HUB
Networks using a Star topology require a central point for the
devices to connect. Originally this device was called a concentrator since it
consolidated the cable runs from all network devices. The basic form of
concentrator is the hub.
As shown in Figure; the hub is a hardware device that contains
multiple, independent ports that match the cable type of the network. Most
common hubs interconnect Category 3 or 5 twisted-pair cable with RJ-45 ends,
although Coax BNC and Fiber Optic BNC hubs also exist. The hub is considered
the least common denominator in device concentrators. Hubs offer an inexpensive
option for transporting data between devices, but hubs don't offer any form of
intelligence. Hubs can be active or passive.
An active hub strengthens and regenerates the
incoming signals before sending the data on to its destination.
Passive hubs do
nothing with the signal.
Ethernet
Hubs
An Ethernet hub is also called a multiport repeater. A repeater
is a device that amplifies a signal as it passes through it, to counteract the
effects of attenuation. If, for example, you have a thin Ethernet network with
a cable segment longer than the prescribed maximum of 185 meters, you can
install a repeater at some point in the segment to strengthen the signals and
increase the maximum segment length. This type of repeater only has two BNC
connectors, and is rarely seen these days.
8 Port mini Ethernet Hub
The hubs used on UTP Ethernet networks are repeaters as well,
but they can have many RJ45 ports instead of just two BNC connectors. When data
enters the hub through any of its ports, the hub amplifies the signal and
transmits it out through all of the other ports. This enables a star network to
have a shared medium, even though each computer has its own separate cable. The
hub relays every packet transmitted by any computer on the network to all of
the other computers, and also amplifies the signals.
The maximum segment length for a UTP cable on an Ethernet
network is 100 meters. A segment is defined as the distance between two
communicating computers. However, because the hub also functions as a repeater,
each of the cables connecting a computer to a hub port can be up to 100 meters
long, allowing a segment length of up to 200 meters when one hub is inserted in
the network.
Multistation Access Unit
A Multistation Access Unit (MAU) is a special type of hub used for
token ring networks. The word "hub" is used most often in relation to
Ethernet networks, and MAU only refers to token ring networks. On the outside,
the MAU looks like a hub. It connects to multiple network devices, each with a
separate cable.
Unlike a hub that uses a logical bus topology over a physical
star, the MAU uses a logical ring topology over a physical star.
When the MAU detects a problem with a connection, the ring will
beacon. Because it uses a physical star topology, the MAU can easily detect
which port the problem exists on and close the port, or "wrap" it.
The MAU does actively regenerate signals as it transmits data around the ring.
Switches
Switches are a special
type of hub that offers an additional layer of intelligence to basic,
physical-layer repeater hubs. A switch must be able to read the MAC address of
each frame it receives. This information allows switches to repeat incoming
data frames only to the computer or computers to which a frame is addressed.
This speeds up the network and reduces congestion.
Switches operate at both the physical layer and the data link
layer of the OSI Model.
Bridges
A bridge is used to join two network segments together,
it allows computers on either segment to access resources on the other. They
can also be used to divide large networks into smaller segments. Bridges have
all the features of repeaters, but can have more nodes, and since the network
is divided, there is fewer computers competing for resources on each segment
thus improving network performance.
Bridges can also
connect networks that run at different speeds, different topologies, or
different protocols. But they cannot, join an Ethernet segment with a Token
Ring segment, because these use different networking standards. Bridges operate
at both the Physical Layer and the MAC sublayer of the Data Link layer. Bridges
read the MAC header of each frame to determine on which side of the bridge the
destination device is located, the bridge then repeats the transmission to the
segment where the device is located.
Routers
Routers Are networking
devices used to extend or segment networks by forwarding packets from one
logical network to another. Routers are most often used in large internetworks
that use the TCP/IP protocol suite and for connecting TCP/IP hosts and local
area networks (LANs) to the Internet using dedicated leased lines.
Routers work at the
network layer (layer 3) of the Open Systems Interconnection (OSI) reference
model for networking to move packets between networks using their logical
addresses (which, in the case of TCP/IP, are the IP addresses of destination
hosts on the network). Because routers operate at a higher OSI level than
bridges do, they have better packet-routing and filtering capabilities and
greater processing power, which results in routers costing more than bridges.
Routing
tables
Routers contain
internal tables of information called routing tables that keep track of all
known network addresses and possible paths throughout the internetwork, along
with cost of reaching each network. Routers route packets based on the
available paths and their costs, thus taking advantage of redundant paths that
can exist in a mesh topology network.
Because routers use
destination network addresses of packets, they work only if the configured
network protocol is a routable protocol such as TCP/IP or IPX/SPX. This is
different from bridges, which are protocol independent. The routing tables are
the heart of a router; without them, there's no way for the router to know
where to send the packets it receives.
