Advanced Networking by xiaohuicaicai

VIEWS: 1 PAGES: 228

									Computer Networking
 Beyond the Basics

        FETC 2009




                      1
      Networking Trends - User
            • More users are being connected to
              networks as client/server applications
              become more widespread
            • Users are connecting more powerful
              workstations that require greater
              bandwidth to be fully productive
            • Everyone wants access to the Internet
            • Administrative and Instructional networks
              are merging


                                                          2
FETC 2009
   Networking Trends -Applications
            • Imaging, modeling,and graphics-based
              applications demand large amounts of
              sustained bandwidths to transfer files
            • New, real-time applications such as
              multimedia, video, and voice add a new
              requirement, constant delay, to the
              network design




                                                       3
FETC 2009
                  Network Size
            • Small, single segment networks
              • <100 users, one or two servers, Ethernet or
                Token Ring
            • Medium, several segments
              • <500 users, 5 servers, high speed
                backbone, router
            • Large, multi-segment
              • 500+ users, 5+ servers. high speed
                switched VLAN, router



                                                              4
FETC 2009
       Network Administration -
          Network Manager
            • Making the network more manageable for
              changes, moves and adds.
            • Adding redundancy and improving reliability
              of the network
            • Updating out-of-date equipment




                                                            5
FETC 2009
        Network Documentation
            • Hardware and Software inventory
            • Tech Support Contacts,
              Contracts, and Numbers
            • Vendor Information
            • Software Licensing
            • Original Software Diskettes and
              Backups




                                                6
FETC 2009
        Network Documentation
            • IP Addressing
            • MAC Addressing
            • Hub/Switch Documentation
            • Server Configuration Files
            • Wiring Labeling Scheme and
              Diagrams
            • System passwords (stored for
              emergency)


                                             7
FETC 2009
        Network Documentation
            •   Backup Log
            •   Trouble Log
            •   Service Log
            •   District Policies
            •   Purchase Orders and Invoices




                                               8
FETC 2009
        Network Documentation
            • Develop a Baseline for your
              Network
            • Establish communication for
              vendors and staff
            • Improved response time
            • Know where equipment is located
            • Document on Paper as well as
              online
              • Notebooks
              • Databases - share with others

                                                9
FETC 2009
            Network Protocols
              • OSI Model
              • Protocol Rules




                                 10
FETC 2009
            OSI Model




                        11
FETC 2009
            OSI Model




                        12
FETC 2009
                                   The Layers
            Think of the seven layers as the assembly line in the computer. At each layer, certain things
                 happen to the data that prepare it for the next layer. The seven layers, which separate into
                 two sets, are:

            •    Application Set
                  •    Layer 7: Application - This is the layer that actually interacts with the operating
                       system or application whenever the user chooses to transfer files, read
                       messages or perform other network-related activities.
                  •    Layer 6: Presentation - Layer 6 takes the data provided by the Application layer
                       and converts it into a standard format that the other layers can understand.
                  •    Layer 5: Session - Layer 5 establishes, maintains and ends communication with
                       the receiving device.

            •    Transport Set
                  •    Layer 4: Transport - This layer maintains flow control of data and provides for
                       error checking and recovery of data between the devices. Flow control means
                       that the Transport layer looks to see if data is coming from more than one
                       application and integrates each application's data into a single stream for the
                       physical network.
                  •    Layer 3: Network - The way that the data will be sent to the recipient device is
                       determined in this layer. Logical protocols, routing and addressing are handled
                       here.
                  •    Layer 2: Data - In this layer, the appropriate physical protocol is assigned to the
                       data. Also, the type of network and the packet sequencing is defined.
                  •    Layer 1: Physical - This is the level of the actual hardware. It defines the
                       physical characteristics of the network such as connections, voltage levels and
                       timing.


                                                                                                                13
FETC 2009
            OSI Model




                        14
FETC 2009
            ISO/OSI Layers




                             15
FETC 2009
            ISO/OSI Layers




                             16
FETC 2009
            ISO/OSI Layers




                             17
FETC 2009
            ISO/OSI Layers




                             18
FETC 2009
            ISO/OSI Layers




                             19
FETC 2009
            ISO/OSI Layers




                             20
FETC 2009
            ISO/OSI Layers




                             21
FETC 2009
            ISO/OSI Layers




                             22
FETC 2009
            ISO/OSI Layers




                             23
FETC 2009
            Packets




                      24
FETC 2009
            LAN Addressing
             • each node must have a unique
               address for its hardware
             • each network on an internet must
               be unique
             • many protocols use a two-level
               hierarchy (network:node)
             • Unicast – sent to one node
             • Broadcast – sent to all nodes
             • Multicast – sent to group of
               nodes

                                                  25
FETC 2009
            LAN Addressing
             • ARP (Address Resolution Protocol)

                • The ARP protocol is used to map
                  IP addresses to MAC addresses.


             • RARP (Reverse ARP Protocol)

                • RARP is used to map MAC
                  addresses to IP addresses


                                                    26
FETC 2009
            Binary Transmission




                                  27
FETC 2009
            LAN Addressing
             •   DHCP
             •   Static
             •   Random
             •   IPX
             •   AppleTalk
             •   TCP/IP
             •   WINS and NetBIOS
             •   NAT - Network Address
                 Translation

                                         28
FETC 2009
            LAN Addressing
             • MAC (Media Access Control)
               00.0c.04b3.42.a1
             • IPX - 43456:000c.04b3.42a1
                • network (0-ffffffff)
                • MAC address
             • AppleTalk - 6501.239
                • Network (1-65279)
                • Node (1-254)
             • TCP/IP - 168.221.20.235
               Dotted Decimal Notation
                • Network
                • Host

                                            29
FETC 2009
       LAN Addressing - DHCP
            • Addresses are assigned and
              leased from a specific range by a
              server running Dynamic Host
              Configuration Protocol (DHCP)
            • May also use Boot-P




                                                  30
FETC 2009
              LAN Addressing
        • IP Addressing
        • 32 bit numbers
        • expressed in dotted decimal notation
          xxx.xxx.xxx.xxx (168.221.20.235)
        • each decimal number is equal 8 bits of
          binary data between 0 and 255
        • 168.221.20.235 =
          10101000.11011101.00010100.11101011
        • IP Addresses are arranged in classes

                                                   31
FETC 2009
            LAN Addressing
            • Binary Numbers

            • Decimal place values (0-9)
                 105       104   103 102 101               100
              100,000    10,000 1,000 100 10                1


            • Binary place values (0-1)
               27       26     25     24         23   22    21   20
              128       64     32     16         8    4     2    1

            • Hexadecimal place values
              (0-9,A,B,C,D,E,F)
               163       162    161        160
              4096       256    16          1




                                                                      32
FETC 2009
            LAN Addressing

               Number Systems




                                33
FETC 2009
            LAN Addressing




                             34
FETC 2009
            LAN Addressing




                             35
FETC 2009
            LAN Addressing




                             36
FETC 2009
            LAN Addressing




             http://www.gwmays.com/NumConV2/
                                               37
FETC 2009
            LAN Addressing
            • IP Classes
            • Class A
              • 1-126 N.H.H.H.H
              • 001.hhh.hhh.hhh to 126.hhh.hhh.hhh
              • 126 Networks of 16,777,214 Hosts
            • Class B
              • 128-191 N.N.H.H
              • 128.001.hhh.hhh to 191.254.hhh.hhh
              • 16,382 Networks of 65,534 Hosts

                                                 38
FETC 2009
            LAN Addressing
            • IP Classes
            • Class C
              • 192-223 N.N.N.H
              • 192.000.001.hhh to 223.255.254.hhh
              • 2,097,152 Networks of 254 Hosts
            • Class D and E reserved
            • CIDR Classless Interdomain Routing




                                                 39
FETC 2009
              LAN Addressing
            • IP Subnet Masks
              • spits a network into a collection of smaller
                networks
              • makes networks more manageable
              • can reduce traffic on each subnet
              • each network operates as an
                independent network
              • Example: 168.221.20.235 255.255.255.0
                 • 10101000.11011101.00010100.11101011
                 • 11111111.11111111.11111111.00000000
              • Host 235 on network 168.221.20.0

                                                           40
FETC 2009
•Subnetting Network 200.200.200.0
            • 200.200.200.0 255.255.255.0
              • One network
              • 254 hosts 200.200.200.1-254
              • Single broadcast domain




                                              41
FETC 2009
 Subnetting Network 200.200.200.0
            • 200.200.200.0 255.255.255.128
              • 126 hosts 200.200.200.1-126
            • 200.200.200.128 255.255.255.128
              • 126 hosts 200.200.200.129-254
            • Two networks
            • Two collision domains
            • Total hosts = 252



                                                42
FETC 2009
      Subnetting Network 200.200.200.0
            • 200.200.200.0 255.255.255.128
              • 126 hosts 200.200.200.1-126
            • 200.200.200.128 255.255.255.192
              • 62 hosts 200.200.200.129-190
            • 200.200.200.192 255.255.255.192
              • 62 hosts 200.200.200.193-254
            • Three networks
            • Three collision domains
            • Total hosts = 250

                                                43
FETC 2009
            Public and Private IP
                Addressing
             • Private network numbers
               • Class A
                  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
               • Class B
                  • 172.16.0.0 - 172.31.255.255
                    (172.16/12 prefix)
               • Class C
                  • 192.168.0.0 - 192.168.255.255
                    (192.168/16 prefix)
             • Use with a firewall or "IP Masquerade"
             • Network Address Translation.
                                                          44
FETC 2009
                           TCP & UDP
    • TCP stands for Transmission Control Protocol. Using this
      method, the computer sending the data connects directly
      to the computer it is sending the data it to, and stay
      connected for the duration of the transfer. With this
      method, the two computers can guarantee that the data
      has arrived safely and correctly, and then they disconnect
      the connection. This method of transferring data tends to
      be quicker and more reliable, but puts a higher load on
      the computer as it has to monitor the connection and the
      data going across it. A real life comparison to this method
      would be to pick up the phone and call a friend. You have
      a conversation and when it is over, you both hang up,
      releasing the connection.




