Chapter 2 OS : General is Deny not limit (windows) GPL (Global public license) or GNU allow you to identify the code ,which are fr ee mean less expensive duhh (linux) Windoe Exploer help show the end user license and the OS verison number shell, kernel PATCHES AUtomatic installtion Prompt for permission let you chose which patch to install it is a choice for user who understand the impact a patch may have on the sytem Manual are often call service pack Chapter 3 Cisco Hierarchical model in order to devliver the message across the appropriate medium is call ENCAPSU LATION NETWORK STANDARD HELP PROVIDED CONSISTENT INTERCONNECTION ACROSS NETWORK AND S IMIPLES NEW PRODUCT DEVELOPMENT Physical configuration of the network: Physical location of devices such as routers, switches, and hosts How all devices are interconnected Location and length of all cable runs Hardware configuration of end devices such as hosts and servers (more on hardware ) Logical configuration of the network: Location and size of broadcast and collision domains IP addressing scheme Naming scheme Sharing configuration Permissions (More on software ) Chapter 4 IP packet are also called datagram point of presence ---A POP is the connection point between the ISP's network and the particular geographical region that the POP is servicing. network operation center Digital Subscriber line access multiplexer DSLM CMTS cable modem termination system ----- MODEM CONVERT DIGITAL TO ANALOG Asy m metric ---- UP IS SLOWER THAN DOWN (use in home ) sy m metric ----- ALL THE SAME (Use in bussiness ) ISP that send information to one another all call backbone... Optic fiber Single mode user LED LASER upto 3 0 0 0 meter use for backbone Muiltmode up to 2 0 0 0 meter and use LED CLADING AND BUFFER IS TO REFLECT THE LIGHT.... EIA/Telecommunication I Assoication A is green infront B is orange in front insulation displacement connector Test the cable using Cable Tester, Certifier ,Multimeter using low quality cables or connectors can cause signal degradation when using U TP PATCH PANEL USE RJ-45 AND ALLOW QUICJ REARRANGEMENT OF NETWORK CONNECTION Coax use for cable and Statelite internet connectivity and allow many signal to be combine to be transmitted Cable Management Help to isolate problem and prevent physical Damage CHAPTER 5 IP ADDRESS CHAPTER 6 IMAP AND ICMP ARE DIFFERENT FTP USES TCP NOT UDP bare that in mind FTP 20 AND 21 21 FOR CONTROL TRAFFIC 20 actual file transder immediate answer = SMS or instanst message REMEMBER THE DIFFERENT BETWEEN OSI MODEL AND TCP/IP MODEL Chapter 7 IR is RELEATIVLEY LOW ENERGY and cannot penetrate through walls or other obstacles. However, it is commonly used to connect and move data between Personal digital asssiant IR uses IR DA (Direct access ) Provided one on one access and use in Remote control + wireless mouse and keyboa rd WIRELESS IS CHEAP , EASY TO INSTALL, SCALABILITY ,MOBILITY ,AND EASE OF ADDING BUT CAN BE INTERFERENCE DUE TO USING UNLICENSE RF AND SECURITY Radio Frequency can penetrate wall and uses 802.11 B G N BLUETOOTH 2.4 GHZ and IEE 802.11a + N 5ghz NOTED 802.11 TRANSMIT SAME FREQUENCY BUT WITH HIGHER POWER THAN BLUETOOTH THUS M AKING IT LONGER RANGER WIFI Alliance in charge of testing the WIFI network The Wi-Fi logo on a device means that this equipment meets standards and should interoperate with other devices of the same standard. Bluetooth 802.15a WPAN and it one two many that one bluetooth is used to conn ect to mutiple device .!!! WIRELESS HAD 3 TYPES WwAN (CELLPHONE) , WPAN() WLAN .. 