How Active and Passive FTP mode works.

I have been always wondering whats the easy way to understand how Active & Passive mode FTP connections work.

So, after referring a lot of sites, I came up with this one on how they works briefly, so that you can get to know the basic differences. If you are trying to learn deep into how this works at the packet level, I am sorry this is not the right place for you.

Active mode FTP (please refer diagram for easy understanding)

A user connects from a random port(33372) on a file transfer client to port 21 on the server. It sends the PORT command, specifying what client-side port(33395) the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.

The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.

Passive mode FTP (please refer diagram for easy understanding)

In passive mode, the client still initiates a command channel from port(33372) to server's port 21. However, instead of sending the PORT command, it sends the PASV command, which is basically a request for a server port to connect to for data transmission. When the FTP server replies, it indicates what port number(54321) it has opened for the ensuing data transfer. Summarized steps below.

The client connects from another random port(33395) to the random port specified in the server's response. Once connection is established, data transfers are made through these client and server ports.

Points to be Noted: In an active mode connection, the server will attempt to connect to a random client-side port. So chances are, that port wouldn't be one of those predefined ports. As a result, an attempt to connect to it will be blocked by the firewall and no connection will be established.

Of course, it could be also possible for the server side to have a firewall as well. However, since the server is expected to receive a greater number of connection requests compared to a client, then it would be but logical for the server admin to adapt to the situation and open up a selection of ports to satisfy passive mode configurations.

Let me know if I should correct anything here.

Read More

TCP/IP Protocol Suite explained briefly

TCP/IP is based on a four-layer reference model. All protocols that belong to the TCP/IP protocol suite are located in the top three layers of this model.

As shown in the following diagram, each layer of the TCP/IP model corresponds to one or more layers of the seven-layer Open Systems Interconnection (OSI) reference model proposed by the International Organization for Standardization (ISO).

Diagram

The types of services performed and protocols used at each layer within the TCP/IP model are described in more detail below.

Application: Defines TCP/IP application protocols and how host programs interface with transport layer services to use the network. 

• Protocols: HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP, other application protocols

Transport: Provides communication session management between host computers. Defines the level of service and status of the connection used when transporting data. 

• Protocols: TCP, UDP, RTP, RSVP

Internetwork: Packages data into IP datagrams, which contain source and destination address information that is used to forward the datagrams between hosts and across networks. Performs routing of IP datagrams. 

• Protocols: IP, ICMP, ARP, RARP

Network Interface: Specifies details of how data is physically sent through the network, including how bits are electrically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. 

• Protocols: Ethernet, Token Ring, FDDI, X.25, Frame Relay, RS-232, v.35

The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).

Src: http://technet.microsoft.com/en-us/library/cc786900(v=ws.10).aspx
Src: http://en.wikipedia.org/wiki/Internet_protocol_suite

If you want to go deep into how each layers function please refer Microsoft's Article

Read More

Easy to Understand SSL Handshake

A HTTP-based SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This handshake produces the cryptographic parameters of the session. A simplified overview of how the SSL handshake is processed is shown in the diagram below.