                                                                    45
FETC 2009
                           TCP & UDP
      UDP stands for User Datagram Protocol. Using this method, the
      computer sending the data packages the information into a nice
      little package and releases it into the network with the hopes that it
      will get to the right place. What this means is that UDP does not
      connect directly to the receiving computer like TCP does, but rather
      sends the data out and relies on the devices in between the
      sending computer and the receiving computer to get the data where
      it is supposed to go properly. This method of transmission does not
      provide any guarantee that the data you send will ever reach its
      destination. On the other hand, this method of transmission has a
      very low overhead and is therefore very popular to use for services
      that are not that important to work on the first try. A comparison you
      can use for this method is the plain old US Postal Service. You
      place your mail in the mailbox and hope the Postal Service will get
      it to the proper location. Most of the time they do, but sometimes it
      gets lost along the way.
                                                                           46
FETC 2009
                  TCP & UDP Ports
            • As you know every computer or device on the Internet
              must have a unique number assigned to it called the IP
              address. This IP address is used to recognize your
              particular computer out of the millions of other
              computers connected to the Internet. When
              information is sent over the Internet to your computer
              how does your computer accept that information? It
              accepts that information by using TCP or UDP ports.

            • An easy way to understand ports is to imagine your IP
              address is a cable box and the ports are the different
              channels on that cable box. The cable company knows
              how to send cable to your cable box based upon a
              unique serial number associated with that box (IP
              Address), and then you receive the individual shows
              on different channels (Ports).

                                                                       47
FETC 2009
                      TCP & UDP Ports
   • Ports work the same way. You have an IP address, and then
     many ports on that IP address. When I say many, I mean many.
     You can have a total of 65,535 TCP Ports and another 65,535
     UDP ports. When a program on your computer sends or receives
     data over the Internet it sends that data to an ip address and a
     specific port on the remote computer, and receives the data on a
     usually random port on its own computer. If it uses the TCP
     protocol to send and receive the data then it will connect and bind
     itself to a TCP port. If it uses the UDP protocol to send and
     receive data, it will use a UDP port. Below, is a representation of
     an IP address split into its many TCP and UDP ports. Note that
     once an application binds itself to a particular port, that port can
     not be used by any other application. It is first come, first served.




                                                                             48
FETC 2009
            Network Address
              Translation
             • Using Private IP address on your
               network and translating them to
               Public IP outside your network




                                                  49
FETC 2009
                          NAT
            • The NAT router or Firewall translates
              traffic coming into and leaving the
              private network.




                                                      50
FETC 2009
                                 NAT
   • Static NAT - Mapping an unregistered IP
     address to a registered IP address on a one-to-
     one basis. Particularly useful when a device
     needs to be accessible from outside the network.




               In static NAT, the computer with the IP address of
              192.168.32.10 will always translate to 213.18.123.110.

                                                                       51
FETC 2009
                                      NAT
       • Dynamic NAT - Maps an unregistered IP address
         to a registered IP address from a group of
         registered IP addresses




            In dynamic NAT, the computer with the IP address 192.168.32.10
                will translate to the first available address in the range from
                               213.18.123.100 to 213.18.123.150.
                                                                                  52
FETC 2009
                                            NAT
 •   NAT overloading utilizes a feature of the TCP/IP protocol stack, multiplexing, that
     allows a computer to maintain several concurrent connections with a remote computer
     (or computers) using different TCP or UDP ports. An IP packet has a header that
     contains the following information:
 •   Source Address - The IP address of the originating computer, such as 201.3.83.132
 •   Source Port - The TCP or UDP port number assigned by the originating computer for
     this packet, such as Port 1080
 •   Destination Address - The IP address of the receiving computer, such as
     145.51.18.223
 •   Destination Port - The TCP or UDP port number that the originating computer is
     asking the receiving computer to open, such as Port 3021

                                             Source          Source                     NAT Router's
                                 Source                                 NAT Router's
                                           Computer's      Computer's                    Assigned
                                Computer                                 IP Address
                                           IP Address         Port                      Port Number


                                   A       192.168.32.10      400       215.37.32.203        1

                                   B       192.168.32.13      50        215.37.32.203        2

                                   C       192.168.32.15     3750       215.37.32.203        3

                                   D       192.168.32.18      206       215.37.32.203        4

                                                                                                       53
FETC 2009
                       What is IPv6?
    • IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next
      generation" protocol designed by the IETF to replace the current
      version Internet Protocol, IP Version 4 ("IPv4")

    • The primary change from IPv4 to IPv6 is the length of network
      addresses. IPv6 addresses are 128 bits long, whereas IPv4
      addresses are 32 bits;
    • IPv4 address space contains 4,294,967,296 addresses
    • IPv6 has enough room for
      340,282,366,920,938,463,463,374,607,431,768,211,456
      (340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938
      septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607
      trillion, 431 billion, 768 million, 211 thousand, 456) unique
      addresses.

                                                                           54
FETC 2009
                   What is IPv6?
    • IPv6 addresses are normally written as eight groups
      of four hexadecimal digits.

    • For example,
          2001:0db8:85a3:08d3:1319:8a2e:0370:7334
          is a valid IPv6 address




                                                            55
FETC 2009
            Networking Models
              • Peer-to-Peer
              • Client Server




                                56
FETC 2009
            Network Topologies




                                 57
FETC 2009
            Ethernet
            • CSMA/CD
              • Carrier sense Multiple
                access/collision detection
              • networks with over 35%
                utilization experience high
                collision rates and delays
              • maximum number of nodes
                1024
              • four repeater rule



                                              58
FETC 2009
            Token Ring
                • CSMA/CA
                  • Token passing
                  • Developed by IBM
                  • 260 nodes per
                    network




                                       59
FETC 2009
        Hubs, Switches, and Routers
             • Unmanaged vs Managed
             • Growth Potential
             • Expansion
               • Cascade




                                      60
FETC 2009
        Hubs, Switches, and Routers
                 • Hubs - Layer 2 (MAC
                   address)
                    • Multiport Repeater
                 • Switches - Layer 2 or 3
                    • Layer 2 (MAC address)
                      segments network
                    • Layer 3 (Network address)
                      segments network
                 • Routers - Layer 3
                    • Network layer segments
                      network


                                                  61
FETC 2009
            Switches




                       62
FETC 2009
            Power over Ethernet (POE)
                    Switches




                                        63
FETC 2009
            Switches – MAC Table
                 Dynamic Address Count:                 116
                 Secure Address Count:                  0
                 Static Address (User-defined) Count:   0
                 System Self Address Count:             76
                 Total MAC addresses:                   192
                 Maximum MAC addresses:                 8192
                 Non-static Address Table:
                 Destination Address Address Type VLAN Destination Port
                 ------------------- ------------ ---- --------------------
                 0000.0c07.ac33       Dynamic         51 GigabitEthernet0/1
                 0000.0c07.acff       Dynamic        998 GigabitEthernet0/4
                 0001.023c.ad29       Dynamic         51 GigabitEthernet0/1
                 0001.e68a.7f84       Dynamic         51 GigabitEthernet0/5
                 0001.e697.2643       Dynamic         51 GigabitEthernet0/16
                 0001.e699.9263       Dynamic         51 GigabitEthernet0/6
                 0001.e69b.fe39       Dynamic         51 GigabitEthernet0/12
                 0001.e69d.2f99       Dynamic         51 GigabitEthernet0/1
                 0001.e69e.4f14       Dynamic         51 GigabitEthernet0/13
                 0002.a535.529b       Dynamic         51 GigabitEthernet0/12
                 0002.fd70.9ec0       Dynamic        998 GigabitEthernet0/8
                 0005.317b.83fc       Dynamic         51 GigabitEthernet0/12
                 0005.317b.83fc       Dynamic        998 GigabitEthernet0/1
                 0005.5e50.0b82       Dynamic         51 GigabitEthernet0/2
                 0005.5e50.0b82       Dynamic        998 GigabitEthernet0/2
                 0005.dd3e.b900       Dynamic        998 GigabitEthernet0/1
                 0006.2977.202d       Dynamic         51 GigabitEthernet0/1
                 0006.2977.352c       Dynamic         51 GigabitEthernet0/8
                 0006.536c.9ff2       Dynamic          1 GigabitEthernet0/3
                 0006.536c.9ff2       Dynamic         51 GigabitEthernet0/1
                 0006.536c.9ff2       Dynamic        998 GigabitEthernet0/9
                 0006.536c.c800       Dynamic        998 GigabitEthernet0/1
                 0006.5b16.0121       Dynamic         51 GigabitEthernet0/10




                                                                               64
FETC 2009
            Hubs vs Switches




                               65
FETC 2009
            Switching




                        66
FETC 2009
            Switching Layers
             • Layer 2 - (MAC address)
               segments network


             • Layer 3 - (Network address)
               segments network


             • Layer 4 - restricts access by port
               UDP TCP

                                                    67
FETC 2009
       QOS (Quality of Service)
    • Quality of Service is the ability to provide different
      priority to different applications, users, or data flows, or
      to guarantee a certain level of performance to a data
      flow.

