report networking

8/9/2019 Report Networking

1/36

CONTENTS

(1)- Introduction(2)- Network Topologies

Bus

Ring

Star

(3)- Local Area Network(LAN)

Wireless LAN

(4)- Wide Area Network(WAN)

(5)- Metropolitan Area Network(MAN)

(6)- OSI Model

(7)- TCP/IP Model

(8)- Networking Equipments

Hubs

Switches Hubs vs. Switches

Routers

Bridges

Network Interface Card

(9)- Internet Protocol Addressing

(10)- Network Security

(11)- Firewall Basics


2/36

(1)- Introduction

A computer networkis composed of multiple connected computers that communicate over a

wired or wireless medium to share data and other resources. For instance, a home computer

network may consist of two or more computers that share files and a printer using the network.The size and scalability of any computer network are determined both by the physical medium of

communication and by the software controlling the communication (i.e., theprotocols).

A typical network consists of:

Nodes (computers) A connecting medium (wired or wireless)

Specialized network equipment like routers or hubs.

In the case of the Internet, all of these pieces work together to allow your computer to sendinformation to another computer that could be on the other side of the world!

Here are some of the fundamental parts of a network:

Network- A network is a group ofcomputers connected together in a way that allowsinformation to be exchanged between the computers.

Node - A node is anything that is connected to the network. While a node is typically acomputer, it can also be something like a printerorCD-ROM tower.

Segment- A segment is any portion of a network that is separated, by a switch, bridge

or router, from other parts of the network. Backbone - The backbone is the main cabling of a network that all of the segmentsconnect to. Typically, the backbone is capable of carrying more information than theindividual segments. For example, each segment may have a transfer rate of 10 Mbps

(megabitsper second), while the backbone may operate at 100 Mbps.

Topology- Topology is the way that each node is physically connected to the network

Local Area Network (LAN) - A LAN is a network of computers that are in thesame general physical location, usually within a building or a campus. If the computers are
http://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Protocolshttp://computer.howstuffworks.com/router.htmhttp://computer.howstuffworks.com/pc.htmhttp://computer.howstuffworks.com/inkjet-printer.htmhttp://computer.howstuffworks.com/cd.htmhttp://computer.howstuffworks.com/bytes4.htmhttp://en.wikipedia.org/wiki/Protocolshttp://computer.howstuffworks.com/router.htmhttp://computer.howstuffworks.com/pc.htmhttp://computer.howstuffworks.com/inkjet-printer.htmhttp://computer.howstuffworks.com/cd.htmhttp://computer.howstuffworks.com/bytes4.htmhttp://en.wikipedia.org/wiki/Computer


3/36

far apart (such as across town or in different cities), then a Wide Area Network(WAN) is

typically used.

Network Interface Card (NIC) - Every computer (and most other devices) isconnected to a network through an NIC. In most desktop computers, this is an Ethernet card

(normally 10 or 100 Mbps) that is plugged into a slot on the computer's motherboard.

(2)- Network Topologies

Some of the most common topologies in use today include:

Bus - Each node is daisy-chained (connected one right after the other) along the samebackbone, similar to Christmas lights. Information sent from a node travels along the backboneuntil it reaches its destination node. Each end of a bus network must be terminated with a

resistor to keep the signal that is sent by a node across the network from bouncing back when it

reaches the end of the cable.

Bus Network Topology

Ring - Like a bus network, rings have the nodes daisy-chained. The difference is that the endof the network comes back around to the first node, creating a complete circuit. In a ring

network, each node takes a turn sending and receiving information through the use of a token.The token, along with any data, is sent from the first node to the second node, which extracts the

data addressed to it and adds any data it wishes to send. Then, the second node passes the token

and data to the third node, and so on until it comes back around to the first node again. Only the
http://computer.howstuffworks.com/ethernet.htmhttp://computer.howstuffworks.com/motherboard.htmhttp://computer.howstuffworks.com/christmas-lights.htmhttp://computer.howstuffworks.com/ethernet.htmhttp://computer.howstuffworks.com/motherboard.htmhttp://computer.howstuffworks.com/christmas-lights.htm


4/36

node with the token is allowed to send data. All other nodes must wait for the token to come to

them.

Ring Network Topology

Star- In a star network, each node is connected to a central device called a hub. The hub takesa signal that comes from any node and passes it along to all the other nodes in the network. A

hub does not perform any type of filtering or routing of the data. It is simply a junction that joins

all the different nodes together.

Star network Topology


5/36

(3)- Local Area Network(LAN)

A local area network is exactly that local. It is generally confined to a building or small

campus. LANs are constructed using Ethernet data switches and cabling. PCs, printers and file

servers are connected to the switch via Category-5 (commonly referred to as Cat-5) cables.

Contrary to popular belief, ALL computers use Media Access Control (MAC) addresses to talk

to each other not IP addresses. The IP address merely gets the data to a location not the

device. LAN speeds can range from 10megabit (10 million bits per second) to Gigabit Ethernet

(GIG-E, 1000million bits per second), depending on the devices involved. It is also possible to

configure virtual LANs (VLANs) on most LANs. VLANs allow for the separation of groups of

devices so they are invisible to devices on another VLAN on the same switch. As an example,

Voice over IP (VoIP) phone systems use VLANs to separate the phones from computers.


6/36


7/36

A local area network (LAN) is a computer networkcovering a small geographic area, like a

home, office, or group of buildings. The defining characteristics of LANs, in contrast toWide

Area Networks (WANs), include their much higher data transfer rates, smaller geographic range,and lack of a need forleased telecommunication lines.

Ethernet overunshielded twisted paircabling, and Wi-Fi are the two most common technologies

currently, but ARCNET, Token Ring and many others have been used in the past.

Local area network is a network that spans a relatively small space and provides services to a

small amount of people. Depending on the amount of people that use a Local Area Network, a

peer-to-peer or client-server method of networking may be used. A peer-to-peer network is

where each client shares their resources with other workstations in the network. Examples ofpeer-to-peer networks are: Small office networks where resource use is minimal and a home

network. A client-server network is where every client is connected to the server and each other.

Client-server networks use servers in different capacities. These can be classified into two types:Single-service servers, where the server performs one task such as file server, print server, etc.;

while other servers can not only perform in the capacity of file servers and print servers, but they

also conduct calculations and use these to provide information to clients (Web/Intranet Server).Computers are linked via Ethernet Cable, can be joined either directly (one computer to another),

or via a network hub that allows multiple connections.
http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Leased_linehttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Unshielded_twisted_pairhttp://en.wikipedia.org/wiki/Unshielded_twisted_pairhttp://en.wikipedia.org/wiki/Wi-Fihttp://en.wikipedia.org/wiki/ARCNEThttp://en.wikipedia.org/wiki/Token_Ringhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Wide_Area_Networkhttp://en.wikipedia.org/wiki/Leased_linehttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Unshielded_twisted_pairhttp://en.wikipedia.org/wiki/Wi-Fihttp://en.wikipedia.org/wiki/ARCNEThttp://en.wikipedia.org/wiki/Token_Ring


8/36

(a)- Wireless LAN

Not all networks are connected with cabling; some networks are wireless. Wireless LANs use

high frequency radio signals, infrared light beams, or lasers to communicate between the

workstations and the file server or hubs. Each workstation and file server on a wireless networkhas some sort of transceiver/antenna to send and receive the data. Information is relayed between

transceivers as if they were physically connected. For longer distance, wireless communicationscan also take place through cellular telephone technology, microwave transmission, or by

satellite.

