This document summarizes network components and security techniques. It discusses network segmentation, demilitarized zones, firewalls, routers, switches, wireless networking, encryption, and VPNs. It also covers securing communication channels, voice over IP, multimedia collaboration, and instant messaging protocols. The key topics covered are network design principles, routing, wireless standards, encryption methods, and virtual private networks.
The Complete Questionnaires About FirewallVishal Kumar
Hello Guys, here are the answers to the most frequently asked questions in an interview about Network firewalls. you will get here the answers of all the Firewall related Question asked in the interview.
CCNA certification is a cornerstone of many IT careers. This book is a comprehensive study guide for the CCNA Intro, CCNA ICND, and CCNA Certification exams. Its target audience is a high school student, a first-year community college or any adult wanting to understand networking better.
The Complete Questionnaires About FirewallVishal Kumar
Hello Guys, here are the answers to the most frequently asked questions in an interview about Network firewalls. you will get here the answers of all the Firewall related Question asked in the interview.
CCNA certification is a cornerstone of many IT careers. This book is a comprehensive study guide for the CCNA Intro, CCNA ICND, and CCNA Certification exams. Its target audience is a high school student, a first-year community college or any adult wanting to understand networking better.
Cryptography is both an art and a science – the use of deception and mathematics, to hide, transmit, and receive data. This short course covers Cryptography as it relates to the CISSP certification. The full video course is located here: http://resources.infosecinstitute.com/cryptography-CISSP-use-of-cryptography
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
2. Securing Network Components
Deterministic Routing
-traffic only travels on pre-determined routes
Boundary Routers
-advertise routes that external hosts can use to
reach internal destinations
-filters external traffic
Design and Set up a perimeter!
(IDS,FW,filtering)
3. Network Partitioning
-segment networks into domains of trust
-control what is forwarded between segments
Dual-Homed Host
-has two NICS, each on a separate network
Bastion Host
-gateway between trusted & untrusted that
gives limited, authorized access to untrusted
hosts
-data diode = simplex communication
4. Demilitarized Zone (DMZ)
-aka Screened Subnet
-allows an org to give external host limited
access to public resources, like a web server
that contains the org's site, without giving
access to the org's internal network
5. Hardware
Modems - analog
Concentrators - multiplex connected devices
into a signal signal
Front-End Processors - purpose is to off-load
from the host computer the work of managing
the peripheral devices
Multiplexers-elects one of several analog or
digital input signals and forwards the selected
input into a single line
Concentrators vs. Multiplexers
6. Hubs & Repeaters
-Hubs used for star topology
-All devices receive each other's broadcasts
-All devices can read & modify others traffic
-Repeaters repeat to help stop signal
degradation
7. Bridges
-layer 2 device (Data link)
-filters traffic between segments based on MAC
addys
-also amplifies signals for large networks
-filters frames not destined for another segment
9. Routers
-forwards packets to other networks
-the read the destination from layer 3 (IP addy)
-based on it's view of the network it will
determine the next device on the network to
send the packet
11. Wired
Throughput:rate that the data will be
transmitted
Distance:how far in between devices,
degrading signal
Data Sensitivity:will someone try to tap this
cable?
Environment:bent cables, EMI, RMI, temp
12. Twisted Pair
-copper wires twisted together to reduce EMI
-each wire is coated then surrounded by jacket
-twists/in, type of insulation, conductive material
Cat 1-6
13. Unshielded Twisted Pair (UTP)
-no shielding, duh
-EMI and RMI will kill signal
-easy to tap with radiation monitoring
-cheap and common
14. Shielded Twisted Pair (STP)
-UTP except it has an electronically grounded
shield inside the cable
-expensive and bulky
15. Coaxial Cable (Coax)
-one thick conductor surrounded by a
grounding braid of wire
-great bandwidth and longer runs than TP
-very well insulated