    • Quality of Service guarantees are important if the
      network capacity is limited, for example in cellular data
      communication, especially for real-time streaming
      multimedia applications, for example voice over IP and
      IP-TV, since these often require fixed bit rate and are
      delay sensitive.


                                                                     68
FETC 2009
                               Routers
     A router is a device in computer networking that forwards data
     packets to their destinations, based on their addresses. The work
     a router does it called routing, which is somewhat like switching,
     but a router is different from a switch. The latter is simply a device
     to connect machines to form a LAN.




                                                                              69
FETC 2009
                               Routers
 When data packets are transmitted over a network (say the Internet), they
 move through many routers (because they pass through many networks)
 in their journey from the source machine to the destination machine.
 Routers work with IP packets, meaning that it works at the level of the IP
 protocol.

 Each router keeps information about its neighbors (other routers in the
 same or other networks). This information includes the IP address and the
 cost, which is in terms of time, delay and other network considerations.
 This information is kept in a routing table, found in all routers.

 When a packet of data arrives at a router, its header information is
 scrutinized by the router. Based on the destination and source IP
 addresses of the packet, the router decides which neighbor it will forward
 it to. It chooses the route with the least cost, and forwards the packet to
 the first router on that route.
                                                                               70
FETC 2009
            Routers




                      71
FETC 2009
                                          Routers
            Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
               D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
               N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
               E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
               i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
               * - candidate default, U - per-user static route, o - ODR
               P - periodic downloaded static route

            Gateway of last resort is 168.221.27.138 to network 0.0.0.0

            S    192.168.209.0/24 [1/0] via 192.168.37.6
                168.221.0.0/16 is variably subnetted, 597 subnets, 9 masks
            D      168.221.237.152/30 [90/190976] via 168.221.191.75, 23:39:18, Serial3/1.1
            D      168.221.236.152/30 [90/190976] via 168.221.205.10, 23:39:15, Serial3/1.4
            D      168.221.239.152/30 [90/190976] via 168.221.191.117, 23:39:08, Serial3/1.1
            D      168.221.238.152/30 [90/190976] via 168.221.252.40, 23:39:17, Serial3/0.1
            D      168.221.236.156/30 [90/190976] via 168.221.202.22, 23:39:11, Serial3/0.7
            D      168.221.38.85/32
                    [90/24821248] via 168.221.27.99, 00:31:26, GigabitEthernet4/0.3
                    [90/24821248] via 168.221.27.135, 00:31:26, GigabitEthernet4/0.1
                    [90/24821248] via 168.221.27.6, 00:31:26, GigabitEthernet4/0.2
                    [90/24821248] via 168.221.27.134, 00:31:26, GigabitEthernet4/0.1
            D      168.221.235.152/30 [90/190976] via 168.221.252.127, 23:39:14, Serial3/0.1
            D      168.221.239.156/30 [90/190976] via 168.221.202.110, 23:39:21, Serial3/0.29




                                                                                                72
FETC 2009
            Network Protocols
              • VLAN
              • Trunking
              • Half Duplex/Full Duplex




                                          73
FETC 2009
            VLANs




                    74
FETC 2009
            VLANs




                    75
FETC 2009
            Wireless Networking




                                  76
FETC 2009
    Wireless Networking – 802.11


     In 1997, the Institute of Electrical and Electronics
     Engineers (IEEE) created the first WLAN standard.
     They called it 802.11 after the name of the group
     formed to oversee its development. Unfortunately,
     802.11 only supported a maximum bandwidth of 2
     Mbps - too slow for most applications. For this reason,
     ordinary 802.11 wireless products are no longer being
     manufactured.



                                                               77
FETC 2009
                Wireless - WiFi
            •   Short for ‘wireless fidelity’. A term for certain
                types of wireless local area networks (WLAN)
                that use specifications conforming to IEEE
                802.11b. WiFi has gained acceptance in many
                environments as an alternative to a wired LAN.

            •   Many airports, hotels, and other services offer
                public access to WiFi networks so people can
                log onto the Internet and receive emails on the
                move. These locations are known as hotspots.

            •   Low power, Short Distance, Non-penetrating,
                unlicensed




                                                                    78
FETC 2009
   Wireless Networking – 802.11b
IEEE expanded on the original 802.11 standard in 1999, creating the
802.11b specification. 802.11b supports bandwidth up to 11 Mbps,
comparable to traditional Ethernet. 802.11b uses the same radio signaling
frequency - 2.4 GHz - as the original 802.11 standard. Being an
unregulated frequency, 802.11b gear can incur interference from
microwave ovens, cordless phones, and other appliances using the same
2.4 GHz range. However, by installing 802.11b gear a reasonable distance
from other appliances, interference can easily be avoided. Vendors often
prefer using unregulated frequencies to lower their production costs.

Pros of 802.11b - lowest cost; signal range is best and is not easily
obstructed

Cons of 802.11b - slowest maximum speed; supports fewer simultaneous
users; appliances may interfere on the unregulated frequency band.

                                                                            79
FETC 2009
    Wireless Networking – 802.11a
At the same time 802.11b was developed, IEEE created a second extension to the
original 802.11 standard called 802.11a. Because 802.11b gained in popularity
much faster than did 802.11a, some folks believe that 802.11a was created after
802.11b. In fact, 802.11a was created at the same time and intended mainly for
the business market, whereas 802.11b better serves the home market. 802.11a
supports bandwidth up to 54 Mbps and signals in a regulated 5 GHz range.
Compared to 802.11b, this higher frequency limits the range of 802.11a. The
higher frequency also means 802.11a signals have more difficulty penetrating
walls and other obstructions. Because 802.11a and 802.11b utilize different
frequencies, the two technologies are incompatible with each other. Some vendors
offer hybrid 802.11a/b network gear, but these products simply implement the two
standards side by side.

Pros of 802.11a - fastest maximum speed; supports more simultaneous users;
regulated frequencies prevent signal interference from other devices

Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed

                                                                                      80
FETC 2009
   Wireless Networking – 802.11g
In 2002 and 2003, WLAN products supporting a new standard called
802.11g began to appear on the scene. 802.11g attempts to combine the
best of both 802.11a and 802.11g. 802.11g supports bandwidth up to 54
Mbps, and it uses the 2.4 Ghz frequency for greater range. 802.11g is
backwards compatible with 802.11b, meaning that 802.11g access points
will work with 802.11b wireless network adapters and vice versa.

Pros of 802.11g - fastest maximum speed; supports more simultaneous
users; signal range is best and is not easily obstructed

Cons of 802.11g - costs more than 802.11b; appliances may interfere on
the unregulated signal




                                                                         81
FETC 2009
            Wireless - WiMax
             •   WiMAX refers to broadband wireless networks
                 that are based on the IEEE 802.16 standard,
                 which ensures compatibility and interoperability
                 between broadband wireless access equipment.

             •   Acronym that stands for Worldwide Interoperability
                 for Microwave Access

             •   High power, long distance (31 miles), penetrating,
                 usually licensed




                                                                      82
FETC 2009
            Wireless – WiMax (802.16)
                • Broadband Wireless Access Standard
                  that provides secure, full-duplex, fixed
                  wireless MAN service. Also known as
                  WiMAX, throughput can reach 75 Mbps
                  and does not require line-of-sight to
                  operate. The 802.16e extension adds
                  roaming outside of a “home” service
                  area. Reach can extend from one mile
                  at full speed to 30 miles at reduced
                  throughput.



                                                             83
FETC 2009
Wireless Networking – Bluetooth


Bluetooth is an alternative wireless network technology that
followed a different development path than the 802.11 family.
Bluetooth supports a very short range (approximately 10
meters) and relatively low bandwidth (1 Mbps). In practice,
Bluetooth networks PDAs or cell phones with PCs but does
not offer much value for general-purpose WLAN networking.
The very low manufacturing cost of Bluetooth appeals to
vendors.




                                                                84
FETC 2009
      Wireless Security - Authentication
            •   PAP          Password Authentication Protocol.
            •   CHAP         Challenge Handshake Authentication Protocol.
            •   MS-CHAP      Microsoft implementation of CHAP protocol.

            •   Wireless LAN authentication Extensible Authentication Protocol
                (EAP) for 802.1x port-based authentication used in 802.11
                WLANs.