Wireless networks are great for allowing laptop computers or remote computers to connect to theLAN. Wireless networks are also beneficial in older buildings where it may be difficult or

impossible to install cables.

The two most common types of infrared communications used in schools are line-of-sight andscattered broadcast. Line-of-sight communication means that there must be an unblocked direct

line between the workstation and the transceiver. If a person walks within the line-of-sight while

there is a transmission, the information would need to be sent again. This kind of obstruction canslow down the wireless network.Scattered infrared communication is a broadcast of infrared transmissions sent out in multiple

directions that bounces off walls and ceilings until it eventually hits the receiver. Networking

communications with laser are virtually the same as line-of-sight infrared networks.Wireless LANs have several disadvantages. They provide poor security, and are susceptible to

interference from lights and electronic devices. They are also slower than LANs using cabling.

(4)- Wide Area Network(WAN)Wide area networks cover large distances. Most are constructed using leased facilities from

Common Carriers for the state, it is generally Verizon. A WAN location, referred to as an

edge site, normally consists of a circuit (usually a T-1 1.544mb circuit), a channel subscriber unit

(CSU sort of a modem for digital circuits), and a router. The site LAN is then connected to the

WAN router to provide users access to the network.


9/36

A wide area network is a network where a wide variety of resources are deployed across a large

domestic area or internationally. An example of this is a multinational business that uses a WAN

to interconnect their offices in different countries. The largest and best example of a WAN is theInternet, which is the largest network in the world. The PSTN (Public Switched Telephone

Network) also is an extremely large network that is converging to use Internet technologies,

although not necessarily through the public Internet.

A Wide Area Network involves communication through the use of a wide range of differenttechnologies. These technologies include Point-to-Point WANs such as Point-to-Point Protocol

(PPP) and High-Level Data Link Control (HLDC), Frame Relay, ATM (Asynchronous Transfer

Mode) and Sonet (Synchronous Optical Network). The difference between the WANtechnologies is based on the switching capabilities they perform and the speed at which sending

and receiving bits of information (data) occur.
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/PSTNhttp://en.wikipedia.org/wiki/Point-to-Pointhttp://en.wikipedia.org/wiki/Frame_Relayhttp://en.wikipedia.org/wiki/ATM_(Asynchronous_Transfer_Mode)http://en.wikipedia.org/wiki/ATM_(Asynchronous_Transfer_Mode)http://en.wikipedia.org/wiki/Sonethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/PSTNhttp://en.wikipedia.org/wiki/Point-to-Pointhttp://en.wikipedia.org/wiki/Frame_Relayhttp://en.wikipedia.org/wiki/ATM_(Asynchronous_Transfer_Mode)http://en.wikipedia.org/wiki/ATM_(Asynchronous_Transfer_Mode)http://en.wikipedia.org/wiki/Sonet


10/36

(5)- Metropolitan Area Network(MAN)

Metropolitan area networks, orMANs, are large computer networks usually spanning a city.

They typically use wireless infrastructure orOptical fiberconnections to link their sites.

The IEEE 802-2001 standard describes a MAN as being:

A MAN is optimized for a larger geographical area than is a LAN, ranging fromseveral blocks of buildings to entire cities. As with local networks, MANs can also

depend on communications channels of moderate-to-high data rates. A MAN might

be owned and operated by a single organization, but it usually will be used by manyindividuals and organizations. MANs might also be owned and operated as public

utilities. They will often provide means for internetworking of local networks.

Some technologies used for this purpose are ATM, FDDI, andSMDS. These older technologies

are in the process of being displaced by Ethernet-based MANs (e.g. Metro Ethernet) in most

areas. MAN links between LANshave been built without cables using eithermicrowave, radio,orinfra-red laserlinks.

DQDB, Distributed Queue Dual Bus, is the Metropolitan Area Network standard for data

communication. It is specified in the IEEE 802.6 standard. Using DQDB, networks can be up to

30 miles long and operate at speeds of 34 to 155 Mbit/s.

A MAN is generally a very high speed network that encompasses a city area. For the state, the

Augusta area is considered a MAN. AMHI, EDOC, the Capitol campus, and CMCC are all

interconnected via fiber optics running at GIG-E or 100mb Ethernet. When reference ismade to the core routing switches, it refers to the four main switches that control the center of

the entire state network.
http://en.wikipedia.org/wiki/Computer_networkshttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/FDDIhttp://en.wikipedia.org/wiki/FDDIhttp://en.wikipedia.org/wiki/SMDShttp://en.wikipedia.org/wiki/SMDShttp://en.wikipedia.org/wiki/SMDShttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Metro_Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Microwavehttp://en.wikipedia.org/wiki/Radiohttp://en.wikipedia.org/wiki/Free-space_optical_communicationhttp://en.wikipedia.org/wiki/DQDBhttp://en.wikipedia.org/wiki/IEEE_802.6http://en.wikipedia.org/wiki/Computer_networkshttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/FDDIhttp://en.wikipedia.org/wiki/SMDShttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Metro_Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Microwavehttp://en.wikipedia.org/wiki/Radiohttp://en.wikipedia.org/wiki/Free-space_optical_communicationhttp://en.wikipedia.org/wiki/DQDBhttp://en.wikipedia.org/wiki/IEEE_802.6


11/36

(6)- OSI Model

The OSI model is based on the proposal developed by the International Standards Organization

as a first step toward international standardization of the protocols used in various layers. The

model is also called ISO OSI (Open system Interconnection ) Reference Model.


12/36

SEVEN LAYERS OF OSI MODEL

Layer 7: Application LayerThe Application layer is closest to the end user. It provides a means for the user to accessinformation on the network through an application. This layer is the main interface for the user(s)

to interact with the application and therefore the network. Some examples of application layer

implementations include Telnet, File Transfer Protocol (FTP), and Simple Mail TransferProtocol (SMTP).

Layer 6: Presentation LayerThe Presentation layer transforms data to provide a standard interface for the Application layer.

MIME encoding, data compression, data encryption and similar manipulation of the presentation

is done at this layer to present the data as a service or protocol developer sees fit. Examples:


13/36

converting an EBCDIC-coded text file to an ASCII-coded file, or serializing objects and other

data structures into and out of XML.

Layer 5: Session LayerThe Session layer controls the dialogues (sessions) between computers. It establishes, manages

and terminates the connections between the local and remote application. It provides for either

duplex or half-duplex operation and establishes checkpointing, adjournment, termination, andrestart procedures. The OSI model made this layer responsible for "graceful close" of sessions,

which is a property of TCP, and also for session checkpointing and recovery, which is not

usually used in the Internet protocol suite.

Layer 4: Transport LayerThe Transport layer provides transparent transfer of data between end users, thus relieving the

upper layers from any concern while providing reliable and cost-effective data transfer. Thetransport layer controls the reliability of a given link. Some protocols are state and connection

orientated. This means that the transport layer can keep track of the packets and retransmit thosethat fail. The best known example of a layer 4 protocol is TCP. It is the layer that convertsmessages into TCP or UDP packets.

Layer 3: Network LayerThe Network layer provides the functional and procedural means of transferring variable lengthdata sequences from a source to a destination via one or more networks while maintaining the

quality of service requested by the Transport layer. The Network layer performs network

routirng, flow control, segmentation/desegmentation, and error control functions. Routers

operate at this layersending data throughout the extended network and making the Internet

possible (there also exist layer 3 (or IP) switches). This is a logical addressing scheme valuesare chosen by the network engineer. The addressing scheme is hierarchical. The best known

example of a layer 3 protocol is the Internet Protocol (IP).