1. The client sends a client "hello" message that lists the cryptographic capabilities of the client (sorted in client preference order), such as the version of SSL, the cipher suites supported by the client, and the data compression methods supported by the client. The message also contains a 28-byte random number.
2. The server responds with a server "hello" message that contains the cryptographic method (cipher suite) and the data compression method selected by the server, the session ID, and another random number.
   Note:
   The client and the server must support at least one common cipher suite, or else the handshake fails. The server generally chooses the strongest common cipher suite.
3. The server sends its digital certificate. (In this example, the server uses X.509 V3 digital certificates with SSL.)If the server uses SSL V3, and if the server application (for example, the Web server) requires a digital certificate for client authentication, the server sends a "digital certificate request" message. In the "digital certificate request" message, the server sends a list of the types of digital certificates supported and the distinguished names of acceptable certificate authorities.
4. The server sends a server "hello done" message and waits for a client response.
5. Upon receipt of the server "hello done" message, the client (the Web browser) verifies the validity of the server's digital certificate and checks that the server's "hello" parameters are acceptable.If the server requested a client digital certificate, the client sends a digital certificate, or if no suitable digital certificate is available, the client sends a "no digital certificate" alert. This alert is only a warning, but the server application can fail the session if client authentication is mandatory.
6. The client sends a "client key exchange" message. This message contains the pre-master secret, a 46-byte random number used in the generation of the symmetric encryption keys and the message authentication code (MAC) keys, encrypted with the public key of the server.If the client sent a digital certificate to the server, the client sends a "digital certificate verify" message signed with the client's private key. By verifying the signature of this message, the server can explicitly verify the ownership of the client digital certificate.
   Note:
   An additional process to verify the server digital certificate is not necessary. If the server does not have the private key that belongs to the digital certificate, it cannot decrypt the pre-master secret and create the correct keys for the symmetric encryption algorithm, and the handshake fails.
7. The client uses a series of cryptographic operations to convert the pre-master secret into a master secret, from which all key material required for encryption and message authentication is derived. Then the client sends a "change cipher spec" message to make the server switch to the newly negotiated cipher suite. The next message sent by the client (the "finished" message) is the first message encrypted with this cipher method and keys.
8. The server responds with a "change cipher spec" and a "finished" message of its own.
9. The SSL handshake ends, and encrypted application data can be sent.

Source:http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itame2.doc_5.1%2Fss7aumst18.htm

Read More

Subnet Addressing / Subnet Masking

By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number. It is unlikely that the smaller office LANs would have that many devices. You can resolve this problem by using a technique known as subnet addressing.

Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. 

A Class B address gives us 16 bits of node numbers translating to 64,000 nodes. Most organizations do not use 64,000 nodes, so there are free bits that can be reassigned. Subnet addressing makes use of those bits that are free, as shown below. 

A Class B address can be effectively translated into multiple Class C addresses. For example, the IP address of 172.16.0.0 is assigned, but node addresses are limited to 255 maximum, allowing eight extra bits to use as a subnet address. The IP address of 172.16.97.235 would be interpreted as IP network address 172.16, subnet number 97, and node number 235. In addition to extending the number of addresses available, subnet addressing provides other benefits. Subnet addressing allows a network manager to construct an address scheme for the network by using different subnets for other geographical locations in the network or for other departments in the organization.

Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address. For instance, to partition a Class C network number (192.68.135.0) into two, you shift one bit from the host address to the network address. The new netmask (or subnet mask) is 255.255.255.128. The first subnet has network number 192.68.135.0 with hosts 192.68.135.1 to 129.68.135.126, and the second subnet has network number 192.68.135.128 with hosts 192.68.135.129 to 192.68.135.254.

Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet.

Link to download this Doc

http://documentation.netgear.com/reference/enu/tcpip/pdfs/FullManual.pdf

Read More

Internet Protocol (IP) Addresses

Because TCP/IP networks are interconnected across the world, each computer on the Internet must have a unique address (called an IP address) to make sure that transmitted data reaches the correct destination. Blocks of addresses are assigned to organizations by the internet Assigned Numbers Authority (IANA). Individual users and small organizations may obtain their addresses either from the IANA or from an Internet service provider (ISP). You can contact IANA at http://www.iana.org.

The Internet Protocol (IP) uses a 32-bit address structure. The address is usually written in dot notation (also called dotted-decimal notation), in which each group of eight bits is written in decimal form, separated by decimal points.

For example, the following binary address:

11000011 00100010 00001100 00000111

is normally written as:

195.34.12.7

The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network. The dividing point may vary depending on the address range and the application. There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts

on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class. After the address class has been determined, the software can correctly identify the host section of the address. The figure below shows the three main address classes, including network and host sections of the address for each address type.

The five address classes are:

• Class A

Class A addresses can have up to 16,777,214 hosts on a single network. They use an 8-bit network number and a 24-bit node number. Class A addresses are in this range:

1.x.x.x to 126.x.x.x.

• Class B

Class B addresses can have up to 65,354 hosts on a network. A Class B address uses a 16-bit network number and a 16-bit node number. Class B addresses are in this range:

128.1.x.x to 191.254.x.x.