            •   EAP-MD5      Mandatory EAP authentication method
            •   EAP-LEAP     EAP-Lightweight EAP. Cisco's proprietary EAP
                             method; works only with Cisco and Apple WLAN
                             equipment.
            •   EAP-TLS      EAP-Transport Layer Security. Provides mutual
                             authentication, but requires client and server
                             certificates.
            •   EAP-TTLS     EAP-Tunneled Transport Layer Security. A
                             proprietary method that provides mutual
                             authentication, but requires server certificate
                             distribution and administration. The clients are
                             proprietary and cost between $25-$50 each.
            •   EAP-PEAP     EAP-Protected EAP. An emerging protocol
                             backed by Microsoft, Cisco, and RSA Security
                             that provides mutual authentication.
                                                                                 85
FETC 2009
      Wireless Security - Authentication
              • Local Database

              • Radius (Remote Authentication
                Dial In User Service)

              • Active Directory




                                                86
FETC 2009
            Wiring Types
            • Fiber Optics
              • Connectors
              • Single mode vs Multimode
            • Copper(Twisted Pair)
              • Categories
            • Copper (Coaxial)




                                           87
FETC 2009
            Structured Networking
                • Future-Proof the Network Design
                  • ...the objective is to enable the
                    adoption of new technologies
                    with minimal retrofit and cost
                     • provide a scalable foundation
                       that allows new technologies to
                       be added incrementally and
                       economically, enhancing the
                       capabilities of the network




                                                         88
FETC 2009
            Structured Networking
                • Implement structured wiring and
                  intelligent hubs
                  • provides path for upgrading
                  • remotely monitor port-level
                    activity
                  • isolated problem station
                  • collect statistics




                                                    89
FETC 2009
            Structured Networking
                • Structured network design
                  • highly organized
                  • hierarchical approach




                                              90
FETC 2009
            Structured Networking
                • Establish network centers
                  • centralize expensive equipment
                  • easier to troubleshoot
                  • easier to secure




                                                     91
FETC 2009
  Factors in Network Design

            • Performance

            • Scalability

            • Cost

            • Manageability




                              92
FETC 2009
       Broadband vs Baseband
            • broadband (multiplexing)
              • transmitting multiple signals at
                once by subdividing into
                channels
            • baseband
              • transmits all signals through a
                single channel
            • bandwidth
              • network carrying capacity


                                                   93
FETC 2009
            Multiplexing
            • Time division multiplexing

              CC|BB|AA|CC|BB|AA|CC|BB|AA

            • Frequency division multiplexing

                 AAAAAAAAAAAAAAAAAA
                BBBBBBBBBBBBBBBBBBB
                CCCCCCCCCCCCCCCCCC
                                                94
FETC 2009
            Traffic Management
              •   IP TV
              •   Real Audio
              •   PointCast
              •   Broadcast
              •   Unicast
              •   Multicast
              •   Viruses
              •   Worms


                                 95
FETC 2009
            Troubleshooting Your
                  Network
               • Knowing your network
                  •   Application metering
                  •   Network management systems
                  •   Baseline and trend analysis
                  •   Broadcasts
                  •   Response time
                  •   Retransmissions
                  •   Routing
                  •   Bandwidth and throughput
                  •   Traffic characterization
                  •   Optimization

                                                    96
FETC 2009
            Troubleshooting Your
                  Network
               • Troubleshooting Methodology
                 •   Gather information
                 •   Isolate the problem
                 •   Apply corrective measures
                 •   Monitor results




                                                 97
FETC 2009
            Troubleshooting Your
                  Network
               •   Analyzer (packet capture)
               •   Tone and Probe
               •   Test All
               •   DVM
               •   Performance Monitor
               •   Network Health Monitor




                                               98
FETC 2009
        Troubleshooting Your
              Network
            •   Protocol analyzers
            •   Triggers
            •   Displays
            •   Monitoring
            •   Filters
            •   Report




                                     99
FETC 2009
            Troubleshooting Your
                  Network




               •   Link - Determine whether the drop is active, identify
                   its speed, duplex capabilities and service type.
                   10/100/1000 Mbps
               •   Ping - Verify connectivity to key devices.
               •   Cable verification - Multiple tests help you quickly
                   determine if cable is the problem.
               •   Cable identification - Document unmarked
                   segments, saving you hours of troubleshooting time.
               •   CDP/EDP - Precisely determine where network
                   drops terminate on Cisco and Extreme switches
                                                                           100
FETC 2009
            Troubleshooting Your
                  Network
               • Cable Testers
                 •   Impedance and crosstalk
                 •   Near-end crosstalk (NEXT)
                 •   Pair-matching
                 •   Cable length




                                                 101
FETC 2009
            Troubleshooting Your
                  Network
               •   Ping
               •   Trace Route
               •   NSLookup
               •   Telnet
               •   Routing Tables
               •   IP Config
               •   Winipcfg



                                    102
FETC 2009
            Ping (Packet Internet
                   Grope)




                                    103
FETC 2009
            TraceRoute




                         104
FETC 2009
            Tracert www.uwa.edu.au
              •   Tracert www.uwa.edu.au

              •   Tracing route to mysource.webcluster.uwa.edu.au [130.95.128.111]
              •   over a maximum of 30 hops:
              •   1 21 ms 20 ms 20 ms adsl-3-11-1.mia.bellsouth.net [65.3.11.1]
              •    2 21 ms 21 ms 22 ms adsl-152-108-1.mia.bellsouth.net [205.152.108.1]
              •    3 21 ms 21 ms 21 ms 205.152.145.161
              •    4 21 ms 20 ms 21 ms axr00mia-1-3-1.bellsouth.net [65.83.237.10]
              •    5 20 ms 21 ms 21 ms pxr00mia-2-0-0.bellsouth.net [65.83.236.18]
              •    6 22 ms 21 ms 22 ms 0.so-0-0-0.GW8.MIA4.ALTER.NET [65.208.86.153]
              •    7 21 ms 21 ms 21 ms 0.so-1-3-0.xl2.mia4.alter.net [152.63.84.122]
              •    8 37 ms 39 ms 38 ms 0.so-4-2-0.xl2.atl5.alter.net [152.63.81.81]
              •    9 37 ms 37 ms 37 ms pos7-0.br4.atl5.alter.net [152.63.84.153]
              •   10 54 ms 54 ms 54 ms 204.255.174.194
              •   11 55 ms 53 ms 54 ms sl-bb23-fw-13-0.sprintlink.net [144.232.8.67]
              •   12 83 ms 82 ms 83 ms sl-bb23-ana-11-2.sprintlink.net [144.232.8.77]
              •   13 93 ms 94 ms 93 ms sl-bb25-sj-9-0.sprintlink.net [144.232.20.159]
              •   14 98 ms 97 ms 98 ms 144.232.20.7
              •   15 96 ms 95 ms 96 ms sl-aarne-2-0.sprintlink.net [144.223.243.26]
              •   16 273 ms 261 ms 274 ms pos3-1-0.bb1.a.syd.aarnet.net.au [202.158.194.73]
              •   17 276 ms 275 ms 274 ms 10gigether0-0-0.bb1.b.syd.aarnet.net.au [202.158.194.46]
              •   18 434 ms 290 ms 286 ms pos3-0-0.bb1.a.mel.aarnet.net.au [202.158.194.33]
              •   19 280 ms 295 ms 295 ms pos3-0-0.bb1.a.adl.aarnet.net.au [202.158.194.17]
              •   20 322 ms 322 ms 323 ms pos0-1-0.bb1.a.per.aarnet.net.au [202.158.194.5]
              •   21 302 ms 304 ms 302 ms 202.158.198.10
              •   22 302 ms 302 ms 305 ms mysource.webcluster.uwa.edu.au [130.95.128.111]

              •   Trace complete.
                                                                                               105
FETC 2009
            NSLookup




                       106
FETC 2009
            WinIPCfg




                       107
FETC 2009
            IPConfig -a




                          108
FETC 2009
            Intranet/Extranet
             • Intranet
               • network and resources available
                 only to members of your
                 organization on your network.
             • Extranet
               • network and resources available
                 to members of your organization
                 on your network and selected
                 users off your network.
             • Not open to the public
               (anonymous users)

                                                   109
FETC 2009
            Packet Sniffer Capture




                                     110
FETC 2009
       Internet Access - Access




                                  111
FETC 2009
            Wide Area Networking
                • connecting LANs together over
                  great distance
                • connecting schools to district
                  offices or each other
                • connecting schools to the Internet
                • usually done with leased lines
                  and services




                                                       112
FETC 2009
            WAN Technologies
             • Methods of connecting two or more sites
               together
             • Universal Service Fund (Chapter 364)
               may provide up to $20,000 to offset
               installation charges
             • E-Rate available to reduce monthly
               charges
             • 2 Charges - line charges and Internet
               Access charges
             • Both charges based on bandwidth
             • All require equipment to connect to WAN
               - router and CSU/DSU etc

                                                         113
FETC 2009
            WAN Technologies
              • POTS (Plain Old Telephone Service)
                 • 56 Kbps<
                 • analog multipurpose phone line
                 • available everywhere
                 • unlimited distance with long distance
                   service
                 • requires modem to connect network to
                   phone line ($150)
                 • installation about $75 - monthly charges
                   $40




                                                              114
FETC 2009
            WAN Technologies
              • Wireless – WiMax
                • Point-to-Point
                • Point-to-Multipoint


              • MetroEthernet (NMLI – Native
                Mode LAN Interconnect)
                • Same speeds as ethernet
                • 10Mbs; 100Mbs; 1000Mbs



                                               115
FETC 2009
        Internet Access - Frame
                  Relay




                                  116
FETC 2009
        Internet Access - Registration
            • What is ICANN?

            • The Internet Corporation for Assigned Names and Numbers
              (ICANN) is responsible for managing and coordinating the
              Domain Name System (DNS) to ensure that every address is
              unique and that all users of the Internet can find all valid
              addresses. It does this by overseeing the distribution of
              unique IP addresses and domain names. It also ensures that
              each domain name maps to the correct IP address.

            • ICANN is also responsible for accrediting the domain name
              registrars. "Accredit" means to identify and set minimum
              standards for the performance of registration functions, to
              recognize persons or entities meeting those standards, and to
              enter into an accreditation agreement that sets forth the rules
              and procedures applicable to the provision of Registrar
              Services.


