Ethernet
Hubs
An
Ethernet hub is also called a multiport repeater. A repeater is a device that
amplifies a signal as it passes through it, to counteract the effects of
attenuation. If, for example, you have a thin Ethernet network with a cable
segment longer than the prescribed maximum of 185 meters, you can install a
repeater at some point in the segment to strengthen the signals and increase
the maximum segment length. This type of repeater only has two BNC connectors,
and is rarely seen these days.
8 Port
mini Ethernet Hub
The hubs
used on UTP Ethernet networks are repeaters as well, but they can have many
RJ45 ports instead of just two BNC connectors. When data enters the hub through
any of its ports, the hub amplifies the signal and transmits it out through all
of the other ports. This enables a star network to have a shared medium, even
though each computer has its own separate cable. The hub relays every packet
transmitted by any computer on the network to all of the other computers, and
also amplifies the signals.
The
maximum segment length for a UTP cable on an Ethernet network is 100 meters. A
segment is defined as the distance between two communicating computers.
However, because the hub also functions as a repeater, each of the cables
connecting a computer to a hub port can be up to 100 meters long, allowing a
segment length of up to 200 meters when one hub is inserted in the network.
Multistation
Access Unit
A
Multistation Access Unit (MAU) is a special type of hub used for token ring
networks. The word "hub" is used most often in relation to Ethernet
networks, and MAU only refers to token ring networks. On the outside, the MAU
looks like a hub. It connects to multiple network devices, each with a separate
cable.
Unlike a
hub that uses a logical bus topology over a physical star, the MAU uses a
logical ring topology over a physical star.
When the
MAU detects a problem with a connection, the ring will beacon. Because it uses
a physical star topology, the MAU can easily detect which port the problem
exists on and close the port, or "wrap" it. The MAU does actively
regenerate signals as it transmits data around the ring.
Switches
Switches
are a special type of hub that offers an additional layer of intelligence to
basic, physical-layer repeater hubs. A switch must be able to read the MAC
address of each frame it receives. This information allows switches to repeat
incoming data frames only to the computer or computers to which a frame is
addressed. This speeds up the network and reduces congestion.
Switches
operate at both the physical layer and the data link layer of the OSI Model.
Bridges
A bridge
is used to join two network segments together, it allows computers on either
segment to access resources on the other. They can also be used to divide large
networks into smaller segments. Bridges have all the features of repeaters, but
can have more nodes, and since the network is divided, there is fewer computers
competing for resources on each segment thus improving network performance.
Bridges
can also connect networks that run at different speeds, different topologies,
or different protocols. But they cannot, join an Ethernet segment with a Token
Ring segment, because these use different networking standards. Bridges operate
at both the Physical Layer and the MAC sublayer of the Data Link layer. Bridges
read the MAC header of each frame to determine on which side of the bridge the
destination device is located, the bridge then repeats the transmission to the
segment where the device is located.
Routers
Routers
Are networking devices used to extend or segment networks by forwarding packets
from one logical network to another. Routers are most often used in large
internetworks that use the TCP/IP protocol suite and for connecting TCP/IP
hosts and local area networks (LANs) to the Internet using dedicated leased
lines.
Routers
work at the network layer (layer 3) of the Open Systems Interconnection (OSI)
reference model for networking to move packets between networks using their
logical addresses (which, in the case of TCP/IP, are the IP addresses of
destination hosts on the network). Because routers operate at a higher OSI
level than bridges do, they have better packet-routing and filtering
capabilities and greater processing power, which results in routers costing
more than bridges.
Routing
tables
Routers
contain internal tables of information called routing tables that keep track of
all known network addresses and possible paths throughout the internetwork,
along with cost of reaching each network. Routers route packets based on the
available paths and their costs, thus taking advantage of redundant paths that
can exist in a mesh topology network.
Because
routers use destination network addresses of packets, they work only if the
configured network protocol is a routable protocol such as TCP/IP or IPX/SPX.
This is different from bridges, which are protocol independent. The routing
tables are the heart of a router; without them, there's no way for the router
to know where to send the packets it receives.
Unlike
bridges and switches, routers cannot compile routing tables from the
information in the data packets they process. This is because the routing table
contains more detailed information than is found in a data packet, and also
because the router needs the information in the table to process the first
packets it receives after being activated. A router can't forward a packet to
all possible destinations in the way that a bridge can.
