MODULE FOR EXIT EXAM TUTORIAL

DEPARTMENT OF Information Technology

THEMATIC AREA: Computer Network and security

◼ Network Fundamentals
◼ Server administration
◼ Information system Security

APRIL, 2024
Contents
INTRODUCTION ................................................................................................................. 5
Background ............................................................................................................................ 5
Module Description ............................................................................................................... 5
Sub theme 1: Fundamentals of Networking ........................................................................ 5
Unit 1: Introduction to Data Communications and Computer Networks ................................ 5
Learning Objectives of the unit ............................................................................................ 6
1.1 Introduction to data communication .................................................................................. 6
1.2 Computer Networks And Its Application .......................................................................... 8
1.3 Transmission Media ........................................................................................................ 17
1.3.1 Wired transmission medium ......................................................................................... 17
1.4 Introduction to Computer Network Protocol ................................................................... 26
1.4.1 Computer network protocol ......................................................................................... 26
1.4.2 The OSI Reference Model ........................................................................................... 27
1.5 Network Protocols ........................................................................................................... 28
1.5.1 Hardware & Software Protocols.................................................................................. 29
1.5.2 Routable and Non Routable Protocols ........................................................................ 29
1.5.3 Internet Control Message Protocol (ICMP)................................................................ 29
Unit 2: The OSI and the TCP/IP Communication Models .............................................. 31
Learning Objectives of the unit .......................................................................................... 31
2.1 Communication and Layer Architecture ......................................................................... 31
2.2 The Seven Layers of an OSI Model ................................................................................ 32
2.2.1 The OSI Reference Model ........................................................................................... 32
Application Layer (Layer 7).................................................................................................. 32
Presentation Layer (Layer 6) ................................................................................................ 33
Session Layer (Layer 5) ........................................................................................................ 34
Transport Layer (Layer 4) .................................................................................................... 34
Network Layer (Layer 3)....................................................................................................... 35
Data link Layer (Layer 2) ..................................................................................................... 35
The Physical Layer (Layer 1) ............................................................................................... 35
2.3 Transmission Control Protocol (TCP) ............................................................................. 36
2.4 User Datagram Protocol (UDP) ....................................................................................... 36
2.5 Network Protocols ........................................................................................................... 38
2.5.1 File Transfer Protocol (FTP)......................................................................................... 38
2.5.2 Simple Mail Transfer Protocol (SMTP) ...................................................................... 38
2.5.3 Dynamic Host Configuration Protocol (DHCP)......................................................... 38
2.5.4 Telnet............................................................................................................................ 38

2
2.5.5 Network File System .................................................................................................... 38
2.6 TCP/IP Communication Models .................................................................................... 39
2.6.1 Application Layer ........................................................................................................ 39
2.6.2 Network Layer (3rd OSI Layer) .................................................................................. 42

2.6.3 Transport layer (4th OSI layer) ................................................................................... 43

2.6.4 Transport layer addressing .......................................................................................... 44
Unit 3 Internet Protocol (IP) and IP Addressing .............................................................. 50
Learning Objectives of the unit .......................................................................................... 50
3.1 IP Addresses .................................................................................................................. 50
Types of Addresses in an IPv4 Network Range .................................................................... 51
Number of Addresses ............................................................................................................ 55
Planning to Address the Network .......................................................................................... 65
3.3 Calculating Network, Hosts, and Broadcast Addresses................................................... 68
3.4 IP addresses: Networks and hosts .................................................................................. 121
Unit 4 LAN Technologies .................................................................................................. 123
Learning Objectives of the unit ........................................................................................ 123
Introduction ......................................................................................................................... 123
4.2 IEEE STANDARDS ..................................................................................................... 123
4.3 Ethernet: Using Switches............................................................................................... 138
4.4 Address Resolution Protocol (ARP) .............................................................................. 140
4.5 Resolving IPv4 Addresses to MAC Addresses ............................................................. 142
Unit 5 Basic Router Configuration .................................................................................. 166
5.1 Cisco IOS Access Methods ........................................................................................... 166
5.2 Introducing Cisco IOS Modes ...................................................................................... 167
5.3 Basic IOS Command Structure...................................................................................... 168
5.4 Configuring Interfaces ................................................................................................... 175
5.5 Describe the devices of wireless technologies............................................................... 183
5.6 Configuring WI-Fi devices ............................................................................................ 184
Securing Wifi Devices ......................................................................................................... 187
Self-check questions........................................................................................................... 194
Sub theme 2: Server administration ................................................................................ 197
Unit 1: Introduction to Windows Server 2012 ................................................................ 198
Learning Objectives of the unit ........................................................................................ 198
1 Installation of windows server 2012 .............................................................................. 198
1.1 Configuring the Local Server ........................................................................................ 200
1.2 Active Directory Domain Services ............................................................................... 200
1.3 Domain Controller ......................................................................................................... 201

3
1.4 Domain .......................................................................................................................... 201
1.5 Server Roles................................................................................................................... 201
1.6 Installing Active Directory Domain Services ................................................................ 202
1.7 User Account Management ........................................................................................... 203
1.8 Group Account Management......................................................................................... 206
1.9 Computer Account Management ................................................................................... 208
1.10 Implementing DNS ...................................................................................................... 209
1.11 Domain Name Space ................................................................................................... 210
1.12 Working with Organizational Units (OUs).................................................................. 214
1.13 Implementing File Services ......................................................................................... 215
1.14 Implementing DHCP ................................................................................................... 217
1.16 Using DHCP in a Routed Network.............................................................................. 217
1.15 Implementing DHCP ................................................................................................... 218
Self-check questions........................................................................................................... 220
Sub theme 3 Computer Security ...................................................................................... 223
Learning Objectives of the unit ........................................................................................ 223
What is Computer Security? ............................................................................................ 223
1.2 Confidentiality, Integrity, Availability: The three components of the CIA Triad ......... 223
2.1. Security mechanisms .................................................................................................... 227
Encryption and Decryption.................................................................................................. 229
3.cybersecurity incident .................................................................................................... 232
3.1 The growing importance of cybersecurity ..................................................................... 232
3.2 Security events............................................................................................................... 233
3.3 Firewalls ........................................................................................................................ 233
3.4 Critical servers ............................................................................................................... 234
Self-check questions........................................................................................................... 236
Reference ............................................................................................................................ 237

4
INTRODUCTION
Background
The Ministry of Education of Ethiopia has announced the implementation of exit exam for all under graduate
program students (public and private), beginning with the 2022/2023 academic year, in order to improve the quality
of graduates produced by higher learning institutions. The exit exam aimed at checking whether students have
acquired the required knowledge, skills and attitudes or not. To implement this, it is required to prepare a
comprehensive Exit Exam Module for students of Road Information Technology. As part of this task, Computer
Network and security module is prepared.
The Computer Network and security module is prepared by the Federal TVET Institute, Department of
Information Technology. This module is prepared in order to guide the students planning to take Exit Exam after
completing the necessary courses of Information Technology.

Module Description
The Computer Network and Security module is organized in three sub themes which are Fundamentals of Network
(Sub theme 1), Server Administrator (Sub theme 2), and Information system Security (Sub theme 3) in sequential
order in the module. All sub themes are also constructed from multiple units focusing on specific areas. At the
beginning of each units of sub themes important learning objectives were outlined. Further, at the end of each sub
themes some exercise and self-check questions were included to help students test themselves after studying the
material. For additional information, important reference materials are also cited.

Sub theme 1: Fundamentals of Networking

Unit 1: Introduction to Data Communications and Computer
Networks
5
Learning Objectives of the unit
At the end of this unit, trainees are expected to:
• To describe the devices and services used to support communications in data networks and the Internet
• To identify the role of protocol layers in data networks
• To describe the importance of addressing and naming schemes at various

1.1 Introduction to data communication

Communication implies an exchange of information between at least two parties. The exchange may
be in the form of words, letters, messages, drawings, etc.

Data communication is the process of transmitting and receiving data in an orderly way. When the data
travels a short distance, the communication is referred to as local communications. When the data
travels a long distance, the communication is referred to as telecommunications.

It refers to all types of data transmission from voice to video. Telecommunication technology embraces
radio waves travelling through the air or through space, electrical waves flowing along a telephone
wire, and laser pulses travelling along optical fiber.
Examples of telecommunication services include: Telephone, cellular radio, fax, Teleconferencing,
video conferencing, etc
Five components of data communication

• Message: is the information (data) to be communicated. Popular forms of information

include text, numbers, pictures, audio, and video.
• Sender: is the device that sends the data message. It can be a computer, workstation,
telephone handset, video camera, and so on.
• Receiver: is the device that receives the message. It can be a computer, workstation,
telephone handset, television, and so on.
• Transmission medium: is the physical path by which a message travels from sender
to receiver. Some examples of transmission media include twisted-pair wire, coaxial
cable, fibrotic cable, and radio waves.
• Protocol: is a set of rules that govern data communications. It represents an agreement
between the communicating devices. Without a protocol, two devices may be connected
but not communicating, just as a person speaking French cannot be understood by a
person who speaks only Japanese.

Modes of data transmission

There are 3 different transmission modes characterized according to the direction of the

exchanges:

6
a. A simplex connection is a connection in which the data flows in only one direction, from
the transmitter to the receiver. This type of connection is useful if the data do not need to flow
in both directions (for example, from your computer to the printer or from the mouse to your
computer...).
b. A half-duplex connection (sometimes called an alternating connection or semi-duplex) is
a connection in which the data flows in one direction or the other, but not both at the same time.
• With this type of connection, each end of the connection transmits in turn.
• This type of connection makes it possible to have bidirectional communications
using the full capacity of the line.
• In a half-duplex transmission, the entire capacity of a channel is taken over by Whichever of the
two devices is transmitting at the time?
• Walkie-talkies and CB (citizens band) radios are both half-duplex systems.
• The half-duplex mode is used in cases where there is no need for communication in
both directions at the same time; the entire capacity of the channel can be utilized
for each direction.
c. Full-Duplex: In full-duplex mode (also called duplex), both stations can transmit and
receive simultaneously.
• The full-duplex mode is like a two-way street with traffic flowing in both directions
at the same time.
• In full-duplex mode, signals going in one direction share the capacity of the link: with
Signals going in the other direction.
• This sharing can occur in two ways: Either the link must contain two physically
separate transmission paths, one for sending and the other for receiving; or the
capacity of the channel is divided between signals travelling in both directions.
• One common example of full-duplex communication is the telephone network. When
two people are communicating by a telephone line, both can talk and listen at the
same time.
• The full-duplex mode is used when communication in both directions is required all
the time.
• The capacity of the channel, however, must be divided between the two directions.

7
Figure 1.1 Communication Modes
1.2 Computer Networks And Its Application
The two major benefits of computer networking include:
• Computer networks are used as a communication medium
• Computer networks are used for resource sharing and As a Communication medium
Uses of computers as a communication medium includes:
• Electronic mail (e-mail)
• Video conferencing
• Chatting
• Resource sharing

A computer network is a collection of computers and other devices that communicate to share data,
hardware, and software.
i.e. the importance of computer networking as a resource sharing includes:
• Data/information sharing,
• Program/software sharing and
• Device / hardware sharing
Data /Information Sharing
This involves access to remote or distributed database and files containing data, text, image or
video.
Program/software Sharing
Programs stored on a central server can simultaneously be accessed and loaded for execution on several
local computers. Software sharing occurs when several users at different locations run application
programs that are installed centrally in one location (server computer). Software’s that are installed
8
centrally can be managed and upgraded centrally.
Such systems are most commonly used in financial system where the main application is stored
centrally and users in different sections of the finance department are able to run the system
from the network

Device / hardware Sharing

Computer networks enable us to share expensive hard wares (or peripheral devices). This includes
access to computing resources such as other computers, printers, scanners etc
A typical example of shared resource is printer. For example you may prefer to acquire one expensive
printer and connect it to the network to provide printing service to the users. This avoids the need to
have separate printer for each computer.
Computer Network Types

Networks can be classified based on:

A) Ownership
B) Geographical range
C) How the arrangement of computer and devices(Topology)
D) On resource administration

Based on Ownership
Based on ownership networks are commonly classified by as:
• Private Networks
• Public Networks
Private Network
Is the type of network which is built by an organization for its exclusive use? Example the
network in this campus is a private network.
Public Network
Is established and operated by a network service provider for the specific purpose of
providing services to customer organizations and individuals.
Example: Ethiopian Telecommunication Corporation

Based on Geographical range

The Network allows computers to connect and communicate with different computers via any medium.
LAN, MAN, and WAN are the three major types of networks designed to operate over the area they
cover.
Local Area Network (LAN)
➢ LAN is the interconnection of computers and other peripheral devices with in a limited
geographical area.
➢ For example, the network of computers with in the University campus, a school, a factory
or an office.
9
➢ The connection is usually made through a cable.
➢ The cable can be either twisted pair cable, or co-axial cable or fiber optic cable.
➢ LANs can link up to thousands of computers located in the same or adjacent building.
➢ LANs are typically private.
➢ They have a bandwidth of 100Mbs.
➢ Bandwidth is the rate of data transmission.

Metropolitan Area Network (MAN)

MAN or Metropolitan area Network covers a larger area than that of a LAN and smaller area as
compared to WAN. It connects two or more computers that are apart but reside in the same or different
cities. It covers a large geographical area and may serve as an ISP (Internet Service Provider). MAN is
designed for customers who need high-speed connectivity. It’s hard to design and maintain a
Metropolitan Area Network.
Wide Area Network (WAN)
WAN or Wide Area Network is a computer network that extends over a large geographical area,
although it might be confined within the bounds of a state or country. A WAN could be a connection of
LAN connecting to other LANs via telephone lines and radio waves and may be limited to an
enterprise (a corporation or an organization) or accessible to the public. The technology is high speed
and relatively expensive.
➢ WAN can cover large geographical area by using one or more communication channels
such as:
a. Telephone lines
b. Fiber optic cables
c. Microwave and satellite communication systems
➢ WANs span large areas such as countries or the entire world
➢ WANs are slower than LANs in that they have a bandwidth of 45 Mbs
➢ WANs can be either private or public
Private WANs: usually link fewer computers than LANs. For example companies
which have office in different cities like IBM
Public WANs: connect up to several million computers.

Based on Network Topologies

The physical arrangement (or layout) of computers in a network is called Topology.
Generally, there are four types of topologies. These are Bus topology, Star topology, Ring topology
and Mesh topology.
Bus topology
The bus topology is the oldest type of network topology. In this topology all the computers and other
10
peripheral devices are linked/connected by a single communication channel.
There is no host / server computer in a bus topology.

Figure 1.4 star topology

A bus topology connects each computer (node) to a single segment trunk. A ‘trunk’ is a
communication line, typically coax cable that is referred to as the ‘bus.’ The signal travels from one
end of the bus to the other. A terminator is required at each end to absorb the signal so it does not
reflect back across the bus.
In this topology when a data is to be transmitted from one device to the other, it is broadcast to the
communication channel i.e. the data will pass through all the stations. Each computer checks the
address on the signal (data frame) as it passes along the bus. If the signal’s address matches that of the
computer, the computer processes the signal. If the address doesn’t match, the computer takes no action
and the signal travels on down the bus.

Advantage and Disadvantage of the Bus Topology Advantage

➢ If any of the computers fails then it doesn’t affect the rest of the network

➢ Use of cable is economical

➢ It is easy to extend

➢ System is easy to install

Disadvantage

➢ In a bus topology since there is only one communication channel, the communication
channel can handle only one message at a time. I.e. when two computers transmit data
at the same time a collision occurs & the message will be re-sent. Data transmission
will slow down when this happens.

➢ If the bus is damaged anywhere in its path, then the network will stop working.

➢ Lacks central control of data

➢ Problems are difficult to isolate

Limited cable length and number of stations Performance degrades as additional computers are
11
added.
Star topology
Star topology is the most common network topology found in most offices. In this topology all the
smaller computers called terminals and other peripheral devices are connected to a central host
computer called server computer or a hub, which looks like a star. The host computer is usually a
mainframe, minicomputer or powerful microcomputer.

The hub/server offers a common connection for all stations on the network. Each station has its own
direct cable connection to the hub/server. In most cases, this means more cable is required than for a
bus topology. However, this makes adding or moving computers a relatively easy task; simply plug them
into a cable outlet on the wall.

Figure 1.5 Star Topology

If a cable is cut, it only affects the computer that was attached to it. This eliminates the single point of
failure problem associated with the bus topology. (Unless, of course, the hub itself goes down.). Star
topologies are normally implemented using twisted pair cable, specifically unshielded twisted pair
(UTP).
Advantage and Disadvantage of the Star Topology Advantage
➢ In star topology modifying the system & adding new computers is easy

➢ Data transmission will be high

➢ If one computer in star topology fails, the only failed computer is unable to send /
receive data.

➢ Centralizing monitoring of data is possible

Disadvantage

➢ If the host computer stops functioning, the entire network fails

12
➢ More cable required

Ring topology
In this topology all the computers and other peripheral devices are connected in a single circle of cable.
In other words, it’s a circle or ring of computers connected serially by cable. There are no
terminated ends to the cable; the signal travels around the circle in a clockwise direction.
That means each computer in the network can communicate with any other computer through the ring.

Figure 1.6 Ring Topology

Ring networks avoid the data collisions that can slow down bus networks by creating an
electronic signal called token.Under the ring concept, a signal is transferred sequentially via a "token"
from one computer to the next. When a computer wants to transmit, it captures the token, attaches data
and an address to it, and then sends it around the ring. The token travels along the ring until it reaches
the destination address. The receiving computer acknowledges receipt with a return message to the
sender. The sender then releases the token for use by another computer.

Each station on the ring has equal access but only one station can talk at a time. Rings are normally
implemented using twisted pair or fiber-optic cable.
Advantage and Disadvantage of the Ring Topology Advantage
➢ If the path between two computers fails, then it will use the other path

➢ All stations have equal access

Disadvantage

➢ Addition of computers to the network will slow down the speed of the network

➢ Failure of one computer can have an impact on the rest of the network because each
computer acts as a repeater to boost the signal and send it to the next computer.
Mesh topology

13
Mesh topology is also known as completely connected network topology. In a mesh topology
each computer is connected to every other computer by a separate cable.

Figure 1.7 Mesh Topology

14
Advantage and Disadvantage of the Mesh Topology

Advantage

➢ In a mesh topology, if one computer fails then the entire network will not be affected

➢ If one path between the source and destination computer fails then it will use the other
path.
Disadvantage

➢ Use of cable is expensive i.e. to connect n- computers it requires n(n-1)/2 cables

For example to connect 10 computers we need 10(10-1)/2= 45 cables.

Based on resource administration

Based on how resources are administered on the network, there are two types of networks. These the
are peer to peer networking and client server type of network.
Client/Server Model
Microcomputer users, or clients, share services of a centralized computer called a server.
Peer-to-Peer Model
Computers on the network communicate with each other’s as equals and each computer is
responsible for making its own resources available to other computers on the network.