Unlike bridges and
switches, routers cannot compile routing tables from the information in the
data packets they process. This is because the routing table contains more
detailed information than is found in a data packet, and also because the
router needs the information in the table to process the first packets it
receives after being activated. A router can't forward a packet to all possible
destinations in the way that a bridge can.
·
Static routers: These must have their routing tables configured manually with
all network addresses and paths in the internetwork.
·
Dynamic routers: These automatically create their routing tables by listening to
network traffic.
·
Routing tables are the means by which a router selects the fastest or nearest
path to the next "hop" on the way to a data packet's final
destination. This process is done through the use of routing metrics.
·
Routing metrics which are the means of determining how much distance or time a
packet will require to reach the final destination. Routing metrics are
provided in different forms.
·
hop is
simply a router that the packet must travel through.
·
Ticks measure
the time it takes to traverse a link. Each tick is 1/18 of a second. When the
router selects a route based on tick and hop metrics, it chooses the one with
the lowest number of ticks first.
You can use routers,
to segment a large network, and to connect local area segments to a single
network backbone that uses a different physical layer and data link layer
standard. They can also be used to connect LAN's to a WAN's.
Brouters
Brouters are a
combination of router and bridge. This is a special type of equipment used for
networks that can be either bridged or routed, based on the protocols being
forwarded. Brouters are complex, fairly expensive pieces of equipment and as
such are rarely used.
A Brouter transmits
two types of traffic at the exact same time: bridged traffic and routed
traffic. For bridged traffic, the Brouter handles the traffic the same way a
bridge or switch would, forwarding data based on the physical address of the
packet. This makes the bridged traffic fairly fast, but slower than if it were
sent directly through a bridge because the Brouter has to determine whether the
data packet should be bridged or routed.
Gateways
A gateway is a device
used to connect networks using different protocols. Gateways operate at the
network layer of the OSI model. In order to communicate with a host on another
network, an IP host must be configured with a route to the destination network.
If a configuration route is not found, the host uses the gateway (default IP
router) to transmit the traffic to the destination host. The default t gateway
is where the IP sends packets that are destined for remote networks. If no
default gateway is specified, communication is limited to the local network.
Gateways receive data from a network using one type of protocol stack, removes
that protocol stack and repackages it with the protocol stack that the other
network can use.
Examples
·
E-mail gateways-for
example, a gateway that receives Simple Mail Transfer Protocol (SMTP) e-mail,
translates it into a standard X.400 format, and forwards it to its destination
·
Gateway Service for
NetWare (GSNW), which enables a machine running Microsoft Windows NT Server or
Windows Server to be a gateway for Windows clients so that they can access file
and print resources on a NetWare server
·
Gateways between a
Systems Network Architecture (SNA) host and computers on a TCP/IP network, such
as the one provided by Microsoft SNA Server
·
A packet assembler/disassembler
(PAD) that provides connectivity between a local area network (LAN) and an X.25
packet-switching network
CSU / DSU (Channel Service Unit / Data Service
Unit)
A CSU/DSU is a device that combines the functionality of
a channel service unit (CSU) and a data service unit (DSU). These devices are
used to connect a LAN to a WAN, and they take care of all the translation
required to convert a data stream between these two methods of communication.
A DSU provides all the handshaking and error
correction required to maintain a connection across a wide area link, similar
to a modem. The DSU will accept a serial data stream from a device on the LAN
and translate this into a useable data stream for the digital WAN network. It
will also take care of converting any inbound data streams from the WAN back to
a serial communication.
A CSU is similar to a DSU except it does not have
the ability to provide handshaking or error correction. It is strictly an
interface between the LAN and the WAN and relies on some other device to
provide handshaking and error correction.
NICs (Network Interface Card)
Network Interface
Card, or NIC is a hardware card installed in a computer so it can communicate
on a network. The network adapter provides one or more ports for the network
cable to connect to, and it transmits and receives data onto the network cable.
Wireless Lan card
Every networked
computer must also have a network adapter driver, which controls the network
adapter. Each network adapter driver is configured to run with a certain type
of network adapter.
Network card
Network Interface Adapter Functions
Network interface adapters perform a variety of functions that are crucial to getting data to and from the computer over the network.
Network interface adapters perform a variety of functions that are crucial to getting data to and from the computer over the network.
These functions are as
follows:
Data encapsulation
The network interface adapter and its driver are responsible for building the frame around the data generated by the network layer protocol, in preparation for transmission. The network interface adapter also reads the contents of incoming frames and passes the data to the appropriate network layer protocol.
The network interface adapter and its driver are responsible for building the frame around the data generated by the network layer protocol, in preparation for transmission. The network interface adapter also reads the contents of incoming frames and passes the data to the appropriate network layer protocol.
