Perkongsian Maklumat Rangkaian USMNet Bahagian Infostruktur 06-07/05/2008 Ahmad Fadhlul Irham Yusoff E-mail: email@example.com Abdul Ghani Abdul Rahman E-mail: firstname.lastname@example.org
Internet & Network Introduction Objectives Of The ClassObjectives Of The Class:At the end of this lesson you should be able to understand: Network Introduction Type Of Network Network Topology Network Component How Network Operate Network Application & Facilities Network Threats & Securities Network Troubleshooting Q & A Open Session
Internet & Network Introduction Introduction & TypeNetwork Introduction Definition – Global network connecting million of computers exchanging data. History – Started in 1957 known ARPA within DoD, then being awarded ARPANET Roadmap / New Technologies IPv6 - Internet Protocol Version 6 is an evolutionary step from IPv4 featuring Large address space, Efficient and hierarchical addressing and routing infrastructure, Built-in security, Better support for quality of service (QoS) Ultra Wideband (UWB) - MultiBand OFDM wireless using very high data rates and low power consumption radio signal Very High Bit Rate DSL (VDSL) - Aggregation up to 32 Synchronous High Bit Rate DSL (SHDSL) providing 10Mbits/sec bidirectionally over copper
Internet & Network Introduction Introduction & TypeRoadmap / New Technologies (cont.) Ethernet Virtual Connections (EVCs) - A standard for creating ATM-like PVCs across Ethernet, will replace point-to-point circuits. Ethernet WANs will replace frame relay clouds with Virtual Private LAN Service (VPLS), a layer-2 VPN that will add security to EVCs to create LAN interconnect services HighSpeed TCP – Reworking TCP to support higher / more efficient load
Internet & Network Introduction History of USMNet1994 – USMNet started • FDDI technology (Fiber Distributed Data Exchange) • Retix Routers • 35 km fiber optic cable lay for 3 Campuses (Main, Kubang Kerian & Tronoh) • All main buildings are connected with 1500 nodes. – especially academician, administrative and general office • 64Kbps access to JARING for Main Campus • 9.6Kbps access to JARING for Kampus Cawangan Kelantan & Kampus Cawangan Perak)
Internet & Network Introduction History of USMNet1998 – USMNet upgrade • 1.5Mbps access to JARING (started on 14 July 1998) • Numbers of nodes increase more than 3000: – 99% academician, administrative & general office – Lab at school • Locally connected from main campus to branch campus (Kelantan & Tronoh) through Celcom Microwave 256kbps. • 9.6kbps access to jaring for branch campus was terminated. • No of users: – Academic: 1,200 – Administative: 500 – Student: 20,000
Internet & Network Introduction History of USMNet2000 – USMNet Upgrading • FDDI was replaced with gigabit technology • 2x2Mbps access to JARING • 2Mbps access to JARING for Engineering Campus and Medical Campus • Connection within campus (Main to Engineering/Medical) are connected locally through 2x2Mbps (2002) • Data, Video and Voice in one network (2002) • Wireless technology implemented in Desasiswa
Internet & Network IntroductionUSMNet - 2003 History of USMNet
Internet & Network IntroductionUSMNet - 2007 History of USMNet
Internet & Network IntroductionCase Study – USMNet 2008 History of USMNet
Internet & Network Introduction Components-Case StudyCase Study – USMnet Penang WIFI JARING USMNet Antenna / Access point DESASISWA Pejabat Desasiswa
Internet & Network Introduction Introduction & TypeType Of Network LAN (Local Area Network) • Ethernet, Token Ring • Hub & Switches • UTP Cat. 5E & 6, Fiber Optic • Novell, Win NT,Win 2K, Win XP,Win Vista, Unix, Linux MAN (Metropolitan Area Network) • Fiber Optic Cable • Routers & Switches • Network Admin WAN (Wide Area Network) • PSTN, ISDN,Frame Relay,ATM,Satellite • Routers & Switches • Internet
Internet & Network Introduction TopologyNetwork Topology Client Printer Bus Topology - A bus consists of a wire and shield Client (coaxial), which electrically constitute a single circuit. At either end of a bus is a terminator, which is essentially a resistor Client and connected through a T Connector. Client Client Printer
Internet & Network Introduction TopologyNetwork Topology (cont.) Star Topology - This is a star configuration and it is found in Ethernet networks that use twisted pair cable such as Cat 5, Cat UTP Cat 5 5E, Cat 6 and Fiber Optic. Cabling 8 Port Workgroup Hub - The twisted pair cable uses RJ-45 connectors that connect directly to the NIC on the device end, and to the hub on the other end while the Fiber use LX, FX, SC, ST Connectors to connect between network devices.