                                                                           117
FETC 2009
        Internet Access - Registration
             • Internic - .com .gov .edu .net
                • Internet Network Information Center
                • www.internic.net (800) 444-4345
                • Managed by Network Solutions, Inc.
                • Herndon, Virginia
                • Registering your domain -
                  company.com
                • Official names and numbers must be
                  registered with the InterNIC


                                                   118
FETC 2009
       Internet Access - Registration
            • http://www.isi.edu
            • The US Domain is an official top-level
              domain in the DNS of the Internet
              community.
            • It is administered by the US Domain Registry
              at the Information Sciences Institute of the
              University of Southern California (ISI), under
              the Internet Assigned Numbers Authority
              (IANA).
            • US is the ISO-3166 2-letter country code for
              the United States and thus the US Domain is
              established as a top-level domain and
              registered with the Internic the same way
              other country domains are.
                                                               119
FETC 2009
            Internet Access -
               Registration




                                120
FETC 2009
            Internet Access - DNS
                • Converts Hostnames to IP
                  addresses
                • www.dade.k12.fl.us ---
                  168.221.21.150
                • You may host your own DNS or
                  contract with another source
                • Must have primary DNS and
                  secondary DNS
                • DNS is a text file and special
                  software that is on a server
                                                   121
FETC 2009
            Internet Access - DNS
                • Must register your domain and
                  range of IP addresses
                • DNS contains name to address
                  resolutions
                • DNS contains Mail Exchange
                  Records
                • Caching DNS servers
                • Authoritative and Non-
                  authoritative

                                                  122
FETC 2009
            How DNS works




                            123
FETC 2009
            Sample of DNS file




                                 124
FETC 2009
            Security




                       125
FETC 2009
                    Security
            • Limit access to network (dial in)
            • Develop a security policy
            • Limit protocols IP, IPX, AT
            • NT and Novell running IP are vulnerable
            • Internal and External Attacks
            • Software for testing vulnerabilities
              (SATAN, Pingware, NetProbe)
            • Data Encryption
                • Mathematical algorithm rearranges bits
                • Both side must know the key to encrypt
                  or decrypt

                                                           126
FETC 2009
       Security - Vulnerabilities
            •   Back Orifice/Subseven/VNC
            •   Net Bus
            •   Operating System
            •   Attacks
            •   Spoofing
            •   Snooping/Sniffing
            •   Modems
            •   Viruses
            •   File and print sharing
                                            127
FETC 2009
            How Hackers Gain Access
 • Stealing Passwords
         • People who use the same password on multiple accounts,
           especially when some of those accounts are on public Internet
           sites with little to no security.
        • People who write their passwords down and store them in
          obvious places. Writing down passwords is often encouraged
          by the need to frequently change passwords.
        • The continued use of insecure protocols that transfer
          passwords in clear text, such as those used for Web surfing, e-
          mail, chat, file transfer, etc.
        • The threat of software and hardware keystroke loggers.
        • The problem of shoulder surfing or video surveillance.
 • Trojan Horses
         • The malicious payload of a Trojan horse can be anything. This
           includes programs that destroy hard drives, corrupt files, record
           keystrokes, monitor network traffic, track Web usage, duplicate e-
           mails, allow remote control and remote access, transmit data files
           to others, launch attacks against other targets, plant proxy
           servers, host file sharing services, and more.
                                                                                128
FETC 2009
            How Hackers Gain Access
 • Exploiting Defaults
    • Nothing makes attacking a target network easier than when that
      target is using the defaults set by the vendor or manufacturer.
      Many attack tools and exploit scripts assume that the target is
      configured using the default settings. Thus, one of the most
      effective and often overlooked security precautions is simply to
      change the defaults.

 • Trojan Horses
    • The malicious payload of a Trojan horse can be anything. This
      includes programs that destroy hard drives, corrupt
    • files, record keystrokes, monitor network traffic, track Web usage,
      duplicate e-mails, allow remote control
    • and remote access, transmit data files to others, launch attacks
      against other targets, plant proxy servers, host
    • file sharing services, and more.


                                                                            129
FETC 2009
             How Hackers Gain Access
 • Wireless Attacks
   • It is often the case that the time, effort, and expense required to
      secure wireless networks is significantly more than deploying a
      traditional wired network.

 • Research
     •   Knowing names of key employees and users
     •   Documents posted on the web
     •   Operating systems used
     •   Flaws in products

 • Being Persistent

 • Being a user on your network

 • Monitoring Vulnerability Research
                                                                           130
FETC 2009
       Security - Vulnerabilities
            •   Denial-of-service
            •   Trojan horse
            •   Worm
            •   PING sweeps
            •   Port scanning
            •   Software holes
            •   Social engineering
            •   SPAM
            •   Spyware/Malware
                                     131
FETC 2009
            Security - Policies
              • Business Continuity Plan
              • Disaster Recovery Plan
              • Physical Security Policy
                • Barriers, Detection, Response
              • User Security Policy
                • User Education
                • Security Awareness
              • Network Security
                • Architecture
                • Services and Access

                                                  132
FETC 2009
        Security - Configuration
             •   New System with patches
             •   Disable Excess Services
             •   Remove Nonessential Programs
             •   Use Warning Banners
             •   Limit User Access
             •   Enable Logging
             •   Enable Auditing
             •   Disable scripting


                                                133
FETC 2009
            Security - Tools
             • Vulnerability Assessments
                 •   Nessus (Open Source)
                 •   X-Scan (Open Source)
                 •   Retina
                 •   NewT
                 •   LANguard
             •   Ping Sweeps
             •   Port Scanners
             •   Banner Grabbing
             •   OS Guessing

                                            134
FETC 2009
            Security - Response
               •   Preparation
               •   Initial Response
               •   Incident Management
               •   Forensics
               •   Tools Analysis
               •   Documentation




                                         135
FETC 2009
            Security – Wireless
              • Not very secure
              • Factory defaults
              • War driving
                  • Netstumbler
              •   WEP
              •   Mac address tables
              •   VPN
              •   Passwords


                                       136
FETC 2009
         Viruses, Worms and Trojans, Oh My!
     Viruses - A virus is a small piece of software that piggybacks on real programs. For
      example, a virus might attach itself to a program such as a spreadsheet program.
      Each time the spreadsheet program runs, the virus runs, too, and it has the chance to
      reproduce (by attaching to other programs) or wreak havoc.

     E-mail viruses - An e-mail virus moves around in e-mail messages, and usually
      replicates itself by automatically mailing itself to dozens of people in the victim's e-
      mail address book.

     Worms - A worm is a small piece of software that uses computer networks and
      security holes to replicate itself. A copy of the worm scans the network for another
      machine that has a specific security hole. It copies itself to the new machine using the
      security hole, and then starts replicating from there, as well.

     Trojan horses - A Trojan horse is simply a computer program. The program claims
      to do one thing (it may claim to be a game) but instead does damage when you run it
      (it may erase your hard disk). Trojan horses have no way to replicate automatically.




                                                                                                 137
FETC 2009
            Security - Hackers
             • Hacks, Cracks, Phreaks, Pirates




                                                 138
FETC 2009
      Internet Access - Security
            •   Passwords             •   Tunneling
            •   Password generators   •   Firewall
            •   Password Encryption   •   Access lists
            •   Timed passwords       •   Servers
            •   Encryption            •   DMZ
            •   Private IP networks   •   VPN
            •   Routing tables




                                                         139
FETC 2009
                         Firewalls
 • Connecting your network to the world gives the world
   access to your network
 • A firewall is simply a program or hardware device that
   filters the information coming through the Internet
   connection into your private network or computer system.
   If an incoming packet of information is flagged by the
   filters, it is not allowed through.
 • The firewall applies a set of rules to either accept or reject
   each packet




                                                                    140
FETC 2009
                              Firewalls
 • Firewalls use one or more of three methods to control traffic flowing in
   and out of the network:

     • Packet filtering - Packets (small chunks of data) are analyzed
       against a set of filters. Packets that make it through the filters are
       sent to the requesting system and all others are discarded.

     • Proxy service - Information from the Internet is retrieved by the
       firewall and then sent to the requesting system and vice versa.

     • Stateful inspection - A newer method that doesn't examine the
       contents of each packet but instead compares certain key parts of
       the packet to a database of trusted information. Information
       traveling from inside the firewall to the outside is monitored for
       specific defining characteristics, then incoming information is
       compared to these characteristics. If the comparison yields a
       reasonable match, the information is allowed through. Otherwise it
       is discarded.
                                                                                141
FETC 2009
                            Firewalls
 • Firewalls are customizable. This means that you can add or remove
   filters based on several conditions. Some of these are:

    • IP addresses - Each machine on the Internet is assigned a unique
      address called an IP address. IP addresses are 32-bit numbers,
      normally expressed as four "octets" in a "dotted decimal number."
      A typical IP address looks like this: 216.27.61.137. For example, if
      a certain IP address outside the company is reading too many files
      from a server, the firewall can block all traffic to or from that IP
      address.

    • Domain names - A company might block all access to certain
      domain names, or allow access only to specific domain names.