-expensive and bulky
16. Patch Panels
-alternative to directly connecting devices
-use patch cables to change connections easily
-need to be neat
19. Direct-Sequence Spread Spectrum
(DSSS)
-spreads a transmission over a large frequency
band with small amplitude
-wider band = less interference
-sender & receiver communicate which
frequencies are too cluttered to send data
over
20. Frequency-Hopping Spread
Spectrum (FHSS)
-spreads signal over rapidly changing
frequencies
-signals rapidly change among sub-frequencies
in an order that is agreed upon between s&r
-can interfere with DSSS
-this rapid changing keeps interference
minimized
21. Orthogonal Frequency Division
Multiplexing (OFDM)
-signal is divided into sub-frequency bands,
each band is manipulated so they broadcast
together so they don't interfere with each
other
22. Frequency Division Multiple Access
(FDMA)
-analog
-old cellular technology
-divides band into sub-bands and assigns an
analog conversation to each sub-band
-replaced by GSM & CDMA
23. Time Division Multiple Access
(TDMA)
-multiplexes several digital calls (voice or data)
at each sub-band by devoting a small time
slice in a round-robin to each call in the band
-2 sub-bands are required for each call
1 for each sender
25. Code Division Multiple Access
(CDMA)
-spread spectrum cellular tech
-runs like DSSS
CDMA 2000 improves capability by 10 (153
Mbps)
Wideband CDMA: this is 3G
26. Global Service for Mobile
Communications (GSM)
-most popular cell tech
-divides frequency bands into simplex channels
-users ID: Subscriber Identity Module, SIM card
-phone talks to network, but network doesn't
talk to phone, makes it easy to masquerade
as another user
27. Wireless LANs
Authentication is the 1st line of defense
Open System Authentication
-client is permitted to join if it's SSID matches
the wireless network's
Shared-Key Authentication
-WEP, will talk about later
28. MAC Address Tables
-Authenticates based on a MAC address
-Easy to spoof, so its not very effective
Service Set Identifier (SSID) Broadcasting
-name of wireless LAN
-wireless clients send probe asking for SSID
response
-router will beacon out the name at all times
-Don't make your SSID
"TOP SECRET SECRETS of Wells Fargo"
29. Placement
-keep your wireless routers in central locations
to keep the network radiation from getting
outside the walls
-don't keep it in a microwave
31. Wired Equivalent Privacy (WEP)
-uses a shared secret
-before each packet is sent a CRC-32
checksum is appended to it, then both are
encrypted using RC4 with the shared secret
& initialization vector
-its weak
32. WiFi Protected Access (WPA)
-improved use of RC4
-uses Temporal Key Integrity Protocol (TKIP) so
there is a new key for each packet
-CRC-32 checksum was replaced with a
message integrity check called Michael, it
protects heady & data from tamper, also has
a frame counter
33. WPA2 - IEEE 802.11i
-RC4 is replaced with Advanced Encryption
Standard (AES)
-TKIP & Michael replaced with Counter
Mode/CBC-Mac Protocol (CCMP)
-Supports Extensible Authentication Protocol
(EAP)
35. 802.11g
-works with 'b'
2.4 GHz
Bluetooth 802.15.1
-uses FHSS on 2.4 GHz band
-Blue Jacking: allows anonymous message to
show on device
-Buffer Overflow: remotely exploit bugs in
software
-Blue Bug Attack: uses AT commands on
victims' phone to initiate calls and send
messages
36. Address Resolution Protocol (ARP)
-given a layer 3 address (IP), ARP determines
the layer 2 address (MAC)
-ARP tracks IP addresses and their MACs in a
dynamic table called ARP cache
37. Point-to-Point Protocol (PPP)
-used to connect a device to a network over a
serial line
-dial up
-Password Authentication Protocol (PAP) -
cleartext
-Challenge Handshake Authentication Protocol
(CHAP) - 3 way handshake
-Uses EAP
38. Broadband Wireless IEEE 802.16
-WiMAX
-doesn't work like cell towers
-Metro Area Network (MAN)
-channel sizes are flexable
39. Fiber
-uses glass/plastic to transmit light
Needs
-light source
-optics cable
-light detector
LEDS: cheap, less bandwidth, only good over
short distances, use in LANS
Diode Laser:expensive, great distances
Wavelength Division Multiplexing (WDM) 32x
capacity
40. Multimode Fiber:transmitted in different
modes, cable is 50-100 microns thick
light disperses too much when using
medium/long cable runs
Single Mode Fiber: 10 microns thick, light
goes down the middle, long runs, great
bandwidth, internet backbone
41.