Layer 2: Data Link Layerhe Data Link layer provides the functional and procedural means to transfer data between

network entities and to detect and possibly correct errors that may occur in the Physical layer.The addressing scheme is physical which means that the addresses (MAC address) are hard-

coded into the network cards at the time of manufacture. The addressing scheme is flat. Note:

The best known example of this is Ethernet. Other examples of data link protocols are HDLCand ADCCP for point-to-point or packet-switched networks and Aloha for local area networks.

On IEEE 802 local area networks, and some non-IEEE 802 networks such as FDDI, this layermay be split into a Media Access Control (MAC) layer and the IEEE 802.2 Logical Link Control

(LLC) layer.This is the layer at which the bridges and switches operate. Connectivity is provided only among

locally attached network nodes. However, there's a reasonable argument to be made that these

really belong at "layer 2.5" rather than strictly at layer 2.


14/36

Layer 1: Physical LayerThe Physical layer defines all the electrical and physical specifications for devices. This includes

the layout of pins, voltages, and cable specifications. Hubs, repeaters, netwrork adapters andHost Bus Adapters (HBAs used in Storage Area Networks) are physical-layer devices. The major

functions and services performed by the physical layer are:

establishment and termination of a connection to a communications medium.

participation in the process whereby the communication resources are effectively shared

among multiple users. For example, contention resolution and flow control.

modulation, or conversion between the representation of digital data in user equipmentand the corresponding signals transmitted over a communications channel. These are

signals operating over the physical cablingcopper and fiber optic, for exampleor

over a radio link.

(7)- TCP/IP ModelThe layers near the top are logically closer to the user application (as opposed to the human user)while those near the bottom are logically closer to the physical transmission of the data. Viewing

layers as providing or consuming a service is a method ofabstractionto isolate upper layer

protocols from the nitty gritty detail of transmitting bits over, say, Ethernet and collision

detection while the lower layers avoid having to know the details of each and every applicationand its protocol.
http://en.wikipedia.org/wiki/Abstraction_(computer_science)http://en.wikipedia.org/wiki/Abstraction_(computer_science)http://en.wikipedia.org/wiki/Abstraction_(computer_science)http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detectionhttp://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detectionhttp://en.wikipedia.org/wiki/Abstraction_(computer_science)http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detectionhttp://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detection


15/36

This abstraction also allows upper layers to provide services that the lower layers cannot, orchoose not, to provide. Again, the original OSI Reference Model was extended to included

connectionless services (OSIRM CL)[5] For example, IP is not designed to be reliable and is a

best effort deliveryprotocol. This means that all transport layers must choose whether or not toprovide reliability and to what degree. UDP provides data integrity (via a checksum) but does not

guarantee delivery; TCP provides both data integrity and delivery guarantee (by retransmitting

until the receiver receives the packet).

IP suite stack showing the physical network connection of two hosts via two routers

and the corresponding layers used at each hop

Sample encapsulation of data within a UDP datagram within an IP packet
http://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-4http://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-4http://en.wikipedia.org/wiki/Best_effort_deliveryhttp://en.wikipedia.org/wiki/Best_effort_deliveryhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Image:UDP_encapsulation.svghttp://en.wikipedia.org/wiki/Image:UDP_encapsulation.svghttp://en.wikipedia.org/wiki/Image:IP_stack_connections.svghttp://en.wikipedia.org/wiki/Image:IP_stack_connections.svghttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-4http://en.wikipedia.org/wiki/Best_effort_deliveryhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Checksum


16/36


17/36

protocols for the network layer. In like manner, the IONL provides a structure for "subnetwork

dependent convergence facilities" such as ARP and RARP.

IETF protocols can be applied recursively, as demonstrated by tunneling protocols such asGeneric Routing Encapsulation (GRE). While basic OSI documents do not consider tunneling,

there is some concept of tunneling in yet another extension to the OSI architecture, specificallythe transport layer gateways within the International Standardized Profile framework[8]. The

associated OSI development effort, however, has been abandoned given the real-world adoptionof TCP/IP protocols.

7Applicati

on

ECHO, ENRP, FTP, Gopher, HTTP, NFS, RTSP, SIP, SMTP, SNMP, SSH,

Telnet, Whois, XMPP

6Presentat

ionXDR, ASN.1, SMB, AFP, NCP

5 Session ASAP,TLS, SSL, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP

4 Transport TCP, UDP, RTP, SCTP, SPX, ATP, IL

3 Network IP, ICMP, IGMP, IPX, OSPF, RIP, IGRP, EIGRP, ARP, RARP, X.25

2 Data LinkEthernet,Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi,

FDDI, PPP

1 Physical10BASE-T, 100BASE-T, 1000BASE-T, SONET/SDH, G.709,T-carrier/E-

carrier, various 802.11 physical layers

The layers

The following is a description of each layer in the IP suite stack.

Application layer

The application layeris used by most programs for network communication. Data is passed from

the program in an application-specific format, then encapsulatedinto a transport layer protocol.

Since the IP stack has no layers between the application and transport layers, the application

layer must include any protocols that act like the OSI's presentation and session layer protocols.