Data center visit

TVTI Campus data center visit to see
➢ What is the function of the network
➢ What are the functions Visualize different topologies in simulator programs?
➢ How devices are arranged.
Study of following Network Devices in Detail
➢ Repeater
➢ Hub
➢ Switch
➢ Bridge
➢ Router
➢ Gate Way Apparatus (Software)
Procedure: Following should be done to understand this practical.
1. Repeater: Functioning at Physical Layer. A repeater is an electronic device that
receives a signal and retransmits it at a higher level and/or higher power, or onto
the other side of an obstruction, so that the signal can cover longer distances.
Repeater have two ports ,so cannot be used to connect for more than two devices.
15
2. Hub: An Ethernet hub, active hub, network hub, repeater hub, hub or
concentrator is a device for connecting multiple twisted pair or fiber optic
Ethernet devices together and making them act as a single network segment.
Hubs work at the physical layer (layer 1) of the OSI model. The device is a form
of multiport repeater. Repeater hubs also participate in collision detection,
forwarding a jam signal to all ports if it detects a collision.
3. Switch: A network switch or switching hub is a computer networking device
that connects network segments. The term commonly refers to a network bridge
that processes and routes data at the data link layer (layer 2) of the OSI model.
Switches that additionally process data at the network layer (layer 3 and above)
are often referred to as Layer 3 switches or multilayer switches.
4. Bridge: A network bridge connects multiple network segments at the data link
layer (Layer 2) of the OSI model. In Ethernet networks, the term bridge formally
means a device that behaves according to the IEEE 802.1 D standards. A bridge
and switch are very much alike; a switch being a bridge with numerous ports.
Switch or Layer 2 switch is often used interchangeably with bridge .Bridges can
analyze incoming data packets to determine if the bridge is able to send the
given packet to another segment of the network.
5. Router: A router is an electronic device that interconnects two or more
computer networks, and selectively interchanges packets of data between them.
Each data packet contains address information that a router can use to determine
if the source and destination are on the same network, or if the data packet must
be transferred from one network to another. Where multiple routers are used in
a large collection of interconnected networks, the routers exchange information
about target system addresses, so that each router can build up a table showing
the preferred paths between any two systems on the interconnected networks.
6. Gate Way: In a communications network, a network node equipped for
interfacing with another network that uses different protocols.
A gateway may contain devices such as protocol translators, impedance matching devices, rate
converters, fault isolators, or signal translators as necessary to provide system interoperability.
It also requires the establishment of mutually acceptable administrative procedures between
both networks.

16
1.3 Transmission Media
In data communication terminology, a transmission medium is a physical path between the
transmitter and the receiver i.e it is the channel through which data is sent from one place to
another. There are two types of transmission media, namely guided and unguided. Guided
transmission media are cables like twisted pair cables, coaxial cables, and fiber optic cables.
Unguided transmission media are wireless, such as infrared, radio waves, and microwaves.

Figure 1.8 Transmission media

1.3.1 Wired transmission medium
This type of transmission medium uses wire or cable lines to connect the devices physically.
Wired transmission medium includes the different cabling types that are used to connect the
computers physically.
The different types of cables include:
a. Twisted pair cable
b. Coaxial cable &
c. Fiber-optic cable

Twisted pair cable

17
Twisted pair cable is the oldest, least expensive and most commonly used type of transmission medium.
It consists of strands of insulated copper wires that are twisted together in pair to form a cable. There are
two types of twisted-pair cable.

a. Unshielded Twisted Pair cable (UTP cable)

b. Shielded Twisted Pair cable (STP cable)
Unshielded Twisted Pair cable (UTP cable)
Unshielded Twisted Pair cables have not any protective sheath that covers the wires. There are
6 standard categories of UTP:
Category 1- This refers to traditional telephone cable that can carry voice but not data
Transmissions.
Category 2- This category certifies UTP cable for data transmissions up to 4 megabits per
second (Mbps). It consists of four twisted pairs of copper wire.
Category 3- This category certifies UTP cable for data transmissions up to 16 Mbps. It
consists of four twisted pairs of copper wire.
Category 4- This category certifies UTP cable for data transmissions up to 20 Mbps. It consists
of four twisted pairs of copper wire.
Category 5- This category certifies UTP cable for data transmissions up to 100 Mbps. It
consists of four twisted pairs of copper wire.
Category 5e- is the improved version of cat 5 category. The bandwidth is up to 250 Mbps. One
potential problem with all types of cablings is crosstalk. Crosstalk is defined as the situation in
which, signals from one line interfering with signals from another line.
UTP is particularly sensitive to crosstalk.
Twisted Pair Cabling Components
As it is with telephone cabling, a twisted-pair cable network requires connectors and other hardware to
ensure proper installation.
Connection Hardware:
Twisted pair cabling uses RJ-45 telephone connecters to connect to a computer. These are similar to
RJ-11 telephone connectors. Although RJ-11 and RJ-45 connectors look similar, there are crucial
differences between them. The RJ-45 connector is slightly larger and will not fit in to the RJ-11
telephone jack. The RJ- 45 connecter houses eight cable connections, while the RJ-11 houses only
four.

18
Figure 1.9 RJ 45 connector

Unshielded Twisted Pair cable advantages and Disadvantages

UTP Advantages:
It is relatively inexpensive
Easy to install
It is a familiar technology
UTP Disadvantages:
High quality UTP systems require specialized installation procedures
UTP is potentially more sensitive to external electromagnetic interference (i.e. crosstalk)
and attenuation (a decrease in the strength of a transmitted signal) than other media
• Not recommended for LAN that requires a high level of security
• Not suitable for transmitting data over long distances at high speeds
Shielded Twisted Pair Cable (STP Cable)
Shielded twisted pair (STP) is similar to UTP except it contains a copper braid jacket to ‘shield’ the wires
from electrical interference. It can support transmissions over greater distances than UTP STP provides
better performance than UTP cables in environments with high noise levels
- high levels of unwanted electrical signals.
Coaxial cable
➢ In its simplest form, coaxial cable consists of a core of copper wire surrounded by insulator, a
braided metal shielding, and outer cover.
➢ The term shielding refers to the woven or stranded metal mesh that surrounds some types of
cabling.
➢ Coaxial cable is more resistant to electromagnetic interference and attenuation than twisted
pair cabling.

19
Types of Coaxial Cable
There are two types of coaxial cable:
1. Thin coaxial cable (thinnet)
2. Thick coaxial cable (thicknet)
The type of coaxial cable you select depends on the needs of your particular network.
Thinnet Cable
➢ Thinnet coaxial cable is a flexible coaxial cable about 0.64 centimeters thick.
➢ Because this type of coaxial cable is flexible and easy to work with, it can be used in
almost any type of network installation.
➢ Thinnet coaxial cable can carry a signal for a distance of up to approximately 185 meters
before the signal starts to suffer attenuation.
Thicknet Cable
➢ Thicknet cable is a relatively rigid coaxial cable about 1.27 centimeters in diameter.
➢ Thicknet cable’s copper core is thicker than a thinnet cable copper core.
➢ The thicker the copper core, the farther the cable can carry signals. This means that
thicknet can carry signals farther than thinnet cable.
➢ Thicknet cable can carry a signal for 500 meters
➢ Therefore, because of thicknet's ability to support data transfer over longer distances, it
is sometimes used as a backbone to connect several smaller thinnet-based networks.
➢ Thick coaxial cable has an extra protective plastic cover that helps keep moisture away
from the center conductor. This makes thick coaxial a great choice when running longer
lengths in a liner bus network.
Thinnet Vs Thicknet Cable:
Thinnet cables are flexible, easy to install and relatively inexpensive. However, a thicknet cable does not
bend easily and is therefore, harder to install. In addition, thicknet cable is more expensive than thinnet
cable, but will carry a signal farther.
Coaxial-Cable Connection Hardware
Both thinnet and thicknet cables use a connection component, known as a BNC connector, to make the
connections between the cable and the computers.
There are several components in the BNC family, including the following:
The BNC cable connector:
The interface at the end of the cable that is used to connect to a barrel or T-connector

20
Figure 1.10 BNC cable connector.
The BNC T connector
➢ This connector joins the network interface card (NIC) in the computer to the network
cable.

Figure 1.11 BNC barrel connector.

➢ This connector is used to join two lengths of thinnet cable to make one longer length.

Figure 1.12 The BNC terminator

21
➢ A BNC terminator closes each end of the bus cable to absorb stray (lost) signals once
it reaches the end of the bus. Otherwise, the signal will bounce and all network activity
will stop.

Figure 1.13 BNC Terminator.

Coaxial cable advantages and Disadvantages

Coaxial cable advantages:
➢ It is less sensitive to electromagnetic interference than twisted pair cable
➢ They can transmit data for greater distances than is possible with less expensive cabling.
➢ Offer a familiar technology with reasonable data security
Coaxial cable Disadvantages
Due to its high metallic content, coax cable is usually more expensive than other cable types.
Fiber-optic Cable
Optical fiber of fiber optics cables are created by binding together hundreds to thousands of strands of
smooth, very thin (as human hair) glass or plastic fiber.
Fiber-optic Cable contains glass fibers rather than copper wire. Signals are transmitted across these
fibers in the form of light pulses rather than electrical pulses. Fiber-optic cable consists of pure silicon
glass cylinders or strands surrounded by cladding. Signals are transmitted as light pulses through the
core of the optical fiber (i.e. through the strands).
Each strand can pass a signal in only one direction so fiber-optic cable on a network typically consists
of at least two strands: one for sending and one for receiving.
Electronic signals generated by the computer are converted to optical signals in the form of photons
which are transmitted (flashed) down the cable by a laser or light-emitting diode. A

22
photo-detector on the other end collects the optical signals and they are converted back to electrical
signals.
Unlike copper cable, the signals on fiber-optic cable are not subject to the problems of attenuation, or
crosstalk. This greatly increases the potential transmission distance. In addition fiber-optic cable is more
secure than copper wire. Fiber-optic cable is generally more expensive than copper cable (i.e. twisted
pair cable & coaxial cable).
Fiber-Optic Connection Hardware
The most common connector used with fiber optic cable is an ST connector. Fiber-
optic cable advantages and Disadvantages
Fiber-optic cable advantages
➢ Fastest transmission rate
➢ Not susceptible to electrical interference
➢ There is high security
Fiber-optic cable Disadvantages
➢ Most expensive
➢ Relatively difficult to work with
Wireless Transmission Medium

Although the majority of LANs connect devices using a physical cable, there are instances where it is
difficult or impossible to install cable- such as in historical properties or when there is no right-way of
access between adjacent buildings. In such cases wireless transmission can be used to connect network
devices.

Figure 1.14 Wireless Transmissions

Radio Waves
Although there is no clear-cut demarcation between radio waves and microwaves,
electromagnetic waves ranging in frequencies between 3 kHz and 1 GHz are normally called

23
radio waves; waves ranging in frequencies between 1 and 300 GHz are called microwaves. However,
the behavior of the waves, rather than the frequencies, is a better criterion for classification. Radio
waves, for the most part, are Omni-directional that is, when an antenna transmits radio waves, they are
propagated in all directions. This means that the sending and receiving antennas do not have to be
aligned. A sending antenna sends waves that can be received by any receiving antenna. Radio waves,
particularly those waves that propagate in the sky mode, can travel long distances.
This makes radio waves a good candidate for long-distance broadcasting such as AM radio. Radio
waves, particularly those of low and medium frequencies, can penetrate walls. This characteristic can
be both an advantage and a disadvantage. It is an advantage because, for example, an AM radio can
receive signals inside a building. It is a disadvantage because we cannot isolate a communication to
just inside or outside a building.
The radio wave band is relatively narrow, just under 1 GHz, compared to the microwave band. When
this band is divided into sub bands, the sub bands are also narrow, leading to a low data rate for digital
communications.
Almost the entire band is regulated by authorities (e.g., the FCC in the United States). Using any part
of the band requires permission from the authorities.
Omni directional Antenna
Radio waves use omnidirectional antennas that send out signals in all directions. Based on the
wavelength, strength, and the purpose of transmission, we can have several types of antennas.
Applications
The unidirectional characteristics of radio waves make them useful for multicasting, in which there is
one sender but many receivers. AM and FM radio, television, maritime radio, cordless phones, etc are
examples of multicasting.
Microwaves
Electromagnetic waves having frequencies between 1 and 300 GHz are called microwaves.
Microwaves are unidirectional. When an antenna transmits microwave waves, they can be narrowly
focused. This means that the sending and receiving antennas need to be aligned (see each other). The
unidirectional property has an obvious advantage. A pair of antennas can be aligned without interfering
with another pair of aligned antennas.
The following describes some characteristics of microwave propagation: Microwave propagation is
line-of-sight. Since the towers with the mounted antennas need to be in direct sight of each other,
towers that are far apart need to be very tall.
The curvature of the earth as well as other blocking obstacles does not allow two short towers to
communicate by using microwaves.
➢ Repeaters are often needed for long distance communication.
➢ Very high-frequency microwaves cannot penetrate walls.
o This characteristic can be a disadvantage if receivers are inside buildings.

24
➢ The microwave band is relatively wide, almost 299 GHz.
o Therefore wider subbands can be assigned, and a high data rate is possible
➢ Use of certain portions of the band requires permission from authorities.
Unidirectional Antenna
Microwaves need unidirectional antennas that send out signals in one direction. Two types of antennas
are used for microwave communications: the parabolic dish and the horn.
1. A parabolic dish antenna is based on the geometry of a parabola:
➢ Every line parallel to the line of symmetry (line of sight) reflects off the curve at
angles such that all the lines intersect in a common point called the focus.
➢ The parabolic dish works as a funnel, catching a wide range of waves and directing
them to a common point.
➢ In this way, more of the signal is recovered than would be possible with a single-
point receiver.
➢ Outgoing transmissions are broadcast through a horn aimed at the dish. The
microwaves hit the dish and are deflected outward in a reversal of the receipt path.
2. A horn antenna looks like a gigantic scoop.
➢ Outgoing transmissions are broadcast up a stem (resembling a handle) and deflected
outward in a series of narrow parallel beams by the curved head.
➢ Received transmissions are collected by the scooped shape of the horn, in a manner
similar to the parabolic dish, and are deflected down into the stem.

Figure 1.15 Antennas

Applications
➢ Microwaves, due to their unidirectional properties, are very useful when unicast (one-
to-one) communication is needed between the sender and the receiver.

25
➢ They are used in cellular phones, satellite networks , and wireless LANs.
Infrared
➢ Infrared waves, with frequencies from 300 GHz to 400 THz (wavelengths from 1 mm to 770
nm), can be used for short-range communication.
➢ Infrared waves, having high frequencies, cannot penetrate walls.
➢ This advantageous characteristic prevents interference between one system and another; a
short-range communication system in one room cannot be affected by another system in
the next room.
➢ When we use our infrared remote control, we do not interfere with the use of the remote by
our neighbors!!!
➢ However, this same characteristic makes infrared signals useless for long-range
communication.
➢ In addition, we cannot use infrared waves outside a building because the sun's rays contain
infrared waves that can interfere with the communication.
Applications
The infrared band, almost 400 THz, has an excellent potential for data transmission.
➢ Such a wide bandwidth can be used to transmit digital data with a very
high data rate.
The Infrared Data Association (IrDA), an association for sponsoring the use of infrared waves, has
established standards for using these signals for communication between devices such as keyboards,
mice, PCs, and printers. For example, some manufacturers provide a special port called the IrDA port
that allows a wireless keyboard to communicate with a PC.
➢ The standard originally defined a data rate of 75 kbps for a distance up to 8 m. The recent
standard defines a data rate of 4 Mbps.
➢ Infrared signals defined by IrDA transmit through line of sight; the IrDA port on the keyboard
needs to point to the PC for transmission to occur.
➢ Infrared signals can be used for short-range communication in a closed area using line-of-
sight propagation!!!

1.4 Introduction to Computer Network Protocol

1.4.1 Computer network protocol
A network protocol is a set of established rules that dictate how to format, transmit and receive data so
that computer network devices, from servers and routers to endpoints, can communicate, regardless of the
differences in their underlying infrastructures, designs or standards.

26
To successfully send and receive information, devices on both sides of a communication exchange
must accept and follow protocol conventions. In networking, support for protocols can be built into
software, hardware or both.
What is ISO?
ISO stands for the International Standardization Organization. It is an organization which works to
establish international standardization for all services and manufactured products. Therefore, in the area
of computing, the ISO’s goal is to establish global standards for communications and information
exchange. The ISO’s major achievement in the area of networking and communications has been to
define a set of standards, known as the OSI reference model.

1.4.2 The OSI Reference Model

OSI refers to Open System Interconnection
OSI defines standards for the interaction of computers connected by communication networks. It
provides a description of how network hardware and software work together in a layered fashion to
make communication possible. The OSI reference model has seven layers. The main objective of
dividing in to seven layers include: creating manageable layers by breaking down the complex network
operations.
Data Packets & the OSI Reference Model
The data packets are assembled and disassembled according to the OSI reference model. The packet
creation process began at the application layer of the OSI reference model, where the data is generated.
Information to be sent across the network starts at the application layer & continues through all seven
layers.
At each layer information relevant to the layer is added to the data. This information is for the use of the
corresponding layer in the receiving computer. The data-link layer in the receiving computer, for
instance, will read information added at the data link layer in the sending computer.

27
Figure 1.16 OSI reference model

The above figure shows the assembly of data at the sending side and the disassembly of the data at the
receiving end. When data is sent over the network, it is passed through all seven layers each layer adds
a header with information before passing the data on to the next layer. The data link layer adds a trailer.
The physical layer passes the data with the attached header and trailer information on to the physical
network. When a data frame arrives at the receiving computer, each layer removes the appropriate
header and, if included, trailer and reads the information before sending the data on the next layer. This
process is repeated for every data frame sent between two computers communicating on the network.
1.5 Network Protocols
A protocol is a set of rules and procedures governing the exchange of data between two components.
Some of the functions that protocols perform include:
• Identifying the different devices in the communication path
• Establishing the speed & method to be used for the transmission of data
• Altering the receiving device to the incoming data & defining the way receipt of data is to be acknowledged
by the receiving device
• Determines how errors are to be detected and corrected

28
Protocols can be broadly classified in to different categories as:
• Hardware and software protocols
• Routable and Non Routable Protocols
• Connection Oriented and Connection less Protocols
1.5.1 Hardware & Software Protocols
Hardware Protocols are protocols that define how hardware devices operate and work together
i.e. hardware protocols define the communication between different hardware devices while Software
Protocols are Programs communicate with each other via software protocols. Network client computers
and network servers both have protocol packages that must be loaded to allow them to talk other
computers. These packages contain the protocols the computer needs to access certain network device or
service.
1.5.2 Routable and Non Routable Protocols
A Routable protocol is a network protocol which can carry data from one network and can pass through
the router to reach another network and be delivered to a computer in that remote network. Examples of
routable protocols: Internet Protocol (IP -IPv4 and Ipv6), IPX, AppleTalk, VINES Internetwork
Protocol (VIP), DECnet.
None routable Protocols A non-routable protocol’s data cannot be passed through a router to reach a
remote network. This is mainly because of the lack of capability of protocol (almost all non-routable
protocols are designed long back which will not fit well in current networks) and the addressing scheme
the non-routable protocol is using.
Non-routing protocols reachability limit is its own network and they are designed in such a way to
think that all computers they communicate are on the same network as the source computer
Connection Oriented and Connection less Protocols Connection Oriented Protocols
If you need to ensure that certain data arrives at its destination, then connection oriented protocol can
be used. This protocol sends acknowledgements to show that the data is received successfully.
Connectionless Protocols are those protocols that send out the data across the network with no feedback
as to whether it arrived at the destination device or not. I.e. it doesn’t acknowledge whether the data is
safely arrived at the destination device.
Connectionless Protocols are faster than connection oriented protocols ones due to the less
functionality. They are used mainly when there is a need to send data to multiple computers at once, or
where high speed is needed.