802.11 A uses 5ghz Not compatibile with 2.4Ghz bg Expensive to implement and very diffcuilt to find 11a compiant equipme nt RANGE IS LESS THAN 33% OF 2.4 GHZ STANDARD FOR 802.11 Max 54 OFDM B uses 2.4 GHZ Max Data transfer 11mbps Range 46m (150ft) indoor 90m (300ft) outdoor DSS g uses 2.4GHZ Max Data transder 54 Backward compatible with 802.11b To help secure wireless transmissions including ENCRYPTION and AUTHENTICATED. There are two basic form of WLAN installation AD-hoc and infrastructure ADHoc : THe simplest form of wireless network does not had an AP ... All CLIENT ARE EQUAL AND CONNECT TWO CLIENT TOGEATHER THROUGHT PEER TO PEEER P 2P AD -hoc use simiple KNOW AS INDEPENDENT BASIC SERVICE SET IBSS INFRASTRUCTURE MODE Large network and need a single device that control communication in the wireless cell NORMALLY AN AP
INDIVIDUAL STA (STATION(CLIENT)) cant communicate directly with each oth er they need permission from AP
KNOW AS BASIC SERVER SET BSS or CELL. BSS also know as independent basic service set IBSS BSS is very small in order to expand it we need to connect BSS throuht a Distri butuion System (DS) know as ESS Channels are created by DIVIDING UP the available RF SPECTRUM. Each channel is capable of carrying a different conversation. This is similar to the way that multiple television channels are transmitted across a single medium. Wi-Fi uses CARRIER SENSE MULTIPLE ACCESS COLLISION AVOIDANCE If a device requires use of a specific communication channel in a BSS, it must ask permission from the AP. This is known as a REQUEST TO SEND (RTS). If the channel is available, the AP will respond to the device with a CLEAR TO S END (CTS) message Indicating that the device may transmit on the channel. A CTS is BROADCAST to all devices within the BSS. Therefore, all devices in th e BSS know that the requested channel is now in use. AFTER SENDING THE device that request will send a ACK to tell him that the channel can be rele ase which the AP WILL ALSO BROADCAST TO THE REST (After the two type of packet sending (sort of ) the AP will broadcast 1st from AP than from STA ) In order for STA the client configuration must matchthat of the Ap which are SSID, (Think about your hotspot in the MRT while OTW to Chua Chu Kang !!!) security settings, (PSK ,EAP) channel information if the channel was manually set on the AP THE WINDOW XP wireless client software is an example of popular wireless client utility that incuded as part of device OS There is also a stand alone which offer enchanced functionally and that include LINK INFORMATION ( The current strength and quality of a wireless single .) PROFILES (Allow configuration option such as channel and SSID to be specific for each wir eless network) SITE SURVEY . (Process of evaluting a network solution to deliver the required coverage . data range network capacity roaming capability and QoS OR Enable the detection of all wireless network in the vicinity ) And you cant use both stand alone and the XP wireless client to manage your network at the same time SECURITY Some of the more basic security measures include: BASIC Change default values for the SSID, usernames and passwords Disable broadcast SSID Configure MAC Address Filtering Some of the more advanced security measures include: ADVANCED Configure encryption using WEP or WPA Configure authentication Configure traffic filtering ---------------------------------- Disable SSID broadcast (BASIC) but people will still able to get into your netwrok throught a well know default SSID OR get from device accessing your network.As SSID are transmitted in clear text CHANGE THE DEFAULT SETTING OF THE NAME + password (BASIC) Mac address Filtering (BASIC) base on MAC ADDRESS WHO CAN SEND -------------------------- Authentication (ADVANCE) PSK ... Pre-shared Key (psk) sends a random string of bytes to the client. The client accepts the string, encrypts it (or scrambles it) based on the key, and sends it back to the AP. The AP gets the encrypted string and uses its key to decrypt (or unscramble) it.