This is usually done through libraries.
http://en.wikipedia.org/wiki/Address_Resolution_Protocolhttp://en.wikipedia.org/wiki/Reverse_Address_Resolution_Protocolhttp://en.wikipedia.org/wiki/Reverse_Address_Resolution_Protocolhttp://en.wikipedia.org/wiki/Generic_Routing_Encapsulationhttp://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-7http://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-7http://en.wikipedia.org/wiki/ECHO_protocolhttp://en.wikipedia.org/wiki/Endpoint_Handlespace_Redundancy_Protocolhttp://en.wikipedia.org/wiki/File_transfer_protocolhttp://en.wikipedia.org/wiki/Gopher_(protocol)http://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Network_File_System_(protocol)http://en.wikipedia.org/wiki/RTSPhttp://en.wikipedia.org/wiki/Session_Initiation_Protocolhttp://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Whoishttp://en.wikipedia.org/wiki/XMPPhttp://en.wikipedia.org/wiki/External_Data_Representationhttp://en.wikipedia.org/wiki/Abstract_Syntax_Notation_1http://en.wikipedia.org/wiki/Server_message_blockhttp://en.wikipedia.org/wiki/Apple_Filing_Protocolhttp://en.wikipedia.org/wiki/NetWare_Core_Protocolhttp://en.wikipedia.org/wiki/Aggregate_Server_Access_Protocolhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/SSLhttp://en.wikipedia.org/wiki/Remote_procedure_callhttp://en.wikipedia.org/wiki/NetBIOShttp://en.wikipedia.org/wiki/AppleTalkhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Real-time_Transport_Protocolhttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Sequenced_packet_exchangehttp://en.wikipedia.org/wiki/AppleTalkhttp://en.wikipedia.org/wiki/IL_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_control_message_protocolhttp://en.wikipedia.org/wiki/Internet_group_management_protocolhttp://en.wikipedia.org/wiki/IPXhttp://en.wikipedia.org/wiki/OSPFhttp://en.wikipedia.org/wiki/Routing_information_protocolhttp://en.wikipedia.org/wiki/IGRPhttp://en.wikipedia.org/wiki/EIGRPhttp://en.wikipedia.org/wiki/Address_resolution_protocolhttp://en.wikipedia.org/wiki/RARPhttp://en.wikipedia.org/wiki/X.25http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Token_ringhttp://en.wikipedia.org/wiki/HDLChttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Integrated_Services_Digital_Networkhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Fiber_distributed_data_interfacehttp://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/10BASE-Thttp://en.wikipedia.org/wiki/100BASE-Thttp://en.wikipedia.org/wiki/1000BASE-Thttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/G.709http://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Application_layerhttp://en.wikipedia.org/wiki/Encapsulation_(networking)http://en.wikipedia.org/wiki/Encapsulation_(networking)http://en.wikipedia.org/wiki/Library_(computer_science)http://en.wikipedia.org/wiki/Address_Resolution_Protocolhttp://en.wikipedia.org/wiki/Reverse_Address_Resolution_Protocolhttp://en.wikipedia.org/wiki/Generic_Routing_Encapsulationhttp://d/downloads/training%20report%20crap/from%20net/IP_model.htm#_note-7http://en.wikipedia.org/wiki/ECHO_protocolhttp://en.wikipedia.org/wiki/Endpoint_Handlespace_Redundancy_Protocolhttp://en.wikipedia.org/wiki/File_transfer_protocolhttp://en.wikipedia.org/wiki/Gopher_(protocol)http://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Network_File_System_(protocol)http://en.wikipedia.org/wiki/RTSPhttp://en.wikipedia.org/wiki/Session_Initiation_Protocolhttp://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Whoishttp://en.wikipedia.org/wiki/XMPPhttp://en.wikipedia.org/wiki/External_Data_Representationhttp://en.wikipedia.org/wiki/Abstract_Syntax_Notation_1http://en.wikipedia.org/wiki/Server_message_blockhttp://en.wikipedia.org/wiki/Apple_Filing_Protocolhttp://en.wikipedia.org/wiki/NetWare_Core_Protocolhttp://en.wikipedia.org/wiki/Aggregate_Server_Access_Protocolhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/SSLhttp://en.wikipedia.org/wiki/Remote_procedure_callhttp://en.wikipedia.org/wiki/NetBIOShttp://en.wikipedia.org/wiki/AppleTalkhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Real-time_Transport_Protocolhttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Sequenced_packet_exchangehttp://en.wikipedia.org/wiki/AppleTalkhttp://en.wikipedia.org/wiki/IL_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_control_message_protocolhttp://en.wikipedia.org/wiki/Internet_group_management_protocolhttp://en.wikipedia.org/wiki/IPXhttp://en.wikipedia.org/wiki/OSPFhttp://en.wikipedia.org/wiki/Routing_information_protocolhttp://en.wikipedia.org/wiki/IGRPhttp://en.wikipedia.org/wiki/EIGRPhttp://en.wikipedia.org/wiki/Address_resolution_protocolhttp://en.wikipedia.org/wiki/RARPhttp://en.wikipedia.org/wiki/X.25http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Token_ringhttp://en.wikipedia.org/wiki/HDLChttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Integrated_Services_Digital_Networkhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Fiber_distributed_data_interfacehttp://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/10BASE-Thttp://en.wikipedia.org/wiki/100BASE-Thttp://en.wikipedia.org/wiki/1000BASE-Thttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/G.709http://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Application_layerhttp://en.wikipedia.org/wiki/Encapsulation_(networking)http://en.wikipedia.org/wiki/Library_(computer_science)


18/36

Data sent over the network is passed into the application layer where it is encapsulated into the

application layer protocol. From there, the data is passed down into the lower layer protocolof

the transport layer.

The two most common lower layer protocols are TCP and UDP. Commonservers have specific

ports assigned to them (HTTP has port 80; FTP has port 21; etc.) while clients useephemeralports.

Routers and switches do not utilize this layer butbandwidth throttlingapplications do, as withthe Resource Reservation Protocol(RSVP).

Transport layer

The transport layer's responsibilities include end-to-end message transfer capabilitiesindependent of the underlying network, along with error control, fragmentation and flow control.

End to end message transmission or connecting applications at the transport layer can be

categorized as either:

1. connection-oriented e.g. TCP2. connectionless e.g UDP

The transport layer can be thought of literally as a transport mechanism e.g. a vehicle whose

responsibility is to make sure that its contents (passengers/goods) reach its destination safely and

soundly, unless a higher or lower layer is responsible for safe delivery. Some applications, suchas Voice Over IP(VOIP) can tolerate dropped packets, but not delay or reordering that would be

caused by a reliable transport.

The transport layer provides this service of connecting applications together through the use ofports. Since IP provides only abest effort delivery, the transport layer is the first layer of theTCP/IP stack to offer reliability. Note that IP can run over a reliable data link protocol such as

the High-Level Data Link Control (HDLC). Protocols above transport, such as RPC, also can

provide reliability.

For example, TCPis a connection-oriented protocol that addresses numerous reliability issues toprovide a reliable byte stream:

data arrives in-order

data has minimal error (i.e correctness)

duplicate data is discarded lost/discarded packets are resent

includes traffic congestion control

The newerSCTP is also a "reliable", connection-oriented, transport mechanism. It is stream-oriented notbyte-oriented like TCP and provides multiple streams multiplexed over a

single connection. It also provides multi-homingsupport, in which a connection end can be

represented by multiple IP addresses (representing multiple physical interfaces), such that if one
http://en.wikipedia.org/wiki/Lower_layer_protocolhttp://en.wikipedia.org/wiki/Lower_layer_protocolhttp://en.wikipedia.org/wiki/Server_(computing)http://en.wikipedia.org/wiki/Server_(computing)http://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/HyperText_Transfer_Protocolhttp://en.wikipedia.org/wiki/File_Transfer_Protocolhttp://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Bandwidth_throttlinghttp://en.wikipedia.org/wiki/Bandwidth_throttlinghttp://en.wikipedia.org/wiki/Resource_Reservation_Protocolhttp://en.wikipedia.org/wiki/Resource_Reservation_Protocolhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Connection-orientedhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Connectionlesshttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Voice_Over_IPhttp://en.wikipedia.org/wiki/Voice_Over_IPhttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Best_effort_deliveryhttp://en.wikipedia.org/wiki/High-Level_Data_Link_Controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Reliable_byte_streamhttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Connection-orientedhttp://en.wikipedia.org/w/index.php?title=Stream-oriented&action=edithttp://en.wikipedia.org/w/index.php?title=Stream-oriented&action=edithttp://en.wikipedia.org/w/index.php?title=Stream-oriented&action=edithttp://en.wikipedia.org/wiki/Byte-orientedhttp://en.wikipedia.org/wiki/Multi-homedhttp://en.wikipedia.org/wiki/Multi-homedhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Lower_layer_protocolhttp://en.wikipedia.org/wiki/Server_(computing)http://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/HyperText_Transfer_Protocolhttp://en.wikipedia.org/wiki/File_Transfer_Protocolhttp://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Bandwidth_throttlinghttp://en.wikipedia.org/wiki/Resource_Reservation_Protocolhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Connection-orientedhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Connectionlesshttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Voice_Over_IPhttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Best_effort_deliveryhttp://en.wikipedia.org/wiki/High-Level_Data_Link_Controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Reliable_byte_streamhttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Connection-orientedhttp://en.wikipedia.org/w/index.php?title=Stream-oriented&action=edithttp://en.wikipedia.org/w/index.php?title=Stream-oriented&action=edithttp://en.wikipedia.org/wiki/Byte-orientedhttp://en.wikipedia.org/wiki/Multi-homedhttp://en.wikipedia.org/wiki/IP_address


19/36


20/36

functions such as adding apacket headerto prepare it for transmission, then actually transmit the

frame over aphysicalmedium.