                                                                             142
FETC 2009
                                     Firewalls
 •   Protocols - The protocol is the pre-defined way that someone who wants to use a
     service talks with that service. The "someone" could be a person, but more often it is a
     computer program like a Web browser. Protocols are often text, and simply describe
     how the client and server will have their conversation. The http in the Web's protocol.
     Some common protocols that you can set firewall filters for include:

      •   IP (Internet Protocol) - the main delivery system for information over the Internet
      •   TCP (Transport Control Protocol) - used to break apart and rebuild information that
          travels over the Internet
      •   HTTP (Hyper Text Transfer Protocol) - used for Web pages
      •   FTP (File Transfer Protocol) - used to download and upload files
      •   UDP (User Datagram Protocol) - used for information that requires no response, such as
          streaming audio and video
      •   ICMP (Internet Control Message Protocol) - used by a router to exchange the information
          with other routers
      •   SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
      •   SNMP (Simple Network Management Protocol) - used to collect system information from
          a remote computer
      •   Telnet - used to perform commands on a remote computer

 •   A company might set up only one or two machines to handle a specific protocol and ban
     that protocol on all other machines.

                                                                                                    143
FETC 2009
                              Firewalls
 • Ports - Any server machine makes its services available to the
   Internet using numbered ports, one for each service that is available
   on the server. For example, if a server machine is running a Web
   (HTTP) server and an FTP server, the Web server would typically be
   available on port 80, and the FTP server would be available on port
   21. A company might block port 21 access on all machines but one
   inside the company.

 • Specific words and phrases - This can be anything. The firewall will
   sniff (search through) each packet of information for an exact match of
   the text listed in the filter. For example, you could instruct the firewall
   to block any packet with the word "X-rated" in it. The key here is that it
   has to be an exact match. The "X-rated" filter would not catch "X
   rated" (no hyphen). But you can include as many words, phrases and
   variations of them as you need.
                                                                                 144
FETC 2009
         Firewalls – What they can protect you from

 •   Remote login - When someone is able to connect to your computer and
     control it in some form. This can range from being able to view or access your
     files to actually running programs on your computer.

 •   Application backdoors - Some programs have special features that allow for
     remote access. Others contain bugs that provide a backdoor, or hidden
     access, that provides some level of control of the program.

 •   SMTP session hijacking - SMTP is the most common method of sending e-
     mail over the Internet. By gaining access to a list of e-mail addresses, a
     person can send unsolicited junk e-mail (spam) to thousands of users. This is
     done quite often by redirecting the e-mail through the SMTP server of an
     unsuspecting host, making the actual sender of the spam difficult to trace.

 •   Operating system bugs - Like applications, some operating systems have
     backdoors. Others provide remote access with insufficient security controls or
     have bugs that an experienced hacker can take advantage of.

                                                                                      145
FETC 2009
         Firewalls – What they can protect you from


 •   Denial of service - You have probably heard this phrase used in news reports
     on the attacks on major Web sites. This type of attack is nearly impossible to
     counter. What happens is that the hacker sends a request to the server to
     connect to it. When the server responds with an acknowledgement and tries to
     establish a session, it cannot find the system that made the request. By
     inundating a server with these unanswerable session requests, a hacker
     causes the server to slow to a crawl or eventually crash.

 •   E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends
     you the same e-mail hundreds or thousands of times until your e-mail system
     cannot accept any more messages.

 •   Macros - To simplify complicated procedures, many applications allow you to
     create a script of commands that the application can run. This script is known
     as a macro. Hackers have taken advantage of this to create their own macros
     that, depending on the application, can destroy your data or crash your
     computer.



                                                                                      146
FETC 2009
        Firewalls – What they can protect you from

 • Viruses - Probably the most well-known threat is computer viruses. A
   virus is a small program that can copy itself to other computers. This
   way it can spread quickly from one system to the next. Viruses range
   from harmless messages to erasing all of your data.

 • Spam - Typically harmless but always annoying, spam is the
   electronic equivalent of junk mail. Spam can be dangerous though.
   Quite often it contains links to Web sites. Be careful of clicking on
   these because you may accidentally accept a cookie that provides a
   backdoor to your computer.

 • Redirect bombs - Hackers can use ICMP to change (redirect) the
   path information takes by sending it to a different router. This is one of
   the ways that a denial of service attack is set up.

                                                                                147
FETC 2009
               Firewalls
            • IP address filtering - checking
              source and destination addresses
            • TCP/UDP port filtering (server
              and client)
              • permit access to port 80 (http)
              • deny access to port 23 (telnet)
            • ACK bit




                                                  148
FETC 2009
            Firewalls




                        149
FETC 2009
                  Firewalls


            Network




                              150
FETC 2009
            Firewall Compliments
                  •Bastion Hosts
                  •Proxy servers
                  •Reverse proxy servers
                  •Cache engines
                  •Packet filter
                  •Intrusion detection systems
                  •Packet hound
                  •Stateful inspection
                  •SPAM/Virus filter
                                                 151
FETC 2009
Intrusion Detection and Prevention (IDS & IPS)

              • ID stands for Intrusion Detection,
                which is the art of detecting
                inappropriate, incorrect, or
                anomalous activity. ID systems
                that operate on a host to detect
                malicious activity on that host are
                called host-based ID systems,
                and ID systems that operate on
                network data flows are called
                network-based ID systems.

                                                      152
FETC 2009
Intrusion Detection and Prevention (IDS & IPS)

              • Sometimes, a distinction is made
                between misuse and intrusion
                detection.

                 • The term intrusion is used to describe
                   attacks from the outside; whereas,

                 • misuse is used to describe an attack
                   that originates from the internal
                   network. However, most people don't
                   draw such distinctions.

              • The most common approaches to ID
                are statistical anomaly detection and
                pattern-matching detection.

                                                            153
FETC 2009
                                      Spyware
 Spyware is any technology that aids in gathering information about a person or organization
 without their knowledge. On the Internet (where it is sometimes called a spybot or tracking
 software), spyware is programming that is put in someone's computer to secretly gather
 information about the user and relay it to advertisers or other interested parties. Spyware can
 get in a computer as a software virus or as the result of installing a new program.

 Data collecting programs that are installed with the user's knowledge are not, properly
 speaking, spyware, if the user fully understands what data is being collected and with whom it
 is being shared. However, spyware is often installed without the user's consent, as a drive-by
 download, or as the result of clicking some option in a deceptive pop-up window.

 The cookie is a well-known mechanism for storing information about an Internet user on their
 own computer. However, the existence of cookies and their use is generally not concealed from
 users, who can also disallow access to cookie information. Nevertheless, to the extent that a
 Web site stores information about you in a cookie that you don't know about, the cookie
 mechanism could be considered a form of spyware.




                                                                                                   154
FETC 2009
                  adware
            • adware (spelled all lower case) is
              any software application in which
              advertising banners are displayed
              while the program is running




                                                   155
FETC 2009
      Removing Spyware and adware
            • Free programs
              •   Spysweeper
              •   Spybott
              •   Ad-Aware
              •   Spychecker
              •   Microsoft Windows Defender
                  (Beta 2)
            • Immunize your system



                                               156
FETC 2009
      Internet Access - Filtering
            • Filter on known sites
              • Found by Bots - checked by
                humans
              • Key words or word searches




                                             157
FETC 2009
       VPN – Virtual Private Network
            •   A virtual private network (VPN) is a way to use a public
                telecommunication infrastructure, such as the Internet,
                to provide remote offices or individual users with
                secure access to their organization's network. A virtual
                private network can be contrasted with an expensive
                system of owned or leased lines that can only be used
                by one organization. The goal of a VPN is to provide
                the organization with the same capabilities, but at a
                much lower cost.

            •   A VPN works by using the shared public infrastructure
                while maintaining privacy through security procedures
                and tunneling protocols such as the Layer Two
                Tunneling Protocol (L2TP). In effect, the protocols, by
                encrypting data at the sending end and decrypting it at
                the receiving end, send the data through a "tunnel" that
                cannot be "entered" by data that is not properly
                encrypted. An additional level of security involves
                encrypting not only the data, but also the originating
                and receiving network addresses.

                                                                           158
FETC 2009
       VPN – Virtual Private Network




                                       159
FETC 2009
      Internet Access - Filtering
                      •   X-Stop
                      •   SurfWatch
                      •   Net Nanny
                      •   Cyber Patrol
                      •   Cyber Sitter
                      •   WebSense
                      •   WatchGuard
                      •   Proxy Servers
                      •   Router Tables

