The most important characteristics in an electronic cable are the following ones: impedance, attenuation, shielding and capacitance. Could you describe them? Give a physical description of the following cables: twisted pair, coaxial and optical fiber. Explain the role of each material.
The most important characteristics in an electronic cable are the following ones: impedance, attenuation, shielding and capacitance. Could you describe them? Give a physical description of the following cables: twisted pair, coaxial and optical fiber. Explain the role of each material.
The most important characteristics in an electronic cable are the following ones: impedance, attenuation, shielding and capacitance. Could you describe them? Give a physical description of the following cables: twisted pair, coaxial and optical fiber. Explain the role of each material.
- The most important characteristics in an electronic cable are the
following ones: impedance, attenuation, shielding and capacitance. Could you describe them? Impedance: The resistance to the movement of electrons in an AC circuit. Its represented by the letter Z.Like resistance, its unit of measurement is the ohm, represented by Omega. Attenuation: refers to the resistance to the flow of electrons, and why a signal becomes degraded(to fade away) as it travels along the conduit. Its unit of measurement is the db/m. Shielding: is normally specified as a cable construction detail.For example Shielded twisted pair STP which contains four pair copper wires and each pair is wrapped in metallic foil. The functions are to act as a barrier between the internal or external signals (to reduce the EMI) and to be part of the electrical circuit. Capacitance: How much energy it is hold in the cable. Its represented by the letter C and its unit of measurement is the picofarads pF - Give a physical description of the following cables: twisted pair, coaxial and optical fiber. Explain the role of each material. Twisted pair: It consists of four pairs of thin, copper wires covered in color-code plastic insulation that are twisted together. The wire pairs are twisted for two reasons. First, to provide protection against crosstalk, which is the noise generated by adjacent pairs of wires. Two magnetic fields occur in opposite directions and cancel each other out. Second, network data is sent using two wires in a twisted pair. One copy of the data is sent on each wire, and two copies are mirror images of each other(differentials signals). If the two wires are twisted together, noise seen on one wire is also seen on the other wire. When the data is received, one copy is inverted, and the two signals are then compared. In this manner the recover can filter out noise because the noise signals cancel each other. Coaxial cable, as show in Figure, consists of four parts: -Copper conductor. -Plastic Insulation. -Braided copper shielding -Outer jacket At the center of the cable is a solid copper conductor. Surrounding that conductor is a layer of flexible plastic insulation. A woven copper braid or metallic foil is wrapped around the insulation. This layer acts as the second wire in the cable. It also act as a shield for the inner conductor and helps reduce the amount of outside interference. Covering this shield is the outer cable jacket. The connector used on coaxial cable is the BNC, short for British Naval Connector or Bayonet Neill Concelman, connector. Fiber-Optic cablle: Five parts typically make up each fiber-optic cable: -The core -The cladding -A buffer -A strengthening material -An outer jacket The core is the light transmission element at the center of the optical fiber, and all the light signals travel through the core. This core is typically glass made from a combination of silica and other elements. Surrounding the core is the cladding, also made of silica but with a lower index of refraction than the core. Light rays traveling through the fiber core reflect off this core-to-cladding interface where the core and cladding meet, which keeps light in the core as it travels down the fiber. Surrounding the cladding is a buffer material, usually plastic, that helps shield the core and cladding from damage. The strengthening material surrounds the buffer, preventing the fiber cable from being stretched when installers pull it. The material used is often Kevlar, the same material used to produce bulletproof vests. The final element, the outer jacket, surounds the cable to protect the fiber against abrasions, solvents, and other contaminants. this outer jacket composition can vary depending on the cable usage. - What is the difference between UTP and STP? Any consequence? The difference between UTP and STP is the shielding. The shielding reduces unwanted electrical noise. This noise reduction provides a major advantage of STP over unshielded cable. However, shielded cable is more difficult to install than unshielded cable because the metallic shielding needs to be grounded. If improperly installed, STP become very susceptible to noise problems because an ungrounded shield acts like an antenna, picking up unwanted signals. The insulation and shielding considerably increase the size, weight, and cost of the cable. Despite these disadvantages, shielded