42. Network Access Control Devices
Firewalls:
-filters traffic based on set of rules
-should always be on internet gateways, and in
between trust domains
Filtering: blocks or forwards packets
-by source/destination address
-by service, port number
43. Network Address Translation (NAT): firewalls
can change the source addy of a packet on
its way out
Port Address Translation (PAT): translates all
addresses to one routable IP addy &
translate the source port number in the pack
to a unique value
Static Packet Filtering: hard line that cannot be
temporarily changed to accept legit
44. Stateful Inspection/Dynamic Packet Filtering:
stateful inspection examines each packet in
the context of the session, FTP provides a
good example
Proxies: User talks to a proxy server, the proxy
communicates with the untrusted host and
gives that host's response back to the user
Circuit Level Proxy: does not inspect any traffic
it forwards
45. Application Level Proxy:
-relays traffic from trusted endpoint running a
specific application to an untrusted host
-analyzes the traffic for manipulation/attacks
-Example: Web Proxy - everyone's browser
goes through it
Personal Firewalls: for security in depth,
workstation firewalls should be used in
tandem with network firewalls
47. Secure Communication Channels
Virtual Private Network (VPN)
-encrypted tunnel between 2 hosts/gateways
IPSec Authentication & VPN Confidentiality
IPSec:suite of protocols for communicating
securely through IP
48. Authentication Header (AH):
-used to prove id of sender and prove its not
been tampered with
-Hash value of packets contents, based on the
shared secret, is inserted into the last field of
the AH
-each pack has a sequence number during the
security association
-ensures integraty no confidentiality
49. Encapsulating Security Payload (ESP):
-encrypts IP and ensures integrity
ESP Header: contains info showing which
security association to use and the sequence
number
ESP Payload:contains the encrypted part of
the packet, endpoints negotiate which
encryption to use
ESP Trailer:padding to align fields
Authentication:if used it contains the hash of
the ESP packet
50. Security Associations (SA)
-defines the mechanisms that an endpoint will
use to communicate with its partner
-second SA is needed for 2-way communication
51. Transport Mode & Tunnel Mode
IPSec will use one of these
Transport Mode: IP payload is protected, client
to server, end to end
Tunnel Mode:IP payload & header are
protected, the entire protected packet
becomes a payload of new IP packet &
heady
-used between networks
53. Phase 1:
Partners authenticate with each other using
one of the following:
1.Shared Secret:Key is exchanged by man
2.Public Key Encryption:Digital certs
3.Revised mode of Public Key Encryption: uses
a nonce is encrypted with the partners public
key
54. Phase 2:
-Establishes a temporary security association,
using the secure tunnel created at the end of
Phase 1
55. High Assurance Internet Protocol
Encryptor (HAIPE)
-based on IPSec
-possesses additional restrictions &
enhancements
-encrypts multicast data
-requires manual loading of keys
-military grade security
57. Point-to-Point Tunneling Protocol
(PPTP)
-VPN protocol that runs over other protocols
-relies on Generic Routing Encapsulation
(GRE) to build the tunnel
-user authenticates with MSCHAPv2, then a
Point-to-Point Ptcl (PPP) session creates a
tunnel
-vulnerable to password guessing
-derives its encryption key from the users
password
58. Layer 2 Tunnel Protocol (L2TP)
-Hybrid of PPTP and Layer 2 Forwarding (L2F)
-allows callers over a serial line using PPP to
connect over the Internet to a remote network
-no encryption of its own
59. TLS/SSL
Secure Shell (SSH):
-allows user to securely access resources on
remote computers over an encrypted tunnel
-remote log on, file transfer, command
execution, port forwarding
-strong authenticaiton
60. SOCKS:
-popular circuit proxy server
-client connects to SOCKS, then can act as a
VPN
SSL/TLS VPNs
-remote users use a web browser to access
applications
-easy to deploy and set up access
-no network-to-network tunnels
61. VLAN
-not necessarily on the same physical media,
but are part of the same logical routing
subnet
62. Voice
Modems & Public Switched Telephone
Networks (PSTN)
-PSTN is a circuit-switched network that was
originally used for analog voice
-uses hierarchical tree to route transmissions
63. War Dialing: dial a range of numbers to id
modems, best defense is to shut off modems
Plain Old Telephone Service (POTS): bi-
directional analog voice, high reliability, low
bandwidth
Private Branch Exchange (PBX): enterprise
class phone system used in business/large
orgs
-internal switching network
-analog
64. VoIP:
-replacing telephony networks
-more configurable/more breakable
-no geo-spatial coordinates with IPs so 911 will
leave you to die
Session Initiation Protocol (SIP)
-manages multimedia connections
65. Multimedia Collaboration
Peer to Peer Applications & Protocols
-monitor p2p apps in your org
-bandwidth consumption/security risks/legality
-it opens uncontrolled channels through your
network boundaries
Remote Meeting Technology:
-web based -usually browser extensions
-desktop sharing/remote control
-vendor backdoors
66. Instant Messaging (IM)
3 classes
1.Peer to peer networks
2.Brokered Communication
3.Server-oriented networks
-All support 1 to 1 and many to many
67. Open Protocols, Applications, and
Services
Extensible Messaging and Presence
Protocol (XMPP) & Jabber
-Jabber is an open IM protocol
-XMPP is the formalized name of Jabber
-server based, so a server operator can
eavesdrop
68. Internet Relay Chat (IRC)
-good anonymity
-no security
-client/server based
-IDs can be easily falsed
-most have no confidentiality
-IRC clients can execute scripts