                                          160
FETC 2009
           Internet Access - Filtering
 10.100.27.46 2003/01/21 0013:38:42 PASSED http://printartist.sierrahome.com/img/treasurebox03.jpg
 10.205.162.138 2003/01/21 0013:38:42 PASSED http://www.miami.com/images/logos/site/miami/miamiherald/site_logo.gif
 10.100.43.99 2003/01/21 0013:38:42 PASSED http://www.babyphat.com/product_images/BP-ST3909_037_tx.jpg
 10.201.225.253 2003/01/21 0013:38:42 PASSED http://rcm-images.amazon.com/images/G/01/rcm/100x60_banner.gif
 10.200.76.152 2003/01/21 0013:38:42 PASSED http://movies.go.com/movies/H/houseof1000corpses_2001/trailers/win1.htm
 10.100.204.240 2003/01/21 0013:38:42 PASSED http://www.apple.com/
 10.203.82.16 2003/01/21 0013:38:42 PASSED http://www.lib.lsu.edu/images/goldpixel.gif
 10.200.150.182 2003/01/21 0013:38:42 PASSED http:// partners.starnetsystem
 10.200.150.182 2003/01/21 0013:38:42 GAMB http://www.sportsbetting.com/
 10.202.26.8 2003/01/21 0013:38:42 PASSED http://www.bowwow.com.au/css/images/nav_r01_c1.gif
 10.204.237.76 2003/01/21 0013:38:42 PASSED http://www.funbrain.com/cb_lnlogo_medblue.gif
 10.200.125.52 2003/01/21 0013:38:42 PASSED http://webmail.aol.com/include/aol/images/tab_new_up.gif
 10.204.196.167 2003/01/21 0013:38:42 PASSED http://www.princetonreview.com/shared/css/princetonReview.css
 10.205.122.164 2003/01/21 0013:38:42 BANNER http://servedby.advertising.com/site=94237/size=468060/bnum=26639628/optn=1
 10.204.209.28 2003/01/21 0013:38:42 PASSED http://pbskids.org/images/sky-list-zoboo-off.gif
 10.100.35.239 2003/01/21 0013:38:42 PASSED http://www.sonymusic.com/ssi/js/writevb.js
 10.200.150.217 2003/01/21 0013:38:42 PASSED http://autos.msn.com/images/MessengerTab/CPmsgrTABicon.png
 10.201.169.6 2003/01/21 0013:38:42 PASSED http://www.getlyrics.com/images/logo.gif
 10.201.209.75 2003/01/21 0013:38:42 PORN http://ad.doubleclick.net/adj/nick.nol/all_nick;sec=_all_
 10.100.90.70 2003/01/21 0013:38:42 PASSED http://go.microsoft.com/fwlink/?LinkId=9705
 10.100.41.97 2003/01/21 0013:38:42 PASSED http://campuslife.cornell.edu/includes/fw_menu.js
 10.202.150.79 2003/01/21 0013:38:42 PASSED http://www.babyphat.com/brownie_images/BP-NBX8283_074.jpg
 10.204.153.156 2003/01/21 0013:38:42 PASSED http://www.nationalgeographic.com/animals/art/sm_cf_elephant.jpg
 10.201.194.77 2003/01/21 0013:38:42 PASSED http://images.mp3.com/mp3s/images/ui/bullet/default.gif
 10.201.194.77 2003/01/21 0013:38:42 PASSED http://images.mp3.com/mp3s/images/ui/ttl/musicfeatures.gif




                                                                                                                           161
FETC 2009
            Content Filters




                              162
FETC 2009
            Content Filters




                              163
FETC 2009
            Packet Shapers
             • Controls flow of specific types of
               traffic in or out of your network
             • Can completely block traffic
             • Can only allow a % of traffic to be
               specified type
             • Can allow bursting when
               bandwidth is available




                                                     164
FETC 2009
            Packet Shapers




                             165
FETC 2009
            Packet Shapers




                             166
FETC 2009
            Packet Shapers




                             167
FETC 2009
            Packet Shapers




                             168
FETC 2009
            Packet Shapers




                             169
FETC 2009
            Packet Shapers




                             170
FETC 2009
            Packet Shapers (Inbound)




                                       171
FETC 2009
            Packet Shapers (Outbound)




                                        172
FETC 2009
            Caching


                • Enhance Internet and Intranet Content Delivery
                • Accelerate web-based applications
                • Minimize Internet bandwidth consumption
                • Minimize WAN bandwidth consumption
                • Improve network performance
                • Authenticate and Manage employee Internet use
                • Distribute and locally store patches and file
                  updates
                • Provide Anti-Virus screening of web traffic
                • Enable detailed reporting of web use statistics
                • Serve as a local file storage point

                                                                    173
FETC 2009
                                       SPAM
            •   Spam is unsolicited e-mail on the Internet.

                 • From the sender's point-of-view, spam is a form of bulk mail,
                   often sent to a list obtained from a spambot or to a list obtained
                   by companies that specialize in creating e-mail distribution lists.
                 • To the receiver, it usually seems like junk e-mail.

            •   Spam is roughly equivalent to unsolicited telephone marketing
                calls except that the user pays for part of the message since
                everyone shares the cost of maintaining the Internet. It has
                become a major problem for all Internet users.

            •   The term spam is said to derive from a famous Monty Python
                sketch that was current when spam first began arriving on the
                Internet.

            •   SPAM is a trademarked Hormel meat product that was well-
                known in the U.S. Armed Forces during World War II.



                                                                                         174
FETC 2009
            SPAM




                   175
FETC 2009
                  SPAM - SPAMbots
            • A spambot is a program designed to collect, or
              harvest, e-mail addresses from the Internet in
              order to build mailing lists for sending
              unsolicited e-mail, also known as spam. A
              spambot can gather e-mail addresses from Web
              sites, newsgroups, special-interest group (SIG)
              postings, and chat-room conversations.
              Because e-mail addresses have a distinctive
              format, spambots are easy to write.

            • A number of legislators in the U.S. are reported
              to be devising laws that would outlaw the
              spambot.
                                                                 176
FETC 2009
                 SPAM - SPAMbots
            • A number of programs and approaches
              have been devised to foil spambots.

            • One such technique is known as
              munging, in which an e-mail address is
              deliberately modified so that a human
              reader can decode it but a spambot
              cannot. This has led to the evolution of
              sophisticated spambots that can recover
              e-mail addresses from character strings
              that appear to be munged.

                                                         177
FETC 2009
                     SPAM - Munging
            • Munging (pronounced (MUHN-jing or MUHN-ging) is the
              deliberate alteration of an e-mail address online with the
              intent of making the address unusable for Web-based
              programs that build e-mail lists for spamming purposes.

            • Here are examples of the munging of stangib@reno.com:
                • stangib at reno dot com
                • s-t-a-n-g-i-b-at-r-e-n-o-d-o-t-c-o-m
                • My username is stangib, and the domain name is
                  reno dot com.

            • The term munging probably derives from the acronym
              mung (pronounced just as it looks), which stands for
              "mash until no good." It may also derive from the hackers'
              slang term munge (pronounced MUHNJ), which means
              "to alter information so it is no longer accurate."
                                                                           178
FETC 2009
                                SPAM
       • Blacklists and Whitelists

       • A spam filter is a program that is used to detect
         unsolicited and unwanted e-mail and prevent those
         messages from getting to a user's inbox

       • Spammers have ways to avoid SPAM filters.
            • V!I!A!G!R!A

       • Phishing
            • The act of sending an e-mail to a user falsely
              claiming to be an established legitimate enterprise in
              an attempt to scam the user into surrendering
              private information that will be used for identity theft.

                                                                          179
FETC 2009
            Phishing




                       180
FETC 2009
        Internet Access - Proxy
            • Act as agents for your network
            • Prevents internal clients form
              connecting to remote sites
              directly
            • Has the ability to cache (store
              files)
            • You trust your proxy server




                                                181
FETC 2009
        Internet Access - Cache




             • A cache acts as a proxy to get and
               store data. This can save bandwidth to
               the Internet.
             • Reverse caches can also deliver
               content to outside users. This prevents
               them from having to access devices
               deep within your network.
                                                         182
FETC 2009
            Internet Access - Web
                    Server
       • Advertise your school and projects to the world
       • Do you host or let your ISP/District?
       • Requires both technical and publishing skills
          • Web publishing tools available
       • Runs on almost any platform
          • Win3.x, Win95, WinNT, Macintosh, UNIX, Novell
          • Microsoft IIS, Netscape Suitespot, Apache
       • Database Access




                                                            183
FETC 2009
            Internet Access - Mail
              • POP mail, Microsoft Mail, Exchange,
                ccMail, Lotus Notes, First Class,
                Apple Internet Mail Server, Quick
                Mail, many shareware
              • each uses its own protocol
              • SMTP (Simple Mail Transfer
                Protocol) - transfers mail from user
                to email server
              • POP (Post Office Protocol) - allows
                the user to read mail from an email
                server
                                                       184
FETC 2009
            Internet Access
             • News Servers
             • FTP Servers
             • FAX Servers




                              185
FETC 2009
            Server Requirements
              • CPU, Motherboard, Memory, EN
                Adapters, Hard disk controllers, Tape
                backup, CD-ROM, video adapter,
                UPS
                • Server Capacity - number of bay
                • Storage Capacity - # and size of HDs
                • Fault Tolerance - ability to survive
                  crash
                • Performance - speed of access to
                  data

                                                     186
FETC 2009
            Server Requirements
              • Sizing servers (Users,
                WINS/NDS, DHCP, File and Print
                Services, Applications (WWW
                server, email, FTP server, DNS)
                • Microsoft
                • Novell Netware
                • AppleShare




                                                  187
FETC 2009
            Virtual Servers (Virtualization)
                 •   Virtualization is an abstraction layer that decouples
                     the physical hardware from the operating system to
                     deliver greater IT resource utilization and flexibility.
                 •   Virtualization allows multiple virtual machines, with
                     heterogeneous operating systems to run in isolation,
                     side-by-side on the same physical machine. Each
                     virtual machine has its own set of virtual hardware
                     (e.g., RAM, CPU, NIC, etc.) upon which an
                     operating system and applications are loaded. The
                     operating system sees a consistent, normalized set
                     of hardware regardless of the actual physical
                     hardware components.
                 •   Virtual machines are encapsulated into files, making
                     it possible to rapidly save, copy and provision a
                     virtual machine. Full systems (fully configured
                     applications, operating systems, BIOS and virtual
                     hardware) can be moved, within seconds, from one
                     physical server to another for zero-downtime
                     maintenance and continuous workload
                     consolidation.