Internet & Network Introduction TopologyNetwork Topology (cont.) Ring Topology - A pure ring is a collection of separate point-to-point links, arranged to make a ring which propagate a signals received on the input connection and passed immediately to the output connection by “repeater” circuitry in each node. - The most common type of cabling used in ring topologies is fiber optic cable. Client Data Flow Client Client Client
Internet & Network Introduction TopologyNetwork Topology (cont.) Hybrid (Star Ring) Topology - The hybrid topology is a type of network topology that is composed of one or more interconnections of two or more networks that are based upon different physical topologies
Internet & Network Introduction Components - DevicesNetworks Components Devices Terminal(Computers/Servers) Network Card / Modem Network Cabling Including all UTP (Cat 5, Cat 5e, Cat 6, Cat 6a, Cat 7), Fiber Optics Bridge (Broadcast & Collision Domain) A device that connects two local-area networks (LANs), or two segments of the same LAN that use the same protocol, such as Ethernet or Token-Ring.
Internet & Network Introduction Components - DevicesDevices (cont.) Hub/Switches (Broadcast & Collision Domain) A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. A switching hub or Switches, actually reads the destination address of each packet and then forwards the packet to the correct port.
Internet & Network Introduction Components-DevicesDevices (cont.) Router A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network
Internet & Network Introduction Components-DevicesDevices (cont.) Firewall According to the National Computer Security Association, a firewall is “a system or combination of systems that enforces a boundary between two or more networks.” It is a controlled gateway between one network and another, typically between a private network and the Internet. -21 FTP P -8 0 HTT 337 fic e-31 k O ri Bac 5 SMTP-2
Internet & Network Introduction Components-DevicesDevices (cont.) IDS (Intrusion Detection System) provide the inspection all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. Attack Detected !! et R es Internet
Internet & Network Introduction Components-DevicesDevices (cont.) IPS (Intrusion Prevention System) device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Network • Block Attacks • Throttle P2P Downloads Policies • Block P2P Uploads Dirty Clean Traffic Traffic Worms Trojans Viruses P2P Intelligence Updates: Spyware Digital Vaccine®
Internet & Network Introduction Components-DevicesDevices (cont.) UTM (Unified threat management) network firewalls that have many features in one box, including e-mail spam filtering, anti-virus capability, an (IDS or IPS), and World Wide Web content filtering , along with the traditional activities of a firewall.
Internet & Network Introduction Components-DevicesDevices (cont.) Traffic shaper WAN optimization/acceleration allows network pros to speed performance across the WAN with compression, caching, protocol shaping, and other techniques. It also lets network managers allot dedicated amounts of bandwidth to certain types of traffic to ensure that they are not competing with other traffic for space in the pipe.
Internet & Network Introduction Components-DevicesDevices (cont.) AP (Access Point) A hardware device or a computers software (NetBuddy) that acts as a communication hub for users of a wireless device to connect to a wired LAN. - Fat AP In the autonomous architecture, the APs completely implement and terminate the 802.11 function so that frames on the wired LAN are 802.3 frames. Each AP can be independently managed as a separate network entity on the network. - Thin AP The centralized architecture is a hierarchical architecture that involves a WLAN controller that is responsible for configuration, control, and management of several APs. The WLAN controller is also known as the Access Controller (AC). The 802.11 function is split between the AP and the AC. - Fit AP
Internet & Network Introduction Components-DevicesDevices (cont.) WiSM (Wireless Services Module) unparalleled security, mobility, redundancy, and ease of use for business- critical wireless LANs (WLANs). It allows network managers and operators to control and manage their wireless networks easily.
