Showing posts with label Networking. Show all posts
Showing posts with label Networking. Show all posts

Useful Linux web sites

 Linux Features

  It allows many users to access a computer system at the same time.

It supports the creation, modification, and destruction of programs, processes, and files.

It provides a directory hierarchy that gives a location to processes and files.

 It shares CPUs, memory, and disk space in a fair and efficient manner between competing processes.

It allows processes and peripherals to talk to each other, even if they're on different machines.

It comes complete with a large number of standard utilities.

There are plenty of high-quality, commercially available software packages available for most versions.

It allows programmers to easily access operating features via a well-defined set of system calls, which are analogous to library functions.

It is a standard, portable, open source operating system, and thus is available on a wide variety of platforms.

Because it provides all the features expected of a modern operating system, doing it in a way that is well documented, accessible, and adheres to a defined standard, and because its implementation is open source and freely available, Linux has made, and will continue to make, its mark on modern operating system design.


http://www.kernel.org      The Linux Kernel Archives

http://www.li.org             Linux International

http://www.linux.org      The Linux Home Page at Linux Online

http://www.linuxhq.com    Linux HeadQuarters

http://www.linuxjournal.com   Linux Journal

http://www.tldp.org  The Linux Documentation Project





Securing FTP-How

 Securing FTP
You can make your FTP uploads and downloads more secure in one of two
ways: through Secure File Transfer Protocol SFTP or Transport Layer
Security TLS.

SFTP
SFTP is a more secure way of uploading and downloading files than FTP.
When you use FTP, data is sent unencrypted, so someone who intercepts the
data can easily read it. SFTP encrypts the commands and the data to provide
a much more secure form of transport.

To use SFTP (also known as secure FTP or SSH file transfer protocol), your
host has to have configured the server to be able to accept a secure connection from you. Most shared hosts do not allow this because giving clients SSH
access opens doors for clients to get into areas of the server that the host
does not want them messing with.

The FTP and SFTP protocols work quite differently, and your host needs to
have opened a specific port and allowed you SSH login permission to be able
to connect with SFTP. If you do have SFTP access, the following steps show
how to make a connection using FileZilla. Other clients may differ slightly in
layout but require that you enter the same information

1. In your FTP client, select File➪Site Manager and create a new site.
2. Select the Protocol drop-down box and click SFTP.
The Site Manager dialog box opens, as shown in Figure 4-4.
3. Enter the Host name, Username, and Password, which are normally
the same as you would use with FTP.
4. Enter the correct setting in the Port field.
5. Click Connect and your client attempts to negotiate a secure connection.
If the client cannot connect, check with your host to confirm whether it
allows SFTP connections.
TLS
TLS offers a similar level of security to SFTP but is favored more highly by
hosts because it does not require that the client have SSH access to the
server.

The following steps describe how to connect using TLS and FileZilla:
1. Choose File➪Site Manager and create a new site or select an
existing one.
2. Enter your FTP details as normal.
www.it-ebooks.info
69 Chapter 4: Managing Files
3. Click in the Encryption drop-down box (see Figure 4-5) and select
either Explicit TLS or Implicit TLS.
See the “Explicit TLS versus Implicit TLS” sidebar for more information.
4. Connect as normal.

Setting and managing file permissions

File permissions are a powerful security tool created to give the server
administrator the capability to define exactly who can read, write, and execute any given file.
Each file has its own permissions, which are either expressed in a textual
form drwxrwxrwx or in numerical form, such as 755.
permissions shown in three-digit format in FileZilla.
The permissions are set for
 The owner:Usually the owner is the creator of the file, but that can be
changed, if necessary.

 The group:Groups are set up in UNIX/Linux to manage permissions.
Each user can be added to multiple groups, and each file can be in one
group. This enables you to restrict who has access to the file.

The public:Anybody who has access to the system is classed as a
member of the public group. That means all users are in the public group.

Session Hijacking-Protection

Session hijacking isn't new to computer security. The term is most commonly used to describe the process of a TCP connection taken over by a sequence prediction attack. In such an attack, the attacker gains control of an already established TCP connection. When applied to Web application security, session hijacking refers to the takeover of a Web application session.