1.5.3 Internet Control Message Protocol (ICMP)

This protocol provides error reporting for the IP. ICMP is found in the Network layer of the OSI
model.

29
Since IP is a connection less protocol, there is no error checking mechanism. This implies that IP cannot
detect when an error occurs on the network. It’s up to the ICMP to report errors back to the host
computer that sent the IP packet.
For example, if a network device cannot forward an IP packet on to the next network in its journey,
then it will send back a message to the source of that packet using ICMP to explain the error. Some
common types of errors that ICMP can report include Destination Unreachable, Congestion, Echo
Request, Echo Replay etc…
RIP & OSPF
Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are the tow routing
protocols in the Internet Protocol Suite. I.e. RIP & OSPF are used for routing information.
RIP: uses the number of routers (hops) between the originating computer (sender) and the destination
computer (receiver), to decide the best way (path) to route a packet.
OSPF: uses much more information than just the number of routers (hops) to make a decision. These
includes the number of hops between the source and destination device, the speed of the connection
between the hops and the load balancing – to calculate the best way to route packets.

30
Unit 2: The OSI and the TCP/IP Communication Models
Learning Objectives of the unit

• describe the TCP/IP in computer communication

• identify the role of protocol layers in the data network
• disrobe the importance of addressing and naming schemes

2.1 Communication and Layer Architecture

A network is a combination of hardware and software that sends data from one location to another. The
hardware consists of the physical equipment that carries signals from one point of the network to
another. The software consists of instruction sets that make possible the services that we expect from a
network. For example, the task of sending an e-mail from one point in the world to another can be
broken into several tasks, each performed by a separate software package. Each software package uses
the services of another software package. At the lowest layer, a signal, or a set of signals, is sent from
the source computer to the destination computer.
We use the concept of layers in our daily life. As an example, let us consider two friends who
communicate through postal mail. The process of sending a letter to a friend would be complex if there
were no services available from the post office.

Figure 2.1 TCPIP layer

Communication architecture is a strategy for connecting host computers and other communicating
equipment. It defines necessary elements for data communication between devices. Communication
architecture, therefore, defines a standard for the communicating hosts. A programmer formats data in a
31
manner defined by the communication architecture and passes it on to the communication software.
Separating communication functions adds flexibility, for example, we do not need to modify the entire
host software to include more communication devices.

• Layer architecture simplifies the network design.

• It is easy to debug network applications in a layered architecture network.
• The network management is easier due to the layered architecture.
• Network layers follow a set of rules, called protocol.
• The protocol defines the format of the data being exchanged, and the control and timing for the handshake
between layers.

2.2 The Seven Layers of an OSI Model

2.2.1 The OSI Reference Model
OSI refers to Open System Interconnection. OSI defines standards for the interaction of computers
connected by communication networks.It provides a description of how network hardware and
software work together in a layered fashion to make communication possible.

The OSI reference model has seven layers. The main objective of dividing in to seven layers include:
creating manageable layers by breaking down the complex network operations.

Layers of the OSI reference Model includes:

1. Application Layer (Layer 7)

2. Presentation Layer (Layer 6)

3. Session Layer (Layer 5)

4. Transport Layer (Layer 4)

5. Network Layer (Layer 3)

6. Data link Layer (Layer 2)

7. Physical Layer (Layer 1)

Application Layer (Layer 7)
This is the topmost and seventh layer of the OSI reference model. This layer will communicate with the
end users & user applications.

32
This layer grants a direct interface and access to the users with the network. The users can directly
access the network at this layer. Few Examples of services provided by this layer include e-mail,
sharing data files, FTP GUI based software like Netnumen, Filezilla (used for file sharing), telnet
network devices etc. There is vagueness in this layer as is not all user-based information and the
software can be planted into this layer.
For Example
Any designing software can’t be put directly at this layer while on the other hand when we access any
application through a web browser, it can be planted at this layer as a web browser is using HTTP
(hypertext transfer protocol) which is an application layer protocol. Therefore irrespective of the
software used, it is the protocol used by the software that is considered at this layer.
Software testing programs will work on this layer as the application layer provides an interface to its end
users to test the services and their uses. The HTTP protocol is mostly used for testing at this layer but
FTP, DNS, TELNET can also be used as per the requirement of the system and network in which they
are operating.
• At this layer the user interfaces with the computer.
• Provides network services to application processes such as e-mail, file transfer, database access
• Initiates requests or accepts a request to send a packet
• The information to be sent across the network starts at this layer
Presentation Layer (Layer 6)
As suggested by the name itself, the presentation layer will present the data to its end users in the form
in which it can easily be understood. Hence, this layer takes care of the syntax, as the mode of
communication used by the sender and receiver may be different. It plays the role of a translator so that
the two systems come on the same platform for communication and will easily understand each other.
The data which is in the form of characters and numbers are split into bits before transmission by the
layer. It translates the data for networks in the form in which they require it and for devices like
phones, PC, etc in the format they require it. The layer also performs data encryption at the sender’s
end and data decryption at the receiver’s end.
It also performs data compression for multimedia data before transmitting, as the length of multimedia
data is very big and much bandwidth will be required to transmit it over media, this data is compressed
into small packets and at the receiver’s end, it will be decompressed to get the original length of data in
its own format. At this layer, a certain amount of data translation & byte reordering is done i.e. when
computers from dissimilar systems such as IBM, Apple & Sun - need to communicate a certain amount
of data translation & byte reordering is done.

33
Within the sending computer the presentation layer translates the data from the format sent down from
the application layer in to a commonly recognized, intermediary format.
At the receiving computer, this layer translates the intermediary format in to a format that can be useful
to the computer’s application layer.
Tasks like data compression, decompression, encryption & decryption are performed in this layer.
Compression: is the process of shrinking the size of data that will be put on the network cable
Decompression: is the process of extracting the compressed data in to its original size.
Encryption: is the process of making information unreadable to protect it from an authorized
viewing or use.
Decryption: is the process of decoding the information back to the original form A key is
required to decrypt the information
Session Layer (Layer 5)
This layer permits the users of different platforms to set up an active communication session between
themselves. The main function of this layer is to provide sync in the dialogue between the two distinctive
applications. The synchronization is necessary for efficient delivery of data without any loss at the
receiver end.
Let’s understand this with the help of an Example.
Assume that a sender is sending a big data file of more than 2000 pages. This layer will add some
checkpoints while sending the big data file. After sending a small sequence of 40 pages, it ensures the
sequence & successful acknowledgment of data.
If verification is OK, it will keep repeating it further till the end otherwise it will re-synchronize and re-
transmit. This will help in keeping the data safe and the whole data host will never completely get lost
if some crash happens. Also, token management, will not allow two networks of heavy data and of the
same type to transmit at the same time. Session layer starts, governs and stops transmission order i.e.
the session layer in the sending computer will start the transmission of the data, and the session layer at
the receiving computer will govern and stops the transmission of the data.

Transport Layer (Layer 4)

At this layer, the data is broken in to smaller pieces called segments.
Here one piece (segment) at a time is transmitted & a TCP header is added to each segment - at
the sending computer. At the receiving computer, each segment is sequenced & assembled to make the
original data.

34
Network Layer (Layer 3)
The network layer is the third layer from the bottom. This layer has the accountability to accomplish
the routing of data packets from the source to destination host between the inter and intra networks
operating on the same or different protocols.
The answer is very simple that it finds out the easy, shortest, and time-efficient way out between the
sender and the receiver to exchange data using routing protocols, switching, error detection and
addressing techniques. It performs the above task by using a logical network addressing and subnetting
designs of the network. Irrespective of the two different networks working on the same or different
protocol or different topologies the function of this layer is to route the packets from the source to
destination by using the logical IP addressing and routers for communication.
The network layer is responsible for addressing messages.
At this layer, each segment is given an address which is the logical address.
At the network layer, we call the data (which includes at this point the transport header and the upper
layer information) a packet. Here one packet at a time is sent and an IP header is added to each packet
It determines the routing of data packets from the source to the destination computer. Determines which path the data
should take based on the network condition
Data link Layer (Layer 2)
Adds a header containing hardware (physical) source and destination address. Adds error checking information &
prepares packet for sending out over the physical connection. At the data link layer, we call the data (which includes
at this point the IP header and the upper layer information) a frame. The data link layer sends data frames from the
network layer to the physical layer – at the sender side. At the receiver end, it packages row bits from the physical
layer in to data frames.

The Physical Layer (Layer 1)

Sends /receives the packet as a bit stream. This layer addresses the transmission of the unstructured row bit
stream over a network cable.

35
Application Layer Application Layer

Presentation Layer Presentation Layer

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data link Layer Data link Layer

Physical Layer Physical Layer

Figure 2.2 TCP/IP

2.3 Transmission Control Protocol (TCP)

TCP is a connection oriented protocol. This implies that TCP ensures whether or not the data is arrived
successfully at the destination by sending acknowledgements to the sender. It is found at the transport
layer of the OSI model.
The TCP Protocol does the following:
• Breaks the data in to pieces that the network can handle efficiently – at the sender side

• Verifies whether all pieces have arrived at their destination

• Reassembles the data – at the receiver side

When an IP Packet is sent between two communicating hosts on the network, a TCP header that
contains flow control, sequencing and error checking is added to the packet.

2.4 User Datagram Protocol (UDP)

UDP is a connection less transport protocol which is found at the transport layer of the OSI model.
UDP is used when the function of TCP is not needed. UDP is just responsible for transporting
datagrams. UDP does not guarantee delivery, preservation of sequence, or protection against
duplication.

36
UDP is simpler than TCP because it doesn’t worry about:
• missing packets or keeping data in the right order
• UDP is used for programs that only send short messages.

Address Resolution Protocol (ARP) & Reverse Address Resolution Protocol (RARP)
Address Resolution Protocol (ARP): is used to find the physical (hardware) address of a computer, by
using its IP address. If for example system A wants to send the message to system B, it has to add/attach
the source physical address, the source IP address, the destination physical address and the destination
IP address to the data. However, if it doesn’t know the physical address of the destination device, but it
has the IP address of the destination device, then it will broadcast the message to all the devices
(computers) over the network using ARP request. Since the request is broadcast over the network, each
device on the network checks the destination IP address to their IP address, the device whom its IP
address is broadcasted over the network (for example, device B) will then send back its Physical
address to the source device(i.e. computer A) over the network using ARP reply.
Note:
ARP request is broadcast (i.e. the request is sent to every computer on the network).
ARP reply is unicast (i.e. the reply is sent to the requesting device only – in this case the reply is sent to
only device A).

37
Reverse Address Resolution Protocol (RARP): is used to find the IP address of a computer, by using
its physical address.

Note:
The RARP request packets are broadcast; the RARP reply packets are unicast.

2.5 Network Protocols

2.5.1 File Transfer Protocol (FTP)
This protocol is used to send or transfer files from one computer to another. This protocol allows users
to remotely log on to other computers on a network and browse download and upload files.
2.5.2 Simple Mail Transfer Protocol (SMTP)
This protocol is responsible for making sure that e-mail is delivered. SMTP only handles the delivery
of mail to servers or between servers. It doesn’t handle the delivery to the final e-mail client application.
2.5.3 Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) is used for assigning and configuring IP addresses to
computers on the network automatically. Once your network becomes large, instead of configuring and
assigning an IP address to each device on the network manually, the administrator does it once for the
entire network on the DHCP server. The DHCP server is given arrange of IP addresses for assigning.
2.5.4 Telnet
Allows users to remotely log in to another computer and run applications. The computer at which the
user is physically working effectively becomes a dumb terminal – no processing is done on that
computer; it is only used for display.
2.5.5 Network File System
Network File System (NFS) is developed by sun Microsystems. It is more advanced way to share files
and disk drives than FTP and Telnet.

38
2.6 TCP/IP Communication Models
TCP/IP Model helps you to determine how a specific computer should be connected to the internet
and how data should be transmitted between them. It helps you to create a virtual network when
multiple computer networks are connected together. The purpose of TCP/IP model is to allow
communication over large distances.TCP/IP stands for Transmission Control Protocol/ Internet
Protocol. TCP/IP Stack is specifically designed as a model to offer highly reliable and end-to-end byte
stream over an unreliable internetwork.
Four Layers of TCP/IP model
In this TCP/IP tutorial, we will explain different layers and their functionalities in TCP/IP model:

Figure 2.6 TCP/IP conceptual layers

2.6.1 Application Layer
The application layer enables the user, whether human or software, to access the network. It provides
user interfaces and support for services such as electronic mail, remote file access and transfer, shared
database management, and other types of distributed information services. Application layer is where
users actually communicate to the computer. Take the case of Internet Explorer (IE). It is also
responsible for identifying and establishing the availability of the intended communication partner.

Typical application layer protocols

• Domain Name System (DNS)

• Hyper Text Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)

39
➢ E-mail (SMTP,POP,IMAP)
Domain Name System (DNS)
➢ Thousands of servers, installed in many different locations, provide the services we use
over the Internet.
➢ Each of these servers is assigned a unique IP address
➢ It would be impossible to remember all of the IP addresses
➢ DNS provides a way for hosts to use this name to request the IP address of a specific
server.
➢ DNS names are registered and organized on the Internet within specific high level
groups, or domains.
Web client and web server
➢ A web client first receives the IP address of a web server from DNS server
➢ Then the client browser uses that IP address and port 80 to request web services
➢ This request is sent to the server using the Hypertext Transfer Protocol (HTTP)
➢ The information content of a web page is encoded using specialized 'mark-up'
languages.
▪ E.g. HTML (Hypertext Mark-up Language)
➢ Many different web servers and web clients from many different manufactures work
together seamlessly because of HTTP and HTML
File Transfer Protocol (FTP)
➢ FTP is another common service used across the Internet that allows users to transfer
files
➢ A host running FTP client software can access an FTP server to perform various file
management functions including file uploads and downloads
➢ FTP service uses two different ports to communicate between client and server
➢ Requests to begin an FTP session are sent to the server using destination port 21.
➢ Once the session is opened, the server will change to port 20 to transfer the data files
➢ FTP client software is built into computer operating systems and into most web
browsers

Email Servers (SMTP, POP3 and IMAP4)

Each mail server receives and stores mail for users who have mailboxes configured on the mail server.
Each user with a mailbox must then use an email client to access the mail server and read these
messages

40
➢ Mailboxes are identified by the format: [email protected]
Three application protocols used in processing email include
➢ Simple Mail Transfer Protocol (SMTP):- to send mail from client to server or server
to server
➢ Post Office Protocol (POP3):- to download email from server to client, and the server
deletes the mail
➢ Internet Message Access Protocol (IMAP4):- to download email from server to client,
and the server does not delete (keeps) the mail
TCP/IP Network Model Layers
➢ As with the OSI model, the TCP/IP suite uses a layered model.
➢ TCP/IP model has four or five - depending on who you talk to and which books you read!
➢ Some people call it a four layer suite - Application, Transport, Internet and Network
Access, others split the Network Access layer into its Physical and Datalink components.

Figure 2.7 four layers Suit

41
Figure 2.8 Four Layers OSI Layers

2.6.2 Network Layer (3rd OSI Layer)

Concerned with getting packets from source to destination. Network layer must know the topology of
the subnet and choose appropriate paths through it.
➢ When source and destination are in different networks, the network layer must deal with these
differences.
➢ The network layer is responsible for the source-to-destination delivery of a packet, possibly
across multiple networks.
➢ Whereas the data link layer oversees the delivery of the packet between two systems on the
same network, the network layer ensures that each packet gets from its point of origin to its
final destination.
➢ If two systems are connected to the same local network, there is usually no need for a network
layer. However, if the two systems are attached to different networks with connecting
devices between the networks, there is often a need for the network layer to accomplish
source-to-destination delivery. Other responsibilities of the network layer include the following:
Logical addressing:- The physical addressing implemented by the data link layer handles the
addressing problem locally.
➢ If a packet passes the network boundary, we need another addressing system to help
distinguish the source and destination systems.

42
➢ The network layer adds a header to the packet coming from the upper layer that, among other
things, includes the logical addresses of the sender and receiver. We discuss logical
addresses later in chapter Six.
Routing:- When independent networks or links are connected to create internetworks (network of
networks) or a large network, the connecting devices (called routers or switches) route or switch the
packets to their final destination.
➢ One of the functions of the network layer is to provide this mechanism.

Figure 2.9 Data link layer Routing

2.6.3 Transport layer (4th OSI layer)

➢ The transport layer is responsible for process-to-process delivery of the entire message.
➢ A process is an application program running on a host.
➢ Whereas the network layer oversees source-to-destination delivery of individual packets, it
does not recognize any relationship between those packets.
➢ The network layer treats each packet independently, as though each piece belonged to a
separate message, whether or not it does.
➢ The transport layer, on the other hand, ensures that the whole message arrives intact and in
order, overseeing both error control and flow control at the source-to-destination level.
Major functions of the transport layer
➢ The Transport layer encompasses these functions:
1. Enables multiple applications to communicate over the network at the same time
on a single device

43
2. Ensures that, if required, all the data is received reliably and in order by the correct
application
3. Employs error handling mechanisms
Responsibilities of the transport layer include the following
Service-point addressing:- Computers often run several programs at the same time. For this reason,
source-to-destination delivery means delivery not only from one computer to the next but also from a
specific process (running program) on one computer to a specific process on the other. The transport
layer header must therefore include a type of address called a service- point address (or port address).
The network layer gets each packet to the correct computer; the transport layer gets the entire message
to the correct process on that computer.
Segmentation and reassembly:- A message is divided into transmittable segments, with each segment
containing a sequence number.
These numbers enable the transport layer to reassemble the message correctly upon arriving at the
destination and to identify and replace packets that were lost in transmission.
Flow control:- Like the data link layer, the transport layer is responsible for flow control.
➢ However, flow control at this layer is performed end to end rather than across a single link.
Error control:- Like the data link layer, the transport layer is responsible for error control.
➢ However, error control at this layer is performed process-to-process rather than across a
single link.
➢ The sending transport layer makes sure that the entire message arrives at the receiving
transport layer without error (damage, loss, or duplication).
➢ Error correction is usually achieved through retransmission.
➢ Connection control:- The transport layer can be either connectionless or connection-
oriented.
➢ Connectionless transport layer treats each segment as an independent packet and delivers
it to the transport layer at the destination machine.
➢ Connection-oriented transport layer makes a connection with the transport layer at the
destination machine first before delivering the packets.
2.6.4 Transport layer addressing
Whenever we need to deliver something to one specific destination among many, we need an address.
At the data link layer, we need a MAC address to choose one node among several nodes if the
connection is not point-to-point. A frame in the data link layer needs a destination MAC address for
delivery and a source address for the next node's reply. At the network layer, we need an IP address to
choose one host among millions. A datagram in the network layer needs a destination IP address for
delivery and a source IP address for the destination's reply.