Internet & Network Introduction Components-ServersServers DNS (Domain Name System or Service) A Server that translates domain names into IP addresses. - Internal DNS - External DNS For example, the domain name www.usm.my might translate to 10.202.1.4 - internal DNS 220.127.116.11 - external DNS - DNS server USM 10.202.1.6/10.202.1.27 18.104.22.168/22.214.171.124
Internet & Network Introduction Components-ServersServers (cont.) DHCP (Dynamic Host Configuration Protocol ) A server that provide an assigning dynamic IP addresses to devices on a network. With dynamic addressing a device can have a different IP address every time it connects to the network. Proxy vs NAT (Network Address Translation) / Masquerade A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. (Http, Https, Ftp) nat static nat dynamic nat overload
Internet & Network Introduction Components-ServersServers (cont.) WINS (Windows Internet Naming Service ) A server that provide a distributed database that is automatically updated with the names of computers currently available and the IP address assigned to each one. DDNS (Dynamic DNS) dynamic Domain Name System, a method of keeping a domain name linked to a changing IP address as not all computers use static IP addresses. A dynamic DNS service provider uses a special program that runs on the users computer, contacting the DNS service each time the IP address provided by the ISP changes and subsequently updating the DNS database to reflect the change in IP address.
Internet & Network Introduction Components-ServersServers (cont.) Web Cache / Content Engine On the Internet, content delivery (sometimes called content distribution, content distribution delivery, or content caching) is the a server or appliance that provide a service of copying the pages of a Web site to geographically dispersed servers and, when a page is requested, dynamically identifying and serving page content from the closest server to the user, enabling faster delivery. AAA (Authentication, Authorization & Accounting) – IEEE 802.1x A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network.
Internet & Network Introduction Components-ServersServers (cont.) Radius Short for Remote Authentication Dial-In User Service, a server that provide an authentication and accounting system used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system. LDAP / NTLM Short for Lightweight Directory Access Protocol, a server that provide a set of protocols for accessing information directories.LDAP supports TCP/IP, which is necessary for any type of Internet access. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.
Internet & Network Introduction Components-ServersServers (cont.) PKI Short for public key infrastructure, a server that provide a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread. A PKI is also called a trust hierarchy.
Internet & Network Introduction Interoperation-OSIHow Network Operate Open System Interconnection (OSI) Architecture - Physical layer - Data Link Layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Internet & Network Introduction Interoperation-OSIHow Network Operate IP Address IP Address (Local & Public) IP specifies the format of packets, also called datagrams, and the addressing scheme. Most networks combine IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source.The current version of IP is IPv4. A new version, Called IPv6. IP Address Examples Version 4 – Public : 126.96.36.199 / 255.255.255.255 Local : 10.202.1.4 / 255.255.255.255 Version 6 – Public : 2001:328:400:2::22
Internet & Network Introduction Interoperation-OSIVLSM / CIDR- Variable-Length Subnet Mask - allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule.Used in the IP routing protocols supported by OSPF, Dual IS-IS, BGP-4, and EIGRP support "classless" or VLSM routes.- Classless Inter-Domain Routing, an IP addressing scheme that replaces the older system based on classes A, B, and C. With CIDR, a single IP address can be used to designate many unique IP addresses. A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called the IP network prefix
Internet & Network Introduction Interoperation-OSIPort Number (2-16 )- The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.- The Well Known Ports are those from 0 through 1023 (system services)- The Registered Ports are those from 1024 through 49151- The Dynamic and/or Private Ports are those from 49152 through 65535VLAN (Virtual Lan)Virtual LAN, group of devices on one or more LAN that are configured(using management software) so that they can communicate as if theywere attach to the same wire, when in facts they are located on anumber of different LAN segments.