copper cable is still used as networking media today, especially in Europe. - When crimping RJ-45 UTP cables, how can you create straight- through, crossover and loopback cables? Describe some situations in which they are used. Crossover cables provide a network connection between two similar devices, such as computer to computer or switch to router. With crossover cables you can connect 2 computers directly. It directly connects two network devices of the same type to each other over Ethernet. Ethernet crossover cables are commonly used when temporarily networking two devices in situations where a network router, switch or hub is not present. Crossover cables have the 1st and 3rd wires crossed, and the 2nd and 6th wires crossed. Two devices in the same category use a crossover cable. As you can see as follows: SWITCH PC (COMPUTER) 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 R + R - T + T - T + T - R + R -
HUB ROUTER Straight cable Cat.1 & Cat.2 SWITCH SWITCH Crossover cable (Cat. 1) HUB HUB Crossover cable (Cat. 1) SWITCH HUB Crossover cable (Cat. 1) PC ROUTER Crossover cable (Cat. 2) Loopback cable: A loopback cable redirects the output back into itself. This effectively gives the NIC the impression that it is communicating on a network, since its able to transmit and receive communications. You must Redirect Pin 1 to Pin 3 and Pin 2 to Pin 6 to create Loopback cable. - What is the difference between single-mode and multimode fiber-optic cable? The part of an optical fiber through which light rays travel is called the core of the fiber. Light rays cannot enter the core of an optical fiber at all angles. The rays can enter the core only if their angle is inside the fiber's numerical aperture: likewise, one the rays have entered the fiber's core, a limited number of optical paths exist that a light ray can follow through the fiber. These optical path are called modes. If the diameter of a fiver's core is large enough so that many paths exist that light can take as it passes through the fiber, the fiber is called multimode fiber. Single-mode fiber has a much smaller core that allows light rays to travel along only one path(one mode) inside the fiber. - Describe the basic types of networks as far as their size is concerned: PAN, LAN, CAN, MAN and WAN. Give some examples. LAN or local area network is a group of interconnected devices that is under the same administrative control. It is a network which covers a small physical area. All local networks within a LAN are under one administrative control group that governs the security and access control policies. LANs allow users to have common access to data and equipment such as printers. WAN or Wide-area networks are networks that connect LANs in geographically separated locations. It is a network which covers a wider area, in which machines are usually connected via telephone lines or radio. A WAN can be as small as two LANs which are connected, or as big as the Internet. The Internet is a large WAN that is composed of millions of interconnected LANs. Telecommunications service providers (TSP) are used to interconnect these LANs at different locations. MAN or metropolitan area network is a computer network that usually spans a city or a large campus. A MAN usually interconnects a number of local area networks (LANs) using a high-capacity backbone technology, such as fiber-optical links. A MAN typically covers an area of between 5 and 50 km diameter. PAN: Personal Area Network (Ex: Bluetooth) CAN: Campus Area Network (Ex: Hospitals, Universities, etc) - Compare simplex, half-duplex and full-duplex transmissions. Simplex: The capability of transmission is only one direction between a sending station and a receiving station. Broadcast television is an example of a simplex technology. half-duplex: A capability for data transmission in only one direction at a time between a sending station and receiving station. full-duplex: The capability for simultaneous data transmission between a sending station and receiving station. - Data are delivered by means of packets in a network. Provide a technical description of "packet". A logical grouping of information that includes a header containing control information and (usually) user data. Packets most often refer to network layer units of data. The terms datagram, frame, message, and segment also describe logical information groupings at various layers of the OSI reference model and in various technology circles. - Describe the OSI model. A network architectural model developed by the ISO. This model consists of seven layers, each of which specifies particular network functions, such as addressing, flow control, error control, encapsulation, and reliable message transfer. The following sections briefly describe each layer in the OSI reference model: Layer 7. The Application Layer. Is the layer that is closest to the user. It provides network services to the user's applications. Layer 6. The Presentation Layer. Ensures that the information that the application layer of one system sends out can be read by the application layer of another system. If necessary, the presentation layer translates among multiple data formats by using a common format. One of the more