For Internet access over a dial-up modem, IP packets are usually transmitted using PPP. Forbroadband Internet access such asADSL orcable modems, PPPoEis often used. On a local

wired network, Ethernetis usually used, and on local wireless networks, IEEE 802.11 is usuallyused. Forwide-area networks, either PPP overT-carrierorE-carrierlines,Frame relay,ATM, or

packet over SONET/SDH (POS) are often used.

The link layer can also be the layer where packets are intercepted to be sent over a virtual private

network. When this is done, the link layer data is considered the application data and proceeds

back down the IP stack for actual transmission. On the receiving end, the data goes up the IP

stack twice (once for routing and the second time for the VPN).

The link layer can also be considered to include the physical layer, which is made up of the

actual physical network components (hubs, repeaters, fiber optic cable, coaxial cable, network

cards, Host Bus Adapter cards and the associated network connectors: RJ-45, BNC, etc), and thelow level specifications for the signals (voltage levels, frequencies, etc).

Physical layer

The Physical layer is responsible for encoding and transmission of data over networkcommunications media. It operates with data in the form of bits that are sent from the Physical

layer of the sending (source) device and received at the Physical layer of the destination device.

Ethernet, Token Ring, SCSI, hubs, repeaters, cables and connectors are standard network devices

that function at the Physical layer. The Physical layer is also considered the domain of many

hardware-related network design issues, such as LAN and WAN topology and wirelesstechnology.
http://en.wikipedia.org/wiki/Packet_headerhttp://en.wikipedia.org/wiki/Physical_layerhttp://en.wikipedia.org/wiki/Transmission_mediumhttp://en.wikipedia.org/wiki/Modemhttp://en.wikipedia.org/wiki/Modemhttp://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/Broadband_Internet_accesshttp://en.wikipedia.org/wiki/ADSLhttp://en.wikipedia.org/wiki/ADSLhttp://en.wikipedia.org/wiki/Cable_modemhttp://en.wikipedia.org/wiki/PPPoEhttp://en.wikipedia.org/wiki/PPPoEhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Wide-area_networkshttp://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/Packet_over_SONET/SDHhttp://en.wikipedia.org/wiki/Virtual_private_networkhttp://en.wikipedia.org/wiki/Virtual_private_networkhttp://en.wikipedia.org/wiki/Packet_headerhttp://en.wikipedia.org/wiki/Physical_layerhttp://en.wikipedia.org/wiki/Transmission_mediumhttp://en.wikipedia.org/wiki/Modemhttp://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/Broadband_Internet_accesshttp://en.wikipedia.org/wiki/ADSLhttp://en.wikipedia.org/wiki/Cable_modemhttp://en.wikipedia.org/wiki/PPPoEhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/IEEE_802.11http://en.wikipedia.org/wiki/Wide-area_networkshttp://en.wikipedia.org/wiki/T-carrierhttp://en.wikipedia.org/wiki/E-carrierhttp://en.wikipedia.org/wiki/Frame_relayhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/Packet_over_SONET/SDHhttp://en.wikipedia.org/wiki/Virtual_private_networkhttp://en.wikipedia.org/wiki/Virtual_private_network


21/36

(8)- Networking Equipments

(a)- Hubs

Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When apacket arrives at one port, it is copied to the other ports so that all segments of the LAN can seeall packets.

A passive hub serves simply as a conduit for the data, enabling it to go from one device (or

segment) to another. So-called intelligent hubs include additional features that enables anadministrator to monitor the traffic passing through the hub and to configure each port in the

hub. Intelligent hubs are also called manageable hubs.

A third type of hub, called a switching hub, actually reads the destination address of each packetand then forwards the packet to the correct port.

A hub is an "unintelligent" broadcast device -- any packet entering any port of the HUB is

broadcast out on every port except source port. Hubs do not manage any of the traffic that comes

through their ports. Since every packet is constantly being sent out through every port, there are alot of packet collisions, which greatly impedes the smooth flow of traffic on the LAN. The

arrangement is shown below:

When a hub receives a packet (chunk) of data (a frame in Ethernet) at one of its ports from a PC

on the network, it transmits (repeats) the packet to all of its ports and, thus, to all of the other PCs

on the network. If two or more PCs on the network try to send packets at the same time acollision is said to occur. When that happens all of the PCs have to go though a routine to

resolve the conflict. The process is prescribed in the Ethernet Carrier Sense Multiple Access

with Collision Detection (CSMA/CD) protocol. Each Ethernet Adapter has both a receiver and atransmitter. If the adapters didn't have to listen with their receivers for collisions they would be

able to send data at the same time they are receiving it (full duplex). Because they have to

operate at half duplex (data flows one way at a time) and a hub retransmits data from one PC toall of the PCs, the maximum bandwidth is 100 MHz and that bandwidth is shared by all of the

PC's connected to the hub. The result is when a person using a computer on a hub downloads a

large file or group of files from another computer the network becomes congested. In a 10 MHz10Base-T network the affect is to slow the network to nearly a crawl.
http://www.webopedia.com/TERM/h/segment.htmlhttp://www.webopedia.com/TERM/h/local_area_network_LAN.htmlhttp://www.webopedia.com/TERM/h/port.htmlhttp://www.webopedia.com/TERM/h/packet.htmlhttp://www.webopedia.com/TERM/h/switching_hub.htmlhttp://www.webopedia.com/TERM/h/segment.htmlhttp://www.webopedia.com/TERM/h/local_area_network_LAN.htmlhttp://www.webopedia.com/TERM/h/port.htmlhttp://www.webopedia.com/TERM/h/packet.htmlhttp://www.webopedia.com/TERM/h/switching_hub.html


22/36

(b)- Switches

A network switch (or just switch for short) is a networking device that performs transparentbridging (connection of multiple network segments with forwarding based on MAC addresses) at

full wire speed in hardware. The use of specially designed hardware also makes it possible to

have large numbers of ports (unlike a PC based bridge which is very limited by expansion slotcount).

If a network has only switches and no hubs then the collision domains are either reduced to a

single link or, if both ends support full duplex, eliminated altogether. The principle of a fast

hardware forwarding device with many ports can be extended to higher layers giving themultilayer switch.

A network switch (or just switch for short) is a networking device that performs transparent

bridging (connection of multiple network segments with forwarding based on MAC addresses) atfull wire speed in hardware. The use of specially designed hardware also makes it possible to

have large numbers of ports (unlike a PC based bridge which is very limited by expansion slot

count).