HTTP is a stateless protocol with its origins in information dissemination. Clients request a particular resource, which eventually is delivered by the server hosting that particular resource. The goal of the World Wide Web in its early days was to provide a uniform medium of information dissemination via HTTP and rendering of the information via HTML. The information could also be cross-referenced by using hyperlinks. As time went by, servers were developed with the ability to handle dynamically generated content and execute programs that generated HTML. Soon enough, the need for interactivity increased. Because of its ability to handle text and graphics, the browser took the place of a universal client. Small-scale applications began to be hosted on Web servers with the use of CGI scripting, which extended the ability of universal participation to all Internet users who had a browser. No longer was an underlying operating system an issue. So long as you had a browser, you could use the application. Application development went from a central mainframe–terminal based concept to the client-server model, and back to the central Web server–browser based concept again.

These days, Web application servers host complex applications, such as an entire office productivity suite. Microsoft Outlook for the Web is an example of delivering a fully featured e-mail client over a Web browser. Lotus Domino servers provide a Web interface that lets users perform more or less the same tasks as can be performed via a Lotus Notes client.

All multiuser applications embody the concept of a user session. Each user interacts with the application via a separate user session. The application keeps track of all who are currently using the application via sessions. This capability is essential for segregating user activity.

Despite rapid changes in Web server technology, the HTTP protocol remained the same. Currently, HTTP 1.1 is still the most widely used HTTP protocol. The greatest hurdle in designing and hosting Web-based applications is to get around the statelessness of HTTP. There are no standards governing how a Web-based application should provide its own state-maintaining mechanism over HTTP. Developers tackle state preservation in different ways. There are poor and good ways of approaching this problem, although both approaches result in a workable application. The poor ways of implementing session states lead to attacks such as session hijacking.

E-Mail Security

When an e-mail message is sent between two distant sites, it will generally transit dozens of machines on the way. Any of these can read and record the message for future use. In practice, privacy is nonexistent, despite what many people think. Nevertheless, many people would like to be able to send e-mail that can be read by the intended recipient and no one else: not their boss and not even their government. This desire has stimulated several people and groups to apply the cryptographic principles we studied earlier to e-mail to produce secure e-mail. In the following sections we will study a widely-used secure e-mail system, PGP, and then briefly mention two others, PEM and S/MIME. For additional information about secure e-mail.

PGP supports four RSA key lengths. It is up to the user to select the one that is most appropriate. The lengths are
  1. Casual (384 bits): can be broken easily today.
  2. Commercial (512 bits): breakable by three-letter organizations.
  3. Military (1024 bits): Not breakable by anyone on earth.
  4. Alien (2048 bits): Not breakable by anyone on other planets, either.

Since RSA is only used for two small computations, everyone should use alien strength keys all the time.

Key management has received a large amount of attention in PGP as it is the Achilles heel of all security systems. Key management works as follows. Each user maintains two data structures locally: a private key ring and a public key ring. The private key ring contains one or more personal private-public key pairs. The reason for supporting multiple pairs per user is to permit users to change their public keys periodically or when one is thought to have been compromised, without invalidating messages currently in preparation or in transit. Each pair has an identifier associated with it so that a message sender can tell the recipient which public key was used to encrypt it. Message identifiers consist of the low-order 64 bits of the public key. Users are responsible for avoiding conflicts in their public key identifiers. The private keys on disk are encrypted using a special arbitrarily long password to protect them against sneak attacks.

The public key ring contains public keys of the user's correspondents. These are needed to encrypt the message keys associated with each message. Each entry on the public key ring contains not only the public key, but also its 64-bit identifier and an indication of how strongly the user trusts the key.


Digital Signatures

The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. And photocopies do not count. For computerized message systems to replace the physical transport of paper and ink documents, a method must be found to allow documents to be signed in an unforgeable way.
The problem of devising a replacement for handwritten signatures is a difficult one. Basically, what is needed is a system by which one party can send a signed message to another party in such a way that the following conditions hold:

  1. The receiver can verify the claimed identity of the sender.
  2. The sender cannot later repudiate the contents of the message.
  3. The receiver cannot possibly have concocted the message himself.