44
At the transport layer, we need a transport layer address, called a port number, to choose among multiple
processes running on the destination host.
➢ The destination port number is needed for delivery; the source port number is needed for
the reply.
➢ In the Internet model, the port numbers are 16-bit integers between 0 and 65,535.
➢ The client program defines itself with a port number, chosen randomly by the transport
layer software running on the client host. This is the ephemeral (temporal) port number.
(next slide, more on port number)
Identifying Applications (Processes)
In order to pass data streams to the proper applications, the Transport layer must identify the target
application. To accomplish this, the Transport layer assigns an application identifier called a port
number. Each software process that needs to access the network is assigned a port number unique in that
host This port number is used in the transport layer header to indicate to which application that piece of
data is associated.
The server process must also define itself with a port number. This port number, however, cannot be
chosen randomly. If the computer at the server site runs a server process and assigns a random number
as the port number, the process at the client site that wants to access that server and use its services will
not know the port number. Of course, one solution would be to send a special packet and request the
port number of a specific server, but this requires more overhead. The Internet has decided to use
universal port numbers for servers; these are called well-known port numbers. Example of well-
known port numbers: 21 for FTP, 23 telnet, 25 SMTP, 80 HTTP, etc

Internet Assigned Number Authority (IANA) Ranges

➢ There are some exceptions to this rule; for example, there are clients that are assigned well-
known port numbers. Every client process knows the well-known port number of the
corresponding server process.
➢ Well-known ports. The ports ranging from 0 to 1023 are assigned and controlled by lANA.
These are the well-known ports.
➢ Registered ports. The ports ranging from 1024 to 49,151 are not assigned or controlled by
lANA. They can only be registered with lANA to prevent duplication.
➢ Dynamic ports. The ports ranging from 49,152 to 65,535 are neither controlled nor
registered. They can be used by any process. These are the ephemeral ports (temporary
ports).
USER DATAGRAM PROTOCOL (UDP)
The User Datagram Protocol (UDP) is called a connectionless, unreliable transport protocol.

45
➢ It does not add anything to the services of IP except to provide process-to-process
communication.
Also, it performs very limited error checking. If UDP is so powerless, why would a process want to use
it? With the disadvantages come some advantages. UDP is a very simple protocol using a minimum of
overhead. If a process wants to send a small message and does not care much about reliability, it can
use UDP. Sending a small message by using UDP takes much less interaction between the sender and
receiver than using TCP or SCTP.
UDP packets, called user datagrams, have a fixed-size header of 8 bytes Source port number. This is the
port number used by the process running on the source host. Destination port number this is the port
number used by the process running on the destination host. This is a 16-bit field that defines the total
length of the user datagram, header plus data.

Figure 2.10 UDP

UDP does not perform:
➢ Flow control
➢ Error control
➢ Connection control
All these functions are done by the processes (application layer programs) using UDP. UDP is not
capable of segmenting and reassembling frames and does not implement sequence numbers
➢ But UDP, like TCP, performs: Service point addressing
➢ UDP can transmit only small portions of data at a time because it is not capable of
segmenting and reassembling frames and does not implement sequence numbers
Use of UDP
1. UDP is suitable for a process that requires simple request-response communication with
little concern for flow and error control. It is not usually used for a process such as FTP
that needs to send bulk data

46
2. UDP is suitable for a process with internal flow and error control mechanisms. For example,
the Trivial File Transfer Protocol (TFTP) process includes flow and error control. It can
easily use UDP.
3. UDP is a suitable transport protocol for multicasting. Multicasting capability is embedded
in the UDP software but not in the TCP software.
4. UDP is used for management processes such as SNMP.
5. UDP is used for some route updating protocols such as Routing Information Protocol (RIP).
Transmission Control Protocol (TCP)
TCP, like UDP, is a process-to-process (program-to-program) protocol. TCP, therefore, like UDP, uses
port numbers. Unlike UDP, TCP is a connection-oriented protocol; it creates a virtual connection
between two TCPs to send data. In addition, TCP uses flow and error control mechanisms at the transport
level. In brief, TCP is called a connection-oriented, reliable transport protocol. It adds connection-
oriented and reliability features to the services of IP.
TCP Services
1. Process-to-Process Communication:- Like UDP, TCP provides process-to-process
communication using port numbers.
2. Stream Delivery Service
3. Full-Duplex Communication
4. Connection-Oriented Service
5. Reliable Service
Stream Delivery Service
➢ TCP, unlike UDP, is a stream-oriented protocol.
➢ In UDP, a process (an application program) sends messages, with predefined boundaries,
to UDP for delivery.
➢ UDP adds its own header to each of these messages and delivers them to IP for transmission.
➢ Each message from the process is called a user datagram and becomes, eventually, one IP
datagram.
➢ Neither IP nor UDP recognizes any relationship between the datagrams.
➢ Each application using UDP must send small data to fit into one user datagram as it is.
(UDP does not segment/reassemble)
TCP, on the other hand, allows the sending process to deliver data as a stream of bytes and allows the
receiving process to obtain data as a stream of bytes. TCP creates an environment in which the two
processes seem to be connected by an imaginary "tube” that carries their data across the Internet. The
sending process produces (writes to) the stream of bytes, and the receiving process consumes (reads
from) them (Fig. next slide)

47
Figure 2.11 TCP/IP sending and receiving
Sending and Receiving Buffers
Because the sending and the receiving processes may not write or read data at the same speed, TCP
needs buffers for storage. There are two buffers, the sending buffer and the receiving buffer, one for
each direction. One way to implement a buffer is to use a circular array of 1- byte locations. For
simplicity, two buffers of 20 bytes each in example next slide are used; normally the buffers are
hundreds or thousands of bytes, depending on the implementation. The two buffers shown do also have
the same size, which is not always the case.
Connection-Oriented Service
TCP, unlike UDP, is a connection-oriented protocol. When a process at site A wants to send and
receive data from another process at site B, the following occurs:
1. The two TCPs establish a connection between them.
2. Data are exchanged in both directions.
3. The connection is terminated.
Note that this is a virtual connection, not a physical connection. The TCP segment is encapsulated in an
IP datagram and can be sent out of order, or lost, or corrupted, and then resent.
➢ Each may use a different path to reach the destination. There is no physical connection.
➢ TCP creates a stream-oriented environment in which it accepts the responsibility of
delivering the bytes in order to the other site.

48
TCP Segment Numbering System
Byte Number. TCP numbers all data bytes that are transmitted in a connection.
➢ Numbering is independent in each direction.
➢ When TCP receives bytes of data from a process, it stores them in the sending buffer and
numbers them.
➢ The numbering does not necessarily start from 0.
➢ Instead, TCP generates a random number between 0 and 232 - 1 for the number of the first
byte.
➢ For example, if the random number happens to be 1057 and the total data to be sent are
6000 bytes, the bytes are numbered from 1057 to 7056.
➢ Byte numbering is used for flow and error control too.
Sequence Number. After the bytes have been numbered, TCP assigns a sequence number to each
segment that is being sent. The sequence number for each segment is the number of the first byte
carried in that segment.

49
Unit 3 Internet Protocol (IP) and IP Addressing
Learning Objectives of the unit
• Be able to understand Subnetting basics
• Be able to create subnets
• Be able to understand IP addressing Troubleshooting
3.1 IP Addresses
Before two computers on a network can communicate, they need to know how to contact each other. Just as
every computer has hardware address called a MAC address that is encoded in to the network card, computers
also have what is called a logical address.

This is an address that is usually set by an administrator, though it is sometimes automatically set by the network
protocol suite used. Every host on a TCP/IP is given an IP address. This address is a unique 4 byte address.
IP Address Representation

There are two ways of representing an IP address

• Binary Notation Representation and

• Dotted Decimal Representation
Binary Notation

In binary representation each byte is separated by a space

Example: 01110101 10010101 00011101 11101010

Dotted-decimal notation

In dotted-decimal notation the IP address is normally written as four decimal numbers, with each number
representing 1 byte. The numbers are separated by a dot.

Example: 132.24.75.9

Changing IP Addresses from binary notation to dotted-decimal notation and vice versa:

Example 1:

Change the following IP address from binary notation to dotted-decimal notation.

10000001 00001011 00001011 11101111

Solution: -129.11.11.239

50
Example 2

Change the following IP address from dotted-decimal notation to binary notation.

111.56.45.78

Solution: -01101111 00111000 00101101 01001110

Example 3

1. Find the error, if any, in the following IP address: - 111.56.045.78

Solution: - There are no leading zeroes in dotted-decimal notation (045).

2. Find the error, if any, in the following IP address: - 75.45.301.14

Solution: - In dotted-decimal notation, each number is less than or equal to 255; 301 is outside this range.

(Anatomy of an IPv4 Address, Binary-to-Decimal Conversion,

Decimal-to-Binary Conversions, Addressing Types of Communication: Unicast, Broadcast, Multicast)

Types of Addresses in an IPv4 Network Range
(Subnet Mask: Defining the Network and Host Portions of the Address, Public and Private Addresses, Special
Unicast IPv4 Addresses, Legacy IPv4 Addressing)

Identifying the class in binary notation

If the first bit of the first byte is 0 then it is Class A address

If the first two bits of the first byte are10 then it is Class B address

If the first three bits of the first byte are 110 then it is Class C address If the first

four bits of the first byte is 1110 then it is Class D address If the first four bits of

the first byte are all 1’s then it is Class E address

Example 4

51
1. Find the class of the address: 00000001 00001011 00001011 11101111

Solution: - The first bit is 0. This is a class A address.

2. Find the class of the address: 11000001 10000011 00011011 11111111

Solution: The first 2 bits are 1; the third bit is 0. This is a class C address
Identifying the class in decimal notation

The first byte of class A addresses is always between 0 and 127

The first byte of class B addresses is always between 128 and 191

The first byte of class C addresses is always between 192 and 223

The first byte of class D addresses is always between 224 and 239

The first byte of class E addresses is always between 240 and 255

Example 5

1. Find the class of the address: 227.12.14.87

Solution: The first byte is 227 (between 224 and 239); the class is D.

2. Find the class of the address: 193.14.56.22

Solution: The first byte is 193 (between 192 and 223); the class is C.

Netid and Hostid

Netid - defines the network address

Hostid - defines the host computer

52
Class A: Addresses

In class A addressing the first byte defines the Netid (Network Adress) while the remaining three bytes define the
Hostid (Host Computer).

For example, the address 56.88.1.123 has a network address (Netid) of 56, and the remaining numbers signify the
host.

The first byte of class A addresses is always between 0 and 127. This implies that there are a total of 128 blocks
(Network addresses) in Class A.

The first block ranges from 0.0.0.0 to 0.255.255.255 , while the last block ranges from 127.0.0.0 to
127.255.255.255.

With this arrangement each class A network (block) can have 256 * 256 * 256 = 16,777,216 host
computers. Generally, class A addresses can support 128 * 256 * 256 * 256 = 2,147,483,648 hosts.

Class B: Addresses

In class B addressing the first two bytes defines the Netid (Network Address) while the remaining two
bytes defines the Hostid (Host Computer)

For example, the address 131.88.1.123 has a network address (Netid) of 131.88, and the remaining
numbers i.e. 1.123 identify the host.

53
The first byte of class B addresses is always between 128 and 191.

The first block (network address) ranges from 128.0.0.0 to 128.0.255.255 , while the last block ranges from
191.255.0.0 to 191.255 . 255 . 255.

This implies that there are a total of 64 * 256 = 16,384 blocks (Network addresses) in Class B. This is because
the range of the first byte for class B addresses is 64 (i.e. from 128 to 191 the range is 64) and the second byte
consists of 256 addresses.

With this arrangement each class B network (block) can have 256 * 256 = 65,536 host computers. Generally,

class B addresses can support 64 * 256 * 256 * 256 = 1,073,741,824 hosts.

Class C: Addresses

In class C addressing the first three bytes defines the Netid (Network Address) while the remaining one byte
defines the Hostid (Host Computer)

For example, the address 201.88.1.123 has a network address (Netid) of 201.88.1, and the last byte i.e. 123
identify the host.

The first byte of class C addresses is always between 192 and 223.

The first block ranges from 192.0.0. 0 to 192.0.0. 255 , while the last block ranges from 223.255.255. 0 to 223.
255 . 255 . 255.

This implies that there are a total of 32 * 256 * 256 = 2,097,152 blocks (Network addresses) in Class
C. This is because the range of the first byte for class C addresses is 32 (i.e. from 192 to 223 the range is 32) and
the second & third bytes each consists of 256 addresses.

With this arrangement each class C network (block) can have 256 host computers. Generally, class C

addresses can support 32 * 256 * 256 * 256 = 536,870,912 hosts.

54
The number of addresses in a class C block is smaller than the needs of most Organizations Class D

addresses are used for multicasting; there is only one block in this class.

Class E addresses are reserved for special purposes; most of the block is wasted.

Network Addresses:

The network address (the first address in the block) is the one that is assigned to the organization.

The network address defines the network to the rest of the Internet. Unicast, Multicast, and Broadcast Addresses

➢ Unicast communication is one-to-one.

➢ Multicast communication is one-to-many.
➢ Broadcast communication is one-to-all.
Number of Addresses
The number of addresses in the block is the difference between the last and first address. It can easily be found
using the formula 232-n.

Example

Find the number of addresses in Example 5.

Solution

The value of n is 28, which means that number of addresses is 2 32−28 or 16.

Another way to find the first address, the last address, and the number of addresses is to represent the mask as a
32-bit binary (or 8-digit hexadecimal) number. This is particularly useful when we are writing a program to find
these pieces of information. In the above example the /28 can be represented as

11111111 11111111 11111111 11110000

Find

55
a. The first address

b. The last address

c. The number of addresses.

Solution

The first address can be found by ANDing the given addresses with the mask. ANDing here is done bit
by bit. The result of ANDing 2 bits is 1 if both bits are 1s; the result is 0 otherwise.

The last address can be found by ORing the given addresses with the complement of the mask. ORing
here is done bit by bit. The result of ORing 2 bits is 0 if both bits are 0s; the result is 1 otherwise. The
complement of a number is found by changing each 1 to 0 and each 0 to 1.

The number of addresses can be found by complementing the mask, interpreting it as a decimal number, and
adding 1 to it.

56
3.1.1 How to set static IP address

Sometimes, it’s better to assign a PC it’s own IP address rather than letting your router assign one
automatically. Join us as we take a look at assigning a static IP address in Windows.

STATIC VS. AUTOMATIC IP ADDRESSING

Right now, the IP addresses for your PCs and other devices are probably assigned automatically by your
router using a procotol known as Dynamic Host Configuration Protocol (DHCP). It’s a handy way for
devices to connect to your network more easily, because you don’t have to configure IP addressing for
each new device yourself. The downside to automatic addressing is that it’s possible for a device’s IP
address to change from time to time. Mostly, that’s not a big deal, but there are times that you might
want a device to have a static, unchanging IP address. For example:

• You have a device (like a home media server, say) that you want to be able to find reliably and you (or
other devices) prefer to locate it by IP address. Using IP addresses is often much handier when
troubleshooting your network, for example?
• You have certain apps that can only connect to network devices using their IP address. In particular,
many older networking apps suffer this limitation.
• You forward ports through your router to devices on your network. Some routers play nice with port
forwarding and dynamic IP addresses; others do not.

ASSIGN STATIC IP ADDRESSES VIA YOUR ROUTER

57
While this article covers assigning static IP addresses to PCs within Windows itself, there is another
way to go about it. Many routers allow you to assign a pool of IP addresses that are handed out to
specific devices (based on the device’s physical, or MAC address). This method offers a couple of
significant advantages:

• IP addresses are still managed by the router, meaning that you won’t have to make (and keep up with)
changes on each individual device.
• It’s easier to assign addresses within the same IP address pool your router uses.

With all that in mind, though, let’s take a look at how to assign static IP addresses within Windows XP,
Vista, 7, 8, and 10.

SET A STATIC IP ADDRESS IN WINDOWS 7, 8, OR 10

To change the computer’s IP address in Windows, you’ll need to open the “Network
Connections” window. Hit Windows+R, type “ncpa.cpl” into the Run box, and then hit Enter.

In the “Network Connections” window, right-click the adapter for which you want to set a static IP
addresses, and then select the “Properties” command.

In the “Network Connections” window, right-click the adapter for which you want to set a static IP
address, and then select the “Properties” command.

58
In the properties window for the adapter, select “Internet Protocol Version 4 (TCP/IPv4)” and then
click the “Properties” button.

Select the “Use the following IP address” option, and then type in the IP address, subnet mask, and
default gateway that corresponds with your network setup. Next, type in your preferred

59
and alternate DNS server addresses. Finally, select the “Validate settings upon exit” option so that
Windows immediately checks your new IP address and corresponding information to ensure that it
works.
When you’re ready, click the “OK” button.

And then close out of the network adapter’s properties window.

60
Windows automatically runs network diagnostics to verify that the connection is good. If there are
problems, Windows will give you the option of running the Network troubleshooting wizard. However,
if you do run into trouble, the wizard likely won’t do you too much good. It’s better to check that your
settings are valid and try again.

61
Assigning Addresses
SET A STATIC IP ADDRESS IN WINDOWS XP

To set a Static IP in Windows XP, right-click the “My Network Places” icon, and then select
“Properties.”

Figure 3.13: Right click Options

Right-click the adapter for which you want to set the IP, and then select “Properties” from the context
menu.

62
Figure 3.13: Ethernet Properties Dialog

Select the “Internet Protocol (TCP/IP)” entry, and then click the “Properties” button.

Figure 3.14: Wirless Network Propertiess Dialog

Select the “Use the following IP address” option. Type in the IP address, subnet mask, default gateway,
and DNS server addresses you want to use. When you’re finished, click the “OK” button.

63
Figure 3.15: TCP/IP Properties Dialog

You will need to close out of the adapter’s properties window before the changes go into effect.

64
Figure 3.16: Wirless Network Propertiess Dialog

And you can verify your new settings by using the ipconfig command at the command prompt.

Figure 3.17: IPCONFIG on command prompt

Planning to Address the Network

This topic describes the issues you must resolve in order to create your network in an organized, cost-
effective manner. After you resolve these issues, you can devise a network plan as you configure and
administer your network in the future.

Determining the Network Hardware

When you design your network, you must decide what type of network best meets the needs of your
organization. Some of the planning decisions you must make involve the following network hardware:

• The network topology, the layout, and connections of the network hardware
• The number of host systems your network can support
• The types of hosts that the network supports
• The types of servers that you might need
• The type of network media to use: Ethernet, Token Ring, FDDI, and so on
• Whether you need bridges or routers extend this media or connect the local network to
external networks
• Whether some systems need separately purchased interfaces in addition to their built in
interfaces

Based on these factors, you can determine the size of your local area network.

65
Obtaining Your Network's IP Number

An IPv4 network is defined by a combination of an IPv4 network number plus a network mask, or
netmask. An IPv6 network is defined by its site prefix, and, if subnetted, its subnet prefix.