• Class C

Class C addresses can have up to 254 hosts on a network. A Class C address uses a 24-bit network number and an 8-bit node number. Class C addresses are in this range:

192.0.1.x to 223.255.254.x.

• Class D

Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range:

224.0.0.0 to 239.255.255.255.

• Class E

Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.

For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is not usually assigned to a host. Also, the top address of the range (host address of all ones) is not assigned, but is used as the broadcast address for simultaneously sending a packet to all hosts with the same network address.

Netmask

In each of the address classes previously described, the size of the two parts (network address and host address) is implied by the class. This partitioning scheme can also be expressed by a netmask associated with the IP address. A netmask is a 32-bit quantity that, when logically combined (using an AND operator) with an IP address, yields the network address. For instance, the netmasks for Class A, B, and C addresses are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively.

For example, the address 192.168.170.237 is a Class C IP address whose network portion is the upper 24 bits. When combined (using an AND operator) with the Class C netmask, as shown here, only the network portion of the address remains:

11000000 10101000 10101010 11101101 (192.168.170.237)

combined with:

11111111 11111111 11111111 00000000 (255.255.255.0)

equals:

11000000 10101000 10101010 00000000 (192.168.170.0)

As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as “/n.” In the example, the address could be written as 192.168.170.237/24, indicating that the netmask is 24 ones followed by 8 zeros.

Link To download this Doc.
http://documentation.netgear.com/reference/enu/tcpip/pdfs/FullManual.pdf

Read More

Basic Router Concepts

What is a Router?

A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables aintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network. Using this information, the router chooses the best path for forwarding network traffic. Routers vary in performance and scale, number of routing protocols supported, and types ofphysical WAN connection they support.

Routing Information Protocol

One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications. 

Read More

Security in Network

What is IT-Security?

IT-Security is not a product, it's a process. Don't think to buy a firewall which solves all your security problems! You always have to ensure good configuration and updates - this should be an integrated process. But you never will reach 100% of security, it's like a bank safe: you can make it difficult to crack, but there will always be somebody, who is able to break it with a lot of resources! Here are the most important components of IT-Security:

Authenticity

Authenticity is about the identity of a subject/object. This can be a user, a process, a system or an information. This is needed for Non Repudiation and Accountability.

Integrity

This means Data-Integrity, that data was not manipulated or destroyed in an unauthorized way and System-Integrity, that the system is available with the usual performance and was not manipulated with unauthorized access. Integrity is part of Authenticity.

Confidentiality

Information should not been seen by unauthorized persons, instances or processes. This means protection of personnel or business-critical data, privacy and anonymity.

Availability/Dependability

Refers to functionality of soft- and hardware ist not altered in any unauthorized way and about secured business continuity.

Non Repudiation/Accountability

Non Repudiation means, that actions of instances (users, processes, systems and information) can be associated with only that instance. Accountability refers to financial transactions and all communication issues.

Reliability

The usual functionality and behavior of data and systems is secured. This is needed for Integrity and Non Repudiation.

Read More

What is Firewall? Understanding the Concepts behind Firewall.

Introduction

Access to e-mail and other Internet resources is very much a necessity for conducting business and accessing information. However, along with the convenience that network connectivity brings, it also raises serious security concerns. With always-on connections such as cable modems and DSL lines, Internet users need to be increasingly vigilant of security issues, as network traffic coming into the computer can cause damage to files and programs even when the user is away from the computer and the computer is idle. In a system that is not protected with any security measures,malicious code such as viruses can infect systems and cause damage that may be difficult to repair. Unscrupulous characters on the Internet are always snooping around trying to find open computers from which they can steal personal files, personal information or create other forms of mischief. The loss of financial records, e-mail, customer files, can be devastating to a business or to an individual.

In conjunction with other security measures, firewalls can help to prevent this devastation.

What are Firewalls?

Firewalls are tools that can be used to enhance the security of computers connected to a network, such as a LAN or the Internet. A firewall separates a computer from the Internet, inspecting packetsof data as they arrive at either side of the firewall ? inbound to, or outbound from, your computer ? to determine whether it should be allowed to pass or be blocked.