Static
routers: These must have their routing tables configured manually with all
network addresses and paths in the internetwork.
Dynamic
routers: These automatically create their routing tables by listening to
network traffic.
Routing
tables are the means by which a router selects the fastest or nearest path to
the next "hop" on the way to a data packet's final destination. This
process is done through the use of routing metrics.
Routing
metrics which are the means of determining how much distance or time a packet
will require to reach the final destination. Routing metrics are provided in
different forms.
hop is
simply a router that the packet must travel through.
Ticks
measure the time it takes to traverse a link. Each tick is 1/18 of a second.
When the router selects a route based on tick and hop metrics, it chooses the
one with the lowest number of ticks first.
You can
use routers, to segment a large network, and to connect local area segments to
a single network backbone that uses a different physical layer and data link
layer standard. They can also be used to connect LAN's to a WAN's.
Brouters
Brouters
are a combination of router and bridge. This is a special type of equipment
used for networks that can be either bridged or routed, based on the protocols
being forwarded. Brouters are complex, fairly expensive pieces of equipment and
as such are rarely used.
A Brouter
transmits two types of traffic at the exact same time: bridged traffic and
routed traffic. For bridged traffic, the Brouter handles the traffic the same
way a bridge or switch would, forwarding data based on the physical address of
the packet. This makes the bridged traffic fairly fast, but slower than if it
were sent directly through a bridge because the Brouter has to determine
whether the data packet should be bridged or routed.
Gateways
A gateway
is a device used to connect networks using different protocols. Gateways
operate at the network layer of the OSI model. In order to communicate with a
host on another network, an IP host must be configured with a route to the destination
network. If a configuration route is not found, the host uses the gateway
(default IP router) to transmit the traffic to the destination host. The
default t gateway is where the IP sends packets that are destined for remote
networks. If no default gateway is specified, communication is limited to the
local network. Gateways receive data from a network using one type of protocol
stack, removes that protocol stack and repackages it with the protocol stack
that the other network can use.
Examples
E-mail
gateways-for example, a gateway that receives Simple Mail Transfer Protocol
(SMTP) e-mail, translates it into a standard X.400 format, and forwards it to
its destination
Gateway
Service for NetWare (GSNW), which enables a machine running Microsoft Windows
NT Server or Windows Server to be a gateway for Windows clients so that they
can access file and print resources on a NetWare server
Gateways
between a Systems Network Architecture (SNA) host and computers on a TCP/IP
network, such as the one provided by Microsoft SNA Server
A packet
assembler/disassembler (PAD) that provides connectivity between a local area
network (LAN) and an X.25 packet-switching network
CSU /
DSU (Channel Service Unit / Data Service Unit)
A CSU/DSU
is a device that combines the functionality of a channel service unit (CSU) and
a data service unit (DSU). These devices are used to connect a LAN to a WAN,
and they take care of all the translation required to convert a data stream
between these two methods of communication.
A DSU
provides all the handshaking and error correction required to maintain a
connection across a wide area link, similar to a modem. The DSU will accept a
serial data stream from a device on the LAN and translate this into a useable
data stream for the digital WAN network. It will also take care of converting
any inbound data streams from the WAN back to a serial communication.
A CSU is
similar to a DSU except it does not have the ability to provide handshaking or
error correction. It is strictly an interface between the LAN and the WAN and
relies on some other device to provide handshaking and error correction.
NICs
(Network Interface Card)
Network
Interface Card, or NIC is a hardware card installed in a computer so it can
communicate on a network. The network adapter provides one or more ports for
the network cable to connect to, and it transmits and receives data onto the
network cable.
Wireless
Lan card
Every
networked computer must also have a network adapter driver, which controls the
network adapter. Each network adapter driver is configured to run with a
certain type of network adapter.
Network
card
Network
Interface Adapter Functions
Network
interface adapters perform a variety of functions that are crucial to getting
data to and from the computer over the network.
These
functions are as follows:
Data
encapsulation
The
network interface adapter and its driver are responsible for building the frame
around the data generated by the network layer protocol, in preparation for
transmission. The network interface adapter also reads the contents of incoming
frames and passes the data to the appropriate network layer protocol.
