Most Common Networking Terms and Acronyms – B

backbone
Part of a network that acts as the primary path for traffic that is most often sourced from, and destined for, other networks.

bandwidth
The difference between the highest and lowest frequencies available for network signals. The term also is used to describe the rated throughput capacity of a given network medium or protocol. The frequency range necessary to convey a signal measured in units of hertz (Hz). For example, voice signals typically require approximately 7 kHz of bandwidth and data traffic typically requires approximately
50 kHz of bandwidth.

BGP
Border Gateway Protocol. Interdomain routing protocol that replaces EGP. BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163. See also BGP4 and EGP. Continue reading “Most Common Networking Terms and Acronyms – B”

Most Common Networking Terms and Acronyms – A

10BaseT
10-Mbps baseband Ethernet specification using two pairs of twisted-pair cabling (Categories 3, 4, or 5): one pair for transmitting data and the other for receiving data. 10BaseT, which is part of the IEEE 802.3 specification, has a distance limit of approximately 328 feet (100 meters) per segment

100BaseFX
A 100-Mbps baseband Fast Ethernet specification using two strands of multimode fiber-optic cable per link. To guarantee proper signal timing, a 100BaseFX link cannot exceed 1312 feet (400 meters) in length. Based on the IEEE 802.3 standard.

100BaseT
100-Mbps baseband Fast Ethernet specification using UTP wiring. Like the 10BaseT technology on which it is based, 100BaseT sends link pulses over the network segment when no traffic is present. However, these link pulses contain more information than those used in 10BaseT. Based on the IEEE 802.3 standard. Continue reading “Most Common Networking Terms and Acronyms – A”

IANA Well Known Ports

The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.

Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the “well-known port”.

To the extent possible, these same port assignments are used with the  UDP [RFC768].

The range for assigned ports managed by the IANA is 0-1023.

Port Assignments: Continue reading “IANA Well Known Ports”

Wired and Wireless Home Networks

As explained in this post, you can build your home network by using either wired or wireless infrastructure. Ethernet, Power Lines and Phone Lines can be used for wired home networks, whereas the dominant technology for wireless home networks is the WiFi 802.11 standard.Below we give you a quick snapshot and comparison of the different home network technologies available.

Technology

SPEED RANGE COST Wiring Ease Peripheral Availability

 

 

 

Wired
Home
Network

Ethernet
(Using Copper Cables)
Up to 1000 Mbps 100 m
330 ft
Low Difficult if nodes are in different rooms Very popular, Extensive Availability
PhoneLine
(HPNA 3.1)
Up to 320 Mbps 300 m
1000 ft
Moderate Easy. Uses Existing Phone Lines Not popular, Limited Availability
PowerLine (HomePlug AV) Up to 200 Mbps Half Duplex Length of Power Line Low to Moderate Easy. Uses Existing Power Lines Not popular, Moderate Availability
FireWire 400 Mbps 5 m
15 ft
Low Easy. Usually between two PCs High Availability

 

 

Wireless
Home
Network

WiFi 802.11a 54 Mbps Radius
~35 m *
Moderate No wires Not popular, Limited Availability
WiFi 802.11b 11 Mbps Radius
~38 m *
Low No wires Very popular, Extensive Availability
WiFi 802.11g 54 Mbps Radius
~38 m *
Low to Moderate No wires Very popular, Extensive Availability
WiFi 802.11n Over 200 Mbps Radius
~70 m *
Moderate to High No wires New standard, gaining popularity

* WiFi Radius Indoor Distance depends on number and types of walls. It is usually much less than the shown value.
Home Network Security
A factor that must never be omitted when building a home LAN network, especially when the network is connected to the internet, is how to protect data and preserve your privacy. “Defense in Depth” is the best security approach to take. This layered security concept refers to implementing an outer perimeter layer of security using a firewall (included in the Home Gateway broadband router for example), and then implement inner layers of security (on your internal home network computers) to protect against viruses, spyware etc.

The need for setting up a home network

The driving force behind the explosion of home networks is the need for information and resource sharing. By having your computers, and other information resources, networked within your home, you have the following benefits:

  • Internet Connection Sharing: Multiple home users can access the Internet simultaneously.
  • File Sharing: Share music, files, photos etc between home computers.
  • Printer Sharing: Install a network printer and share it.
  • Home Entertainment and Multimedia Sharing: Stream music or video stored in a Network Storage Device and play them through your Multimedia Center.
  • Multi-player Games: Use your home LAN network to organize home game parties !!!.
  • Use VoIP Telephony: With Voice over IP Telephony you can easily utilize exploding Internet Telephony applications (such as Skype), use software phones, share multimedia on the phone device etc.
  • Use Wireless Security Cameras: You can install a wi-fi wireless IP security camera to monitor your home remotely. You can connect from the Internet (while at work for example) on your home security camera to watch whats going on inside your home.
  • Use Network Attached Storage: A NAS (Network Attached Storage) is a hard disk device connected to your home network for file sharing. Advanced NAS units (such as Synology and QNAP) offer also a Bit-torrent/HTTP/FTP software for downloading files directly on the hard disk without using a PC.