important tasks of this layer is encryption and decryption. Layer 5. The Session Layer. As its name implies, the session layer establishes, manages, and terminates sessions between two communicating hosts. The session layer provides its services to the presentation layer. It also synchronizes dialogue between the two host's presentations layers and manages their data exchange. Layer 4: The Transport Layer: This layer is responsible for reliable network communication between en nodes. The transport layer provides mechanisms to establish, maintain, and terminate virtual circuits, transport fault detection and recovery, and information flow control. Layer 3: The Network Layer: This layer provides connectivity and path selection between two ends systems. The network layer is the layer at which routing occurs. Layer 2:The Data Link Layer: This layer provides reliable transit of data across a physical link. In so doing, the data link layer is concerned with physical(as opposed to logical) addressing, network topology, network access, error notification, ordered delivery of frames, and flow control. Layer 1: Physical Layer: The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between the systems. - Describe the following application protocols in TCP/IP: SMTP, POP3, IMAP4, FTP, HTTP, HTTPS and DNS. SMTP: Simple mail transfer Protocol. The SMTP protocol transport e- mail messages in ASCII format using TCP. When a mail server receives a message destined for a local client, it stores that message and waits for the client to collect the mail. Mail clients can collect their mail in several ways: They can use programs that access the mail servers files directly or can use one of many network protocols. The most popular mail client protocols are Post Office Protocol Version 3(POP3) and Internet Messaging Access Protocol version 4 (IMAP4) POP3: Post Office Protocol Version 3, which uses TCP port 110, is a mail protocol that is responsible for holding e-mail until delivery. When a SMTP servers sends an e-mail message to a POP3 server, POP3 holds on to the message until a user makes a request to have the data delivered. Thus, POP3 transfers mail files from a mail server to a mail client. IMAP4: Internet Message Access Protocol Version 4 allows a client to access and manipulate electronic mail messages on a server. IMAP4 permits manipulation remote message folders, called mailboxes, in a way that functionally equivalent to local mailboxes FTP: is a fast connection-oriented, error free protocol that uses TCP ports 20 and 21. FTP allows data to be transferred between servers and clients. For FTP to connect to a remote server, IP address or host name must be provided. FTP must be capable of resolving IP addresses to host names to establish a connection. HTTP: which uses TCP port 80, allows clients to transfer documents that are written in Hypertext Markup Language(HTML) over the World Wide Web for display by a browser. It's the universal display language of the Internet. HTTPS: Another protocol for transmitting data securely over the World Wide Web, which is designed to transmit individual messages securely. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. DNS: is a name-resolution service that resolves (associates) host names to IP addresses. DNS keeps a record of IP addresses and host names in a process called a domain. DNS provides services along hierarchical chain, with a database design that is similar to a file tree structure. DNS also services requests for host names that cannot be resolved locally. Large inter-networks have several levels os DNS servers to provide efficient name resolutions. - Compare the two main transport protocols (i.e. TCP and UDP). An advantage that UDP has over TCP is that, because it does not concentrate on establishing a connection, it can transmit more information in a smaller amount of time than TCP. TCP is useful for transmitting large amounts of data reliably, but with the penalty of large ACK overhead consuming bandwidth. UDP is useful for transmitting small amounts of data when reliability is less crucial, UDP lacks the overhead caused by ACKs. - Describe the following Internet protocols: ARP, RARP, ICMP and IGMP. ARP: Determines de data link layer addresses for known IP addresses. ARP is used to bind(associate) the physical (MAC) addresses with a specific logical (IP) address. When the data packet is sent to a particular destination, ARP matches the addressing information against the ARP cache for the appropriate MAC address. If no matches are made, ARP sends a broadcast message on the network looking for the particular destination. A host responds with the correct address and sends a reply to ARP. RARP: (Reverse address Resolution Protocol)Determines de network addresses when data link layer addresses are known. A protocol in TCP/ IP stack that provides a method for finding IP addresses based on MAC addresses. ICMP: Internet Control Message Protocol is a network layer protocol that reports error. When datagram delivery errors occur, ICMP reports these errors to the sender of the datagram. ICMP does not correct the encountered network problem. IGMP:The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. - Compare the role and format of IP