Signal
encoding and decoding
The
network interface adapter implements the physical layer encoding scheme that
converts the binary data generated by the network layer-now encapsulated in the
frame-into electrical voltages, light pulses, or whatever other signal type the
network medium uses, and converts received signals to binary data for use by
the network layer.
transmission
and reception
The
primary function of the network interface adapter is to generate and transmit
signals of the appropriate type over the network and to receive incoming
signals. The nature of the signals depends on the network medium and the data-link
layer protocol. On a typical LAN, every computer receives all of the packets
transmitted over the network, and the network interface adapter examines the
destination address in each packet, to see if it is intended for that computer.
If so, the network interface adapter passes the packet to the computer for
processing by the next layer in the protocol stack; if not, the network
interface adapter discards the packet.
Data
buffering
Network
interface adapters transmit and receive data one frame at a time, so they have
built-in buffers that enable them to store data arriving either from the
computer or from the network until a frame is complete and ready for
processing.
Serial/parallel
conversion
The
communication between the computer and the network interface adapter runs in
parallel, that is, either 16 or 32 bits at a time, depending on the bus the
adapter uses. Network communications, however, are serial (running one bit at a
time), so the network interface adapter is responsible for performing the
conversion between the two types of transmissions.
Media
access control
it 12 digits address.
it works 32 bit.
it also known as physical address and starting 3 digits refers company name.
it address combination of alfavate and numeric.
The
network interface adapter also implements the MAC mechanism that the data-link
layer protocol uses to regulate access to the network medium. The nature of the
MAC mechanism depends on the protocol used.
Network
protocols
A
networked computer must also have one or more protocol drivers (sometimes
called a transport protocol or just a protocol). The protocol driver works
between the upper-level network software and the network adapter to package
data to be sent on the network.
In most
cases, for two computers to communicate on a network, they must use identical
protocols. Sometimes, a computer is configured to use multiple protocols. In
this case, two computers need only one protocol in common to communicate. For
example, a computer running File and Printer Sharing for Microsoft Networks
that uses both NetBEUI and TCP/IP can communicate with computers using only
NetBEUI or TCP/IP.
ISDN
(Integrated Services Digital Network) adapters
Integrated
Services Digital Network adapters can be used to send voice, data, audio, or
video over standard telephone cabling. ISDN adapters must be connected directly
to a digital telephone network. ISDN adapters are not actually modems, since
they neither modulate nor demodulate the digital ISDN signal.
Like
standard modems, ISDN adapters are available both as internal devices that
connect directly to a computer's expansion bus and as external devices that
connect to one of a computer's serial or parallel ports. ISDN can provide data
throughput rates from 56 Kbps to 1.544 Mbps (using a T1 carrier service).
ISDN
hardware requires a NT (network termination) device, which converts network
data signals into the signaling protocols used by ISDN. Some times, the NT
interface is included, or integrated, with ISDN adapters and ISDN-compatible
routers. In other cases, an NT device separate from the adapter or router must
be implemented. ISDN works at the physical, data link, network, and transport
layers of the OSI Model.
WAPs
(Wireless Access Point)
A
wireless network adapter card with a transceiver sometimes called an access
point, broadcasts and receives signals to and from the surrounding computers
and passes back and forth between the wireless computers and the cabled
network.
Access
points act as wireless hubs to link multiple wireless NICs into a single
subnet. Access points also have at least one fixed Ethernet port to allow the
wireless network to be bridged to a traditional wired Ethernet network.
Modems
A modem
is a device that makes it possible for computers to communicate over telephone
lines. The word modem comes from Modulate and Demodulate. Because standard
telephone lines use analog signals, and computers digital signals, a sending
modem must modulate its digital signals into analog signals. The computers
modem on the receiving end must then demodulate the analog signals into digital
signals.
Modems
can be external, connected to the computers serial port by an RS-232 cable or
internal in one of the computers expansion slots. Modems connect to the phone
line using standard telephone RJ-11 connectors.
Transceivers
(media converters)
Transceiver
short for transmitter-receiver, a device that both transmits and receives
analog or digital signals. The term is used most frequently to describe the
component in local-area networks (LANs) that actually applies signals onto the
network wire and detects signals passing through the wire. For many LANs, the
transceiver is built into the network interface card (NIC). Some types of
networks, however, require an external transceiver.
In
Ethernet networks, a transceiver is also called a Medium Access Unit (MAU).