Firewalls act as guards at the computer?s entry points (which are called ?ports?) where the computer exchanges data with other devices on the network. Firewalls ensure that packets that are requesting permission to enter the computer meet certain rules that are established by the user of the computer. Firewalls operate in two ways, by either denying or accepting all messages based on a list of designated acceptable or unacceptable sources, or by allowing or denying all messages based on a list of designated acceptable or unacceptable destination ports.

Although they sound complex, firewalls are relatively easy to install, setup and operate. This article will provide a brief introduction to firewalls. This is not intended to serve as a review of specific firewall products. Rather, it will serve as an overview of what firewalls are, how they work, the different types of firewall technology and their suitability for small office/ home office and personal computer users.

TCP/IP

In order to understand how firewalls work it is important to understand the basics of TCP/IP, the language or protocol which all computers on the internet use to communicate. If you are not at all familiar with concepts such as packets, ports and IP addresses, please refer to the "Internet for Beginners" article at LINK. If you are, the following section may seem elementary; however, it explains each of the aspects of TCP/IP as it relates specifically to firewalls.

Let?s start by saying that TCP/IP is a ?language? that allows different computers to communicate. On the Internet, this language is spoken and understood by all different types of computers, even those using different operating systems such as Windows, Macintosh, or Unix. In order for a computer to communicate on the Internet, it must ?speak? TCP/IP.

Packets

When messages are sent along the Internet, they are broken up into small ?packets? that take different routes to get to the destination. On reaching the destination, the packets are re-assembled to form the complete original message. This method is similar to writing a letter, except the sentences that make up the letter are each sent in a separate envelope. With the large number of packets travelling the Internet, it is important that the content of the packets are transferred reliably and to the correct destination computer source information in the correct order ? this is where TCP/IP comes in.

TCP/IP ensures that messages arrive at the proper computer in the proper order. Internet Protocol (IP) is used for addressing messages so they can be exchanged between the source computer and the destination computer. Transmission Control Protocol (TCP) is responsible for making sure the entire message is received in the correct format (this will be explained in more detail later in this section). These terms may seem technical but the main thing we have to remember is that TCP/IP makes information exchange over the Internet possible. And what does this have to do with firewalls? Computers identify themselves using an IP address, which is similar to a street address. The IP address is a numerical translation of the web address. For example, the IP address ofwww.securityfocus.com is 207.126.127.69. When the message is in packet form, the destination address and the source address information are carried in the ?head? of the packet.

The IP address is an important concept in the discussion of firewalls because firewalls read the IP addresses in the head of the packets to determine the source of message. They then use part of that information to determine whether or not the message will be allowed access or not.

Ports

We have talked about firewalls guarding the entry points of the computer system ? these entry points are known as ?ports?. Personal computers use TCP/IP ports to communicate with other computers. Simply put, a port is a point at which computers connect to networks and to other computers so that it can exchange information with networks and other computers. Personal computers have various types of ports, each of which provides a specific and unique service. Port numbers that are open indicate which applications or services that computer is currently running.

Each port has a specific number, and each one allows computers to exchange information related to a specific application. For instance, computers typically exchange information with the World Wide Web via port 80. The port number is held in the information in the packet header. This is important for firewalls, because by reading the packet the firewall can tell what application the message is trying to run. Firewalls can be configured to deny certain applications, which they determine by reading the port number of the incoming packet.

For example, one common service is FTP, or file transfer protocol, which allows computers to exchange large files of text and graphics. The FTP server on a computer utilizes port #21. If the recipient computer is open to accepting FTP packets, it will accept packets that indicate that they are FTP packets by the inclusion of port #21 in their header. If, for instance, the recipient computer is not running FTP, it would not be open to receiving information that is addressed for port #21. Thus the firewall should be configured to deny access to any packets that are destined for that port number.