The first requirement is needed, for example, in financial systems. When a customer's computer orders a bank's computer to buy a ton of gold, the bank's computer needs to be able to make sure that the computer giving the order really belongs to the company whose account is to be debited. In other words, the bank has to authenticate the customer (and the customer has to authenticate the bank).
The second requirement is needed to protect the bank against fraud. Suppose that the bank buys the ton of gold, and immediately thereafter the price of gold drops sharply. A dishonest customer might sue the bank, claiming that he never issued any order to buy gold. When the bank produces the message in court, the customer denies having sent it. The property that no party to a contract can later deny having signed it is called nonrepudiation. The digital signature schemes that we will now study help provide it.
The third requirement is needed to protect the customer in the event that the price of gold shoots up and the bank tries to construct a signed message in which the customer asked for one bar of gold instead of one ton. In this fraud scenario, the bank just keeps the rest of the gold for itself.

Symmetric-Key Signatures

One approach to digital signatures is to have a central authority that knows everything and whom everyone trusts, say Big Brother (BB). Each user then chooses a secret key and carries it by hand to BB's office. Thus, only Alice and BB know Alice's secret key, KA, and so on.
When Alice wants to send a signed plaintext message, P, to her banker, Bob, she generates KA(B, RA, t, P), where B is Bob's identity, RA is a random number chosen by Alice, t is a timestamp to ensure freshness, and KA(B, RA, t, P) is the message encrypted with her key, KABB sees that the message is from Alice, decrypts it, and sends a message to Bob as shown. The message to Bob contains the plaintext of Alice's message and also the signed message KBB (A, t, P). Bob now carries out Alice's request.

Public-Key Signatures

A structural problem with using symmetric-key cryptography for digital signatures is that everyone has to agree to trust Big Brother. Furthermore, Big Brother gets to read all signed messages. The most logical candidates for running the Big Brother server are the government, the banks, the accountants, and the lawyers. Unfortunately, none of these organizations inspire total confidence in all citizens. Hence, it would be nice if signing documents did not require a trusted authority.
Fortunately, public-key cryptography can make an important contribution in this area. Let us assume that the public-key encryption and decryption algorithms have the property that E(D(P)) = P in addition, of course, to the usual property that D(E(P)) = P. (RSA has this property, so the assumption is not unreasonable.) Assuming that this is the case, Alice can send a signed plaintext message, P, to Bob by transmitting EB(DA(P)). Note carefully that Alice knows her own (private) key, DA, as well as Bob's public key, EB, so constructing this message is something Alice can do.


Network Security


For the first few decades of their existence, computer networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. Under these conditions, security did not get a lot of attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and filing their tax returns, network security is looming on the horizon as a potentially massive problem. In this chapter, we will study network security from several angles, point out numerous pitfalls, and discuss many algorithms and protocols for making networks more secure.

Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. It also deals with ways to tell whether that message purportedly from the IRS saying: Pay by Friday or else is really from the IRS and not from the Mafia. Security also deals with the problems of legitimate messages being captured and replayed, and with people trying to deny that they sent certain messages.

Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, nonrepudiation, and integrity control. Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. This is what usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Nonrepudiation deals with signatures: How do you prove that your customer really placed an electronic order for ten million left-handed doohickeys at 89 cents each when he later claims the price was 69 cents? Or maybe he claims he never placed any order. Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit or concocted?

All these issues (secrecy, authentication, nonrepudiation, and integrity control) occur in traditional systems, too, but with some significant differences. Integrity and secrecy are achieved by using registered mail and locking documents up. Robbing the mail train is harder now than it was in Jesse James' day.
Also, people can usually tell the difference between an original paper document and a photocopy, and it often matters to them. As a test, make a photocopy of a valid check. Try cashing the original check at your bank on Monday. Now try cashing the photocopy of the check on Tuesday. Observe the difference in the bank's behavior. With electronic checks, the original and the copy are indistinguishable. It may take a while for banks to learn how to handle this.

PHP Networking Functions

People authenticate other people by recognizing their faces, voices, and handwriting. Proof of signing is handled by signatures on letterhead paper, raised seals, and so on. Tampering can usually be detected by handwriting, ink, and paper experts. None of these options are available electronically. Clearly, other solutions are needed.

Before getting into the solutions themselves, it is worth spending a few moments considering where in the protocol stack network security belongs. There is probably no one single place. Every layer has something to contribute. In the physical layer, wiretapping can be foiled by enclosing transmission lines in sealed tubes containing gas at high pressure. Any attempt to drill into a tube will release some gas, reducing the pressure and triggering an alarm. Some military systems use this technique.