addresses and MAC addresses. Although IP works in a network layer and MAC works in a physical layer the role is the same. Identify every device that connects to a network or LAN. The IP addresses are controlled by the AIANA(for instance in Spain) and the MAC addresses are controlled by the IEEE.The first known as a software address and the last as a hardware address or physical address. The IP addresses are 4 bytes long and the MAC addresses are 6 bytes long. - How and why can you ping an IP address? To ping you have to run this application and It send ICMP echo message and wait for its reply.Often used in IP networks to test the reachability of a network device. - Are there reserved IP addresses within a given network? Which ones? What for? Certain addresses are reserved and cannot be assigned to devices on a network. These reserved host addresses include the following: Network addresses are used to identify the network itself for instance 198.150.11.0 The broadcast address is used to broadcast packets to all the devices on a network. - Compare subnet mask classes A, B and C. How do they relate with IP addresses? To accommodate different-sized networks and to aid in classifying them, IP addresses are divided into groupings called classes. Each complete 32-bit IP address is broken into a network part and host part. A bit or bit sequence at the start of each address determines the class of the address. Class A use the first byte for the network. Class B use the first and the second byte for the network. Class C use the first, second and third byte for the network. - Describe in detail how TCP communication occurs: TCP 3-Way Handshake & TCP Windowing. HANDSHAKE:Establishing a normal TCP connection requires three separate steps: 1. The first host (Alice) sends the second host (Bob) a "synchronize" (SYN) message with its own sequence number , which Bob receives. 2. Bob replies with a synchronize-acknowledgment (SYN-ACK) message with its own sequence number and acknowledgement number , which Alice receives. 3. Al i ce repl i es wi t h an acknowl edgment message wi t h acknowledgement number , which Bob receives, and doesn't need to reply to. In this setup, the synchronize messages, act as service requests from one server to the other, while the acknowledgement messages return to the requesting server to let it know the message was received. One of the most important factors of three-way handshake is that to exchange the starting sequence number the two sides plan to use. The client first sends a segment with its own initial sequence number , then the server responds by sending a segment with its own sequence number and the acknowledgement number , and finally the client responds by sending a segment with acknowledgement number . The reason for the client and server not using the default sequence number such as 0 for establishing connection is to protect against two incarnations of the same connection reusing the same sequence number too soon, which means a segment from an earlier incarnation of a connection might interfere with a later incarnation of the connection. WINDOWING:The number of data packets that the sender is allowed to have outstanding without having received an acknowledgment is know as the window. Windowing refers to the fact that the window size is negotiated dynamically during the TCP session. Windowing is a flow- control mechanism requiring that the source device receive an acknowledgment from the destination after transmitting a certain amount of data. - Describe the main physical topologies (e.g. bus, star, ring and mesh) according to parameters such as cost, set-up, scalability, maintenance and performance. BUS: Common called a linear bus, a bus topology connects all the devices using a single cable. The main cable segment must end with a terminator that absorbs the signal when it reaches the end of the line or wire. If there in no terminator, the electrical signal representing the data bounces back at the end of the wire, causing errors in the network. STAR: Is made up of a central connection point that is a device such as hub, switch, or router,where all the cabling segments meet. Although a physical star topology costs more to implement that the physical bus topology, the advantages of a star topology make it worth the additional cost. Because each host is connected to the central device with its own cable, when the cable has a problem, only that host is affected but if a central device fails, the whole network becomes disconnected. RING: A topology in which host are connected in the form of a ring or circle. Unlike the physical bus topology, the ring topology has no beginning or end that needs to be terminated. MESH:Connects all devices(nodes) to each other for redundancy and fault tolerance. The advantage is that every node is connected physically to every other node, which creates a redundant connection. If any link fails, information can flow through many other links to reach its destination. The primary disadvantage is that for anything more than a small number of nodes, the amount of media for the links and the number of the connections on the lines becomes overwhelming. Implementing a full.mesh topology is expensive and difficult. - Explain