Media converters interconnect different cable types twisted pair, fiber, and
Thin or thick coax, within an existing network. They are often used to connect
newer 100-Mbps, Gigabit Ethernet, or ATM equipment to existing networks, which
are generally 10BASE-T, 100BASE-T, or a mixture of both. They can also be used
in pairs to insert a fiber segment into copper networks to increase cabling distances
and enhance immunity to electromagnetic interference (EMI).
Firewalls
In
computing, a firewall is a piece of hardware and/or software which functions in
a networked environment to prevent some communications forbidden by the
security policy, analogous to the function of firewalls in building
construction.
A
firewall has the basic task of controlling traffic between different zones of
trust. Typical zones of trust include the Internet (a zone with no trust) and
an internal network (a zone with high trust). The ultimate goal is to provide
controlled connectivity between zones of differing trust levels through the
enforcement of a security policy and connectivity model based on the least
privilege principle.
There are
three basic types of firewalls depending on:
whether
the communication is being done between a single node and the network, or
between two or more networks
whether
the communication is intercepted at the network layer, or at the application
layer
whether
the communication state is being tracked at the firewall or not
With
regard to the scope of filtered communication these firewalls are exist:
Personal
firewalls, a software application which normally filters traffic entering or
leaving a single computer through the Internet.
Network
firewalls, normally running on a dedicated network device or computer
positioned on the boundary of two or more networks or DMZs (demilitarized
zones). Such a firewall filters all traffic entering or leaving the connected
networks.
In
reference to the layers where the traffic can be intercepted, three main
categories of firewalls exist:
network
layer firewalls An example would be iptables.
application
layer firewalls An example would be TCP Wrapper.
application
firewalls An example would be restricting ftp services through /etc/ftpaccess
file
These
network-layer and application-layer types of firewall may overlap, even though
the personal firewall does not serve a network; indeed, single systems have
implemented both together.
There's
also the notion of application firewalls which are sometimes used during wide
area network (WAN) networking on the world-wide web and govern the system
software. An extended description would place them lower than application layer
firewalls, indeed at the Operating System layer, and could alternately be
called operating system firewalls.
Lastly,
depending on whether the firewalls track packet states, two additional
categories of firewalls exist:
stateful
firewalls
stateless
firewalls
Network
layer firewalls
Network
layer firewalls operate at a (relatively low) level of the TCP/IP protocol
stack as IP-packet filters, not allowing packets to pass through the firewall
unless they match the rules. The firewall administrator may define the rules;
or default built-in rules may apply (as in some inflexible firewall systems).
A more
permissive setup could allow any packet to pass the filter as long as it does
not match one or more "negative-rules", or "deny rules".
Today network firewalls are built into most computer operating system and
network appliances.
Modern
firewalls can filter traffic based on many packet attributes like source IP
address, source port, destination IP address or port, destination service like
WWW or FTP. They can filter based on protocols, TTL values, netblock of
originator, domain name of the source, and many other attributes.
Application-layer
firewalls
Application-layer
firewalls work on the application level of the TCP/IP stack (i.e., all browser
traffic, or all telnet or ftp traffic), and may intercept all packets traveling
to or from an application. They block other packets (usually dropping them
without acknowledgement to the sender). In principle, application firewalls can
prevent all unwanted outside traffic from reaching protected machines.
By
inspecting all packets for improper content, firewalls can even prevent the
spread of the likes of viruses. In practice, however, this becomes so complex
and so difficult to attempt (given the variety of applications and the
diversity of content each may allow in its packet traffic) that comprehensive
firewall design does not generally attempt this approach.
Proxies
A proxy
device (running either on dedicated hardware or as software on a
general-purpose machine) may act as a firewall by responding to input packets
(connection requests, for example) in the manner of an application, whilst
blocking other packets.
Proxies
make tampering with an internal system from the external network more
difficult, and misuse of one internal system would not necessarily cause a
security breach exploitable from outside the firewall (as long as the
application proxy remains intact and properly configured). Conversely,
intruders may hijack a publicly-reachable system and use it as a proxy for
their own purposes; the proxy then masquerades as that system to other internal
machines. While use of internal address spaces enhances security, crackers may
still employ methods such as IP spoofing to attempt to pass packets to a target
network.
No comments:
Post a Comment