Introduction to Cryptography

Historically, four groups of people have used and contributed to the art of cryptography: the military, the diplomatic corps, diarists, and lovers. Of these, the military has had the most important role and has shaped the field over the centuries. Within military organizations, the messages to be encrypted have traditionally been given to poorly-paid, low-level code clerks for encryption and transmission. The sheer volume of messages prevented this work from being done by a few elite specialists.

Until the advent of computers, one of the main constraints on cryptography had been the ability of the code clerk to perform the necessary transformations, often on a battlefield with little equipment. An additional constraint has been the difficulty in switching over quickly from one cryptographic method to another one, since this entails retraining a large number of people. However, the danger of a code clerk being captured by the enemy has made it essential to be able to change the cryptographic method instantly if need be. 

The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology.

The nonsecrecy of the algorithm cannot be emphasized enough. Trying to keep the algorithm secret, known in the trade as security by obscurity, never works. Also, by publicizing the algorithm, the cryptographer gets free consulting from a large number of academic cryptologists eager to break the system so they can publish papers demonstrating how smart they are. If many experts have tried to break the algorithm for 5 years after its publication and no one has succeeded, it is probably pretty solid.
Since the real secrecy is in the key, its length is a major design issue. Consider a simple combination lock. The general principle is that you enter digits in sequence. Everyone knows this, but the key is secret. A key length of two digits means that there are 100 possibilities. A key length of three digits means 1000 possibilities, and a key length of six digits means a million. The longer the key, the higher the work factor the cryptanalyst has to deal with. The work factor for breaking the system by exhaustive search of the key space is exponential in the key length. Secrecy comes from having a strong (but public) algorithm and a long key. To prevent your kid brother from reading your e-mail, 64-bit keys will do. For routine commercial use, at least 128 bits should be used. To keep major governments at bay, keys of at least 256 bits, preferably more, are needed.

From the cryptanalyst's point of view, the cryptanalysis problem has three principal variations. When he has a quantity of ciphertext and no plaintext, he is confronted with the ciphertext-only problem. The cryptograms that appear in the puzzle section of newspapers pose this kind of problem. When the cryptanalyst has some matched ciphertext and plaintext, the problem is called the known plaintext problem.

The next improvement is to have each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter. For example,
plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M
The general system of symbol-for-symbol substitution is called a monoalphabetic substitution, with the key being the 26-letter string corresponding to the full alphabet. For the key above, the plaintext attack would be transformed into the ciphertext QZZQEA.



What Is IP Filtering?

IP filtering is simply a mechanism that decides which types of IP packets will be processed normally and which will be dropped or rejected. By dropped we mean that the packet is deleted and completely ignored, as if it had never been received. By rejected we mean that the firewall sends an ICMP response to the sender indicating a reason why the packet was rejected. You can apply many different sorts of criteria to determine which packets you wish to filter. Some examples of these are:
  • Protocol type: TCP, UDP, ICMP, etc.
  • Port number (for TCP/UPD)
  • Packet type: SYN/ACK, data, ICMP Echo Request, etc.
  • Packet source address: where it came from
  • Packet destination address: where it is going to
It is important to understand at this point that IP filtering is a network layer facility. This means that it doesn't understand anything about the application using the network connections, only about the connections themselves. For example, you may deny users access to your internal network on the default Telnet port, but if you rely on IP filtering alone, you can't stop them from using the Telnet program with a port that you do allow to pass through your firewall. You can prevent this sort of problem by using proxy servers for each service that you allow across your firewall. The proxy servers understand the application that they were designed to proxy and can therefore prevent abuses, such as using the Telnet program to get past a firewall by using the World Wide Web port. If your firewall supports a World Wide Web proxy, outbound Telnet connections on the HTTP port will always be answered by the proxy and will allow only HTTP requests to pass. 