If a network has only switches and no hubs then the collision domains are either reduced to asingle link or, if both ends support full duplex, eliminated altogether. The principle of a fast

hardware forwarding device with many ports can be extended to higher layers giving the

multilayer switch.An Ethernet switch automatically divides the network into multiple segments, acts as a high-

speed, selective bridge between the segments, and supports simultaneous connections of multiple

pairs of computers, which don't compete with other pairs of computers for network bandwidth.It accomplishes this by maintaining a table of each destination address and its port. When the

switch receives a packet, it reads the destination address from the header information in the

packet, establishes a temporary connection between the source and destination ports, sends thepacket on its way, and then terminates the connection. In short, switches have separate collision

domains (CD) and each pair of PCs is talking through a separate collision domain so nocollisions occur. Therefore multiple connections between various pairs of PCs can be establishedsimultaneously with no collisions occurring.Picture a switch as making multiple dedicated cable

connections between pairs of computers. High-speed electronics in the switch automatically

connect the end of one cable (source port) from a sending computer to the end of another cable

(destination port) going to the receiving computer on a per packet basis. Multiple connectionslike this can occur simultaneously. It's as simple as that. And like a crossover cable between two

PCs, PC's on an Ethernet switch do not share the transmission media, do not experience

collisions or have to listen for them, can operate in a full-duplex mode, have bandwidth as highas 200 Mbps, 100 Mbps each way, and do not share this bandwidth with other PCs on the

switch. In short, a switch is "much better."

(c)- Hubs vs. Switches
http://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full-duplex_ethernethttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Full-duplex_ethernethttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full-duplex_ethernethttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Full-duplex_ethernethttp://en.wikipedia.org/wiki/Multilayer_switch


23/36

A hub, or repeater, is a fairly unsophisticated broadcast device. Any packet entering any port is

broadcast out on every port and thus hubs do not manage any of the traffic that comes

through their ports. Since every packet is constantly being sent out through every port, thisresults in packet collisions, which greatly impedes the smooth flow of traffic.

A switch isolates ports, meaning that every received packet is sent out only to the port on which

the target may be found (assuming the proper port can be found; if it is not, then the switch willbroadcast the packet to all ports). Since the switch intelligently sends packets only where theyneed to go the performance of the network can be greatly increased.

More expensive switches can also do several other operations, such as isolating ports from each

other by placing them in different VLANs, or allowing snooping by copying all packets on someset of ports to a special "sniffer" port.

This leaves the question of when a switch is most appropriate, versus a hub. If most of the

network traffic involves only a few ports, then there will be little performance gain achieved byupgrading from a hub to a switch. But if the traffic involves more than a few ports, using a

switch can yield a significant improvement in performance. Also, modern Fast Ethernet switches

designed for small office / home office (SOHO) use are priced comparably to hubs, making use

of a hub somewhat pointless if new equipment must be purchased anyway.

(d)- Router

A router is a computer networking device that forwards data packets across an internetworktoward their destinations, through a process known as routing. Routing occurs at layer 3 (the

Network layer e.g. IP) of the OSI seven-layer protocol stack.

A router acts as a junction between two or more networks to transfer data packets among them.A router is different from a switch. A switch connects devices to form a Local area network

(LAN). One easy illustration for the different functions of routers and switches is to think ofswitches as neighborhood streets, and the router as the intersections with the street signs. Each

house on the street has an address within a range on the block. In the same way, a switchconnects various devices each with their own IP address(es) on a LAN. However, the switch

knows nothing about IP addresses except its own management address. Routers connect

networks together the way that on-ramps or major intersections connect streets to both highwaysand freeways, etc. The street signs at the intersection (routing table) show which way the packets

need to flow.

Router

So for example, a router at home connects the Internet Service Provider's (ISP) network (usually

on an Internet address) together with the LAN in the home (typically using a range ofprivate IPaddresses, see network address translation) and a singlebroadcast domain. The switch connects
http://en.wikipedia.org/wiki/Ethernet_hubhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Private_IP_addresshttp://en.wikipedia.org/wiki/Private_IP_addresshttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Broadcast_domainhttp://en.wikipedia.org/wiki/Ethernet_hubhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Private_IP_addresshttp://en.wikipedia.org/wiki/Private_IP_addresshttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Broadcast_domain


24/36

devices together to form the LAN. Sometimes the switch and the router are combined together in

one single package sold as a multiple port router.

In order to route packets, a router communicates with other routers using routing protocols and

using this information creates and maintains a routing table. The routing table stores the best

routes to certain network destinations, the "routing metrics" associated with those routes, and thepath to the next hop router. See the routing article for a more detailed discussion of how this

works.Routing is most commonly associated with the Internet Protocol, although other less-popularrouted protocols are in use

A router that connects clients to the Internet is called an edge router. A router that serves solely

to transmit data between other routers, e.g. inside the network of an Internet service provider, iscalled a core router.

(d)- Bridge

A network bridge connects multiplenetwork segments at the data link layer(layer 2) of the OSI

model. Bridges are similar to repeaters ornetwork hubs, devices that connect network segmentsat thephysical layer, however a bridge works by usingbridging where traffic from one network

is managed rather than simply rebroadcast to adjacent network segments. In Ethernet networks,

the term "bridge" formally means a device that behaves according to the IEEE 802.1Dstandard -this is most often referred to as a network switch in marketing literature.

Since bridging takes place at the data link layer of the OSI model, a bridge processes the

information from each frame of data it receives. In an Ethernet frame, this provides the MAC
http://en.wikipedia.org/wiki/Routing_protocolshttp://en.wikipedia.org/wiki/Routing_tablehttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Repeaterhttp://en.wikipedia.org/wiki/Ethernet_hubhttp://en.wikipedia.org/wiki/Physical_layerhttp://en.wikipedia.org/wiki/Physical_layerhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/IEEE_802.1Dhttp://en.wikipedia.org/wiki/IEEE_802.1Dhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Routing_protocolshttp://en.wikipedia.org/wiki/Routing_tablehttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Repeaterhttp://en.wikipedia.org/wiki/Ethernet_hubhttp://en.wikipedia.org/wiki/Physical_layerhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/IEEE_802.1Dhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/MAC_address


25/36

address of the frame's source and destination. Bridges use two methods to resolve the network

segment that a MAC address belongs to.

Transparent bridging This method uses a forwarding database to send frames acrossnetwork segments. The forwarding database is initially empty and entries in the database

are built as the bridge receives frames. If an address entry is not found in the forwardingdatabase, the frame is rebroadcast to all ports of the bridge, forwarding the frame to all

segments except the source address. By means of these broadcast frames, the destinationnetwork will respond and a route will be created. Along with recording the network

segment to which a particular frame is to be sent, bridges may also record a bandwidth

metric to avoid looping when multiple paths are available. Devices that have thistransparent bridging functionality are also known as adaptive bridges.

Source route bridging With source route bridging two frame types are used in order to

find the route to the destination network segment. Single-Route (SR) frames comprise

most of the network traffic and have set destinations, while All-Route(AR) frames are

used to find routes. Bridges send AR frames by broadcasting on all network branches;each step of the followed route is registered by the bridge performing it. Each frame has a

maximum hop count, which is determined to be greater than the diameterof the networkgraph, and is decremented by each bridge. Frames are dropped when this hop count

reaches zero, to avoid indefinite looping of AR frames. The first AR frame which reaches

its destination is considered to have followed the best route, and the route can be used forsubsequent SR frames; the other AR frames are discarded. This method of locating a

destination network can allow for indirect load balancingamong multiple bridges

connecting two networks. The more a bridge is loaded, the less likely it is to take part in

the route finding process for a new destination as it will be slow to forward packets. Anew AR packet will find a different route over a less busy path if one exists. This method

is very different from transparent bridge usage, where redundant bridges will beinactivated; however, more overhead is introduced to find routes, and space is wasted tostore them in frames. A switch with a faster backplane can be just as good for

performance, if not for fault tolerance.