if the decrypted string received from the client matches the original string sen t to the client, the client is allowed to connect. PROVIDE A ONE WAY AUTHENTICATION HOST authenticate to the AP but not AP to the HOST. iT USES TKIP temporal key integrity protocol or CCMP AS Extensible Authentication Protocol (EAP) EAP provides mutual, or two-way, authentication as well as user authentication ------------------------------------------------- WEP (encryptying NOT AUTHENTICATION) Wired Equivalency Protocol OR PRIACY (WEP) is an advanced security feature that encrypts network traffic as it travels through the air. WEP uses pre-configured keys to encrypt and decrypt data. WEP is entered into 64,bit or 128 bit it even support 256 And all device must have the SAME WEP key enter. WEP DOWNSIDE since it uses static key ..attack can discover it through internet and once ex tracted they can access completly to all transmitted information WPA WIFI protected Access use 64-256 bit generate a dynamic key each time a client establish a connection . WPA2 uses AES Advance Encryptuonn Standard or counter Mode cipher block chaini ng message Traffic filetring is done by the AP (ADVANCED) the AP block undersiable traffic from entering or leaving the wireless network it can be use to remove traffic from a specfic ip address or physical address AUTHENTICATION AND MAC ADDRES FILTERING IS IN EFFECT AUTHENTICATION IS IN USE THEN MAC ADDRESS FILTERING IS OCCIR ONCE IT VERIFIFED THE AP ADD THE HOST MAC ADDRESS INTO IT HOSTTABLE. STEP TO PLAN ASK QUESTION How many users will access the WLAN? What is the necessary coverage area? What is the existing network structure? (Are they already using b or a standard) What is the budget? (TCO) The SSID is a CASE SENSTIVE., ALPHA-NUMERIC ( UR own SSID SINGTEL-9775) string that is up to 32-characters. It is sent in the header of all frames transmitted over the WLAN. --The SSID is used to tell wireless devices which WLAN they belong to and with which other devices they can communicate. --All wireless devices in a WLAN must be configured with the same SSID in order to communicate. THROUGHT A WIRELESS LINK using the unlicensed RF frequencies network 40KM apart can be connected wireless Chapter 8 Information theif and identity theif are different Information is to steal data Identity theif is to steal YOUR PERSONAL INFORMATION (CREDIT CARD) to act like y ou. ALONG WITH D OF S and Data loss ------------------------------------------ Security threat can be external and internal External -- is the hacker(Had no permission ) work from outside to get your data either through Internet or wireless link and even dial up access server Internal -- is someone (had the permission) work from inside to get your data . They most likely know which data is vulnerable and valuable to get i t But not all are intentional some internal threat is due to somone ac count Account caught a virus .
MOST COMPANY SPEND A LOT OF RESOURCES DEFENDING EXTERNAL BUT MOST OF THE TIME IS INTERNAL THREAT.cover (70%) ------------------------------------------------------------ They can use SOcial engineering to get information SOCIAL Engineering is a term where someone had the ability of something or someo ne to influence the behavior of group of people ..