A typical home network topology is shown on the diagram below: Continue reading “The need for setting up a home network”

FTP Disconnects Through Cisco ASA Firewall. MSS Exceeded Problem.

Each TCP device on a network has an associated ‘ceiling’ on TCP Data Size, called the MSS (Maximum Segment Size). The TCP MSS is negotiated between two communicating devices via the TCP SYN and SYN-ACK packets. After this negotiation, each TCP device must comply with the advertised MSS of the peer device, and should not send data on the segment that is larger than the advertised MSS of the device to which it is sending.

Unfortunately, there are cases that even if the two TCP endpoints negotiate a certain size of TCP MSS, one of the devices sends data to the other device which is larger than the MSS. With the new version of the Cisco ASA (or PIX) firewall with software version 7.x and up, the above situation is not accepted by the firewall which drops the packets that do not adhere to the negotiated MSS size. The firewall does this to protect the devices from buffer overflow attacks.

The problem addressed here is when an FTP Client located on the INSIDE of a Cisco ASA firewall, can not access an FTP Server machine located on the OUTSIDE of the firewall, as shown on the diagram below. The same problem can also happen with any TCP application (e.g HTTP), not just FTP.

ASA MSS Exceeded

Continue reading “FTP Disconnects Through Cisco ASA Firewall. MSS Exceeded Problem.”

Troubleshooting IPSEC VPN

This post discusses the most basic steps needed to troubleshoot a LAN-to-LAN IPSEC tunnel between Cisco Routers.

A Cisco Router with the proper IOS version can make an excellent IPSEC VPN termination device, and can be used to securely connect two distant LANs over an untrusted network, such as the Internet. In our example below, we use two Cisco 800 series broadband routers to create an IPSEC VPN tunnel between two offices over a DSL broadband connection via the Internet.

ipsec vpn

Continue reading “Troubleshooting IPSEC VPN”

Top 10 Freeware Network Security Tools

1. Nessus DOWNLOAD

Nessus is a Network Vulnerability Scanner tool based on a client-server model. It features high speed discovery, configuration auditing, asset profiling, and vulnerability analysis of your network and systems. It is constantly updated with more than 11,000 plugins for the free version. Every audit in Nessus is coded as a plugin : a simple program which checks for a given flaw. Plugins can be enabled or disabled accordingly, depending on the kind of Vulnerability analysis required for the specific network. Nessus works on Windows, Linux, OpenBSD, FreeBSD and other Unix flavors.

2. Snort DOWNLOAD

Arguably one of the best network intrusion detection and prevention systems (IDS) is the free and open source Snort toolkit. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort works on many operating systems, including Windows, Linux, Solaris, FreeBSD etc. Snort utilizes a rule-based language that combines the benefits of signature inspection, protocol inspection, and anomaly-based inspection. You can configure Snort to run in a few different modes such as Sniffer mode, Packet Logger mode, and Network Intrusion Detection (NIDS) mode. Continue reading “Top 10 Freeware Network Security Tools”

Top 5 Freeware Tools for Network Admins

1. PuTTY for SSH Access DOWNLOAD

PuTTY is a Secure Shell (SSH) client that runs on Windows. You can use PuTTY to access remote network devices (Routers, switches, firewalls, Unix Servers etc) using the secure SSH protocol. With an increased emphasis on security, most network devices can now be remotely accessed via SSH. PuTTY supports SSH versions 1 and 2 along with Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES). With a single click of a button, you can also log a session for later review. PuTTY also supports Telnet.

2. PumpKIN TFTP Server DOWNLOAD

Most network devices use the Trivial File Transfer Protocol (TFTP) as the primary way to transfer system image files or configuration files, so a simple, stable TFTP server is an essential part of a network administrator toolkit. PumpKIN TFTP server provides a simple, easy to use GUI and runs on all versions of Windows. PumpKIN also plays .wav files to provide audio alerts indicating the state of a TFTP transfer- A feature that is very handy for multitasking network administrators. Continue reading “Top 5 Freeware Tools for Network Admins”

How to secure your small business with a PIX Firewall

One of the most popular firewall products for the small business market is the Cisco PIX 501. Out of the box it requires just a few configuration entries and you are up and running.

In this guide, we will walk through the steps for configuring your brand new pix at the network edge.

This guide is written for the user who has no knowledge of the PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible. Continue reading “How to secure your small business with a PIX Firewall”