Some common TCP/IP ports and their corresponding numbers are:

·         FTP (File Transfer Protocol) - #21

·         SMTP (Simple Mail Transfer Protocol) - #25

·         Login (Login Host Protocol) - #49

·         HTTP (Hypertext Transfer Protocol) - #80

·         Auth (Authentication service) - #113

·         Audionews (Audio news multistream) - #114

Port Scanners

Hackers often use software tools called port scanners to find services, such as the ones we just mentioned. Once the port scanner finds a service or an application that is running, the hacker then determines whether or not that specific service is vulnerable to attack. When they find vulnerable applications, the hacker may exploit them to gain entry into the system. Once inside the system, hackers proceed to attack the target and disrupt services by deleting or transferring critical files or by reading and/or stealing information that is stored on the computer.

There are 65,535 virtual ports on a typical personal computer that can be used to gain entry. The firewall has to keep an eye on each one of these ports. Talk about having a tough job!

Types of Firewalls

We can think of firewalls as being similar to a bouncer in a nightclub. Like a bouncer in a nightclub, firewalls have a set of rules, similar to a guest list or a dress code, that determines if the packet should be allowed entry. Just as the bouncer places himself at the door of the club, the firewall is located at the point of entry where data attempts to enter the computer from the Internet. But, just as different night clubs might have different rules for entry, different firewalls have different methods of inspecting packets for acceptance or rejection.

Packet Filtering

The most common firewall method is known as packet filtering. Maintaining our bouncer analogy, some bouncers may only check ID?s and compare this with the guest list before letting people in. Similarly, when a packet filter firewall receives a packet from the Internet, it checks information held in the IP Address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable.

In this case, a set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a particular source or destination IP address or port number is identified. For example, access to a pornographic web site can be blocked by designating the IP address of that site as a non-permitted connection (incoming or outgoing) with the users? computer. When the packet filter firewall encounters a packet from the porn site, it examines the packet. Since IP address of the porn site is contained in the header of the packet, it meets the conditions that specifically deny such a connection and the web traffic is not permitted to go through.

Although packet filters are fast, they are also relatively easy to circumvent. One method of getting around a packet filter firewall is known as IP spoofing, in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into thinking that the packets from the hacker are actually from a trusted source. The second fundamental problem with packet filter firewalls is that they allow a direct connection between source and destination computers. As a result, once an initial connection has been approved by the firewall, the source computer is connected directly to the destination computer, thereby potentially exposing the destination computer and all the computers to which it is connected to attack.

Stateful Packet Inspection

A second method utilized by firewalls is known as stateful packet inspection. Stateful packet inspection is a form of super-charged packet filtering. It examines not just the headers of the packet, but also the contents, to determine more about the packet than just its source and destination information. It is called a ?stateful? packet inspection because it examines the contents of the packet to determine what the state of the communication is ? i.e. it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, Stateful inspection firewalls also close off ports until connection to the specific port is requested. This allows an added layer of protection from the threat of port scanning.

Application-Level Proxy

Other types of bouncers have stricter rules: they not only want to know who the guest is, but what he or she will be doing once they are inside the club. In the world of firewalls, this type of bouncer is known as an application-level proxy because it determines if a connection to a requested application is permitted. Only connections for specified purposes, such as Internet access or e-mail, will be permitted. This allows system administrators to control what applications their system?s computers will be used for.

For example, hackers can use the Telnet service (which in the early days of the Internet was developed to allow remote logins to computers) to gain unauthorized access to a network. However, a firewall can be setup to allow only web and e-mail applications to gain access. The firewall can be programmed to stop all packets with the destination port of 23, which is the standard port for Telnet. Any attempt by hackers to telnet into the users? computer will fail because the application level firewall will recognize this telnet connection as a non-web/e-mail application and reject the information trying to enter the users? computer.

This type of firewall is known as an application-level proxy because, in addition to screening packets for the type of application they wan to run on the user?s computer, they also serve as aproxy server. A proxy can be thought of as a computer that sits between a computer and a web server and acts as a middleman between the computer and the web server.

An application-level proxy receives all communications requests from the computers behind it (or inside the firewall.) It then proxies the request; that is, it makes the requests on behalf of its constituent computers. What this does is to effectively hide the individual computers on the network behind the firewall. The targeted computers are protected from view because outside sources never make direct contact with the computers - every communication is conducted through the proxy server.