IT ALSO EXPLOIT THE FACT THAT USER ARE GENERALLY CONSIDER ONE OF THE WEAKEST LIN K AND THEY MOST COMMONLY USE THIS TECHNIQUE PHISING ,PRETEXTING AND VISHING PRETEXTING is a form of social engineering in which an individual lies to obtain privileged data..Or they invented a scenario mostlu done by phone PHISING is an act of sending an email to a user calming that they are from a legitmate source and tricking them to reveal their username and password Vishing Same as pHSING but through VOice over IP ... ------------------------------------- Other an social they can use virus ,worm ,torjan horse VIRUS -- is a programm that run and spread by modifying other progamm e or file IT CANT START BY ITSELF and it need to be activate (EXE, or file) ONCE ACTIVATED THEY CAN DO NOTHING THAN MAKING REPLICATE OF THEMSELF AND SPREAD THEY CAN CAUSE THE SYSTEM TO HALT BY USING UP MEMORY OR WORST ST ILL DELETE AWAY ALL YOUR FILE through ( CD , DVD, USB) WORM- -- Similar to virus but they do not need to be activate or att ach to a file (REMEMBER SEND TO HOST NOT ON EXE FILE THEY DO NOT NEED IT) They run indepenetly and use the network to spread a copy of i tself.. They can run independently and not necessariy require activatio n or human intervention . SELF SPREADING WORM HAD FAR MORE EFFECT THAN SIN GLE FILE VIRUS TROJAN HORSE--- use to bluff the user they are from a legimate source . They can be harmless or can damage the content of the computer hard drive or provide a back door access to hacker (internal thr eat) --------------------------------------------------------------------- Some time the goal of attack is to shut down normal opertaion of a network
They either accomplish this by flooding a system with traffic to prevent legitma te traffic from flowing or DISRUPT CONNECTION also know as DENIAL OF SERVICE THE TWO COMMON ARE SYNCRHONOUS flodding a packet send to a server for a client connection HEY CONTAIN FACK OR INVAILD SOURCE IP ADDRESS AND THE SERVER BECOME OCCUPIED TO HANDLE THIS REQUEST OR PING A PACKET GREATER THAN THE MAX SIDE 65,535 BYTE this may cause the recev ing SYSTEM TO CASH. They are also something call distributed denial of servce this is more sophitica ted it to flood the network with useless data..It operate on much larger scale and their attack point are thousand or hundred the attack point maybe on unsupecting computer that had been infected by the Distributed dential of service ------------------------------ Brute force THe hacker use a fast compuer to try and guess password or decipher and encrypti on code they rtreid a large number of possibilites in rapid succession to gain access... This can cause dential of service due to excessive traffic to a specific resource or by locking out user account ------------------------------------------------------------------ Note all attack do damage or prevent legitmate user from having access Many threat are designed to collet information about user THROUGHT Spyware ...Is any program that gather personal information from your computer wi thout your permission or knowledge this is send to advertiser or other on the in ternet and can include password and account number Tracking cookies -- are a form of sypware but are not alwasy bad theu are usee to record information about an internet user when they vist side..They care useful or desirable as it time saving MOST WEBSITE REQUIRE COOKIE LIKE (FACEBOOK) Adware -- is a form of SPYWARE that are used to colect information about a user base on a website they vist.. Adware is commontly install by a user in exchange for a fr ee product
Popup and pop under ---- are addintional advertising window that display when v isting a website unlike ADWARE they are NOT INTENTED to collect informa tion about the user and are typically assicoated only with the website being visited POPUP apprear infront pop under apper behind ---------- Security policy is a document that detail system,phsyical, and behaviroal constraint eg identifcation and AUthentication policites (only authroized people can access) password policties (make sure they meet the requirment network) accepetable use policies (which programm can be use) remote access policies (how you remote control) network maintenace procedures (speic NOs and end user application update procedure) incident handling procedures (describe how the incident happen) ------------------------------------------ Software vulnerabilites -- Patches and update Anti virus -- email checking resident dynamic scanning schedulded scan Automatic updates --------------------------------------------------- A Firewall is one of the most effective security tools available for protecting internal network users from external threats. A firewall resides between two or more networks and controls the traffic between them as well as helps prevent unauthorized acces (BASICALLY STOP UNAUTHORIZED ACCESS TO YOUR NETWORK) Firewall products use various techniques for determining what is permitted or de nied access to a network. 4 FILETRING PAUS PI Packet (think os the network layer) Filtering - Prevents or allows access based on IP or MAC addresses. Application Filtering - Prevents or allows access to specific application types based on port numbers. URL FILTERING- Prevents or allows access to websites based on specific URLs or k eywords. Stateful Packet Inspection (SPI NOT STI ARH) - Incoming packets must be legitima te responses to requests from internal hosts. Unsolicited packets are blocked unless permi tted specifically. SPI can also include the capability to recog nize and filter out specific types of attacks such a s DoS. Firewall product come in various form Appliance based firewall ---A APPLICATION BASE FIREWALL THAT IS BUILT IN TO DE DICATED HARDWARE DEVICE
