TCP/IP Protocol Suite explained briefly

TCP/IP is based on a four-layer reference model. All protocols that belong to the TCP/IP protocol suite are located in the top three layers of this model.

As shown in the following diagram, each layer of the TCP/IP model corresponds to one or more layers of the seven-layer Open Systems Interconnection (OSI) reference model proposed by the International Organization for Standardization (ISO).

Diagram

The types of services performed and protocols used at each layer within the TCP/IP model are described in more detail below.

Application: Defines TCP/IP application protocols and how host programs interface with transport layer services to use the network. 

• Protocols: HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP, other application protocols

Transport: Provides communication session management between host computers. Defines the level of service and status of the connection used when transporting data. 

• Protocols: TCP, UDP, RTP, RSVP

Internetwork: Packages data into IP datagrams, which contain source and destination address information that is used to forward the datagrams between hosts and across networks. Performs routing of IP datagrams. 

• Protocols: IP, ICMP, ARP, RARP

Network Interface: Specifies details of how data is physically sent through the network, including how bits are electrically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. 

• Protocols: Ethernet, Token Ring, FDDI, X.25, Frame Relay, RS-232, v.35

The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).

Src: http://technet.microsoft.com/en-us/library/cc786900(v=ws.10).aspx
Src: http://en.wikipedia.org/wiki/Internet_protocol_suite

If you want to go deep into how each layers function please refer Microsoft's Article

Read More

Subnet Addressing / Subnet Masking

By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number. It is unlikely that the smaller office LANs would have that many devices. You can resolve this problem by using a technique known as subnet addressing.

Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. 

A Class B address gives us 16 bits of node numbers translating to 64,000 nodes. Most organizations do not use 64,000 nodes, so there are free bits that can be reassigned. Subnet addressing makes use of those bits that are free, as shown below. 

A Class B address can be effectively translated into multiple Class C addresses. For example, the IP address of 172.16.0.0 is assigned, but node addresses are limited to 255 maximum, allowing eight extra bits to use as a subnet address. The IP address of 172.16.97.235 would be interpreted as IP network address 172.16, subnet number 97, and node number 235. In addition to extending the number of addresses available, subnet addressing provides other benefits. Subnet addressing allows a network manager to construct an address scheme for the network by using different subnets for other geographical locations in the network or for other departments in the organization.

Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address. For instance, to partition a Class C network number (192.68.135.0) into two, you shift one bit from the host address to the network address. The new netmask (or subnet mask) is 255.255.255.128. The first subnet has network number 192.68.135.0 with hosts 192.68.135.1 to 129.68.135.126, and the second subnet has network number 192.68.135.128 with hosts 192.68.135.129 to 192.68.135.254.

Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet.

Link to download this Doc

http://documentation.netgear.com/reference/enu/tcpip/pdfs/FullManual.pdf

Read More

Security in Network

What is IT-Security?

IT-Security is not a product, it's a process. Don't think to buy a firewall which solves all your security problems! You always have to ensure good configuration and updates - this should be an integrated process. But you never will reach 100% of security, it's like a bank safe: you can make it difficult to crack, but there will always be somebody, who is able to break it with a lot of resources! Here are the most important components of IT-Security:

Authenticity

Authenticity is about the identity of a subject/object. This can be a user, a process, a system or an information. This is needed for Non Repudiation and Accountability.

Integrity

This means Data-Integrity, that data was not manipulated or destroyed in an unauthorized way and System-Integrity, that the system is available with the usual performance and was not manipulated with unauthorized access. Integrity is part of Authenticity.

Confidentiality

Information should not been seen by unauthorized persons, instances or processes. This means protection of personnel or business-critical data, privacy and anonymity.

Availability/Dependability

Refers to functionality of soft- and hardware ist not altered in any unauthorized way and about secured business continuity.

Non Repudiation/Accountability

Non Repudiation means, that actions of instances (users, processes, systems and information) can be associated with only that instance. Accountability refers to financial transactions and all communication issues.

Reliability

The usual functionality and behavior of data and systems is secured. This is needed for Integrity and Non Repudiation.

Read More

CCNA Certification

Cisco Certified Network Associate (CCNA®) validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs).

CCNA syllabus

Read More