Network Address Translation (NAT)

Network Address Translation (NAT), serves as a firewall by keeping individual IP addresses hidden from the outside world. Similar to a proxy server, Network Address Translation acts as an intermediary between a group of computers and the Internet. NAT allows an organization to present itself to the Internet with one address. NAT converts the address of each computer and device on a LAN into one IP address for the Internet and vice versa. As a result, people scanning the Internet for addresses cannot identify the computers on the network or capture any details of their location, IP address, etc. And if the bad guys can?t find you, they can?t hurt you.

Drawbacks to Using Firewalls

Although firewalls have their strengths, and are an invaluable information security resource, there are some attacks that the firewalls cannot protect against, such as eavesdropping or interception of e-mail. Furthermore, whereas firewalls provide a single point of security and audit, this also becomes a single point of failure ? which is to say, firewalls are a last line of defense. This means that if an attacker is able to breach the firewall, he or she will have gained access to the system, and may have an opportunity to steal data that is stored in that system, or to create other havoc within the system. Firewalls may keep the bad guys out, but what if the bad guys are inside? In the case of dishonest or disgruntled employees, firewalls will not provide much protection. Finally, as mentioned in the discussion of packet filtering, firewalls are not foolproof - IP spoofing can be an effective means of circumvention, for example.

For optimal protection against the variety of security threats that exist, firewalls should be used in conjunction with other security measures such as anti-virus software and encryption packages. As well, a well-thought out and consistently implemented security policy is vital to attaining optimal effectiveness of any security software.

Selecting Firewalls

Firewall applications vary in sophistication and cost. For the small office or home user, the easiest and least expensive firewall solutions are personal firewalls, which are software programs that install on your computer. When selecting firewalls, the following considerations should be taken into account:

·         Ease of installation/configuration

·         Does the firewall run without user intervention?

·         Are there parameters that have to be set, and is it easy to do?

·         Is there online help or technical support available?

·         Does the firewall provide audit reports identifying time, location and type of attack?

·         Is the cost of the firewall appropriate to the size of your business/office?

·         Are maintenance/ monitoring requirements suitable for the size and type of business?

·         What will be the training requirements for the firewall?

·         Will the firewall have a significant impact on the operation of the system as a whole?

There are a number of firewall products available with varying feature capabilities and costs. Most of the vendors offer a free trial for evaluation purposes and SOHO users should select one based on their needs.

Read More

CCNP Certification

Cisco Certified Network Professional (CCNP®) validates the ability to plan, implement, verify and troubleshoot local and wide-area enterprise networks and work collaboratively with specialists on advanced security, voice, wireless and video solutions. The CCNP certification is appropriate for those with at least one year of networking experience who are ready to advance their skills and work independently on complex network solutions. Those who achieve CCNP have demonstrated the skills required in enterprise roles such as network technician, support engineer, systems engineer or network engineer.

Find out more about changes to CCNP certification announced on January 25, 2010 and use our CCNP exam combination tool to show which additional exams are required, based on the exams you've already passed.

CCNP syllabus

Partners: Log in for Partner E-Learning Connection (PEC) learning map

• CCNP Track I Learning Map
• CCNP Track II Learning Map

Read More

CCNA Certification

Cisco Certified Network Associate (CCNA®) validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs).

CCNA syllabus

Read More

Differences Between WLAN and LAN

Although WLANs and LANs both provide connectivity between the end users, they have some key differences that include both physical and logical differences between the topologies. In WLANs, radio frequencies are used as the physical layer of the network. Differences also exist in the way the frame is formatted and in the transmission methods, detailed as follows:

■ WLANs use carrier sense multiple access with collision avoidance (CSMA/CA) instead of carrier sense multiple access collision detect (CSMA/CD), which is used by Ethernet LANs. Collision detection is not possible in WLANs, because a sending station cannot receive at the same time that it transmits and, therefore, cannot detect a collision. Instead, WLANs use the Ready To Send (RTS) and Clear To Send (CTS) protocols to avoid collisions.

■ WLANs use a different frame format than wired Ethernet LANs use. WLANs require additional information in the Layer 2 header of the frame. Radio waves cause problems not found in LANs, such as the following:

■ Connectivity issues occur because of coverage problems, RF transmission, multipath distortion, and interference from other wireless services or other WLANs.