The IP filtering rule set is made up of many combinations of the criteria listed previously. For example, let's imagine that you wanted to allow World Wide Web users within the Virtual Brewery network to have no access to the Internet except to use other sites' web servers. You would configure your firewall to allow forwarding of the following:
  • Packets with a source address on Virtual Brewery network, a destination address of anywhere, and with a destination port of 80 (WWW)
  • Packets with a destination address of Virtual Brewery network and a source port of 80 (WWW) from a source address of anywhere
Note that we've used two rules here. We have to allow our data to go out, but also the corresponding reply data to come back in. In practice, as we'll see in the chapter on IP masquerade and Network Address Translation

TCP/IP Network Addresses-hosting



This kind of address is still in wide use and is what people commonly refer to as an IP address. Part of an IP address is used for the network address, and the other part is used to identify a particular interface on a host in that network. You should realize that IP addresses are assigned to interfaces-such as Ethernet cards or modems-and not to the host computer. Usually a computer has only one interface and is accessed using only that interface's IP address. In that regard, an IP address can be thought of as identifying a particular host system on a network, and so the IP address is usually referred to as the host address.





In fact, though, a host system could have several interfaces, each with its own IP address. This is the case for computers that operate as gateways and firewalls from the local network to the Internet. One interface usually connects to the LAN and another to the Internet, as by two Ethernet cards. Each interface (such as an Ethernet card) has its own IP address. For example, when you use the Red Hat Network Configuration tool to specify an IP address for an Ethernet card on your system, the Devices panel lists an entry for each Ethernet card installed on your computer, beginning with eth0 for the first. Opening up a Device window, you can select the TCP protocol in the Protocols panel to open a TCP/IP setting window where you can enter the card's IP address. Other Ethernet cards have their own IP addresses. Currently, the Linux kernel can support up to four network adapters. If you use a modem to connect to an ISP.

Originally, IP addresses were organized according to classes. On the Internet, networks are organized into three classes depending on their size-classes A, B, and C. A class A network uses only the first segment for the network address and the remaining three for the host, allowing a great many computers to be connected to the same network. Most IP addresses reference smaller, class C, networks. For a class C network, the first three segments are used to identify the network, and only the last segment identifies the host. Altogether, this forms a unique address with which to identify any network interface on computers in a TCP/IP network. For example, in the IP address 192.168.1.72, the network part is 192.168.1 and the interface/host part is 72. The interface/host is a part of a network whose own address is 192.168.1.0.

In a class C network, the first three numbers identify the network part of the IP address. This part is divided into three network numbers, each identifying a subnet. Networks on the Internet are organized into subnets, beginning with the largest and narrowing to small subnetworks. The last number is used to identify a particular computer, referred to as a host. You can think of the Internet as a series of networks with subnetworks; these subnetworks have their own subnetworks. The rightmost number identifies the host computer, and the number preceding it identifies the subnetwork of which the computer is a part. The number to the left of that identifies the network the subnetwork is part of, and so on. The Internet address 192.168.187.4 references the fourth computer connected to the network identified by the number 187.

An IPv6 address is written as 8 segments representing 16 bits each 128 bits total. To more easily represent 16 bit binary numbers, hexadecimal numbers are used. Hexadecimal numbers use 16 unique numbers, instead of the 8 used in octal numbering. These are 0 through 9, continuing with the characters A through F.
In the following example, the first four segments represent the network part of the IPv6 address, and the following four segments represent the interface (host) address.
FEC0:0000:0000:0000:0008:0800:200C:417A
You can cut any preceding zeros, but not trailing zeros in any given segment. Segments with all zeros can be reduced to a single zero.
FEC0:0:0:0:8:800:200C:417A
The loopback address used for locahost addressing can be written with seven preceding zeros and a 1.
0:0:0:0:0:0:0:1
Many addresses will have sequences of zeros. IPv6 supports a shorthand symbol for representing a sequence of several zeros in adjacent fields. This consists of a double colon ::. There can be only one use of the :: symbol per address.
FEC0::8:800:200C:417A

 

What is TCP/IP





What is TCP/IP

The Transmission Control Protocol and the Internet Protocol manage the sending and receiving of messages as packets over the Internet. The two protocols together provide a service to applications that use the Internet: communication through a network.

The World Wide Web is a network application that uses the services of TCP and IP to communicate over the Internet. When a web browser requests a page from a web server, the TCP/IP services provide a virtual connection -- a virtual circuit—between the two communicating systems. Remember that packet-switched networks don't operate like telephone networks that create an actual circuit dedicated to a particular call.