(e)- Bridges vs. Routers

Bridging and Routing are both ways of performing data control, but work through differentmethods. Bridging takes place at OSI Model Layer 2 (Data-Link Layer) while Routing takes

place at the OSI Model Layer 3(Network Layer). This difference means that a bridge directs

frames according to hardware assigned MAC addresses while a router makes its decisions

according to arbitrarily assigned IP Addresses. As a result of this, bridges are not concerned withand are unable to distinguish networks whilerouters can.

When designing a network, you can choose to put multiple segments into one bridged network or

to divide it into different networks interconnected by routers. If a host is physically moved fromone network area to another in a routed network, it has to get a new IP address; if this system is

moved within a bridged network, it doesn't have to reconfigure anything.
http://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Graph_diameterhttp://en.wikipedia.org/wiki/Load_balancinghttp://en.wikipedia.org/wiki/Load_balancinghttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/OSI_model#Layer_2:_Data_Link_Layerhttp://en.wikipedia.org/wiki/OSI_model#Layer_3:_Network_Layerhttp://en.wikipedia.org/wiki/OSI_model#Layer_3:_Network_Layerhttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/IP_Addresshttp://en.wikipedia.org/wiki/Computer_networkinghttp://en.wikipedia.org/wiki/Routershttp://en.wikipedia.org/wiki/Routershttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Graph_diameterhttp://en.wikipedia.org/wiki/Load_balancinghttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/OSI_model#Layer_2:_Data_Link_Layerhttp://en.wikipedia.org/wiki/OSI_model#Layer_3:_Network_Layerhttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/IP_Addresshttp://en.wikipedia.org/wiki/Computer_networkinghttp://en.wikipedia.org/wiki/Routers


26/36

(f)- Network Interface Card (NIC)

A network card, network adapter orNIC (network interface card) is a piece ofcomputerhardware designed to allow computers to communicate over a computer network. It provides

physical access to a networking medium and provides a low-level addressing system through the

use ofMAC addresses. It allows users to connect to each other either by using cables orwirelessly.

(9)- Internet Protocol Addressing

GENERAL IP ADDRESSING ARCHITECTURE

As implied by its name, the IP (Internet Protocol) address is the mean to address someone over

the Internet.When you browse the web, you type an address that contains letters, numbers and

some signs.The address is then translated to an IP address by a protocol named DNS (DomainName Service) which is out of the scope of this tutorialEvery computer connected to the Internet

has a different IP address An IP address is actually a 32-bit numeric value.

Usually, for convenience, it is presented in DECIMAL DOT NOTATION:4 octets (bytes)

separated by dots.

As each number is represented by an octet (8 bits), its values ranging 0 - 255Each physicalnetwork has its own unique network address, in which every host (computer \ router \ bridge) has

its own unique ID, hence, each host has its own unique address.Routers or gateways can have

one or more addresses depending upon the number of links they can maintain. An IP address is

therefore a combination of network and host identifications.

FORMS OF IP ADDRESSING

When the internet was just starting out, it was thought that order is needed.

IP addresses were classified into 5 categories or Classes. As such, there are five forms of IP

addresses:

Class & description

Class A:

126 networks, each can have up to (16M-2) nodes.

The address range lies from (1.0.0.0 - 127.255.255.255)
http://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/MAC_address


27/36

Class A IP addresses are chosen for huge networks.

Class B:

(16K-2) Networks can have up to (64K-2) nodes

The address range lies from(128.0.0.0 - 191.255.255.255)

These IP addresses are usedfor pretty large networks.

Class C:

(2M-2) Networks, each can have up to 254 nodes.


The IP addresses are used for Medium & Small networks.

Class D:

A multicast address.


Multicast is sending the same content to many users at once (like watching TV)

Class E:

This class of IP addressing is reserved for future use.The address range would lies from (240.0.0.0 - 247.255.255.255)

A few conventions:

1) By convention we don't use series of 0 or of 1 as legal address!

2) By convention we save the address 127.0.0.0 for loopback

3) The address 0.0.0.0 is used to represent a default route.

4) The maximum number of nodes on each net is (2^n)-2 when n is number of bits for host ID.


28/36

Ip address formats

For example:

The address (binary) - 10000000 00000111 00001111 00000001

DECIMAL DOT NOTATION: 128.7.15.1

Therefore it belongs to: Class B addresses

Its Network-id is: 128.7

Its Host-id is: 15.1

Special forms of Internet Addresses

There are certain addresses that are not in use.

Other than that, there are special prefixes or addresses as follows:

0.0.0.0 - This host.

0.host_number - host on this net

255.255.255.255 - Limited broadcast * (local net).

Net_number.255 - Directed broadcast for the specified net

127.anything - Loop-back within the computer (should never appear on the net). Is used for

internal testing.

Broadcast: Sending the same message at once to all hosts connected to a specifiednetwork.

IP Addresses assignment example


29/36

In the Picture above you can see at least 3 networks:

The upper one is Local Area Network (LAN) organized in bus topology

This Net ID is 212.55.12 (Class C), and it has 4 hosts, each has different Host ID.

The lower net on the right hand side is organized in ring topology.

Its Net ID is 128.22 (Class B), and it has 5 hosts.On the lower left hand side you can see a LAN

in star topology (net ID is 135.45- Class B), consists of 3 independent hosts, and a server,

connecting two other hosts.All networks are connected to a router, connecting them to the

Internet backbone.

IP Subnetting

Subnetting is a Technique used to allow a single IP network address to span multiple physicalnetworks. Subnetting was invented in order to use the IP address space (the one discussed here is

v4) in a better, less wasteful way, allowing addressing even though the number of hosts

connected to the internet at any given moment now is much larger than the one in the earlier days

of the internet, when the partition into classes took place. The original Classes method is very

wasteful - it uses merely 3% of the possible address space !!!


30/36

What is Subnetting all about:

Subnetting means using some of the bits of the host ID part in an IP address as a physical

network identifier.Subnetting is done by using some of the bits of the host-id part of the IPaddress as a physical network identifier.The sequence of bits called a 'subnet mask' designates a

network identifier to a given network.All hosts on the same network should have the same subnetmask, meaning the same prefix (expected length according to the net's size or number of hosts).

Subnetting better utilizes the address space by dividing these big networks to smaller ones.

An example ofSubnetting:

The Class B network 128.10.0.0 can be subnetted using the first 8 bits of the host-id, to span 254

different physical networks.

The subnet mask for this case is 255.255.255.0

The subnet works are: 128.10.1.0, 128.10.2.0,..., 128.10.254.0 .

Each of the subnet works can have up to 254 different hosts:

128.10.XXX.1, 128.10.XXX.2,..., 128.10.XXX.254 .

If there is a need for less physical nets and more hosts in each one, less host-id bits can be used

for subnetting.

For example:

With the subnet mask 255.255.254.0,

126 different subnets are available with up to 510 hosts in each one.Many Class A and B

networks do not contain as many hosts as they could. This situation causes a lot of address space

waste

Dividing a single Class B network into two sub-networks:


31/36

All Gateways except G (Which is physically interconnecting the networks) route as if there was

a single physical network.

IP version 4

IPv4 only uses 32-bit(4byte) addresses, which limits the address space to 4,294,967,296 (232)possible unique addresses. However, many are reserved for special purposes, such asprivate

networks (~18 million addresses) ormulticast addresses (~270 million addresses). This reducesthe number of addresses that can be allocated as public Internet addresses, and as the number ofaddresses available is consumed, an IPv4 address shortage appears to be inevitable in the long

run. This limitation has helped stimulate the push towards IPv6, which is currently in the early

stages of deployment and is currently the only contender to replace IPv4.