Signal encoding and decoding
The network interface adapter implements the physical layer encoding scheme that converts the binary data generated by the network layer-now encapsulated in the frame-into electrical voltages, light pulses, or whatever other signal type the network medium uses, and converts received signals to binary data for use by the network layer.
The network interface adapter implements the physical layer encoding scheme that converts the binary data generated by the network layer-now encapsulated in the frame-into electrical voltages, light pulses, or whatever other signal type the network medium uses, and converts received signals to binary data for use by the network layer.
transmission and reception
The primary function of the network interface adapter is to generate and transmit signals of the appropriate type over the network and to receive incoming signals. The nature of the signals depends on the network medium and the data-link layer protocol. On a typical LAN, every computer receives all of the packets transmitted over the network, and the network interface adapter examines the destination address in each packet, to see if it is intended for that computer. If so, the network interface adapter passes the packet to the computer for processing by the next layer in the protocol stack; if not, the network interface adapter discards the packet.
The primary function of the network interface adapter is to generate and transmit signals of the appropriate type over the network and to receive incoming signals. The nature of the signals depends on the network medium and the data-link layer protocol. On a typical LAN, every computer receives all of the packets transmitted over the network, and the network interface adapter examines the destination address in each packet, to see if it is intended for that computer. If so, the network interface adapter passes the packet to the computer for processing by the next layer in the protocol stack; if not, the network interface adapter discards the packet.
Data buffering
Network interface adapters transmit and receive data one frame at a time, so they have built-in buffers that enable them to store data arriving either from the computer or from the network until a frame is complete and ready for processing.
Network interface adapters transmit and receive data one frame at a time, so they have built-in buffers that enable them to store data arriving either from the computer or from the network until a frame is complete and ready for processing.
Serial/parallel conversion
The communication between the computer and the network interface adapter runs in parallel, that is, either 16 or 32 bits at a time, depending on the bus the adapter uses. Network communications, however, are serial (running one bit at a time), so the network interface adapter is responsible for performing the conversion between the two types of transmissions.
The communication between the computer and the network interface adapter runs in parallel, that is, either 16 or 32 bits at a time, depending on the bus the adapter uses. Network communications, however, are serial (running one bit at a time), so the network interface adapter is responsible for performing the conversion between the two types of transmissions.
Media access control
The network interface adapter also implements the MAC mechanism that the data-link layer protocol uses to regulate access to the network medium. The nature of the MAC mechanism depends on the protocol used.
The network interface adapter also implements the MAC mechanism that the data-link layer protocol uses to regulate access to the network medium. The nature of the MAC mechanism depends on the protocol used.
Network
protocols
A networked computer
must also have one or more protocol drivers (sometimes called a transport
protocol or just a protocol). The protocol driver works between the upper-level
network software and the network adapter to package data to be sent on the
network.
In most cases, for two
computers to communicate on a network, they must use identical protocols.
Sometimes, a computer is configured to use multiple protocols. In this case,
two computers need only one protocol in common to communicate. For example, a
computer running File and Printer Sharing for Microsoft Networks that uses both
NetBEUI and TCP/IP can communicate with computers using only NetBEUI or TCP/IP.
ISDN (Integrated Services Digital Network)
adapters
Integrated Services
Digital Network adapters can be used to send voice, data, audio, or video over
standard telephone cabling. ISDN adapters must be connected directly to a
digital telephone network. ISDN adapters are not actually modems, since they
neither modulate nor demodulate the digital ISDN signal.
Like standard modems,
ISDN adapters are available both as internal devices that connect directly to a
computer's expansion bus and as external devices that connect to one of a
computer's serial or parallel ports. ISDN can provide data throughput rates
from 56 Kbps to 1.544 Mbps (using a T1 carrier service).
ISDN hardware requires
a NT (network termination) device, which converts network data signals into the
signaling protocols used by ISDN. Some times, the NT interface is included, or
integrated, with ISDN adapters and ISDN-compatible routers. In other cases, an
NT device separate from the adapter or router must be implemented. ISDN works
at the physical, data link, network, and transport layers of the OSI Model.
WAPs (Wireless Access Point)
A wireless network
adapter card with a transceiver sometimes called an access point, broadcasts
and receives signals to and from the surrounding computers and passes back and
forth between the wireless computers and the cabled network.
Access points act as
wireless hubs to link multiple wireless NICs into a single subnet. Access
points also have at least one fixed Ethernet port to allow the wireless network
to be bridged to a traditional wired Ethernet network.
Modems
A modem is a device
that makes it possible for computers to communicate over telephone lines. The
word modem comes from Modulate and Demodulate. Because standard telephone lines
use analog signals, and computers digital signals, a sending modem must
modulate its digital signals into analog signals. The computers modem on the
receiving end must then demodulate the analog signals into digital signals.
Modems can be
external, connected to the computers serial port by an RS-232 cable or internal
in one of the computers expansion slots. Modems connect to the phone line using
standard telephone RJ-11 connectors.