Server based firewall --- IT consit of a firewall application than run on N OS such as unix,window or novel integrated firewall --- is added as a functionality to an existed device such a s router personal firewall ---- Reside on host computer and ARE NOT DESIGNED FOR LAN IMPLEMENTAION MAY BE AVAILABLE BY DEFUALT FROM OS OR MAY BE IN STALL FROM OUTSIDE VENDOR -------------------------------------- By placing firewall between your network and the internet it can act as as a bor der devvice and all traffic can me monitor and control. This create a clear line of defence //SOMETHING LIKE AN IMMGRATION CHECK POINT But however They may be some external people that require internal resoucres A DEMILITARIZED ZONE can be configured to accomplish this (IT USE FOR device tryi ng to access the sever ,WEB ,FTP + DNS) it is located between internal netwrok and external network usually the internet.. They can be done by Isolate a specifice static ip address or port forwarding opening a port that these port are use to accessible on the server other port number is excluded... ------------------------------------------------ A single firewall configuration had 3 area (external network,internal and DMZ) is require to monitor the traffic and determine what traffic should pass to the DMZ Two firewall configuration Internal and external firewall with the DMZ located between them External less restrictive and allow internet ser access to th service in the DMZ Internal is more restrive SINGLE CON IS THAT IT HAD A SINGLE POINT OF FAILURE AND CAN ME OVERLOAD THAT WHY TWO FIREWALL CONFIGURATION IS MORE SUITABLE FOR LARGE MORE COMPLEX NET ORK -------------------------------- They are many vulnerability tool for testing host and network security These are know as security scanner and help identify area where attack might occur and offer guidance on step can be taken SOME FEATUE ARE NO OF HOST AVILABLE ON NETWORK THE SERVICE HOST ARE OFFERING THE OS AND VERSION ON THE HOST PACKET FILERS AND FIREWALL IN USE ------------------------------------------------------------------------- Chapter 9 Troubleshoot is to identify the problem and correct the problem 1 step) Gather informationy
Gather information from the user experiencing the problem like (end user experience , observed symptom and error messa ge) THEN to the Device through log file or any recent changes made to equipment configura tion Other information also include the model and the manufactuer ... ---------------------------------------------------------------------- Troubleshoot structured included TOP-DOWN --------STart from the top of the OSI layer model and work all the way down BOTTOM- UP -------- start from the bottom of the OSI layer model and work all the way up Divide- and -conquer--- start from the middle of the OSI layer and work either way up or down All thanks to these approaches it ideally suited for novice troubleshoot ALL thoses advance or experience will bypass this structured apporaches and rely on instinct and experience such as trial and error or substitution. ------------------------------------------- Substitution -- is assumed to be cause by specific hardware component ---------------------------------------------- NetStat show which active TCP connection are open and running . ------------------------------------------------------------ COnnectivity problem occur on both wireless and wired network WHen trougbleshooting with both WIRED AND WIRELESS USE DIVIDE AND CONQUER METHOD 1) PING from a wireless client to the default gateway (check if the wireless client is connecting as expected) 2 Ping from a wired client to the default gatewat (check if the wired client is connectiing as expected) 3) Ping from the wireless cient to a wired client (this verifies if the integrated router is functioning as expected) ---------------------------------- THe first step in troubleshoot is to examine the LED 3 type of LED are commoonly found on device POWER , STATUS , ACTIVITY Flashing green mean it working and data flowin green mean it working but no data AMber mean making changes but port working NO COLOR MEAN NOT WORKING ------------------ If the device on the same network can ping but cant go outside their network Check the oruter cable and the lED indicator alsomake sure the login name and pa ssword matches the one given by the iSP --------------------------------------------- Good troubleshooting documentation should include: and are done when there is ma jor changes and a network is install (IT A BASELINE OR NORMAL NETWORK MESURE) Final determined cause of the problem Final problem resolution Initial problem Results of all steps taken, both successful and unsuccessful Steps taken to isolate the problem Preventative measures