Unless your network plans to be private in perpetuity, your local users most likely need to
communicate beyond the local network. Therefore, you must obtain a registered IP number for your
network from the appropriate organization before your network can communicate externally. This
address becomes the network number for your IPv4 addressing scheme or the site prefix for your IPv6
addressing scheme.

Internet Service Providers provide IP addresses for networks with pricing that is based on different
levels of service. Investigate with various ISPs to determine which provides the best service for your
network. ISP's typically offer dynamically allocated addresses or static IP addresses to businesses.
Some ISPs offer both IPv4 and IPv6 addresses.

Deciding on an IP Addressing Format for Your Network

The number of systems that you expect to support affects how you configure your network. Your
organization might require a small network of several dozen standalone systems that are located on one
floor of a single building. Alternatively, you might need to set up a network with more than 1,000
systems in several buildings. This setup can require you to further divide your network into subdivisions
that are called subnets.

When you plan your network addressing scheme, consider the following factors:

➢ The type of IP address that you want to use: IPv4 or IPv6

➢ The number of potential systems on your network
➢ The number of systems that are multihued or routers, which require an IP address for
each interface
➢ Whether to use private addresses on your network
➢ Whether to have a DHCP server that manages pools of IPv4 addresses

Naming Entities on Your Network

After you receive your assigned network IP address and you have given the IP addresses to your
systems, the next task is to assign names to the hosts. Then you must determine how to handle name
services on your network. The TCP/IP protocols locate a system on a network by using its IP address.
However, if you use a recognizable name, then you can easily identify the system. Therefore, the
TCP/IP protocols (and the Solaris OS) require both the IP address and the host name to uniquely
identify a system.

66
From a TCP/IP perspective, a network is a set of named entities. A host is an entity with a name. A
router is an entity with a name. The network is an entity with a name. A group or department in which
the network is installed can also be given a name, as can a division, a region, or a company. In theory,
the hierarchy of names that can be used to identify a network has virtually no limit. The domain name
identifies a domain.

67
3.3 Calculating Network, Hosts, and Broadcast Addresses
What Is IP Subnet Calculator?
As mentioned in detail above the concept of IP addressing and subnetting, the subnets and supernet
networks are derived from a big network to create small networks for interconnection of various
network devices, situated far apart with each other and assigning the unique IP address and subnet
mask to them for communication with each other.

The IP calculator will give output for the value of broadcast IP address, usable IP range of the host
devices, subnet mask, IP class and the total number of hosts by entering the subnet mask and the IP
address of the particular network as the input value. The IP calculator gives the result for both IPV4 and
IPV6 network protocol classes of networks.

Why Is IP Calculator Needed?

There are different classes of networks that are used for networking systems and out of those for
commercial purposes the class A, B and C are most widely used. Now let us understand the need for an
IP calculator with the help of an example. If we need to calculate the host range, broadcast IP, etc. When
you configure the TCP/IP protocol on a Windows computer, the TCP/IP configuration settings require:
What Does Subnetting Mean?

Subnetting is the strategy used to partition a single physical network into more than one smaller logical
sub-network (subnets). An IP address includes a network segment and a host segment. Subnets are
designed by accepting bits from the IP address's host part and using these bits to assign a number of
smaller sub-networks inside the original network. Subnetting allows an organization to add sub-
networks without the need to acquire a new network number via the Internet service provider (ISP).
Subnetting helps to reduce the network traffic and conceals network complexity. Subnetting is essential
when a single network number has to be allocated over numerous segments of a local area network
(LAN).
Subnetting allows us to create various sub-networks or logical networks within one network of a
particular class of the network. Without subnetting, it is almost unrealistic to create big networks.
For constructing a big networking system, every link must have a unique IP address with every device on
that linked network which is being the participant of that network.
116
With the help of a subnetting technique, we can split the large networks of a particular class (A, B or C)
into smaller subnetworks for inter-connection between each node which are situated at different
locations. Each node on the network would have a distinctive IP and subnet mask IP. Any switch, router
or gateway that connects n networks has n unique Network ID and one subnet mask for each of the
network it interconnects with.

Below is a table providing typical subnets for IPv4.

Prefix size Network mask Usable hosts per subnet

/1 128.0.0.0 2,147,483,646

/2 192.0.0.0 1,073,741,822

/3 224.0.0.0 536,870,910

/4 240.0.0.0 268,435,454

/5 248.0.0.0 134,217,726

/6 252.0.0.0 67,108,862

/7 254.0.0.0 33,554,430

Class A

/8 255.0.0.0 16,777,214

/9 255.128.0.0 8,388,606

/10 255.192.0.0 4,194,302

/11 255.224.0.0 2,097,150

/12 255.240.0.0 1,048,574

/13 255.248.0.0 524,286

/14 255.252.0.0 262,142

/15 255.254.0.0 131,070

Prefix size Network mask Usable hosts per subnet

117
Class B

/16 255.255.0.0 65,534

/17 255.255.128.0 32,766

/18 255.255.192.0 16,382

/19 255.255.224.0 8,190

/20 255.255.240.0 4,094

/21 255.255.248.0 2,046

/22 255.255.252.0 1,022

/23 255.255.254.0 510

Class C

/24 255.255.255.0 254

/25 255.255.255.128 126

/26 255.255.255.192 62

/27 255.255.255.224 30

/28 255.255.255.240 14

/29 255.255.255.248 6

/30 255.255.255.252 2

/31 255.255.255.254 0

/32 255.255.255.255 0

Table 3.2 : typical subnets for IPv4

The host's formula will tell you how many hosts will be allowed on a network that has a certain subnet
mask. The host's formula is 2h - 2. The h represents the number of 0s in the subnet mask,

118
if the subnet mask were converted to binary. The first and last addresses are reserved: the first to
identify the network and the last to be used as the broadcast address.
Step 1 Find host range

To use the host's formula, let's first look at a simple example. Say you plan to use the IP address space
192.168.0.0. Currently, you have a small network subnet with 20 hosts. This network will grow to 300
hosts within the next year, however, and you plan to have multiple locations of a similar size in the
future and need to enable them to communicate using this address space.
With a single network subnet and only 20 hosts, the simplest thing to do would be to use 255.255.255.0
as your subnet mask. This would mean you would have 192.168.0.1 through 192.168.0.254 for your
hosts. The address 192.168.0.0 is reserved as the network subnet identifier, and 192.168.0.255 is
reserved for the network broadcast address.

Step 2 Convert to binary

Before you decide to use this subnet mask, however, let's apply the host's formula to it. To use the host's
formula in this scenario, you take the subnet mask 255.255.255.0 and convert it to binary. This would
give you: 111111111 11111111 11111111 00000000.
As you can see, there are eight 0s in the subnet mask. To use this with the host's formula, you would
calculate 28 - 2. This comes to 256 minus the 2 reserved addresses, or 254. So, with the subnet mask
specified, you will get 254 usable hosts. This would suit your 20-user network now but won't support
your future network expansion to 300 hosts.
Step 3 Calculate the total number of hosts per subnet

You should plan ahead and choose the best subnet mask the first time. This prevents you from having to
go back later and change all the IP addresses on this network. Adding 1s to the subnet mask means you
get fewer hosts per network subnet but more network subnets. If you remove 1s from the subnet mask,
you get more hosts per network but fewer networks. The latter is what we need to do.

To do this, let's take away one of the 1s to make our subnet mask: 11111111

11111111 11111110 0000000

In decimal number, or dotted quad representation, this is 255.255.254.0.

119
This means you have nine 0s in the host portion of the subnet mask. To apply the host's formula with this
subnet mask, we'd calculate 29 - 2. The number of usable host IP addresses is 512 minus 2, or 510. This
would definitely suit a 20-user network now and future network and host expectations of 300 hosts.
Considering that information, we know the most efficient subnet mask for the network is
255.255.254.0. The valid host address range for each subnet must be written as two ranges, due to the
limitations of writing the addresses as dotted quads. The first IP subnet would be 192.168.0.1 through
192.168.0.255 and 192.168.1.0 through 192.168.1.254. Note that 192.168.0.0 identifies the subnet, and
192.168.1.255 is the network broadcast address. That is how you arrive at the total of 510 usable hosts.
Step 4 Calculate the number of subnets

Now that you understand the host's formula, you should also know the subnet's formula, which will
ensure you have the right subnet mask for the number of subnets that you have. Just because you
determine you have the right number of hosts for your LAN using the host's formula doesn't mean
you'll have enough subnets for your network. Let's see how the subnet's formula works.
The subnet's formula is 2s, where s is the number of 1s added to the subnet mask, from whatever the
subnet mask was. Let's take the same example as above, but build on it.
Using network 192.168.0.0, we expect to have 100 remote sites with 300 PCs each. What subnet mask
should we use? In our last example, we found the 255.255.254.0 subnet mask provided 510 hosts per
subnet. That was more than adequate to support 300 PCs, but does that same subnet mask provide
networks for at least 100 remote sites? Let's find out.

Step 5 Verify the total number of subnets

The number of subnets is found by counting the number of bits by which the initial mask was extended,
also known as the subnet bits. Our initial address allocation was 192.168.0.0 with a mask of
255.255.0.0. Using the host's formula, we selected a subnet mask of 255.255.254.0. Let's compare the
two masks and count the subnet bits.

Let's convert to binary

255.255.0.0 = 11111111 11111111 00000000 00000000
255.255.254.0 = 11111111 11111111 11111110 00000000

The new mask uses seven subnet bits. Using the subnet's formula, this would give us 27 = 128
networks. This is at least 100, so we have enough subnets for 100 remote networks. This means we have
found the right subnet mask for our network. We convert our subnet mask from binary back to decimal and
get 255.255.254.0.
As you add subnet bits, the number of subnets increases by a factor of two, and the number of hosts per
subnet decreases by a factor of two. The table below shows the number of subnets and hosts for each of
eight mask bits in the third octet of an IPv4 address.
A default gateway

The default gateway is the path used to pass information when the device doesn't know where the
destination is. More directly, a default gateway is a router that connects your host to remote network
segments. It's the exit point for all the packets in your network that have destinations outside your
network. To configure TCP/IP correctly, it's necessary to understand how TCP/IP networks are addressed and
divided into networks and subnet works.

The success of TCP/IP as the network protocol of the Internet is largely because of its ability to connect
together networks of different sizes and systems of different types. These networks are arbitrarily
defined into three main classes (along with a few others) that have predefined sizes. Each of them can
be divided into smaller subnetworks by system administrators. A subnet mask is used to divide an IP
address into two parts. One part identifies the host (computer), the other part identifies the network to
which it belongs. To better understand how IP addresses and subnet masks work, look at an IP address
and see how it's organized.

3.4 IP addresses: Networks and hosts

An IP address is a 32-bit number. It uniquely identifies a host (computer or other device, such as a
printer or router) on a TCP/IP network. IP addresses are normally expressed in dotted-decimal format,
with four numbers separated by periods, such as 192.168.123.132. To understand how subnet masks are
used to distinguish between hosts, networks, and subnetworks, examine an IP address in binary
notation. For example, the dotted-decimal IP address 192.168.123.132 is (in binary notation) the 32-bit
number 110000000101000111101110000100.
This number may be hard to make sense of, so divide it into four parts of eight binary digits.
These 8-bit sections are known as octets. The example IP address, then, becomes
11000000.10101000.01111011.10000100.
This number only makes a little more sense, so for most uses, convert the binary address into dotted-
decimal format (192.168.123.132).
121
The decimal numbers separated by periods are the octets converted from binary to decimal notation.
For a TCP/IP wide area network (WAN) to work efficiently as a collection of networks, the routers that
pass packets of data between networks don't know the exact location of a host for which a packet of
information is destined. Routers only know what network the host is a member of and use information
stored in their route table to determine how to get the packet to the destination host's network. After the
packet is delivered to the destination's network, the packet is delivered to the appropriate host.
For this process to work, an IP address has two parts. The first part of an IP address is used as a
network address, the last part as a host address. If you take the example 192.168.123.132 and divide it
into these two parts, you get 192.168.123. Network .132 Hosts or 192.168.123.0 - network address.
0.0.0.132 - host address.
Network Address

The network address is a unique address to identify the network portion of the IP network. The network
address is the same for all the hosts within the same IP network. All the bits of the host portion in an IP
address are set to zero to identify as the network address of any IP network.
For example, IP address 192.168.5.50 with subnet mask 255.255.255.0 has the following network
address.

122
Unit 4 LAN Technologies
Learning Objectives of the unit
• Be able to understand the different LAN technologies and devices
Introduction
A local area network (LAN) is a computer network that is designed for a limited geographic area such
as a building or a campus. Although a LAN can be used as an isolated network to connect computers in
an organization for the sole purpose of sharing resources, most LANs today are also linked to a wide
area network (WAN) or the Internet. The LAN market has seen several technologies such as Ethernet,
Token Ring, Token Bus, FDDI, and ATM LAN. Some of these technologies survived for a while, but
Ethernet is by far the dominant technology.
4.2 IEEE STANDARDS
In 1985, the Computer Society of the IEEE started a project, called Project 802, to set standards to enable
intercommunication among equipment from a variety of manufacturers. Project 802 does not seek to
replace any part of the OSI or the Internet model. Instead, it is a way of specifying functions of the
physical layer and the data link layer of major LAN protocols. The original Ethernet was created in
1976 at Xerox's Palo Alto Research Center (PARC). Since then, it has gone through four generations:

a. Standard Ethernet (10 Mbps),

b. Fast Ethernet (100 Mbps),

c. Gigabit Ethernet (1 Gbps), and

d. Ten-Gigabit Ethernet (10 Gbps), as shown I figure 4.1

Figure 4.1 Ethernet evolutions through four generations

A. Standard Ethernet (IEEE 802.3)

123
Standard Ethernet also known as IEEE 802.3 was the LAN standard proposed by IEEE. Data rate for
standard Ethernet is 10 Mbps. MAC Sublayer In Standard Ethernet, the MAC sublayer governs the
operation of the access method. It also frames data received from the upper layer and passes them to the
physical layer. Frame Format The Ethernet frame contains seven fields: preamble, SFD, DA, SA,
length or type of protocol data unit (PDU), upper-layer data, and the CRC. Ethernet does not provide
any mechanism for acknowledging received frames, making it what is known as an unreliable medium.
Acknowledgments must be implemented at the higher layers.

Preamble. The first field of the 802.3 frame contains 7 bytes (56 bits) of alternating 0s and 1s that
alerts the receiving system to the coming frame and enables it to synchronize its input timing. The
pattern provides only an alert and a timing pulse. The 56-bit pattern allows the stations to miss some
bits at the beginning of the frame. The preamble is actually added at the physical layer and is not
(formally) part of the frame.

Start frame delimiter (SFD). The second field (1 byte: 10101011) signals the beginning of the frame.
The SFD warns the station or stations that this is the last chance for synchronization. The last 2 bits is 11
and alerts the receiver that the next field is the destination address.

Destination addresses (DA). The DA field is 6 bytes and contains the physical address of the
destination station or stations to receive the packet.

Source addresses (SA). The SA field is also 6 bytes and contains the physical address of the sender of
the packet.

Length or type: this field is defined as a type field or length field. The original Ethernet used this field
as the type field to define the upper-layer protocol using the MAC frame. The IEEE standard used it as
the length field to define the number of bytes in the data field. Both uses are common today.

Data. This field carries data encapsulated from the upper-layer protocols. It is a minimum of 46 and a
maximum of 1500 bytes.

CRC. The last field contains error detection information, in this case a CRC-32.

Frame Length Ethernet has imposed restrictions on both the minimum and maximum lengths of a
frame, as shown in Figure 13.3.

MAC Addressing Each station on an Ethernet network (such as a PC, workstation, or printer) has its
own network interface card (NIC). The NIC fits inside the station and provides the station with a 6-byte
physical (MAC) address. As shown in Figure 13.4, the Ethernet address is 6 bytes (48 bits), normally
written in hexadecimal notation, with a colon between the bytes.

The data link layer can further be divided in to two layers: the upper sub-layer that is responsible for
flow and error control is called the logical link control (LLC) layer; the lower sub-layer that is mostly
responsible for multiple access resolution is called the media access control (MAC) layer When nodes
or stations are connected and use a common link, called a multipoint or broadcast link, we need a
multiple-access protocol to coordinate access to the link. The problem of controlling the access to the
medium is similar to the rules of speaking in an assembly. The procedures guarantee that the right to
124
speak is upheld and ensure that two people do not speak at the same time, do not interrupt each other,
do not monopolize the discussion, and so on.

Figure 4.2 multiple access protocol

RANDOM ACCESS

• In random access or contention methods, no station is superior to another station and none is
assigned the control over another. No station permits, or does not permit, another station to
send.

• At each instance, a station that has data to send uses a procedure defined by the protocol to
make a decision on whether or not to send.

• This decision depends on the state of the medium (idle or busy). In other words, each station
can transmit when it desires on the condition that it follows the predefined procedure, including
the testing of the state of the medium.

• This method later evolved into two parallel methods: carrier sense multiple access with
collision detection (CSMA/CD) and carrier sense multiple access with collision avoidance
(CSMA/CA). CSMA/CD tells the station what to do when a collision is detected. CSMA/CA
tries to avoid the collision.
Controlled access

• In controlled access, the stations consult one another to find which station has the right to send.

125
• A station cannot send unless it has been authorized by other stations.
Reservation
• In the reservation method, a station needs to make a reservation before sending data. Time is divided into
intervals. In each interval, a reservation frame precedes the data frames sent in that interval.
• If there are N stations in the system, there are exactly N reservation mini slots in the reservation frame. Each
minis lot belongs to a station. When a station needs to send a data frame, it makes a reservation in its own
minis lot. The stations that have made reservations can send their data frames after the reservation frame.

Figure 4.3 mac Frame

Unicast, Multicast, and Broadcast Addresses Data are transmitted over a network by three simple
methods i.e. Unicast, Broadcast, and Multicast So let’s begin to summarize the difference between
these three:
 Unicast: from one source to one destination i.e. One-to-One
 Broadcast: from one source to all possible destinations i.e. One-to-All
 Multicast: from one source to multiple destinations stating an interest in receiving the traffic
i.e. One-to-Many

Figure 4.4 transmission methods

126
A source address is always a unicast address as station.
• The destination address, however, can be unicast, multicast, or broadcast.

Categories of Standard Ethernet

Figure 4.5 : standard Ethernet

10Base5: Thick Ethernet

The first implementation is called 10Base5, thick Ethernet, or Thicknet. The nickname derives from the
size of the cable, which is roughly the size of a garden hose and too stiff to bend with your hands.
10Base5 was the first Ethernet specification to use a bus topology with an external transceiver
(transmitter/receiver) connected via a tap to a thick coaxial cable.

The transceiver is responsible for transmitting, receiving, and detecting collisions. The transceiver is
connected to the station via a transceiver cable that provides separate paths for sending and receiving.
This means that collision can only happen in the coaxial cable. The maximum length of the coaxial
cable must not exceed 500 m; otherwise, there is excessive degradation of the signal. If a length of
more than 500 m is needed, up to five segments, each a maximum of 500-meter, can be connected
using repeaters.