Transceivers (media converters)
Transceiver short for
transmitter-receiver, a device that both transmits and receives analog or
digital signals. The term is used most frequently to describe the component in
local-area networks (LANs) that actually applies signals onto the network wire
and detects signals passing through the wire. For many LANs, the transceiver is
built into the network interface card (NIC). Some types of networks, however,
require an external transceiver.
In Ethernet networks,
a transceiver is also called a Medium Access Unit (MAU). Media converters
interconnect different cable types twisted pair, fiber, and Thin or thick coax,
within an existing network. They are often used to connect newer 100-Mbps,
Gigabit Ethernet, or ATM equipment to existing networks, which are generally
10BASE-T, 100BASE-T, or a mixture of both. They can also be used in pairs to
insert a fiber segment into copper networks to increase cabling distances and
enhance immunity to electromagnetic interference (EMI).
Firewalls
In computing, a
firewall is a piece of hardware and/or software which functions in a networked
environment to prevent some communications forbidden by the security policy,
analogous to the function of firewalls in building construction.
A firewall has the
basic task of controlling traffic between different zones of trust. Typical
zones of trust include the Internet (a zone with no trust) and an internal
network (a zone with high trust). The ultimate goal is to provide controlled
connectivity between zones of differing trust levels through the enforcement of
a security policy and connectivity model based on the least privilege
principle.
There are three basic types of firewalls depending on:
·
whether the
communication is being done between a single node and the network, or between
two or more networks
·
whether the
communication is intercepted at the network layer, or at the application layer
·
whether the
communication state is being tracked at the firewall or not
With regard to the scope of filtered communication these
firewalls are exist:
·
Personal firewalls, a
software application which normally filters traffic entering or leaving a
single computer through the Internet.
·
Network firewalls,
normally running on a dedicated network device or computer positioned on the
boundary of two or more networks or DMZs (demilitarized zones). Such a firewall
filters all traffic entering or leaving the connected networks.
In reference to the layers where the traffic can be intercepted,
three main categories of firewalls exist:
·
network layer
firewalls An example would be iptables.
·
application layer
firewalls An example would be TCP Wrapper.
·
application firewalls
An example would be restricting ftp services through /etc/ftpaccess file
These network-layer
and application-layer types of firewall may overlap, even though the personal
firewall does not serve a network; indeed, single systems have implemented both
together.
There's also the
notion of application firewalls which are sometimes used during wide area
network (WAN) networking on the world-wide web and govern the system software.
An extended description would place them lower than application layer
firewalls, indeed at the Operating System layer, and could alternately be
called operating system firewalls.
Lastly, depending on whether the firewalls track packet states,
two additional categories of firewalls exist:
·
stateful firewalls
·
stateless firewalls
Network
layer firewalls
Network layer
firewalls operate at a (relatively low) level of the TCP/IP protocol stack as
IP-packet filters, not allowing packets to pass through the firewall unless
they match the rules. The firewall administrator may define the rules; or
default built-in rules may apply (as in some inflexible firewall systems).
A more permissive
setup could allow any packet to pass the filter as long as it does not match
one or more "negative-rules", or "deny rules". Today
network firewalls are built into most computer operating system and network
appliances.
Modern firewalls can
filter traffic based on many packet attributes like source IP address, source
port, destination IP address or port, destination service like WWW or FTP. They
can filter based on protocols, TTL values, netblock of originator, domain name
of the source, and many other attributes.
Application-layer
firewalls
Application-layer
firewalls work on the application level of the TCP/IP stack (i.e., all browser
traffic, or all telnet or ftp traffic), and may intercept all packets traveling
to or from an application. They block other packets (usually dropping them
without acknowledgement to the sender). In principle, application firewalls can
prevent all unwanted outside traffic from reaching protected machines.
By inspecting all
packets for improper content, firewalls can even prevent the spread of the
likes of viruses. In practice, however, this becomes so complex and so
difficult to attempt (given the variety of applications and the diversity of
content each may allow in its packet traffic) that comprehensive firewall
design does not generally attempt this approach.
Proxies
A proxy device
(running either on dedicated hardware or as software on a general-purpose
machine) may act as a firewall by responding to input packets (connection
requests, for example) in the manner of an application, whilst blocking other
packets.
Proxies make tampering
with an internal system from the external network more difficult, and misuse of
one internal system would not necessarily cause a security breach exploitable
from outside the firewall (as long as the application proxy remains intact and
properly configured). Conversely, intruders may hijack a publicly-reachable
system and use it as a proxy for their own purposes; the proxy then masquerades
as that system to other internal machines. While use of internal address spaces
enhances security, crackers may still employ methods such as IP spoofing to
attempt to pass packets to a target network.
0 comments:
Post a Comment