eMerge Browser Managed Security Platform

Module 1Networking for eMerge

Agenda

• Network Basics• IP Networks• Common Cases• Questions

Network Basics

What is a network?

• A collection of devices linked by a common communications infrastructure

• Can be a Local Area Network (LAN) or a Wide Area Network (WAN)

• Often drawn as a pipe, as in a “data pipe” because data flows through it

• The “cloud” typically represents wide area network components such as the Internet

Network

Internet

WAN side

LAN side

Network capacities

• Bandwidth is the amount of data that the pipe can carry– Generally expressed in millions of bits per second, or megabit or

megabaud– Typical Ethernet networks are 10 or 100 megabits– New Ethernet networks exist that carry 1,000,000,000 bits per second

(gigabit Ethernet)• Theoretically because many factors effect the actual amount of data that can be

carried• Remember: throughput is only as good as the slowest segment

– Typical bandwith usage • Controler to node programing=1 megabit per second maximum • Controler to computer=75 kb per second maximum• Controler to node normal operation=25 kb per second maximum

A typical bandwidth situation

• The Internet comes in through a DSL connection

– The connection can supply data inbound at 1.5 megabits per second – good for surfing the web

– The outbound connection is only 325 kilobits per second – not so good for transmitting video

• Inside the office, though, things can run at 100 megabits per second

– BUT: anything involving the WAN is subject to the asymmetric WAN capacities

Network

Your Internet connection

Your computer Another computer

325 kilobitoutbound

1.5 megabitinbound

100 megabitsymmetrical

The physical network, data, and protocols

• Ethernet is an electrical standard for transmitting data– 10BaseT and 100BaseT are Ethernet variants corresponding to 10 megabit and

100 megabit data capacities

• Other than Ethernet, common networks are Token Ring and FDDI (Fiber Distributed Data Interface)

• TCP/IP, UDP, Telnet, and FTP are protocols used for transmitting data

Data protocols

Protocol Description

TCP/IPAssures that data packets arrive at their destination correctly and in order; used by eMerge, web sites, etc.

UDPDoes not assure data packet order or integrity, but is less complicated than TCP/IP

HTTP Used for transmitting web pages using TCP/IP

Telnet Transmits character data using UDP

FTP Used for transmitting files over a network

•An IP address is like your telephone number or your home address -- each one is entirely unique. Every computer on the Internet has its very own IP address.

•The standard format is four groups of numbers separated by periods, and each number is an integer between 0 and 255.

•For example, a typical IP address would look like this: 181.255.107.4

•A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. Unlike the IP number, it includes no indication of where your computer is located. In DHCP's typical use, the server uses a requesting computer's MAC address to uniquely identify it.

IP address and mac address

IP addresses

• Come in “public” and “private” varieties

– Public address is assigned by an Internet service provider, e.g. Verizon

– Private addresses are determined by a DHCP server on the premises – typically like 192.168.x.x or 10.x.x.x

• MAC address is permanent but IP address may be dynamic or static

– Dynamic address is assigned by a DHCP server

– Static address is assigned by a system administrator

Ethernet

Workstation 1 Workstation 2

00-21-3A-BF-CD-04 00-21-45-2F-FD-08

02-32-30-00-BB-0124.122.43.21

192.168.0.21192.168.0.20

0 in a subnet octet means that that part of the ip address is what defines

the individual product

The ip address and subnet mask work together to define a network

192.168.000.250 ip address (255).255.255.000 subnet mask

255 as a subnet mask octet means that that part of the ip address is

used to define the network

192.168.000.250 ip address 255.255.255.(000) subnet mask

Example: So with the subnet mask of 255.255.255.000 and the network has an ip address of 192.168.000.250 Then the devise you are putting on the network would have to have and ip address of 192.168.000.(0-255)

IP address and subnet mask

IP Networks

Ports and IP addresses

• Ports allow multiple data streams to go to a single address

– Port numbers are assigned by IANA

• 80 is the default for web servers using HTTP

• 3306 is the default for database servers

• 7262 is for Network Controller auto recognition of nodes

– Routers can restrict which ports are available

Ethernet

Workstation 2

24.122.43.21

192.168.0.21192.168.0.20

www.mycompany.com

NetBox

Port 80 - web serverPort 3306 - ODBCPort 23 - Telnet

eMerge

Domain Name System (DNS)