how communication takes place between two computers within an Ethernet network. Remember that Ethernet uses CSMA/CD (Carrier Sense Multiple Access with Collision Detection). A media-acces mechanism wherein devices ready to transmit data first check the channel for a carrier. If no carrier is sensed for specific period of time, a device can transmit. If two devices transmit once, a collision occurs and is detected by all colliding devices. This collision subsequently delays retransmissions from those devices for some random length of time.The retransmission delay when a collision occurs i the backoff. - Explain how communication takes place between two computers in a Token Ring network. In a token ring network individual host are arranged in a ring. A special data token circulates around the ring. When a host wants to transmit, it seizes the token, transmits the data for a limited time, and then places the token back in the ring, where it can be passed along, or seized, by another host. - How do hubs work? Is a common connection point for devices in a network. Hubs commonly connect segments of a LAN. A Hub contains multiple ports. When a packet arrives at one port, it copied to the other ports so that all the segments of the LAN can see all the packets. - How do switches work? Describe some core functions such as learning, flooding, filtering, forwarding and aging. Switch is a device that connects LAN segments, uses a table of MAC addresses to determinate on which a frame needs to be transmitted, and reduces traffic. Similar to bridges, switches forward and flood traffic based on MAC addresses.Because switching is performed in hardware, it is significantly faster than the switching function performed by a bridge using software. Think of each switch port as a micro bridge. Each switch port acts as a separate bridge and gives each host the medium's flu bandwidth.This process is called micro segmentation(allows the creation of private or dedicate segments). However, as with a bridge, a switch forwards a broadcast message to all the segments on the switch. All segments in a switched environment are therefor considered to be in the same broad cast domain. - Describe the difference between static and dynamic routing. The process to finding a path to destination host is routing. Static routing allows routers to properly route a packet from network to network based on manually configured information.Dynamic routing adjusts automatically to network topology or traffic changes. Also called adaptive routing. Static route knowledge is administered manually by a network administrator who enters it into a router's configuration. The administrator must update these static route entry annually whenever an internetwork topology change requires an update. Dynamic route knowledge works differently. After a network administrator enters configuration commands to start dynamic routing, the route knowledge automatically is updated by a routing process whenever new information is received from the internetwork. Changes in dynamic know ledge are exchanged between routers as part of the update process. - How does RIP work? Routing Information Protocol uses hop count to determinate the direction and distance to any link in the internetwork.If there are multiple paths to a destination, RIP selects the path with the fewest hops. However, because hop count is the only routing metric RIP uses, it does not necessarily select the fastest path to a destination.RIP-1 uses only classful routing. This means that all devices in the network must use the same subnet mask, because RIP-1 does not include the subnet information with the routing update. RIP-2 provides what is called prefix routing and sends subnet mask information with the route updates. This supports the use of classless routing. With classless routing protocols, different subnets within the same network can have different subnet masks. The use of different subnet masks within the same network is called variable-length subnet masking(VLSM). - Explain how the name resolution process works in DNS. If a local DNS server is capable of translating a domain name into its associated IP address, it does so and returns the result to the client. If it cannot translate the address, it passes the request up to the next higher- level DNS server on the system, which then tries to translate the address. If the DNS server at this level is capable of translating a domain name into its associated IP address, it does so and returns the result to the client. If not, it sends the request to the next higher level. This process repeats itself until the domain name has been translated or until the top-level DNS server has been reached. If the domain name cannot be found on the top-level DNS server, it is considered to be an error and the corresponding error message is returned. - State some advantages and disadvantages between these two types of wireless data transmission media: infrared and radio-frequency. The radio spectrum is the part of the electromagnetic spectrum used to transmit voice, video, and data. It uses frequencies from 3 kilohertz to 300 gigahertz. Each type of wireless data communication has its advantages and drawbacks, as follows: Infrared(IR):Very