127
10Base2: Thin Ethernet

The second implementation is called 10Base2, thin Ethernet, or Cheaper net. 10Base2 also uses a bus
topology, but the cable is much thinner and more flexible. The cable can be bent to pass very close to
the stations. In this case, the transceiver is normally part of the network interface card (NIC), which is
installed inside the station. Note that the collision here occurs in the thin coaxial cable. This
implementation is more cost effective than 10Base5 because thin coaxial cable is less expensive than
thick coaxial and the tee connections are much cheaper than taps. Installation is simpler because the
thin coaxial cable is very flexible. However, the length of each segment cannot exceed 185 m (close to
200 m) due to the high level of attenuation in thin coaxial cable.
10Base-T: Twisted-Pair Ethernet

The third implementation is called 10Base-T or twisted-pair Ethernet. 10Base-T uses a physical star
topology. The stations are connected to a hub via two pairs of twisted cable. Note that two pairs of
twisted cable create two paths (one for sending and one for receiving) between the station and the hub.
Any collision here happens in the hub. Compared to 10Base5 or 10Base2, we can see that the hub
actually replaces the coaxial cable as far as a collision is concerned. The maximum length of the
twisted cable here is defined as 100 m, to minimize the effect of attenuation in the twisted cable.
10Base-F: Fiber Ethernet

Although there are several types of optical fiber 10-Mbps Ethernet, the most common is called 10Base-F.
10Base-F uses a star topology to connect stations to a hub. The stations are connected to the hub using
two fiber-optic cables.

Fast Ethernet (IEEE 802.3u)

Fast Ethernet was designed to compete with LAN protocols such as FDDI or Fiber Channel (or Fibre Channel,
as it is sometimes spelled). IEEE created Fast Ethernet under the name 802.3u. Fast Ethernet is backward-
compatible with Standard Ethernet, but it can transmit data 10 times faster at a rate of 100 Mbps. The goals of
Fast Ethernet can be summarized as follows:

a. Upgrade the data rate to 100 Mbps

b. Make it compatible with Standard Ethernet.
c. Keep the same 48-bit address.
d. Keep the same frame format.
e. Keep the same minimum and maximum frame lengths.
Topology

Fast Ethernet is designed to connect two or more stations together. If there are only two stations, they can be
connected point-to-point. Three or more stations need to be connected in a star topology with a hub or a switch
at the center, as shown in Figure 4.6

128
Figure 4.6: point to point and star

Figure 4.7: Ethernet Implementation

B. Gigabit Ethernet(IEEE 802.3z)

The need for an even higher data rate resulted in the design of the Gigabit Ethernet protocol (1000 Mbps). The
IEEE committee calls the Standard 802.3z. The goals of the Gigabit Ethernet design can be summarized as
follows:

a. Upgrade the data rate to 1 Gbps.

b. Make it compatible with Standard or Fast Ethernet.
c. Use the same 48-bit address.
d. Use the same frame format.
e. Keep the same minimum and maximum frame lengths.
f. To support auto negotiation as defined in Fast Ethernet.
Giga Ethernet has two distinctive approaches for medium access: half-duplex and fullduplex. Almost all
implementations of Gigabit Ethernet follow the full-duplex approach.

129
Topology

Gigabit Ethernet is designed to connect two or more stations. If there are only two stations, they can be
connected point-to-point. Three or more stations need to be connected in a star topology with a hub or a switch at
the center. Another possible configuration is to connect several star topologies or let a star topology be part of
another as shown in Figure 4.8

Figure 4.8: Ethernet Implementation

Implementation

Gigabit Ethernet can be categorized as either a two-wire or a four-wire implementation. The two-wire
implementations use fiber-optic cable (1000Base-SX, short-wave, or 1000Base-LX, long-wave), or
STP (1000Base-CX). The four-wire version uses category 5 twisted-pair cable (1000Base-T). In other
words, we have four implementations, as shown in Figure

130
Figure 4.9: Gigabit Implementation

C. Ten-Gigabit Ethernet (IEEE 802.3ae)

The IEEE committee created Ten-Gigabit Ethernet and called it Standard 802.3ae. The goals of the
Ten-Gigabit Ethernet design can be summarized as follows:

a. Upgrade the data rate to 10 Gbps.

b. Make it compatible with Standard, Fast, and Gigabit Ethernet.
c. Use the same 48-bit address.
d. Use the same frame format.
e. S. Keep the same minimum and maximum frame lengths.
f. Allow the interconnection of existing LANs into a metropolitan area network
(MAN) or a wide area network (WAN).
g. Make Ethernet compatible with technologies such as Frame Relay and ATM.
Ten-Gigabit Ethernet operates only in full duplex mode which means there is no need for
contention; CSMA/CD is not used in Ten-Gigabit Ethernet.
Implementation

Ten-Gigabit Ethernet is designed for using fiber-optic cable over long distances. Three
implementations are the most common: 10GBase-S, 10GBase-L, and 10GBase-E. Table 13.4 shows a
summary of the Ten-Gigabit Ethernet implementations:

131
CSMA/CD: The Process

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a network protocol for carrier
transmission that operates in the Medium Access Control (MAC) layer. It senses or listens whether the
shared channel for transmission is busy or not, and defers transmissions until the channel is free. The
collision detection technology detects collisions by sensing transmissions from other stations. On
detection of a collision, the station stops transmitting, sends a jam signal, and then waits for a random
time interval before retransmission.

➢ CSMA/CD is a technique for multiple access protocols.

➢ If no transmission is taking place at the time, the particular station can transmit.
➢ If two stations attempt to transmit simultaneously, this causes a collision, which is
detected by all participating stations.
➢ After a random time interval, the stations that collided attempt to transmit again.
➢ If another collision occurs, the time intervals from which the random waiting time is
selected are increased step by step. This is known as exponential back off.

Figure 4.14 CSMA/CD: The Process

CSMA/CA Procedure

The following section explains the CSMA/CA procedure.

132
• Here channel needs to be sensed before and after the IFS.
• The channel also needs to be sensed during the contention time.
• For each time slot of the contention window, the channel is sensed.
• If it is found idle, the timer continues; if the channel is found busy, the timer is
topped and continues after the timer becomes idle again

Figure 4.15 CSMA/CD: The Process

• The station transmits and receives continuously and simultaneously (using two different
ports).
• We use a loop to show that transmission is a continuous process.
• We constantly monitor in order to detect one of two conditions: either transmission is
finished or a collision is detected.
• Either event stops transmission.
• When we come out of the loop, if a collision has not been detected, it means that
transmission is complete; the entire frame is transmitted.
• Otherwise, a collision has occurred.
• The third difference is the sending of a short jamming signal that enforces the collision in
case other stations have not yet sensed the collision.

133
Ethernet Physical Layer
Introduction to Ethernet Cable Standards

The following Ethernet cabling standards exist:

• 10BASE-2
• 10BASE-5
• 10BASE-T
• 10BASE-F
• 100BASE-T4
• 100BASE-TX
• 100BASE-FX
• 1000BASE-SX
• 1000BASE-LX
• 1000BASE-TX
In these cabling standards, 10, 100, and 1000 represent the transmission rate (in Mbit/s), and BASE
represents baseband.
10M Ethernet cable standard

Table 4.1 : 10M Ethernet cable standard

Name Cable Maximum

Transmission
Distance

10BASE-5 Thick coaxial cable 500 m

134
Name Cable Maximum
Transmission
Distance

10BASE-2 Thin coaxial cable 200 m

10BASE-T Twisted pair cable 100 m

10BASE-F Fiber 2000 m

The greatest limitation of coaxial cable is that devices on the cable are connected in series, so a single
point of failure (SPOF) may cause a breakdown of the entire network. As a result, the physical standards
of coaxial cables, 10BASE-2 and 10BASE-5, have fallen into disuse.
100M Ethernet cable standard
100M Ethernet is also called Fast Ethernet (FE). Compared with 10M Ethernet, 100M Ethernet has a
faster transmission rate at the physical layer, but has the same rate at the data link layer.

Table 4.2 : 100M Ethernet cable standard

Name Cable Maximum

Transmission
Distance

100Base-T4 Four pairs of Category 3 100 m

twisted pair cables

100Base-Tx Two pairs of Category 5 100 m

twisted pair cables

100Base-Fx Single-mode fiber or multi- 2000 m

mode fiber

10Base-T and 100Base-TX have different transmission rates, but both apply to Category 5 twisted pair
cables. 10Base-T transmits data at 10 Mbit/s, while 100Base-TX transmits data at 100 Mbit/s.
100Base-T4 is now rarely used.
Gigabit Ethernet cable standard
Gigabit Ethernet developed from the Ethernet standard defined in IEEE 802.3. Based on the Ethernet
protocol, the transmission rate increased by 10 times, reaching 1 Gbit/s in GE. Table lists the
Gigabit Ethernet cable standard specifications.

135
Table 4.3 : Gigabit Ethernet cable standard

Interface Name Cables Maximum

Transmission
Distance

1000Base-LX Single-mode fiber or multi- 316 m

mode fiber

1000Base-SX Multi-mode fiber 316 m

1000Base-TX Category 5 twisted pair cable 100 m

Using Gigabit Ethernet technology, you can upgrade an existing Fast Ethernet network from 100 Mbit/s
to 1000 Mbit/s. The physical layer of Gigabit Ethernet uses 8B10B coding. In the traditional Ethernet
technology, the data link layer delivers 8-bit data sets to the physical layer. After processing, the 8 bit data sets
are sent to the data link layer for transmission. This process is different on the Gigabit Ethernet of optical fibers,
in which the physical layer maps the 8-bit data sets to 10-bit data sets before sending them to the data link layer.
10GE cable standards
IEEE 802.3ae is the 10GE cable standard. For 10GE, the cables are all optical fiber in full- duplex
mode. The development of 10GE is well under way, and will be widely deployed in future.
Ethernet: Future Options
There have been several innovative leaps in networking technology over the last several years allowing
end users to load websites faster, open multiple browsers and online applications, and, overall, work
more efficiently when utilizing the Internet. Switches, routers, ethernet cables and other network gear
have moved up from providing 100 Megabit per second speeds to 1000 Megabit, or Gigabit speeds.

Today, nearly all of the basic network equipment needed to setup a complete local network in your
home or office is capable of reaching at least 1 gigabit per second speeds. New Ethernet cable
standards such as Cat6A, Cat7, and even Cat8-based ethernet cables, however, are now making it
possible to reach even faster speeds than ever before.

Technological Advances in Network Speeds

Technical advances in network equipment have now enabled the possibility of reaching even greater
speeds in your local network. Gig+ or 10-Gigabit speeds are now becoming possible with the proper
network gear and ethernet cabling. Keep in mind, however, that if your home or office is unable to take
full advantage of the wider bandwidth, then setting up your office for 10-gigabit speeds may not be
worthwhile. If you are planning to build out a future-proof 10-gigabit network at your home or office,
you’ll need to consider the cable infrastructure needs as well as the network equipment requirements.
Currently, there are three forms of ethernet cable that are rated for 10-gigabit speeds:
Cat6A – This ethernet cable is a Category 6 Augmented cable, which supports 10 Gigs for up to 328
136
feet of distance. When compared to Cat5, Cat6 is thicker, operates at a 250 Mhz frequency, and has
tighter twisted pairs reducing interference.

Cat7 – “Category 7” or “Cat7” ethernet cables support up to 10 gigabits per second of data and
transmission rates up to 100 meters on copper cabling. Cat7 cables are also individually shielded and
have been designed to transmit signals of up to 600 Mhz frequencies. Because Cat7 Ethernet cables are
not officially recognized by the IEEE standard and have more than one connector option, we
recommend avoiding these cables.

Cat8 – Category 8 ethernet cables are the officially recognized successor to Cat6A cabling. The
main benefit of Cat8 ethernet is faster throughput over short distances. Cat8 is capable of delivering 40
Gbps for up to 78 ft., and 25 Gbps up to 100 ft. From 100 ft. to 328 ft., Cat 8 ethernet provides 10
Gigabit speeds, similar to Cat6A.

For almost all cases, anyone looking to build a 10-gigabit capable network should use Cat6A ethernet
cables. This is because Cat8 cables are limited by their distances for delivering their highest rated
speeds, and, hence, are only useful in some situations, such as in a datacenter.
You will also need to consider that all other hardware is capable of transmitting data at Gigabit+ or 10-
gigabit speeds. This means that your router or firewall will need to be 10-gigabit capable as well as your
switch. Any other network gear such as Network Attached Storage (NAS), or Wireless Access Points
will also need to be capable of 10-gigabit speeds or else they will only be able to operate at maximum at
up to 1-gigabit per second.

137
4.3 Ethernet: Using Switches
How Does an Ethernet Switch Work?

When learning how a network switch works, it helps to look at the functionality one piece at a time:

• Receiving Packets. An ethernet switch works at the data link level. Devices with IPs
create packets, which are then housed within an ethernet frame.
• Encapsulation. In order to transport the information contained in the IP packet through
the network, encapsulation occurs, where bits adhere to the front and back of the
packet.
• Processing Identifying Data. The frame contains key identifying data in the header,
such as inter alia source, source MAC address and the destination MAC address. When
the frame arrives at the ethernet switch, the switch reads the information and decodes
where to forward it through the ports to reach its intended destination.
• Sending Packets. The frame arrives at the destination device, which then receives and
strips the packet.

Ethernet Switch Benefits

Here are some key advantages to using an ethernet switch for your business:

• Reduce network downtime

• Improve network performance
• Increase available bandwidth on your network
• Reduce strain on individual host computers suffer with lower workloads
• Protect your corporate network with more robust security features
• Reduce IT costs with remote management options as well as reduced wiring expenses
• Provide unique network switch connections to specific workstations for further
customization
• Streamline future expansion with the use of modular switches
Types of Network Switches

Many different types of network switches exist to satisfy unique needs of business or personal
networks. One of the biggest aspects to consider is whether the network switch is managed or
unmanaged.

138
Unmanaged switches operate simply as a plug-and-play connection between devices on the network
(computers, printers, etc.) without the ability to customize configurations. While the functionality
may be limited, these are usually more affordable.Managed switches offer greater control over
traffic with the ability to configure advanced settings and features to meet your requirements.

Switches: Selective Forwarding

Ethernet switches selectively forward individual frames from a receiving port to the port where the
destination node is connected. This selective forwarding process can be thought of as establishing a
momentary point-to-point connection between the transmitting and receiving nodes. The connection is
made only long enough to forward a single frame. During this instant, the two nodes have a full
bandwidth connection between them and represent a logical point- to-point connection.

To be technically accurate, this temporary connection is not made between the two nodes
simultaneously. In essence, this makes the connection between hosts a point-to-point connection. In
fact, any node operating in full-duplex mode can transmit anytime it has a frame, without regard to the
availability of the receiving node. This is because a LAN switch will buffer an incoming frame and
then forward it to the proper port when that port is idle. This process is referred to as store and forward.
With store and forward switching, the switch receives the entire frame, checks the FSC for errors, and
forwards the frame to the appropriate port for the destination node. Because the nodes do not have to
wait for the media to be idle, the nodes can send and receive at full media speed without losses due to
collisions or the overhead associated with managing collisions.

Forwarding is Based on the Destination MAC

The switch maintains a table, called a MAC table. that matches a destination MAC address with the port
used to connect to a node. For each incoming frame, the destination MAC address in the frame header
is compared to the list of addresses in the MAC table. If a match is found, the port number in the table
that is paired with the MAC address is used as the exit port for the frame.
The MAC table can be referred to by many different names. It is often called the switch table.Because
switching was derived from an older technology called transparent bridging, the table is sometimes
called the bridge table. For this reason, many processes performed by LAN switches can contain bridge
or bridging in their names.

A bridge is a device used more commonly in the early days of LAN to connect - or bridge - two
physical network segments. Switches can be used to perform this operation as well as

139
allowing end device connectivity to the LAN. Many other technologies have been developed around
LAN switching. Many of these technologies will be presented in a later course. One place where
bridges are prevalent is in Wireless networks. We use Wireless Bridges to interconnect two wireless
network segments. Therefore, you may find both terms
- switching and bridging - in use by the networking industry.

Switches - Selective Forwarding

The animation depicts selective forwarding of individual frames from a receiving port to the port where
the destination node is connected. A 12-port switch is shown with the following connections in the
switching table: Host with MAC address 0A is connected to port 1. Host with MAC address 0B is
connected to port 3. Host with MAC address 0C is connected to port
Host with MAC address 0D is connected to port 9. Two frames are shown: Frame 1: Destination
address is 0C, and the source address is 0A. Frame 2: Destination address is 0C, and the source address
is 0D. As the animation progresses, source host 0A and 0D transmit to destination host 0C. The switch
looks up the destination MAC address in the frame header and compares it to the list of addresses in its
MAC address table. The switch sees that it has two frames destined for the same host. It buffers the
frames in its memory buffers and sends them out the designated port one at a time. Next the animation
displays a new block diagram showing some of the key internal components of the switch. These
include the MAC address table, switching logic, memory buffers, CPU, and Flash. Host 0A transmits a
frame to destination host 0C. The switch uses its switching logic to look up the destination address in
its MAC address table and buffers the frame in its memory buffers. It then sends the frame to host 0C
on port 6. The animation continues showing source hosts 0A and 0B transmitting simultaneously to
destination host 0C. The switch looks up the destination address in its MAC address table and buffers
the two frames in its memory buffers. It then sends the frames one at a time to host 0C on port 6.

4.4 Address Resolution Protocol (ARP)

ARP (Address Resolution Protocol) is a network protocol used to find out the hardware (MAC)
address of a device from an IP address. It is used when a device wants to communicate with some other
device on a local network (for example on an Ethernet network that requires physical addresses to be
known before sending packets). The sending device uses ARP to translate IP addresses to MAC
addresses. The device sends an ARP request message containing the IP address of the receiving device.
All devices on a local network segment see the message, but only the device that has that IP address
responds with the ARP reply message containing its MAC address. The sending device now has
enough information to send the packet to the receiving device.

ARP request packets are sent to the broadcast addresses (FF:FF:FF:FF:FF:FF for the
Ethernetbroadcasts and 255.255.255.255 for the IP broadcast).

161
Figure 4.16 Address Resolution Protocol (ARP)

Let’s say that Host A wants to communicate with host B. Host A knows the IP address of host B, but it
doesn’t know the host B’s MAC address. In order to find out the MAC address of host B, host A sends
an ARP request, listing the host B’s IP address as the destination IP address and the MAC address of
FF:FF:FF:FF:FF:FF (Ethernet broadcast). Switch will forward the frame out all interfaces (except the
incoming interface). Each device on the segment will receive the packet, but because the destination IP
address is host B’s IP address, only host B will reply with the ARP reply packet, listing its MAC
address. Host A now has enough information to send the traffic to host B.

All operating systems maintain ARP caches that are checked before sending an ARP request message.
Each time a host needs to send a packet to another host on the LAN, it first checks its ARP cache for the
correct IP address and matching MAC address. The addresses will stay in the cache for a couple of
minutes. You can display ARP entries in Windows by using the arp
-a command:

162
: Figure 4.17 the arp -a command

4.5 Resolving IPv4 Addresses to MAC Addresses

What is Address Resolution Protocol (ARP)?

