Internet is a gigantic, connectionless network in which all packet deliveries are handled by IP. TCP adds Layer 4, connection-oriented reliability services to IP. Telephone Calls: Connection-Oriented A connection is established between the sender and the recipient before any data is transferred. Anatomy of an IP Packet While the IP source and destination addresses are important, the other header fields have made IP very flexible. The header fields are the information that is provided to the upper layer protocols defining the data in the packet. Routing Overview A router is a network layer device that uses one or more routing metrics to determine the optimal path. Routing metrics are values used in determining the advantage of one route over another. Routing protocols use various combinations of metrics for determining the best path for data. Routing Versus Switching This distinction is routing and switching use different information in the process of moving data from source to destination. Routing Versus Switching Classes of Network IP Addresses Introduction to Subnetting Host bits must are reassigned (or “borrowed”) 3 bits borrowed allows 2 -2 or 6 subnets as network bits. The starting point is always 5 bits borrowed allows 2 -2 or 30 subnets the leftmost host bit. 3 5 12 bits borrowed allows 212-2 or 4094 subnets Reasons for Subnetting Provides addressing flexibility for the network administrator. Each LAN must have its own network or subnetwork address. Provides broadcast containment and low-level security on the LAN. Provides some security since access to other subnets is only available through the services of a router. Establishing the Subnet Mask Address Determines which part of an IP address is the network field and which part is the host field. Follow these steps to determine the subnet mask: 1. Express the subnetwork IP address in binary form. 2. Replace the network and subnet portion of the address with all 1s. 3. Replace the host portion of the address with all 0s. 4. Convert the binary expression back to dotted-decimal notation. Establishing the Subnet Mask Address To determine the number of bits to be used, the network designer needs to calculate how many hosts the largest subnetwork requires and the number of subnetworks needed. The “slash format” is a shorter way of representing the subnet mask: /25 represents the 25 one bits in the subnet mask 255.255.255.128 Establishing the Subnet Mask Address Subnetting Class A and B Networks The available bits for assignment to the subnet field in a Class A address is 22 bits while a Class B address has 14 bits. Calculating the Subnetwork With ANDing ANDing is a binary process by which the router calculates the subnetwork ID for an incoming packet. 1 AND 1 = 1; 1 AND 0 = 0; 0 AND 0 = 0 The router then uses that information to forward the packet across the correct interface. 11000000.10101000.0000101 0000 0.010 1 Packet Address 192.168.10.65 Subnet Mask 255.255.255.22 11111111.11111111.11111111.1 0000 4 11 0 Subnetwork Address 192.168.10.64 11000000.10101000.0000101 0000 0.010 0 Routed Versus Routing A routed protocol: Includes any network protocol suite that provides enough information in its network layer address to allow a router to forward it to the next device and ultimately to its destination. Defines the format and use of the fields within a packet. A routing protocol: Provides processes for sharing route information. Allows routers to communicate with other routers to update and maintain the routing tables. Path Determination Path determination enables a router to compare the destination address to the available routes in its routing table, and to select the best path. End of Presentation