• Handles the translation of a text name to an IP address

– Benefit is that text names are easier to type and IP addresses may change

– DNS typically set up by an Internet Service Provider (ISP)

• DNS servers maintain the translation information

– May be located internally or on the Internet (private or public)

– DNS entry changes are propagated across many DNS servers

Ethernet

Workstation 1 Workstation 2

00-21-3A-BF-CD-04 00-21-45-2F-FD-08

02-32-30-00-BB-0124.122.43.21

192.168.0.21192.168.0.20

www.mycompany.com

More about ports and URLs

• A Uniform Resource Locator (URL) identifies the protocol, server, and port for communication

– Format is <protocol>//<server>:<port>– Example: http://192.168.0.22:8080 means communicate with IP address

192.168.0.22 using HTTP protocol on port 8080– Your browser assumes HTTP and port 80, so typing www.myco.com turns into

http://myco.com:80 and DNS is used to translate www.myco.com to its IP address– When you use other than a standard port, you have to specify the protocol, so

“192.168.0.22:8080” without the http:// in front of it doesn’t work– Similarly, if you want an FTP server, you have to specify the protocol (as in

ftp://www.ieib.com) or the browser will think you want HTTP

Switches, routers, bridges, and hubs

• A hub is a simple device for connecting multiple devices to the same communications path

– It functions much like a conventional analog (POTS) phone circuit where every device sees exactly the same data

– You only need a hub in certain rare instances; generally you want a switch

• A switch is a device that connects multiple devices or LAN segments to a communications path

– Unlike a hub, though, the device only “sees” data intended for it– The Network Controller has a two port switch built in– A switch can connect 10 megabit to 100 megabit Ethernet

• A router directs, or routes, data packets between networks• Such as routing between the Internet and an office LAN

– Routers commonly have built-in switches

• A bridge joins two networks or network segments– As in a “wireless Ethernet bridge” that converts wireless to Ethernet communications

Common router capabilities

• Routing – use network topology knowledge to optimally drive data from one point to another

• Gateway – acts as a gateway to the public Internet for devices on a LAN• DHCP server – assigns addresses dynamically to devices on the LAN• Firewall – restricts what types of data can enter the LAN from the outside• Port translation – directs requests for data on the WAN side to a specific IP address

on the LAN side by port (same port number)• Port forwarding - directs requests for data on the WAN side to a specific IP address

on the LAN side by port (different port number)• Web Server – allows configuration through a web browser built into the router

Back side of router

LAN side / 4 port switch WAN / network side

Network attached storage (NAS)

• An inexpensive way to share storage across networked systems

• Makes storage (hard disk or memory stick) available online

– Requires and IP address, user name, and password for the storage server

– Unit at right costs about $80 plus the cost of a USB hard disk

• eMerge uses NAS to perform backups

Typical configurations

Planning a network: most basic configuration – used when there is no preexisting network

• Like pulling twisted pair except that you pull CAT-5

• Determine an ip addressing scheme ie. 192.168.0.XXX most routers have a default values.

• Connect the eMerge Controller to the router

• Connect your computer to the router

Router

LAN side

Laptop computer

Same system, but connected to the public Internet

• Same as previous system, but this time you can set:

– DNS server address(es)– Gateway address– Network time server over the

Internet– Cameras over the Internet

Router

LAN side

Laptop computer

Internet

Corporate LAN with separate network for security devices

• This configuration isolates security equipment from the rest of the network

– Need to exercise caution in assigning addresses

– Note that the router at 192.168.0.24 creates the 192.168.1.x subnet

– Need to open a port through the 192.168.0.24 router to permit HTTP traffic to the eMerge web server

Security LAN

Corporate LAN

Internet

Corporate PC Corporate PC

24.11.223.62

192.168.0.x

192.168.1.x

192.168.0.24