high data rates and lower cost, but very short distance. Narrowband: Low data rates and medium cost. Requires a license and covers a limited distance. Spread Spectrum: Medium cost and high data rates. Limited to campus coverage. - Explain how communication takes place between two computers with the CSMA/CA standard in wireless networks? A carrier sensing is used,but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be "idle". - Compare 802.11 standards (a, b and g) according to their frequency, channels and data rate. Like 802.11a, 802.11g uses Orthogonal Frequency Division Multiplexing and supports 54 Mbps. However, 802.11g is not compatible with 802.11a. for one thing, 802.11g uses 2.4GHz, whereas 802.11a uses 5 GHz. On the other hand, 802.11g is backwards compatible with 802.11b. To support 802.11b, 802.11g also supports the complementary code keying(CCK) technique used in 802.11b. - Compare the two most important wireless network modes. Ad-hoc Mode Ad-Hoc mode is sometimes called peer to peer mode, which each wireless node in direct contact with each other node in a decentralized free for all. This is suited for wireless networks use in small groups. Infrastructure Mode Wireless networks running in infrastructure mode use one or more WAPs to connect the wireless network nodes to a wired network segment, as shown above. A single WAP servicing a given area is called a Basic Service Set (BSS). This service area can be extended by adding more WAPs. This is called, appropriately, an Extended basic Service Set (EBSS). Wireless networks running in infrastructure mode require more planning and are more complicated to configure than ad-hoc mode networks, but they also give you finer control over how the networks operates. Infrastructure mode is better suited to business networks or networks that need to share dedicated resources like Internet connections and centralized databases. If you plan setting up a wireless network for a large number of PCs, or need to have centralized control over the wireless network, then infrastructure mode is what you need. - Describe the step-by-step process to configure a WAP as an extension point. Connect the computer to one of the four LAN ports on your router. Open a web browser, type "192.168.2.1" in the address bar and press Enter on your keyboard. Click Login in the upper right corner. The router does not ship with a password, so just click Submit. Click Use as Access Point on the left side of the page. Select Enable. This will give you the options to set the IP Address and Subnet mask for the router. These settings should match your existing network settings. By default, the IP address will be set to 192.168.2.254 and the Subnet mask will be 255.255.255.0 Some of the older router models have a different setup procedure: 1. Click LAN settings. 2. When the LAN settings page opens, you need to make two changes. First, change the IP Address to something such as 192.168.2.47 or you can use 192.168.2.200. As long as the first three sets of numbers match your existing network, you will be fine. 3. Secondly, you need to turn off the DHCP server. 4. When finished, click Apply Changes. Congratulations! You've now set up your router as an access point. - Compare the two types of authentication in wireless security: PSK and RADIUS. Remote Authentication Dial-in User Service RADIUS is the better option provided secure (ie long) passwords / passphrases are used and a sensible lock out policy is in place. The main reason for this is that for RADIUS, you need to interact with an authentication service to test a password, and so once you are locked out, that is the end of your attempt to breach. With PSK, all you need to do is capture enough handshakes that you can take offline and bruteforce it. In other words, the bruteforcing of a PSK is done without any interaction with the AP once the requisite handshakes are captured, and so are undetectable. You would be totally unaware of it. Combine this with the difficulty in changing a PSK and rolling out a new one. - Give a technical description of a "piconet" in Bluetooth. A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, and may grow to eight connected devices. Bluetooth communication always designates one of the Bluetooth devices as a main controlling unit or master unit. Other devices that follow the master unit are slave units. This allows the Bluetooth system to be non-contention based (no collisions). This means that after a Bluetooth device has been added to the piconet, each device is assigned a specific time period to transmit and they do not collide or overlap with other units operating within the same piconet. Piconet range varies according to the class of the Bluetooth device. Data transfer rates vary between about 200 and 2100 kilobits per second. Because the Bluetooth system hops over 79 channels, the probability of interfering with another Bluetooth system is less than 1.5%. This allows several Bluetooth Piconets to operate in the same area at the same time with minimal interference. - The main problem with radio-frequency connections is interference. Bluetooth uses a technique called Frequency Hopping Spread-Spectrum (FHSS) to avoid this problem. Describe this technique. Transmissions