Address Resolution Protocol (ARP) is a procedure for mapping a dynamic IP address to a permanent
physical machine address in a local area network (LAN). The physical machine address is also known
as a media access control (MAC) address.
The job of ARP is essentially to translate 32-bit addresses to 48-bit addresses and vice versa. This is
necessary because IP addresses in IP version 4 (IPv4) are 32 bits, but MAC addresses are 48 bits.
ARP works between Layers 2 and 3 of the Open Systems Interconnection model (OSI model). The
MAC address exists on Layer 2 of the OSI model, the data link layer. The IP address exists on Layer 3,
the network layer.
ARP can also be used for IP over other LAN technologies, such as token ring, fiber distributed data
interface (FDDI) and IP over ATM.
All operating systems in an IPv4 Ethernet network keep an ARP cache. Every time a host requests a
MAC address in order to send a packet to another host in the LAN, it checks its ARP cache to see if the
IP to MAC address translation already exists. If it does, then a new ARP request is unnecessary. If the
translation does not already exist, then the request for network addresses is sent and ARP is performed.
ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using
that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so
ARP can update the cache for future reference and proceed with the communication.

163
Host machines that don't know their own IP address can use the Reverse ARP (RARP) protocol for
discovery.
ARP cache size is limited and is periodically cleansed of all entries to free up space. Addresses tend to
stay in the cache for only a few minutes. Frequent updates enable other devices in the network to see
when a physical host changes their requested IP addresses. In the cleaning process, unused entries are
deleted along with any unsuccessful attempts to communicate with computers that are not currently
powered on.

:Figure 4.18 How ARP works

What to Know

• Ping the device you want to find a MAC address for using the local network address.
• Enter the ARP command with a "-a" flag.
• Look for the IP address in the results. The Mac address is next to the IP address
How to Use ARP to Find a MAC Address

In Windows, Linux, and other operating systems, the command line utility ARP (Address Resolution
Protocol) shows local MAC address information stored in the ARP cache. However, it only works
within the small group of computers on a local area network (LAN), not across the internet.

164
ARP is intended to be used by system administrators, and it is not typically a useful way to track down
computers and people on the internet.
TCP/IP computer networks use both the IP addresses and MAC addresses of connected client
devices. While the IP address changes over time, the MAC address of a network adapter always stays
the same.
Using ARP, each local network interface tracks both the IP address and MAC address for each device
it has recently communicated with. Most computers let you see this list of addresses that ARP has
collected.
Here is one example of how to find a MAC address using an IP address.
1. Start by pinging the device you want the MAC to address for. Use a local
address. If your network is 10.0.1.x, use that number to ping. For
example:

ping 192.168.86.45

2. The ping command establishes a connection with the other devices on the
network and shows results like this:

Pinging 192.168.86.45 with 32 bytes of data:Reply from 192.168.86.45: bytes=32

time=290ms TTL=128Reply from 192.168.86.45: bytes=32 time=3ms TTL=128Reply
from 192.168.86.45: bytes=32 time=176ms TTL=128Reply from 192.168.86.45: bytes=32
time=3ms TTL=128

3. Enter the ARP command with a "-a" flag to get a list that shows the MAC
address of the device you pinged:
arp -a

4 The results may look something like this but probably with many other entries.

Interface: 192.168.86.38 --- 0x3 Internet Address Physical Address Type

192.168.86.1 70-3a-cb-14-11-7a dynamic 192.168.86.45 98-90-96-B9-
9D-61 dynamic 192.168.86.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-
5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static

5 Find the device's IP address in the list. The MAC address is shown right next to it. In this
example, the IP address is 192.168.86.45, and its MAC address is 98-90-96-B9-9D-61.

165
Unit 5 Basic Router Configuration
Learning Objectives of the unit
At the end of this unit, trainees are expected to:

• Be able to describe a router

• Be able to configure a router
• Be able to troubleshoot a router

5.1 Cisco IOS Access Methods

To aid in the configuration of Cisco devices, the Cisco IOS XE command-line interface is divided into
different command modes. Each command mode has its own set of commands available for the
configuration, maintenance, and monitoring of router and network operations. The commands available
to you at any given time depend on the mode you are in. Entering a question mark (? ) at the system
prompt (router prompt) allows you to obtain a list of commands available for each command mode.

The use of specific commands allows you to navigate from one command mode to another. The
standard order that a user would access the modes is as follows: user EXEC mode; privileged EXEC
mode; global configuration mode; specific configuration modes; configuration submodes; and
configuration subsubmodes.

When you start a session on a router, you generally begin in user EXEC mode , which is one of two
access levels of the EXEC mode. For security purposes, only a limited subset of EXEC commands are
available in user EXEC mode. This level of access is reserved for tasks that do not change the
configuration of the router, such as determining the router status.
In order to have access to all commands, you must enter privileged EXEC mode , which is the second
level of access for the EXEC mode. Normally, you must enter a password to enter privileged EXEC
mode. In privileged EXEC mode, you can enter any EXEC command, because privileged EXEC mode
is a superset of the user EXEC mode commands.
Most EXEC mode commands are one-time commands, such as show or more commands, which show
the current configuration status, and clear commands, which clear counters or interfaces. EXEC mode
commands are not saved across reboots of the router.
From privileged EXEC mode, you can enter global configuration mode . In this mode, you can enter
commands that configure general system characteristics. You also can use global configuration mode to
enter specific configuration modes. Configuration modes, including global configuration mode, allow
you to make changes to the running configuration. If you later save the configuration, these commands
are stored across router reboots.
From global configuration mode you can enter a variety of protocol-specific or feature-specific
configuration modes. The CLI hierarchy requires that you enter these specific configuration modes
only through global configuration mode. As an example, this chapter describes interface
configuration mode , a commonly used configuration mode.
ROM monitor mode is a separate mode used when the router cannot boot properly. If your system
(router, switch, or access server) does not find a valid system image to load when it is booting, the
system will enter ROM monitor mode. ROM monitor (ROMMON) mode can also be accessed by
interrupting the boot sequence during startup.
166
5.2 Introducing Cisco IOS Modes
Cisco IOS Modes of Operation

Cisco IOS software provides access to several different command modes. Each command mode provides
a different group of related commands.
For security purposes, Cisco IOS software provides two levels of access to commands: user and
privileged. The unprivileged user mode is called user EXEC mode. The privileged mode is called
privileged EXEC mode and requires a password. The commands available in user EXEC mode are a
subset of the commands available in privileged EXEC mode.
The following table describes some of the most commonly used modes, how to enter the modes, and
the resulting prompts. The prompt helps you identify which mode you are in and, therefore, which
commands are available to you.

Table 5.1: Cisco IOS Modes of Operation

Mode of How to Enter the

Operation Usage Mode Prompt

User EXEC commands allow you to

connect to remote devices, change terminal
settings on a temporary basis, perform basic MGX88
User
tests, and list system information. The Log in. 50-
EXEC
EXEC commands available at the user level RPM>
are a subset of those available at the
privileged level.
Privileged EXEC commands set operating
parameters. The privileged command set
includes those commands contained in user Enter MGX88
Privileged EXEC mode, and also the enable EXEC 50-
EXEC the configure command through which you command from user RPM#
can access the remaining command modes. EXEC mode.
Privileged EXEC mode also includes high-
level testing commands, such as debug.
Enter
the configure privile MGX88
Global Global configuration commands apply to 50-
features that affect the system as a whole. ged EXEC command
configurati from global RPM(co
on configuration mode. nfig)#

167
Interface Interface configuration commands modify Enter MGX88
configurati the operation of an interface such as an the interface type 50-
on Ethernet or serial port. Many features are number command RPM(co
enabled on a per-interface basis. Interface from global nfig-if)#
configuration commands always follow an configuration mode.
For example, enter
Mode of How to Enter the
Operation Usage Mode Prompt

interface global configuration command, the interface int

which defines the interface type. switch 9/1 command
to configure the
ATM interface.

5.3 Basic IOS Command Structure

A Cisco IOS device supports many commands. Each IOS command has a specific format or syntax and
can only be executed at the appropriate mode. The general syntax for a command is the command
followed by any appropriate keywords and arguments. Some commands include a subset of keywords
and arguments that provide additional functionality. Commands are used to execute an action, and the
keywords are used to identify where or how to execute the command.

As shown in Figure 1, the command is the initial word or words entered in the command line following
the prompt. The commands are not case-sensitive. Following the command are one or more keywords
and arguments. After entering each complete command, including any keywords and arguments, press
the Enter key to submit the command to the command interpreter.

The keywords describe specific parameters to the command interpreter. For example, the show
command is used to display information about the device. This command has various keywords that
must be used to define what particular output should be displayed. For example:

Switch# show running-config

The command show is followed by the keyword running-config. The keyword specifies that the
running configuration is to be displayed as the output.

IOS Command Conventions

A command might require one or more arguments. Unlike a keyword, an argument is generally not a
predefined word. An argument is a value or variable defined by the user. To determine the keywords
and arguments required for a command, refer to the command syntax. The syntax provides the pattern or
format that must be used when entering a command.

For instance the syntax for using the description command is:
168
Switch(config-if)# description string

169
As shown in Figure 2, boldface text indicates commands and keywords that are typed as shown and
italic text indicates an argument for which you supply the value. For the description command, the
argument is a string value. The string value can be any text string of up to 80 characters.
Therefore, when applying a description to an interface with the description command, enter a line
such as this:

Switch(config-if)# description MainHQ Office Switch

The command is description and the user defined argument is MainHQ Office Switch.
The following examples demonstrate some conventions used to document and use IOS commands.
For the ping command:
Syntax:

Switch> ping IP-address

Example with values:

Switch> ping 10.10.10.5

The command is ping and the user defined argument is the 10.10.10.5.

Similarly, the syntax for entering the traceroute command is:

Syntax:

Switch> traceroute IP-address

Example with values:

Switch> traceroute 192.168.254.254

The command is traceroute and the user defined argument is the 192.168.254.254
IOS Examination Commands
‘Show interface’

170
This command shows the status of interfaces of your router or access server. Some of the output offered
by this command includes an interface status (up-down). It shows the statistics of hardware, address,
MTU, ARP type, information about Input and Output queue, and errors. The ‘show interface’ command
is crucial when it comes to troubleshooting a switch or a router.

‘?’ Command

You are likely surprised to find this command in the list. You obviously understand that this is just a
help command. Nonetheless, it is essential to know that Cisco IOS is quite different from other OS in
terms of using ‘help’, also known as the question mark. This operating system is known to be of a
command-line type that has thousands of parameters and commands associated with ‘?’.
There are different ways you can use this command. For instance, you can utilize it for the list of every
possible command by typing ‘?’ at the system prompt. Additionally, you can also make use of it to
know what is the next parameter should be. You may also use this command to see others that begin
with a specific letter. For instance, you can type “show c?” and it will generate a list of commands that
begin with the letter C.
‘Show running-config’

You can use this command to reveal the current configuration of a router, firewall, or switch. The
‘show running-config’ command has no keywords or arguments. It refers to the configuration that is
stored in RAM. The following command can show the building configuration, version, hostname, and
other information.
‘copy running-config startup-config’

The ‘copy running-config startup-config’ command is designed to save the currently running
configuration. The saving is done to the startup configuration file in NVRAM (also known as Non
Volatile Random Access Memory). In case there is a power loss, Non Volatile RAM will preserve the
configuration, which means if you edit something on the router’s configuration, you will not utilize this
particular command and reboot a router, the changes will not be saved.

‘show ip interface’

This command provides numerous functional information about the status and configuration of IP
services and protocols. Thus, you can get details related to all the IP-related characteristics of an
interface, including any secondary addresses that don’t show up by using ‘show interface’. You can
also know the statistics about multicast groups, inbound access, Proxy ARP, and much more. It is
essential to mention that this command as well as ‘show ip interface brief’ is more popular than ‘show
interface’.

‘no shutdown’

171
‘shutdown’ allows to disable an interface and all its functions while ‘no shutdown’ restarts all of it.
Suffice to mention that the command should be utilized in the interface configuration mode, and can
also be used for troubleshooting and new interfaces. There are also no arguments or keywords. On
different interfaces, it can also cause the DTR signal to be dropped or the optical bypass switch.

Config Terminal, Interface, Router, and Enable Commands

There are different modes of Cisco routers that allow you to display or modify specific data. Your
ability to move between these different modes is very important to the success of your router
configuration. For instance, when you are logging in, ‘start off’ begins with the user mode, with the
prompt looking like ‘>’. From this point, you will type ‘enable’ in order to move to the privilege mode,
with the prompt ‘#’. When the system is in the privileged mode, everything can be shown, but it will be
impossible to make changes. The next step is to type ‘config terminal’, alternatively, you can simply
type ‘config t’. This will take you to the global configuration mode. From this stage, you can alter the
global parameters. Now, to change a parameter on a specific interface, check the interface
configuration mode that has the ‘interface’ command, for instance, with the prompt showing a router
(config-if)#). From the global configuration mode, you may also go to the router configuration
with the ‘router
{protocol}’ command. You can simply type ‘exit’ to exit any mode.

Debug Command

This command has a wide variety of options, and it doesn’t work on its own. It offers comprehensive
debugging output on a specific protocol, service, or application. For instance, ‘debug ip routing’ will
show each time a route is removed from or added to the router. It is essential to mention that debugging
can be quite precarious as its procedure has priority over the others. You should be ready to disable the
feature with the ‘undebug all’ command or the ‘no debug’ command.

‘Show version’

This command shows the configuration register of a router, such as the last time it was booted, the IOS
file name, the amount of Flash and RAM in the router, the IOS version, and the router model. These are
basically the firmware settings of the router designed for booting up.

‘Show ip route’

This command is used to indicate the current state of the routing table. It shows a list of each network
that the router has the capacity to attain, its metrics, and how to attain it. You can also use ‘clear ip
route’ to clear out the routing table for all routes. Use ‘clear ip route x.x.x’ to clear a single route.
‘x.x.x’ refers to the network you need to clear, for example, you can type ‘clear ip route 192.0.2.1’.

172
IOS Configuration Modes
Cisco IOS software provides access to several different command modes. Each command mode provides
a different group of related commands. For security purposes, Cisco IOS software provides two levels
of access to commands: user and privileged. The unprivileged user mode is called user EXEC mode.
The privileged mode is called privileged EXEC mode and requires a password. The commands
available in user EXEC mode are a subset of the commands available in privileged EXEC mode. Table
C-1 describes some of the most commonly used modes, how to enter the modes, and the resulting
prompts. The prompt helps you identify which mode you are in and, therefore, which commands are
available to you.
Naming Devices
The traditional naming convention of <constituency>-<devicetype>-<building>-<floor>-
<TR>-<order> has been deprecated. See below for more information.

A device is loosely defined as an infrastructure device that is not normally accessed by the general
public, but rather only by IT support staff. For example, this would include network switches and
routers, or security cameras, but not such things as printers. We recommend that IT support groups on
campus adopt this standard, for consistency and usability.
The following naming convention is intended for access layer devices. That is, any device downstream
from a distribution router; dist-rt-mc & dist-rt-phy, currently.

<building>-<devicetype>-<TR>-<order>

Exceptions:

Wireless Access Points (AP) - WN-AP-<building>-<TR>-<order>

ResNet Devices - RN-<building>-<devicetype>-<TR>-<order>

Where:

building is the official University of Waterloo building code where the device is located (or
connected in the case of an AP).

devicetype is one of:

Limiting Device Access: Configuring Passwords and Banners
Physically limiting access to network devices with closets and locked racks is a good practice; however,
passwords are the primary defense against unauthorized access to networkdevices.Every
device should have locally configured passwords to limit access. In a later course, we will introduce
how to strengthen security by requiring a userID along with a password. For now, we will present basic
security precautions using only passwords.
As discussed previously, the IOS uses hierarchical modes to help with device security. As part of this
security enforcement, the IOS can accept several passwords to allow different access privileges to the
device.
The passwords introduced here are:
Console password - limits device access using the console connection
Enable password - limits access to the privileged EXEC mode

173
Enable secret password - encrypted, limits access to the privileged EXEC mode
VTY password - limits device access using Telnet
As good practice, use different authentication passwords for each of these levels of access.
Although logging in with multiple and different passwords is inconvenient, it is a necessary precaution
to properly protect the network infrastructure from unauthorized access.
Additionally, use strong passwords that are not easily guessed. The use of weak or easily guessed
passwords continues to be a security issue in many facets of the business world.
Consider these key points when choosing passwords:

Use passwords that are more than 8 characters in length.

Use a combination of upper and lowercase and/or numeric sequences in passwords.
Avoid using the same password for all devices.
Avoid using common words such as password or administrator, because these are easily guessed.

Note: In most of the labs, we will be using simple passwords such as cisco or class. These passwords
are considered weak and easily guessable and should be avoided in a production environment. We only
use these passwords for convenience in a classroom setting.
As shown in the figure, when prompted for a password, the device will not echo the password as it is
being entered. In other words, the password characters will not appear when you type. This is done for
security purposes - many passwords are gathered by prying eyes.
Console Password
The console port of a Cisco IOS device has special privileges. The console port of network devices
must be secured, at a bare minimum, by requiring the user to supply a strong password. This reduces the
chance of unauthorized personnel physically plugging a cable into the device and gaining device access.

174
The following commands are used in global configuration mode to set a password for the console line:

Switch(config)#line console 0 Switch(config-line)#password password Switch(config- line)#login

From global configuration mode, the command line console 0 is used to enter line configuration mode
for the console. The zero is used to represent the first (and in most cases only) console interface for a
router.

The second command, password password specifies a password on a line.

The login command configures the router to require authentication upon login. When login is enabled
and a password set, there will be a prompt to enter a password.
Once these three commands are executed, a password prompt will appear each time a user attempts to
gain access to the console port.
Enable and Enable Secret Passwords

To provide additional security, use the enable password command or the enable secret
command. Either of these commands can be used to establish authentication before accessing
privileged EXEC (enable) mode.

Always use the enable secret command, not the older enable password command, if possible. The
enable secret command provides greater security because the password is encrypted. The enable
password command can be used only if enable secret has not yet been set.
The enable password command would be used if the device uses an older copy of the Cisco IOS
software that does not recognize the enable secret command.
The following commands are used to set the passwords:
Router(config)#enable password password Router(config)#enable secret password

Note: If no enable password or enable secret password is set, the IOS prevents privileged EXEC
access from a Telnet session.
Without an enable password having been set, a Telnet session would appear this way: Switch>enable

% No password set Switch>

5.4 Configuring Interfaces

For example, the Cisco ISR 4321 router is equipped with two Gigabit Ethernet interfaces:

• GigabitEthernet 0/0/0 (G0/0/0)

• GigabitEthernet 0/0/1 (G0/0/1)

The task to configure a router interface is very similar to a management SVI on a switch.
Specifically, it includes issuing the following commands:

Router(config)# interface type-and-number

Router(config-if)# description description-text

175
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

Description command is not required to enable an interface, it is good practice to use it. It can be
helpful in troubleshooting on production networks by providing information about the type of network
connected.

no shutdown command activates the interface and is similar to powering on the interface. The interface
must also be connected to another device, such as a switch or a router, for the physical layer to be active.
Configure Router Interface Example

176
To configure the interfaces on R1, use the following commands.

R1> enable
R1# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)# interface gigabitEthernet 0/0/0
R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to
down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0/0, changed state to up
R1(config)#
R1(config)#
R1(config)# interface gigabitEthernet 0/0/1
R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown

177
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to
down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0/1, changed state to up
R1(config)#
Verify Interface Configuration

There are several commands that can be used to verify interface configuration. The most useful of
these is the show ip interface brief and show ipv6 interface brief commands, as shown in the
example.