Once a connection is established and acknowledged, the two systems can communicate by sending messages. These messages can be large, such as the binary representation of an image, and TCP may fragment the data into a series of IP datagrams. An IP datagram is equivalent to the couriers' envelope in that it holds the fragment of the message along with the destination address and several other fields that manage its transmission through the network. Each node in the network runs IP software, and IP moves the datagrams through the network, one node at a time. When an IP node receives a datagram, it inspects the address and other header fields, looks up a table of routing information, and sends it on to the next node. Often these nodes are dedicated routers—systems that form interconnections between networks—but the nodes can also include the computer systems on which the applications are running. IP datagrams are totally independent of each other as far as IP is concerned: the IP software just moves them from node to node through a network. The size of a datagram is primarily determined by the largest size message that can be sent by any part of the network. TCP software performs the function of gluing the fragments together at the destination using the fragment identifier field in the IP datagram header. Because IP datagrams are transmitted through the network independently, there is no guarantee they will arrive at the destination in order, and TCP stores the fragments in a buffer until all preceding fragments are received. IP doesn't guarantee that datagrams are delivered. If an IP node receives a corrupt datagram, it throws it away. Datagrams may be missing from the stream the TCP software receives because a datagram was corrupt and not passed on from the IP software or was delayed in the network. TCP buffers the fragments to allow the out-of-order datagrams to arrive. If a missing datagram fails to arrive, TCP eventually requests that it be resent. This can cause datagrams to be received twice; however TCP recognizes and discards the duplicate datagram when it arrives.

Network Topologies - Basic

In the seemingly never-ending competition to maximize the
amount of data that can be pushed through a piece of wire, numerous network
 topologies have been tried and tested. Initially,
companies offered wholesale solutions for customers wanting to
utilize various software packages. The problem was that these solutions
typically required certain network protocols and certain
hardware be in place before anything would work. This was often
referred to as “monolithic” networking because these solutions
were rarely interoperable with other applications or hardware.

After a company committed to a particular type of network, they
were stuck with that network, and it was just too bad if a really
useful application was released for a different network architecture.
 Accommodating a brand new application or suite of applications sometimes
 required removing the old network and installing another one.
 Administrators therefore wanted to make sure they were planning for the
longest term possible. In an effort to sell administrators on the benefits
 of a particular networking package,companies developed network
configurations for maximizing network performance.

Performance was typically rated by how well a network architecture
maximized available bandwidth. The strategies and implementation details for
achieving these goals could be broken down into three general configurations.
 These evolved into the Bus, Ring, and Star configurations. It is helpful to
understand how each of these developed.

The Bus Configuration
The bus configuration has its roots with coaxial cable in simple
networks where desktop machines are simply connected together
so that they can share information with each other. Traffic, here
defined as voltage applied to the wire by any machine that needs
to communicate.


Network topologies the definition of network topology defined and explained in
 simple language. Network topologies in this illustrated tutorial we look at
 the different networking topologies and their benefits includes overviews of
the bus, mesh, ring and star topologies. Different network topologies - hubpages
 topology is of two types - physical topology and logical topology physical topology
 is the architecture of a network it describes how the computers are arranged in.
Different network topologies - hubpages network topologies the topology of a network
 describes the logical layout of the network.


Network topology definition networking the shape of a network, how the nodes are
connected to each other common topologies are bus network , star network and ring.
Network topology - the computer technology documentation project topology is of two
 types - physical topology and logical topology physical topology is the architecture
of a network it describes how the computers are arranged in.

Network topologies what is ring topology many different types of network topologies
exist, and they are usually named after the shape the network appears to take on a
 layout diagram.

Network Security Configuration

Installed your Linux system, you should keep some basic security measures to protect your system
    Firewalls, intrusion protection, encryption, data integrity, and authentication are ways of protecting against such attacks.
    • A firewall prevents any direct unauthorized attempts at access.
    • Intrusion detection checks the state of your system files to see if they have been tampered with by someone who has broken in.
    • Encryption protects transmissions by authorized remote users, providing privacy.
    • Integrity checks such as modification digests guarantee that messages and data have not been intercepted and changed or substituted en route.
    • Authentication methods such as digital signatures can verify that the user claiming to send a message or access your system is actually that person.


      system is also a gateway for a private network, the system's firewall capability can effectively protect the network from outside attacks.

      Linux security- the ones with which every user has experience are passwords and file permissions.