hop from one frequency to another in random patterns. This technique enables the transmissions to hop around narrowband interference, resulting in a a clearer signal and higher reliability of the transmission. However this technology is slower, and the receiver must use the same pattern to decode. - ISDN uses the same UTP wiring as POTS, yet it can transmit data at much higher speeds. How? Integrates Services Digital Network Using digital signals instead of analog signals. - What is the main problem for users of cable Internet? This broadband service shares bandwidth between telephone and Internet of all customers of an area or neighbors are connected at the same demark. The data transfer is reduced as the users join to the service. The opposite is the ADSL service that it doesnt share the bandwidth with the others. NETWORKING II - Describe the Caesar cipher formula when encrypting the plaintext SECRET when the key is 10. is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a left shift of 3, D would be replaced by A, E would become B, and so on. The method is named after Julius Caesar, who used it in his private correspondence. The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25. Encryption of a letter by a shift n can be described mathematically E(x)=(x+n) Decryption is performed similarly, D(x)=(x-n) - What is an attack? Describe the brute force attack. In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.[1] brute force: It consists of systematically checking all possible keys until the correct key is found. - What do you mean by block cipher? In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data. In computer science, a deterministic algorithm is an algorithm which, given a particular input, will always produce the same output, with the underlying machine always passing through the same sequence of states. - How do symmetric-key and public-key systems work? two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages. Public-key cryptography uses asymmetric key algorithms and can also be referred to by the more generic term "asymmetric key cryptography." The algorithms used for public key cryptography are based on mathematical relationships (the most notable ones being the integer factorization and discrete logarithm problems) that presumably have no efficient solution. Although it is computationally easy for the intended recipient to generate the public and private keys, to decrypt the message using the private key, and easy for the sender to encrypt the message using the public key, it is extremely difficult (or effectively impossible) for anyone to derive the private key, based only on their knowledge of the public key. This is why, unlike symmetric key algorithms, a public key algorithm does not require a secure initial exchange of one (or more) secret keys between the sender and receiver. The use of these algorithms also allows the authenticity of a message to be checked by creating a digital signature of the message using the private key, which can then be verified by using the public key. In practice, only a hash of the message is typically encrypted for signature verification purposes. Hash encoding, or hashing, ensures that messages are not corrupted or tampered with dur- ing transmission. Hashing uses a mathematical function to create a numeric value that is unique to the data. If even one character is changed, the function output, called the message digest, will not be the same. However, the function is one-way. Knowing the message digest does not allow an attacker to re-create the message. This makes it difficult for someone to intercept and change messages. Figure 16-4 illustrates the hash- encoding process. The names of the most popular hashing algorithms are SHA and MD5. - Compare advantages and disadvantages between symmetric-key and public-key encryptions (e.g. security, speed and number of keys). Advantages and disadvantages: Security: It is more secure the asymmetric-key because the private key is never sent across the network. It is less secure the public key because the key is sent across the network and the hacker can intercept the key and decrypt the information. Speed: Symmetric encryption it is faster because it uses simpler operations, such as XOR, on smaller numbers (64 or 128 bits). Asymmetric encryption usually uses complex mathematical operations, such as power and modulus, on very large numbers (2048 bits). These operations take time. Number of keys: In case that it is uses symmetric key, for a group of N people using a secret-key cryptosystem, it is necessary to distribute a number of keys equal to: In case that it is uses asymmetric key, for a group of N people using a secret-key cryptosystem, it is necessary to distribute a number of keys equal to: 2*N - What is a digital signature? How is it created? A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm that, given a message and a private key, produces a signature. A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity. Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party without knowing that party's private key. - Describe the characteristics of hash functions. A hash function is any algorithm or subroutine that maps data sets of variable length to data sets of a fixed length. For example, a person's name, having a variable length, could be hashed to a single integer. The values returned by a hash function are called hash values, hash codes, hash sums, checksums or simply hashes. - Explain how SSL uses symmetric and asymmetric encryption together with a digital certificate. How SSL works SSL uses both symmetric and asymmetric encryption algorithms. Symmetric algorithms use the same key to encrypt and decrypt data. They are faster than asymmetric algorithms but can be insecure. Asymmetric algorithms use a pair of keys. Data encrypted using one key can only be decrypted using the other. Typically, one of the keys is kept private while the other is made public. Because one key is always kept private, asymmetric algorithms are generally secure; however, they are much slower than symmetric algorithms. To reap the benefits of both algorithms, SSL encapsulates a symmetric key that is randomly selected each time inside a message that is encrypted with an asymmetric algorithm. After both the client and server possess the symmetric key, the symmetric key is used instead of the asymmetric ones. When server authentication is requested, SSL uses the following process: 1. To request a secure page, the client uses HTTPS. 2. The server sends the client its public key and certificate. 3. The client checks that the certificate was issued by a trusted party (usually a trusted Certificate Authority) that the certificate is still valid, and that the certificate is related to the contacted site. 4. The client uses the public key to encrypt a random symmetric encryption key and sends it to the server, along with the encrypted URL required and other encrypted HTTP data. 5. The server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and HTTP data. 6. The server sends back the requested HTML document and HTTP data that are encrypted with the symmetric key. 7. The client decrypts the HTTP data and HTML document using the symmetric key and displays the information. - Give examples of telephone scams and hoaxes. The attacker makes a phone call to someone in the organization to gain information. The attacker attempts to come across as someone inside the organization and uses this to get the desired information. Probably the most famous of these scams is the I forgot my user name and password scam hoaxes -> chains mails - How does phishing work? Is the act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically. A classic example is when a bad guy sends you an e-mail thats supposed to be from your local credit card company asking you to send them your username and password. Phishing is by far the most common form of social engineering done today. - Describe the following types of network attacks: sniffing, port scanning and spoofing. Sniffing: intercept and log traffic passing over a digital network or part of a network. captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content port scanning: sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service spoofing: is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. - Explain Denial of Service (DoS) attacks. is an attempt to make a machine or network resource unavailable to its intended users. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable - Compare the following malware: virus, worm and Trojan. Virus: a computer virusis a piece of malicious software that gets passed from computer to computer. A computer virus is designed to attach itself to a program on your computer. It could be our e-mail program, your word processor, or even a game. Whenever you use the infected program, the virus goes into action and does whatever it was designed to do. It can wipe out your e-mail or even erase our entire hard drive! Viruses are also sometimes used to steal information or send spam e-mails to veryone in your address book. Worm: is a complete program that travels from machine to machine, usually through computer etworks. Most worms are designed to take advantage of security problems in operating systems and nstall hemselves on vulnerable machines. They can copy themselves over and over again on infected networks nd can create so much activity that they overload the network by consuming bandwidth, in worst cases ven bringing chunks of the entire Internet to a halt Trojan: freestanding programs that do something other than what the person who runs the program thinks they will - Describe a Demilitarized Zone (DMZ). Is a physical or logical subnetwork that contains and exposes an organization's external- facing services to a larger untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. - What are packet-filtering firewalls? Describe some advantages and limitations. A set of rules that allow or deny traffic based on criteria such as IP addresses, protocols, or ports used - What are stateful firewalls? Describe some advantages and limitations. Firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are not allowed back through the firewall. - What are proxy firewalls? Describe some advantages and limitations. A firewall that inspects all traffic and allows or denies packets based on configured rules. A proxy acts as a gateway that protects computers inside the network