■ Privacy issues occur because radio frequencies can reach outside the facility. In WLANs, mobile clients connect to the network through an access point, which is the equivalent of a wired Ethernet hub. These connections are characterized as follows:

■ There is no physical connection to the network.

■ The mobile devices are often battery-powered, as opposed to plugged-in LAN devices. WLANs must meet country-specific RF regulations. The aim of standardization is to make WLANs available worldwide. Because WLANs use radio frequencies, they must follow country-specific regulations of RF power and frequencies. This requirement does not apply to wired LANs.

Read More

IPv6 and its difference from IPv4

Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet that is still in dominant use currently. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol is the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460.

IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2¹²⁸ (about 3.4×10³⁸) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

IPv6 also implements new features that simplify aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address).

Network security is integrated into the design of the IPv6 architecture. Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread optional deployment first in IPv4 (into which it was back-engineered). The IPv6 specifications mandate IPsec implementation as a fundamental interoperability requirement.

In December 2008, despite marking its 10th anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general worldwide deployment. A 2008 study by Google Inc. indicated that penetration was still less than one percent of Internet-enabled hosts in any country. IPv6 has been implemented on all major operating systems in use in commercial, business, and home consumer environments.

Differences Between IPv4 an IPv6

IPv6 is based on IPv4, it is an evolution of IPv4. So many things that we find with IPv6 are familiar to us. The main differences are:

1.Simplified header format. IPv6 has a fixed length header, which does not include most of the options an IPv4 header can include. Even though the IPv6 header contains two 128 bit addresses (source and destination IP address) the whole header has a fixed length of 40 bytes only. This allows for faster  processing. Options are dealt with in extension headers, which are only inserted after the IPv6 header if needed. So for instance if a packet needs to be fragmented, the fragmentation header is inserted after the IPv6 header. The basic set of extension headers is defined in RFC 2460.

2.Address extended to 128 bits. This allows for hierarchical structure of the address space and provides enough addresses for almost every 'grain of sand' on the earth. Important for security and new services/devices that will need multiple IP addresses and/or permanent connectivity. 

3.A lot of the new IPv6 functionality is built into ICMPv6 such as Neighbor Discovery, Autoconfiguration, Multicast Listener Discovery, Path MTU Discovery. 

4.Enhanced Security and QoS Features.

or in simple words 

IPv4 means Internet Protocol version 4, whereas IPv6 means Internet Protocol version 6.

IPv4 is 32 bits IP address that we use commonly, it can be 192.168.8.1, 10.3.4.5 or other 32 bits IP addresses. IPv4 can support up to 2³² addresses, however the 32 bits IPv4 addresses are finishing to be used in near future, so IPv6 is developed as a replacement.

IPv6 is 128 bits, can support up to 2¹²⁸ addresses to fulfill future needs with better security and network related features. Here are some examples of IPv6 address:

1050:0:0:0:5:600:300c:326b 

ff06::c3 

0:0:0:0:0:0:192.1.56.10

Read More

How Network Address Translation (NAT) works

Introduction

If you are reading this, you are most likely connected to the Internet and there's a very good chance that you are using Network Address Translation (NAT) right now!

The Internet has grown larger than anyone ever imagined it could be. Although the exact size is unknown, the current estimate is that there are about 100 million hosts and over 350 million users actively on the Internet. That is more than the entire population of the United States! In fact, the rate of growth has been such that the Internet is effectively doubling in size each year.

So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically it works just like your street address: a way to find out exactly where you are and deliver information to you.

When IP addressing first came out, everyone thought that there were plenty of addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses (2³²). The actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated into Classes and the need to set aside some of the addresses for multicasting, testing or other specific uses.

With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (IPv6) but will take several years to implement because it requires modification of the entire infrastructure of the Internet.

The NAT router translates traffic coming into and leaving the private network:

This is where NAT (RFC 1631 ) comes to the rescue. Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network. This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
The shortage of IP addresses is only one reason to use NAT. Two other good reasons are:

• Security
• Administration

For more detailed explaination on NAT visit

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml#behindmask

Read More