    Interview Questions-Networking



    ·         What is an IP address?
    ·         What is a subnet mask?
    ·         What is ARP?
    ·         What is ARP Cache Poisoning?
    ·         What is the ANDing process?
    ·         What is a default gateway? What happens if I don't have one?
    ·         Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
    ·         What is a subnet?
    ·         What is APIPA?
    ·         What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind them)
    ·         What is RFC 1918?
    ·         What is CIDR?
    ·         You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?
    ·         You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use?
    ·         You need to view at network traffic. What will you use? Name a few tools
    ·         How do I know the path that a packet takes to the destination?
    ·         What does the ping 192.168.0.1 -l 1000 -n 100 command do?
    ·         What is DHCP? What are the benefits and drawbacks of using it?
    ·         Describe the steps taken by the client and DHCP server in order to obtain an IP address.
    ·         What is the DHCPNACK and when do I get one? Name 2 scenarios.
    ·         What ports are used by DHCP and the DHCP clients?
    ·         Describe the process of installing a DHCP server in an AD infrastructure.
    ·         What is DHCPINFORM?
    ·         Describe the integration between DHCP and DNS.
    ·         What options in DHCP do you regularly use for an MS network?
    ·         What are User Classes and Vendor Classes in DHCP?
    ·         How do I configure a client machine to use a specific User Class?
    ·         What is the BOOTP protocol used for, where might you find it in Windows network infrastructure?
    ·         DNS zones – describe the differences between the 4 types.
    ·         DNS record types – describe the most important ones.
    ·         Describe the process of working with an external domain name
    ·         Describe the importance of DNS to AD.
    ·         Describe a few methods of finding an MX record for a remote domain on the Internet.
    ·         What does "Disable Recursion" in DNS mean?
    ·         What could cause the Forwarders and Root Hints to be grayed out?
    ·         What is a "Single Label domain name" and what sort of issues can it cause?
    ·         What is the "in-addr.arpa" zone used for?
    ·         What are the requirements from DNS to support AD?
    ·         How do you manually create SRV records in DNS?
    ·         Name 3 benefits of using AD-integrated zones.
    ·         What are the benefits of using Windows 2003 DNS when using AD-integrated         
            zones?
    ·         You installed a new AD domain and the new (and first) DC has not registered its
    SRV records in DNS. Name a few possible causes.
    ·         What are the benefits and scenarios of using Stub zones?
    ·         What are the benefits and scenarios of using Conditional Forwarding?
    What are the differences between Windows Clustering, Network Load Balancing  and Round Robin, and scenarios for each use?
    ·         How do I work with the Host name cache on a client computer?
    ·         How do I clear the DNS cache on the DNS server?
    ·         What is the 224.0.1.24 address used for?
    ·         What is WINS and when do we use it?
    Can you have a Microsoft-based network without any WINS server on it? What are the "considerations" regarding not using WINS?
    ·         Describe the differences between WINS push and pull replications.
    What is the difference between tombstoning a WINS record and simply deleting  it?
    Name the NetBIOS names you might expect from a Windows 2003 DC that is   registered in WINS.
    ·         Describe the role of the routing table on a host and on a router.
    ·         What are routing protocols? Why do we need them? Name a few.
    ·         What are router interfaces? What types can they be?
    ·         In Windows 2003 routing, what are the interface filters?
    ·         What is NAT?
    ·         What is the real difference between NAT and PAT?
    ·         How do you configure NAT on Windows 2003?
    ·         How do you allow inbound traffic for specific hosts on Windows 2003 NAT?
    ·         What is VPN? What types of VPN does Windows 2000 and beyond work with natively?
    ·         What is IAS? In what scenarios do we use it?
    ·         What's the difference between Mixed mode and Native mode in AD when dealing with RRAS?
    ·         What is the "RAS and IAS" group in AD?
    ·         What are Conditions and Profile in RRAS Policies?
    ·         What types or authentication can a Windows 2003 based RRAS work with?
    ·         How does SSL work?
    ·         How does IPSec work?
    ·         How do I deploy IPSec for a large number of computers?
    ·         What types of authentication can IPSec use?
    ·         What is PFS (Perfect Forward Secrecy) in IPSec?
    ·         How do I monitor IPSec?
    ·         Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?
    ·         What can you do with NETSH?
    ·         How do I look at the open ports on my machine?