                                                                                188
FETC 2009
            Network FAX services




                                   189
FETC 2009
       Remote Access Services
             • Dial in or Dial Out
             • Access Servers
                • Cisco, Shiva, WinNT
             • access to the network from
               remote locations
             • use phone lines
             • surf the net at home
             • access file servers
             • access e-mail
             • access web servers
             • remote printing

                                            190
FETC 2009
            Protecting Your Data
               •   Viruses
               •   Vandals
               •   Mail Bombs
               •   Spam
               •   Users




                                   191
FETC 2009
            Desktop Management
               • Policies and Profiles
               • Desktop Locking Programs
                 • Winshield
                 • Fool Proof
                 • WAM (Windows Access
                   Manager)




                                            192
FETC 2009
            Patch Management
             •   Provides a centralized real-time (seconds and minutes), view of
                 patch compliance status of an entire enterprise to enable IT
                 departments to make informed priority setting and action decisions
             •   Enables administrators to meet high service level expectations
                 through real-time detection, remediation and verification of patch
                 status
             •   Simplifies targeting and deployment through pre-packaged, pre-
                 tested security patches
             •   Enforces policy-defined patch baselines on endpoint devices, even
                 when not connected to the enterprise network, to insure that mobile
                 and remote computers maintain patch compliance wherever they
                 roam
             •   Provides roll-back (for patches that support uninstall), to provide a
                 safety net in the event that a patch triggers unintended
                 consequences in the network
             •   Insures that only authorized administrators can apply patches, and
                 that patches are authentic through built-in Public Key Infrastructure
                 (PKI) security and secure hash validation of patch packages
             •   Provides a full audit trail of patching actions and patching steps
                 taken on every computer
             •   Provides ongoing continuous enforcement of patch compliance
                 through policy-based automation
             •   Examples: BigFix; Microsoft SMS



                                                                                         193
FETC 2009
            Back-up Technologies
                    • All storage systems will
                      eventually fail
                    • Minor and Major
                      Failures
                    • Human Failures
                      • Accidental file
                        deletions
                      • Accidental file
                        overwrites
                      • Deliberate deletion of
                        other user’s files

                                                 194
FETC 2009
            Network Access Control
               • Network Admission Control (NAC), a
                 set of technologies and solutions, uses
                 the network infrastructure to enforce
                 security policy compliance on all
                 devices seeking to access network
                 computing resources, thereby limiting
                 damage from emerging security
                 threats. Customers using NAC can
                 allow network access only to compliant
                 and trusted endpoint devices (PCs,
                 servers, and PDAs, for example) and
                 can restrict the access of noncompliant
                 devices.

                                                           195
FETC 2009
   Network Access Control


             •   Dramatically improves security
             •   Ensures endpoints (laptops, PCs, PDAs, servers, etc.) conform to
                 security policy
             •   Proactively protects against worms, viruses, spyware, and malware
                 Focuses operations on prevention, not reaction

             •   Extends existing investment
             •   Broad integration with multi-vendor security and management
                 software
             •   Enhances investment in network infrastructure and vendor software.

             •   Increases enterprise resilience
             •   Comprehensive admission control across all access methods
             •   Prevents non-compliant and rogue endpoints from impacting
                 network availability
             •   Reduces Operating Expenses related to identifying and repairing
                 non-compliant, rogue, and infected systems

             •   Comprehensive span of control
             •   Assesses all endpoints across all access methods, including LAN,
                 wireless, remote access, and WAN
                                                                                      196
FETC 2009
            Back-up Technologies
                • Full Backup
                   • starting point to rebuild data
                   • done every week
                • Incremental Backup
                   • changes since last backup
                   • as frequently as possible
                • To rebuild data replace last full
                  backup then all incrementals


                                                      197
FETC 2009
            Back-up Technologies
              •   Automate scheduled backups
              •   Check backups to verify completion
              •   Store some tapes off site
              •   Backup Strategies
              •   Gaps in backup system
                  • work saved to disk between backups
                  • build failure resistant storage
                    systems
                  • can easily lose a whole day’s work

                                                         198
FETC 2009
            Back-up Technologies
                • Backup Media Options
                  • Taped-based systems
                     • DAT(Digital Audio Tape)
                     • 24 GB per tape - 2.2Mbps
                       transfer
                • DLT (Digital Linear Tape)
                     • 64 GB per tape - 5Mbps transfer
                • Optical
                  • Magneto-Optical; CD-R; WORM


                                                         199
FETC 2009
                  RAID Systems
            • no longer just disk drives - disk subsystems
            • Redundant Array of Inexpensive Disks
            • Duplicate disk controllers with independent
              processors
            • RAID 0: Disk striping
               • multiple drives into single volume
               • increased performance but no redundancy
            • RAID 1: Disk mirroring
               • data written to two disk drives
               • if one fails, the other is available



                                                             200
FETC 2009
            Raid - Level 0




                             201
FETC 2009
            Raid - Level 1




                             202
FETC 2009
            Raid Systems
            • RAID 3: Striped array plus parity
              • written across several drives
              • parity bit written to drive to
                reconstruct data
            • RAID 5: Independent striped
              array with distributed parity
              • written across several drives
              • parity bit written over all drives to
                reconstruct data
            • Duplexing (two drives and two
              controllers)
                                                        203
FETC 2009
            Raid - Level 3




                             204
FETC 2009
            Raid - Level 5




                             205
FETC 2009
            Raid - Levels 2, 4 and 6




                                       206
FETC 2009
            Raid - Levels Other




                                  207
FETC 2009
             Fault-Tolerant
            Networking Goal
             • To keep your network running no
               matter what happens
             • To maximize the number of
               failures your network can handle
             • To minimize potential
               weaknesses




                                                  208
FETC 2009
            Fault-Tolerant
             Networking
            • Every aspect of your network
              needs to work together to make it
              fault-tolerant
            • workstations - servers - hubs -
              routers - software - cabling -
              installers
            • Each major component should
              have redundancy in your network
            • Fault-tolerance is expensive, but
              cheap compared to the cost of
              downtime in business
                                                  209
FETC 2009
                Fault-Tolerant
                 Networking
            • Disaster Recovery Plan
            • Service Agreements
            • Fault-Tolerant Networking - Workstations
            • Minimize individual users installing software
              or Operating Systems
            • Define operating systems and applications
              that have been tested and will be supported
              on the network
            • Keep spares of components - monitors,
              keyboards, mouse, NIC cards, etc


                                                              210
FETC 2009
               Fault-Tolerant
            Networking - Servers
            •   UPS for orderly shutdown
            •   Backup server data
            •   Raid or Disk Mirroring
            •   Novell SFTIII or Vinca Corp.’s StandbyServer
                (mirrored servers)
            •   Redunant NIC cards to different LAN segments,
                hubs, or switches
            •   Test new software or services before placing
                them on a production server
            •   Use network management to monitor trends in
                your servers
            •   Clustering/drive arrays

                                                                211
FETC 2009
              Fault-Tolerant
            Networking - Wiring
               • Start with a cabling system
               • tested, documented, labeled,
                 warrantied
               • Use more cable that you think
                 you will need (have spares)
               • Have test equipment handy
               • You are your own worst enemy
                 when it comes to wiring



                                                 212
FETC 2009
        Hot Spare/Replacement
                Items
            • Always keep several spares
            • Several 16 ports hubs rather than one 48 port
              hub
            • Select fault-resilient hubs for important areas
            • Use a hub for a short time solution for switch
            • On site replacement or service (4 hour
              response)
            • Spare depot at central office
            • Keep configurations handy to reconfigure
              replacements
            • Provide dial backup for most important protocols


                                                            213
FETC 2009
            Fault Tolerant Network




                                     214
FETC 2009
   Licensing and Copyright Issues
            • Document all licenses
            • Keep track of serial numbers
            • Prevent copying software from
              servers
            • Enforce copyright laws




                                              215
FETC 2009
            LAN Management
            • Simple Network Management
              Protocols (SNMP)
              • Access to databases in intelligent
                devices
              • Information stored in agents on
                 •   Hubs      Printers
                 •   Routers   Switches
                 •   Bridges   Workstations
                 •   Servers   Gateways


                                                     216
FETC 2009
            LAN Management
             • SNMP (Simple Network
               Management Protocol)
             • SMS
             • Syslog Daemon




                                      217
FETC 2009
            Traffic Management




                                 218
FETC 2009
            Traffic Management




                                 219
FETC 2009
            Traffic Management




                                 220
FETC 2009
            Traffic Management




                                 221
FETC 2009
            Traffic Management




                                 222
FETC 2009
            Network Management
               •   Evaluation
               •   Verification
               •   Baselining
               •   Trend analysis
               •   Device monitoring
               •   Network monitoring




                                        223
FETC 2009
           Networking Tends -
        Management and Monitoring
                 •   Microsoft SMS
                 •   MangeWise
                 •   Network Assistant
                 •   LapLink, Timbuktu
                 •   RMON
                 •   Baselining and Trending




                                               224
FETC 2009
            Power Requirements
               • Clean Power
               • Powerstrips
               • UPS
                 • Intellignet
                 • Non-intelligent




                                     225
FETC 2009
   Disaster Recovery and Planning
            • Pre-planning for emergencies
              (hurricanes)
            • Recovery plan for unexpected
              emergencies
              • Fire, Rain, Flood
            • What is most knowledgeable staff
              person leaves




                                                 226
FETC 2009
            New Technologies
              •   Gigabit Ethernet
              •   Satellite Internet Access
              •   Voice over IP
              •   Video over IP
              •   Video conferencing
              •   Biometrics




                                              227
FETC 2009
            Biometrics




                         228
FETC 2009

								
To top