Internet & Network Introduction Troubleshooting-TipsNetwork Technologies Wired Network Wireless Network 802.11b - Enhancement to 802.11 that added higher data rate modes to the DSSS (Direct Sequence Spread Spectrum) already defined in the original 802.11 standard - Boosted data speed to 11 Mbps - 22 MHz Bandwidth yields 3 non-overlaping channels in the frequency range of 2.400 GHz to 2.4835 GHz - Beacons at 1 Mbps, falls back to 5.5, 2, or 1 Mbps from 11 Mbps max 802.11a - Specifies a PHY that operates in the 5 GHz U-NII band in the US - initially 5.15-5.35 AND 5.725-5.85 - since expanded to additional frequencies - Uses Orthogonal Frequency-Division Multiplexing - Enhanced data speed to 54 Mbps - Ratified after 802.11b
Internet & Network IntroductionNetwork Technologies Troubleshooting-Tips Wireless Network (cont.) 802.11g - Extends the maximum data rate of WLAN devices that operate in the 2.4 GHz band, in a fashion that permits interoperation with 802.11b devices - Uses OFDM Modulation (Orthogonal FDM) - Operates at up to 54 megabits per second (Mbps) 802.11n - Multiple-In, Multiple-Out (MIMO), a radio technique that increases the range of Wi-Fi networks by sending transmissions via multiple antennas. Dubbed the Intelligent RF Access Point (IRAP) - Airespace claims it will increase the range of 802.11 networks beyond their usual 100-meter limit, as well as help eliminate dead zones, areas within range of a Wi-Fi AP where reception is poor or non-existent due to obstacles that block radio propagation. - Operates at up to 248 megabits per second (Mbps) Fat AP, thin AP, Light AP, MIMO, Mesh Broadband Wireless - WiMax
Internet & Network Introduction Interoperation–Type & ServicesType Of Network LAN MAN WANServices ISPs (Internet Services Provider) - Jaring, Tmnet, Time, Maxis Telco (Telecommunication Company) - Telekom, Teleglobe, Maxis Network Admin - (NOC – Network Operating Center)
Internet & Network Introduction Interoperation–Internet & MediumUnderstand The Internet Definition- Global Community Internet Cloud Modem/DSL Protocol as standard communication- TCP/IP (Transmission Control Computer VConf Home User Protocol / Internet Protocol) Leased line Multiplexer UTP Cat6 Connection Medium PBX- UTP (Cat 5E, Cat 6) DAMA/FDMARouter UTP Cat6- Leased Line (E1, T1)- Satellite - KU-Band (C-Band:SCPC, DAMA, FDMA) Satellite S a te llite UTP Cat6 USMNet- Broadband (ISDN, DSL) LAN- Modem (V.90) (PPP / SLIP) Firewall Firewall Where are u in the picture?
Internet & Network Introduction Interoperation–Function ExplanationFunction Explanation- Networking concept through OSI 7 Layers only happen when data travel from source to destination.- Data from any sources will be transferred to the destination through mutual handshaking.- OSI 7 Layers manipulate and ensured that the data are safely transferred.- All the network devices such as switches, routers, firewall etc involve to ensure the data transmission.- During the transmission, data will be monitored ,checked and rectified through checksum mechanism to ensure the validity and integrity.
Internet & Network Introduction Threats & SecuritiesNetwork Threats & Securities Network security specialists classify these threats as follows: Hackers Whereas crackers sole aim is to break into secure systems, hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks. Although hackers still argue that theres a big difference between what they do and what crackers do, the mass media has failed to understand the distinction, so the two terms – hack and crack -- are often used interchangeably. Trojan horses A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Internet & Network Introduction Threats & SecuritiesVirusesFast, systematic, and self-replicating destructive programs designed todamage systems and networks by eroding executable programs until theyare unusableWormsA program or algorithm that replicates itself over a computer network andusually performs malicious actions, such as using up the computersresources and possibly shutting the system down.SpamElectronic junk mail or junk newsgroup postings. Some people define spameven more generally as any unsolicited e-mail. Real spam is generally e-mailadvertising for some product sent to a mailing list or newsgroup. In additionto wasting peoples time with unwanted e-mail, spam also eats up a lot ofnetwork bandwidth. However, some online services have instituted policiesto prevent spammers from spamming their subscribers.
Internet & Network Introduction Threats & SecuritiesSpywareAlso called adware, spyware is any software that covertly gathers userinformation through the users Internet connection without his or herknowledge, usually for advertising purposes. Spyware applications aretypically bundled as a hidden component of freeware or sharewareprograms that can be downloaded from the Internet. Once installed, thespyware monitors user activity on the Internet and transmits thatinformation in the background to someone else. Spyware can also gatherinformation about e-mail addresses and even passwords and credit cardnumbers.Banditsinsiders seeking unauthorized information for personal gain
Internet & Network Introduction Threats & Securities-ProtectionFor protection against these risks, network and system managerstasked with security responsibilities evaluate and examinealternatives, which are based on hardware and software, or policies Endpoint Security Suite Access Control List Network Monitoring & Filtering Software & Tools - Firewall - IDS / IDP - Proxy - Websense - LDAP / NTLM - PKI - AAA
Internet & Network Introduction TroubleshootingNetwork TroubleshootingEvery user are encourage to learn and now day become compulsory to gainknowledge to identify simple or common network problem due to highdependency on it in daily communication/task. Thumb rule in anytroubleshooting, check the physical connection at first. Common Problems. Where Can’t surf internet. to Can’t read E-mail. start? Can’t find other computer/server.(usmadmin) Can’t connect to Lotus Notes server. Can’t see other computer through network neighborhood. Can’t use local application (e-cuti). Can’t access outside server.(ftp,telnet,ssh) Personnel server can’t serve appropriately.
