15 May 2012
4 Apr 2012
QUICK Reference (ICND 1)
Protocol :- Predefined set of rules to communicate
- Web Browsing
- Databse applications
Speed = Data Rate
Availability = Likelihood network is avialable
Scalability= How well network can scale
Topology= Physical components of network like cable, switches, router
Network Security (Type of Attacks)
Passive attack :- Sniffing aata like capturing password on the wire or wireless
Active attack :- Actively try to invade security , adding malicious code
Inside attack:- Attack from authorised users
Close in Attack :- Attack with in close physical proximity
Distribution:- Attack launched during distribution phase of any hardware of software.
Network Security Process
Security is ever evolving process
Reconnaissance attack(Gathering Information like sniffing data , Ping Sweep)
- Password Attack
- Trust Exploitation
- Port Redirection
- Man-in-the Middle
- Buffer Overflow.
Application Layer Attack
- Exploiting well known weekness in the software
- Trojon programms that loggs the key.
- Password stealing
- Java or activeX codes that work maliciously
Managament / Monitoring Protocols
- Telent (but information is sent in Plain txt)
- SSH (secure encrypted communication)
- Secure Socket Layer (SSL)
- Monitoring Protocols (SNMP, syslog, NTP, TFTP)
OSI Reference Model
All People Seem To Need Data Processing
TCP UDP = Transport Layer
Router, ICMP, IGMP, IP = Network Layer
802.3 802.2 Framerelay, HDLC = Data Link Layer
Data = Application Layer
Segment = Transport Layer
Packet = Network Layer
Frames = Data Link Layer
Bits = Physical Layer
TCP = Connection Orieneted (More overheads, Confrmation of delivery)
IP, UDP= Connection Less (best effort, no recovery of lost packet)
CLASS of IP Address
CLASS A: 184.108.40.206 to 220.127.116.11
Class B: 18.104.22.168 to 22.214.171.124.
Class C: 192.0.0.0 to 126.96.36.199.
Class D: 224–239
Class E: 240 - 255
RFC 1918 Private IP Address Range
–10.0.0.0 to 10.255.255.255
–172.16.0.0 to 172.31.255.255
–192.168.0.0 to 192.168.255.255
URG: Urgent Pointer field significant
ACK: Acknowledgment field significant
PSH: Push Function application need data to be pushed immediately
RST: Reset the connection
SYN: Synchronize sequence numbers
FIN: No more data from sender
- ü 0 to 1023 are well-known ports.
- ü 1024 to 49151 are registered ports
- ü 49152–65535 are unregistered
FTP = TCP based File transfer (TCP 21 Port)
TFTP= UDP based used to transfer Cisco IOS or configuration (UDP 69 Port)
Telnet= Terminal Emuletion Command line (TCP 23)
SMTP= Email delivery (TCP 25)
SNMP= Network Manamgement Protocol. (UDP 161)
DHCP= Assign IP address automatically
DNS= Name to IP resolution (Both TCP, UDP 53)
TCP 3 Way HandShake
LAN Traffic Types
- Unicast (one to one communication)
- Broadcast (one to any Communication)
- Multicast (from one to Subnet of users)
Inside local address =IP address assigned to a host on the inside network
Inside global address= A public IP address assigned by the ISP that represents one or more inside local IP addresses to the outside world.
Outside global address = IP address assigned to a host on the outside network
Outside local address = IP address of an outside host as it appears to the inside
When a host on an Ethernet LAN has information to send, the following steps are taken:1. A device with a frame to send listens until Ethernet is not busy CSMA/CD.
2. When the Ethernet is not busy, the sender begins sending the frame.
3. The sender listens to make sure that no collision occurred.
4. Once the senders hear the collision, they each send a jamming signal, to ensure that all
stations recognize the collision.
5. After the jamming is complete, each sender randomizes a timer and waits that long.
6. When each timer expires, the process starts over with step 1.
- Layer 2 address
- Hexa Decimal Formate
- 48 Bits = 24 bits of Vandor ID + 24 bits of Unique ID
IEEE 802.11a: 54 Mbps in the 5.7 GHz ISM band
IEEE 802.11b: 11 Mbps in the 2.4 GHz ISM band
IEEE 802.11g: 54 Mbps in the 2.4 GHz ISM band
IEEE 802.11n: 300 +Mbps in the 2.4 and 5GHz ISM band
- WEP (Basic Enryption , not good)
- 802.1x EAP (Use dynamic Keys, User authentication)
- WPA WiFi Protected access
- WPA2 (Most Strongest uses AES for Encryption)
Configuring Port Security on Switch
SwitchX(config)# interface fa0/5
SwitchX(config-if)# switchport mode access
SwitchX(config-if)# switchport port-security
SwitchX(config-if)# switchport port-security maximum 1
SwitchX(config-if)# switchport port-security mac-address sticky
SwitchX(config-if)# switchport port-security violation shutdown
- Switches increases the number of collisions domains in the network
- Switches are multiport bridges that allow you to create multiple broadcast domains
- Switches and bridges work on L2
- Primary functions of a router are: Packet Switching and Path Selection
- A straight-through cable is used to connect two different devices
- Layer 4 functions are error recovery and flow control
- Transport layer provides reliable networking via acknowledgments, sequencing,
and flow control.
- HTTPS is the secured version of the HTTP application, which normally uses 128 bit SSL
encryption to secure the information uses port 443
- VOIP systems utilize UDP because it is faster and uses less overhead
- Spanning-Tree Protocol (STP) is a Layer 2 protocol
- STP is used to avoid switching loops
- CDP is a device discovery protocol that runs over Layer 2
- Crossover cable is used to connect two of the same device types
- 100BaseT (UTP, STP) has a distance restriction of 100 meter or 328 Feet
- IEEE 802.3z standard describes 1000BASE-SX (Gigabit Ethernet)
- Switches forward broadcast but routers do not forward broadcasts (by default)
- RIPv2 carries subnet mask information allowing for VLSM
- For point to point Link /30 IP address is used.
- Network Address Translation (NAT) can be used to hide the private IP addressing
- NVRAM-Nonvolatile RAM stores the initial or startup configuration file.
- 0x2102, is the normal config-register