Example: 127.0.0.1 (Loopback)

IP version 6

IPv6 is the new standard protocol for the Internet. Windows Vista,Apple Computer'sMac OS X,

and an increasing range ofLinuxdistributions include native support for the protocol, but it isnot yet widely deployed elsewhere.

Addresses are 128 bits (16 bytes) wide, which, even with a generous assignment of netblocks,

will more than suffice for the foreseeable future. In theory, there would be exactly 2 128, or about

3.403 1038 unique host interface addresses. Further, this large address space will be sparselypopulated, which makes it possible to again encode more routing information into the addresses

themselves.
http://en.wikipedia.org/wiki/Bithttp://en.wikipedia.org/wiki/Bithttp://en.wikipedia.org/wiki/Bytehttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Multicast_addresshttp://en.wikipedia.org/wiki/IPv4#Exhaustionhttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Apple_Computerhttp://en.wikipedia.org/wiki/Apple_Computerhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Bithttp://en.wikipedia.org/wiki/Bytehttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Multicast_addresshttp://en.wikipedia.org/wiki/IPv4#Exhaustionhttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Apple_Computerhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Linux


32/36


33/36

Network security is a complicated subject, historically only tackled by well-trained and

experienced experts. However, as more and more people become ``wired'', an increasing number

of people need to understand the basics of security in a networked world. This document waswritten with the basic computer user and information systems manager in mind, explaining the

concepts needed to read through the hype in the marketplace and understand risks and how to

deal with them. Some history of networking is included, as well as an introduction to TCP/IP andinternetworking. We go on to consider risk management, network threats, firewalls, and more

special-purpose secure networking devices. This is not intended to be a ``frequently asked

questions'' reference, nor is it a ``hands-on'' document describing how to accomplish specificfunctionality. It is hoped that the reader will have a wider perspective on security in general, and

better understand how to reduce and manage risk personally, at home, and in the workplace.

(11)- Firewall Basics

Having an up-to-date anti-virus program in place is the first and most basic line of defense inyour computer. Without it, your computer will sooner or later be contaminated with virus

software. The resulting problem may be anywhere from annoying to disastrous. It is an essential

line of defense, but it is by no means the answer to all your problems.

Unfortunately for those of us who seek to improve the quality of life for everyone, there are

those who, for some reason of their own, intend to make life worse for everyone. This group

includes the "cracker" or "script kiddy" whose intention is to break into your computer and leave

a mark by destroying something of value to you.

Don't confuse these characters with the "hackers" of old. "Hackers" intent was to break the lockand open the door by using their wit and wiles. The "cracker" or "script kiddy" intends only to

get into your computer -- probably using some tool found on the internet, the workings of which

they probably don't understand in the least -- and having opened the door, steal or destroy allthey can. This malicious intent is what makes these characters so dangerous to your computer.

You need to add a firewall to your defensive strategy. A firewall makes things a lot more

difficult for the invader to get into the computer. While there is no such thing as a fully secure

internet connected computer, you can get pretty close with good firewall protection. The idea isto make your defenses strong enough that the next person's computer is an easier target so the

typical assailant will go for it and give up on yours. The highly skilled cracker isn't likely to

spend their energies going after your pc when there are banks and corporations to be had.

There are two categories of firewall than you can use. The first is a software firewall, the otheris a firewall built into an external device such as a router. Both have value.

A software firewall is a program that sits in your computer and monitors all traffic on your

internet connection. It only allows certain types of traffic through, thereby making it much

harder for the cracker to get their malicious code into your machine. Windows XP has a


34/36

firewall built in. If you go to the "Properties" dialog of your network connection, on the

"Advanced" tab you will find "Internet Connection Firewall". It is turned off by default. You

can turn it on with one click and it will already be configured suitably for a typical home usemachine. If you need to fine tune its rules, you can click on the "Settings" button and configure

the details of the firewall. The is also very informative help available (Click on "Learn more

about Internet Connection Firewall" on the "Advanced" tab.)

There are plenty of software firewalls available on the Internet. Stay away from those producedby small or less well known manufacturers unless you can be certain of the quality of their work

and that they have not provided themselves a "back door" (a means whereby they can get

through their own firewall.) Two of the better known firewalls are Zone Alarm and Black IceDefender. If you use one of these firewalls, make sure you stay up to date with updates and

patches. (Windows' built-in firewall is updated by Windows Update, which you, of course,

already use.)

There is no reason not to use a software firewall in your computer, unless some specific program

that you require prevents its use. It is usually better to use the firewall and tweak theconfigurations of both the firewall and the other program until they work together, rather than to

not use the firewall. A software firewall in your PC is a good thing to use even if you have anexternal firewall. There is no such thing as a PC that is "too secure".

External firewalls, like those built into better routers, are very simple to use. If you have a

broadband connection and use such a router, it will not only provide a pretty good level of

protection for you, but also enable you to share your connection with several computers. Thesedevices have dropped dramatically is price over the past few years and are now well within the

means of a typical home PC owner. I highly recommend that you use one, even if you don't need

the sharing capability. They are a quick and easy way to provide a barrier between your PC and

the hostile world of the net.

Two guys find themselves trapped in a cave with a mountain lion sitting just outside the

entrance. After two days of the cat not leaving, they decide they will have to make a run for it.

"Wait while I put on my running shoes," says the one of them. "What's the point?" comes thereply, "even with them on, you'll never outrun a mountain lion." "I'm not trying to outrun a

mountain lion," says the first.Such is the defensive strategy of firewalls! While they may never

be a 100% block, they will make you a harder target than the next guy. Don't be the easy target!


35/36

A firewall is a hardware orsoftwaredevice which is configured to permit, deny, orproxydata

through a computer networkwhich has different levels of trust.

Function

A firewall's basic task is to regulate the flow of traffic between computer networks of differenttrust levels. Typical examples are theInternet which is a zone with no trust and aninternal

networkwhich is a zone of higher trust. A zone with an intermediate trust level, situated between

the Internet and a trusted internal network, is often referred to as a "perimeter network" orDemilitarized zone (DMZ).
http://en.wikipedia.org/wiki/Hardwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Proxy_serverhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Demilitarized_zone_(computing)http://en.wikipedia.org/wiki/Image:Firewall_%28networking%29.pnghttp://en.wikipedia.org/wiki/Image:Firewall_%28networking%29.pnghttp://en.wikipedia.org/wiki/Hardwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Proxy_serverhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Demilitarized_zone_(computing)


36/36

A firewall's function within a network is similar to firewalls with fire door in building

construction. In former case, it is used to prevent network intrusion to the private network. In

latter case, it is intended to contain and delay structural fire from spreading to adjacentstructures.

Without proper configuration, a firewall can often become worthless. Standard security practicesdictate a "default-deny" firewall ruleset, in which the only network connections which are

allowed are the ones that have been explicitly allowed. Unfortunately, such a configurationrequires detailed understanding of the network applications and endpoints required for the

organization's day-to-day operation. Many businesses lack such understanding, and therefore

implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specificallyblocked. This configuration makes inadvertent network connections and system compromise

much more likely.
http://en.wikipedia.org/wiki/Firewall_(construction)http://en.wikipedia.org/wiki/Firewall_(construction)

report networking

Documents