Internet & Network Introduction Troubleshooting-Compulsory StepsCompulsory Steps : Steps 1: Check the Modem status. (Dial-up & DSL) - Check the phone line connection. - Check the modem driver & configuration. - Check the dial application configuration. - Capture the error message and ask the ISP. Steps 2: Check the NIC signals, whether there is a light/color/blinking. This is to ensure the NIC is function and some NIC product shows the speed of connection. If not - Check the cable connection from your Network/Ethernet adapter to the wall jack - Check the NIC driver - Verify and/or reinstall your network Ethernet and TCP/IP settings - Reboot your pc. - Change NIC if above steps taken and NIC still don’t blink. * Some product provide diagnose tool. Use it to troubleshoot the problem.
Internet & Network Introduction Troubleshooting-Problem Solution Steps 3: Check the IP Address. - Use: winipcfg, ipconfig, ifconfig. Rectifying the IP, Gateway and Name Server. - Identify either static ip / dynamic ip used at TCP/IP settings. - Use ping, tracert, nslookup, dig tools. - Capture the error message and ask Network Admin if dynamic IP could not be retrieve after above steps taken. - Make sure virus freeCommon Problems Solution: For Internet browsing problem - Follow the Compulsory Steps. - Identify the IP type either Public or Local. - For local IP should use proxy server. Test the Proxy server availability and proxy configuration. - Capture the error message and ask the Network Administrator.
Internet & Network Introduction Troubleshooting-Problem SolutionFor E-mail problem - Follow the Compulsory Steps. - Test the e-mail server availability. - Understand the e-mail client type (IMAP, POP3, HTTP) and rectify the e-mail client configuration. - Capture the error message and ask the Server & Network Administrator.Can’t find other computer/server (Lotus Notes/usmadmin) - Follow the Compulsory Steps. - Make sure target computer/ server are up/active. - Rectify the searching method. Test the server availability. - Capture the error message and ask the Server Administrator.Can’t use local application (e-cuti). - Follow the Compulsory Steps. - Make sure target computer/ server are up/active. - Rectify the application configuration at client site. - Capture the error message and ask the Application Administrator.
Internet & Network Introduction Troubleshooting-Tools & Technique Can’t access outside server.(ftp,telnet,ssh) - Follow the Compulsory Steps. - Make sure the IP Address used is the public one (P2P connection) Personnel server can’t serve appropriately (Personnel Web-Server) - Follow the Compulsory Steps. - Make sure all the necessary steps needs by server have been taken. - Capture the error message and ask the Network Administrator.Some tools / technique could be use which is available in every OS: Ping Ping is used to test network connectivity respond between two computers on a network using ICMP protocol. Eg: ping your.ip.address ping your.ip.gateway ping your.ip/name.target Ipconfig/Ifconfig
Internet & Network Introduction Troubleshooting-TipsTracerouteTraceroute is use to test a lag in a communicationor the point of network failure on a network(intranet / internet) resulting poor or no communicationwhich is testing every network routing known as Hop.Eg: tracert jaring.com.myNslookupNslookup can be use in situation where acomputer can ping an IP Addressbut not the computer name. This is todetermine whether the DNS servercan resolve the alias of the IP AddressEg: nslookup jaring.com.myNetstatNetstat is use to show all the open port,protocols statistics and currentTCP/IP connection at the user terminal.Eg: netstat –a
Internet & Network Introduction Troubleshooting-TipsTroubleshooting Tips Make sure virus free. Understand network related facilities used (IP Address, network servers, network structure, application dependencies) Check the physical connection at first. Understand the problem. Capture the error message. Ask the Network Administrator if problem un-solve after appropriate action has been taken.Q & A Session
Perkongsian Maklumat Rangkaian USMNet Bahagian Infostruktur Thanks