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

Configuration Verification Commands Show ip interface brief

178
show ipv6 interface brief

179
Show interfaces

Show ip interface
180
show ipv6 interface
181
182
5.5 Describe the devices of wireless technologies
In addition to the wired network, various technologies exist that allow the transmission of information
between hosts without cables. These are known as wireless technologies.

Wireless technologies use electromagnetic waves to carry information between devices. An

electromagnetic wave is the same medium that carries radio signals through the air.

The electromagnetic spectrum includes such things as radio and television broadcast bands, visible
light, x-rays and gamma-rays. Each of these has a specific range of wavelengths and associated
energies as shown in the diagram.

Some types of electromagnetic waves are not suitable for carrying data. Other parts of the spectrum are
regulated by governments and licensed to various organizations for specific applications. Certain areas
of the spectrum have been set aside to allow public use without the restriction of having to apply for
special permits. The most common wavelengths used for public wireless communications include the
Infrared and part of the Radio Frequency (RF) band.
Infrared

Infrared (IR) is relatively low energy and cannot penetrate through walls or other obstacles. However,
it is commonly used to connect and move data between devices such as Personal Digital Assistants
(PDAs) and PCs. A specialized communication port known as an Infrared Direct Access (IrDA) port
uses IR to exchange information between devices. IR only allows a one-to-one type of connection.

IR is also used for remote control devices, wireless mice, and wireless keyboards. It is generally used for
short-range, line-of-sight, communications. However, it is possible to reflect the IR signal off objects to
extend the range. For greater ranges, higher frequencies of electromagnetic waves are requiring.
Radio Frequency (RF)

RF waves can penetrate through walls and other obstacles, allowing a much greater range than IR.

Certain areas of the RF bands have been set aside for use by unlicensed devices such as wireless LANs,
cordless phones and computer peripherals. This includes the 900 MHz, 2.4 GHz, and the 5 GHz
frequency ranges. These ranges are known as the Industrial Scientific and Medical (ISM) bands and
can be used with very few restrictions.

Bluetooth is a technology that makes use of the 2.4 GHz band. It is limited to low-speed, short- range
communications, but has the advantage of communicating with many devices at the same

183
time. This one-to-many communications has made Bluetooth technology the preferred method over IR
for connecting computer peripherals such as mice, keyboards and printers.

Other technologies that make use of the 2.4 GHz and 5 GHz bands are the modern wireless LAN
technologies that conform to the various IEEE 802.11 standards. They are unlike Bluetooth technology
in that they transmit at a much higher power level, which gives them a greater range.

Figure 6.1 Radio Frequency (RF)

5.6 Configuring WI-Fi devices

The Internet is a really powerful tool. It gives us access to all kinds of information at a moment's notice—
think email, Google search, and Wikipedia. So there's something a little counterintuitive about only
being able to use the Internet when you sit down at a desktop computer. What if you could use the
Internet from anywhere in your home or office?
If you already have high-speed (broadband) Internet service at your house, it's pretty easy to create
your own home wireless network. Commonly known as Wi-Fi, a wireless network allows you to
connect laptops, smartphones, and other mobile devices to your home Internet service without an
Ethernet cable.
To create your own Wi-Fi network, you'll need a wireless router. This is the device that will broadcast
the Wi-Fi signal from your Internet modem throughout your house. Your Internet

184
service provider (ISP) may offer you a wireless router for a small monthly fee. If you've never set up a
Wi-Fi network before, this may be the easiest option.
If you want to buy your own router, we'd recommend spending a little more time researching different
options. Once you've acquired a wireless router, you'll need to connect it to your existing Internet
modem.
Connect an Ethernet cable from your modem to the wireless router (there is usually a short
Ethernet cable included with your wireless router for this purpose).
Plug in the power cable for the wireless router. Wait at least 30 to 60 seconds, and make sure the lights on your
router are working correctly.
Configure your router
1. Once the choice of wireless standard, layout and channel assignment have been made
it is time to configure the AP.
2. Most integrated routers offer both wired and wireless connectivity and serve as the AP
in the wireless network. Basic configuration settings such as passwords, IP addresses,
and DHCP settings are the same whether the device is being used to connect wired or
wireless hosts. Basic configuration tasks, such as changing the default password, should
be conducted before the AP is connected to a live network.
3. When using the wireless functionality of an integrated router, additional configuration
parameters are required, such as setting the wireless mode, SSID, and wireless channels
to be used.

185
Figure 6.2 Linksys Configration window
Wireless Mode

Most home AP devices can support various modes, mainly 802.11b, 802.11g and 802.11n. Although
these all use the 2.4 GHz range, each uses a different technology to obtain its maximum throughput.
The type of mode enabled on the AP depends on the type of host connecting to it. If only one type of
host connects to the AP device, set the mode to support it. If multiple types of hosts will connect, select
mixed mode. Each mode includes a certain amount of overhead. By enabling mixed mode, network
performance will decrease due to the overhead incurred in supporting all modes.
SSID

The SSID is used to identify the WLAN. All devices that wish to participate in the WLAN must use the
same SSID. To allow easy detection of the WLAN by clients, the SSID is broadcast. It is possible to
disable the broadcast feature of the SSID. If the SSID is not broadcast; wireless clients will need to have
this value manually configured.
Wireless Channel

The choice of channel for an AP must be made relative to the other wireless networks around it.
Adjacent BSSs must use non-overlapping channels in order to optimize throughput. Most APs now
offer a choice to manually configure the channel or allow the AP to automatically locate the least
congested channel or locate the one that offers maximum throughput.

186
Figure 6.3: Linksys Basic wirless configration
Configuring the Wireless Client

A wireless host, or STA, is defined as any device that contains a wireless NIC and wireless client
software. This client software allows the hardware to participate in the WLAN. Devices that are STAs
include: PDAs, laptops, desktop PCs, printers, projectors and Wi-Fi phones.
In order for a STA to connect to the WLAN, the client configuration must match that of the AP. This
includes the SSID, security settings, and channel information if the channel was manually set on the
AP. These settings are specified in the client software that manages the client connection.
The wireless client software used can be software integrated into the device operating system, or can be
a stand-alone, downloadable, wireless utility software specifically designed to interact with the wireless
NIC.
Securing Wifi Devices
One of the primary benefits of wireless networking is ease and convenience of connecting devices.
Unfortunately that ease of connectivity and the fact that the information is transmitted through the air
also makes your network vulnerable to interception and attacks.

With wireless connectivity, the attacker does not need a physical connection to your computer or any of
your devices to access your network. It is possible for an attacker to tune into signals from your wireless
network, much like tuning into a radio station.

187
The attacker can access your network from any location your wireless signal reaches. Once they have
access to your network, they can use your Internet services for free, as well as access computers on the
network to damage files, or steal personal and private information.

These vulnerabilities in wireless networking require special security features and implementation
methods to help protect your WLAN from attacks. These include simple steps performed during initial
setup of the wireless device, as well as more advanced security configurations.

One easy way to gain entry to a wireless network is through the network name, or SSID.

All computers connecting to the wireless network must know the SSID. By default, wireless routers
and access points broadcast SSIDs to all computers within the wireless range. With SSID broadcast
activated, any wireless client can detect the network and connect to it, if no other security features are
in place.

The SSID broadcast feature can be turned off. When it is turned off, the fact that the network is there is
no longer made public. Any computer trying to connect to the network must already know the SSID.

Figure 6.4: Linksys Basic wirless setting

Additionally, it is important to change the default setting. Wireless devices are shipped preconfigured
with settings such as SSIDs, passwords, and IP addresses in place. These defaults make it easy for an
attacker to identify and infiltrate a network.

Even with SSID broadcasting disabled, it is possible for someone to get into your network using the
well-known default SSID. Additionally, if other default settings, such as

188
passwords and IP addresses are not changed, attackers can access an AP and make changes themselves.
Default information should be changed to something more secure and unique.

These changes, by themselves, will not protect your network. For example, SSIDs are transmitted in
clear text. There are devices that will intercept wireless signals and read clear text messages. Even with
SSID broadcast turned off and default values changed, attackers can learn the name of a wireless
network through the use of these devices that intercept wireless signals. This information will be used
to connect to the network. It takes a combination of several methods to protect your WLAN.

Figure 6.4: Packet sniffing

Limiting Access to a WLAN

One way to limit access to your wireless network is to control exactly which devices can gain access to
your network. This can be accomplished through filtering of the MAC address.
MAC Address Filtering

MAC address filtering uses the MAC address to identify which devices are allowed to connect to the
wireless network. When a wireless client attempts to connect, or associate, with an AP it will send
MAC address information. If MAC filtering is enabled, the wireless router or AP will look up its MAC
address a preconfigured list. Only devices whose MAC addresses have been prerecorded in the router's
database will be allowed to connect.

If the MAC address is not located in the database, the device will not be allowed to connect to or
communicate across the wireless network.

There are some issues with this type of security. For example, it requires the MAC addresses of all
devices that should have access to the network be included in the database before connection attempts
occur. A device that is not identified in the database will not be able to

189
connect. Additionally, it is possible for an attacker's device to clone the MAC address of
another device that has access.

Figure 6.6: Mac address filtering

Authentication on a WLAN

Another way to control who can connect is to implement authentication. Authentication is the process
of permitting entry to a network based on a set of credentials. It is used to verify that the device
attempting to connect to the network is trusted.

The use of a username and password is a most common form of authentication. In a wireless
environment, authentication still ensures that the connected host is verified, but handles the verification
process in a slightly different manner. Authentication, if enabled, must occur before the client is
allowed to connect to the WLAN. There are three types of wireless authentication methods: open
authentication, PSK and EAP.
Open Authentication

By default, wireless devices do not require authentication. Any and all clients are able to associate
regardless of who they are. This is referred to as open authentication. Open authentication should only
be used on public wireless networks such as those found in many schools and restaurants. It can also be
used on networks where authentication will be done by other means once connected to the network.

190
Figure 6.7: Open Authentication

Encryption On WLAN

Authentication and MAC filtering may stop an attacker from connecting to a wireless network but it
will not prevent them from being able to intercept transmitted data. Since there are no distinct
boundaries on a wireless network, and all traffic is transmitted through the air, it is easy for an attacker to
intercept, or sniff the wireless frames. Encryption is the process of transforming data so that even if it is
intercepted it is unusable.
Wired Equivalency Protocol (WEP)

Wired Equivalency Protocol (WEP) is an advanced security feature that encrypts network traffic as it
travels through the air. WEP uses pre-configured keys to encrypt and decrypt data.

A WEP key is entered as a string of numbers and letters and is generally 64 bits or 128 bits long. In
some cases, WEP supports 256 bit keys as well. To simplify creating and entering these keys, many
devices include a Passphrase option. The passphrase is an easy way to remember the word or phrase
used to automatically generate a key.
In order for WEP to function, the AP, as well as every wireless device allowed to access the network
must have the same WEP key entered. Without this key, devices will not be able to understand the
wireless transmissions.

WEP is a great way to prevent attackers from intercepting data. However, there are weaknesses within
WEP, including the use of a static key on all WEP enabled devices. There are applications available to
attackers that can be used to discover the WEP key. These applications are readily available on the
Internet. Once the attacker has extracted the key, they have complete access to all transmitted
information.

191
One way to overcome this vulnerability is to change the key frequently. Another way is to use a more
advanced and secure form of encryption known as Wi-Fi Protected Access (WPA).
Wi-Fi Protected Access (WPA)

WPA also uses encryption keys from 64 bits up to 256 bits. However, WPA, unlike WEP, generates
new, dynamic keys each time a client establishes a connection with the AP. For this reason, WPA is
considered more secure than WEP because it is significantly more difficult to crack.

Figure 6.8: Wi-Fi Protected Access (WPA)

Traffic Filtering on a WLAN

In addition to controlling who can gain access to the WLAN and who can make use of transmitted data,
it is also worthwhile to control the types of traffic transmitted across a WLAN. This is accomplished
using traffic filtering.

Traffic filtering blocks undesirable traffic from entering or leaving the wireless network. Filtering is
done by the AP as traffic passes through it. It can be used to remove traffic from, or destined to, a
specific MAC or IP address. It can also block certain applications by port numbers. By removing
unwanted, undesirable and suspicious traffic from the network, more bandwidth is devoted to the
movement of important traffic and improves the performance of the WLAN. For example, traffic
filtering can be used to block all telnet traffic destined for a specific machine, such as an authentication
server. Any attempts to telnet into the authentication server would be considered suspicious and
blocked.

192
Figure 6.9: Wirless Mac filter

193
Self-check questions
Choose the correct Answer and circle the answer

1. Which of the following TCP/ IPprotocols exist at the transport layer of the TCP/ IP
reference model? (Choose two.)
a. HTTP c. TCP
b. FTP d. UDP
2. Which TCP/ IP model layer is responsible for providing the best path through the network?
a. Application c. Internet
b. Transport d. Network access
3. What is the transport layer PDU?
a. Data c. Packet
b. Segment d. Frame
4. Bit What is the correct order of data encapsulation?
a. Data > segment > packet > frame > bit
b. Bit > frame> segment > packet > data
c. Bit > frame > packet > segment > data
d. Data > frame > packet > segment > bit
e. Bit > packet > frame > segment > data
5. What pieces of information is not required for a host to access resources on the local
network?
a. Physical address c. Process number (port)
b. Network address d. None of the above
6. Which of these statements regarding UTP network cabling are false?
a. Uses light to transmit data
b. Susceptible to EMI and RFI
c. Most difficult type of networking cable to install
d. Most commonly used type of networking cable
7. Which of the following are wrongly paired a connecting device and its working layer
a. Router: Network Layer c. Hub : Physical layer
b. Switch (layer 2): Network Layer d. Bridge : Data Link Layer
8. Which of the following does not provide filtering capability
a. Switch c. router
b. Bridge d. Hub
9. Which of the following is wrong regarding the ethernet address(MAC Address)
a. End nodes are identified by their Ethernet Addresses
b. is a unique 8 Byte address.
c. MAC Address is represented in Hexa Decimal format (48 bits)

194
d. The broadcast destination address is a special case of the multicast address in
which all bits are 1s.
10. Which of the following is wrong regarding switched network
a. Circuit switched network - a network in which a dedicated circuit is established
between sender and receiver and all data passes over this circuit.
b. Packet switched network - a network in which all data messages are transmitted
using fixed-sized packages
c. Telephone system is kind of packet switched network
d. Internet on mobiles is kind of packet switched network
11. Which of the following is wrong regarding an IPv4 address
a. is a 32-bit address that defines the connection of a device to the Internet.
b. are unique and universal.
c. Two devices on the Internet can have the same address at the same time.
d. None of the above
12. Which of the following is not a restriction imposed by the internet authorities on classless
address blocks:
a. The addresses in a block must be contiguous, one after another.
b. The number of addresses in a block must be a power of 2 (1, 2, 4, 8 .... ).
c. The first address must be evenly divisible by the number of addresses.
d. All of the above are correct
13. Which of the following is wrong regarding serial communication
a. A single bit will be transferred at a time using the communication channel
b. Bits will be reassembled at the destination
c. Mostly used by computer peripherals like printers,
d. Multiple bits (eg. Eight bits) will be transferred at a same time
14. Which of the following is wrong regarding digital signal
a. Infinitely many levels of intensity over a period of time.
b. Have only a limited number of defined values.
c. It counts but not measures
d. They are much less likely to be degraded by interference (noise).
15. The sharing of a single media for multiple communication in order to utilize the available
bandwidth wisely
a. Multiplexing c. Fiber Optics
b. Digital d. Cabling
16. Multiple signals can simultaneously be transmitted over the same line or channel.

195
a. Frequency-division Multiplexing c. Statistical-division Multiplexing
b. Time-division Multiplexing d. All
17. Computers on the network communicate with each others as equals and each computer is
responsible for making its own resources available to others.
a. Peer-to-peer c. Networking
b. Client/Server d. Cisco
18. Which of the following is not correct
a. In a star topology, each device has a dedicated point-to-point link only to a central
controller, usually called a hub/switch.
b. In a star topology ,The devices are directly linked to one another.
c. Unlike a mesh, a star topology does not allow direct traffic between devices.
d. The controller acts as an exchange: If one device wants to send data to another, it
sends the data to the controller, which then relays the data to the connected device
19. Which of the following is not the advantages of using fiber-optic cable over copper cable?
a. Copper is more expensive.
b. Protected from electromagnetic interference.
c. Longer maximum cable length.
d. Greater band width potential.

196
20. ______________ is a system in which a number of independent computers are linked together to share
data and peripherals, such as hard disks and printers
Provide short answer in the space provided

21. ______________is a set of rules that govern data communications. It represents an agreement between
the communicating devices.
22. For the ip address of 205.16.37.39 subnet mask 255.255.255.0
Find
a. The first address________________________________
b. The last address________________________________
c. The number of addresses________________________________
d. Host bits ________________and
e. network bits________________________________
23. The decimal equivalent of the binary number 11011100.00101101.01010110.11011011 is
_________________
24. The binary equivalent of the decimal number 129.11.11.139 is ______________________

25. What are the WAN technology options

a. ________________________
b. ________________________
c. _______________________
26. What are the advantages of Network
a. _________________________
b. _________________________
c. _________________________
27. Advantages of Client/Server over Peer-to-Peer
a. _____________________________
b. ______________________________
c. ______________________________
d. ______________________________
28. What are the type s of Guided media ( Wired)
a. __________________________
b. __________________________
c. __________________________

Sub theme 2: Server administration

Unit 1: Introduction to Windows Server 2012
Learning Objectives of the unit
At the end of this unit, trainees are expected to:
• Be able to describe Windows server 2012r2
• Be able to install and configure windows server 2012
• Be able to understand and configure ADDS
• Be able to understand the different windows server roles

1 Installation of windows server 2012

Installing Windows Server 2012 and configuring the Local server
Minimum hardware requirements. The minimum requirements to install windows server 2012 are:
• Processor speed: 1.4 GHz
• Memory (RAM): 512 MB
• Disk space: 32 GB

Installing Windows Server 2012

After we finish installing the server and every time it loads, it takes us to the server manager by default. The server
manager is where we manage the server/s. For the first time, click on Configure this local server or click on Local
Server link on the left pane (they are the same)

Configuring the Local Server

• Then we are on the Local Server properties page.

• The first thing we see is the Computer Name (having a random name)

• Click on the computer name to change the name of the server

– Then click on Change button (shown on next slide)

– Type the name of the server on the Computer Name text box, for this case name the server as AU-
DC-1

Click ok, it then restarts

1.1 Configuring the Local Server
Go to the local server again, then click on Windows Firewall, because this server is for demonstration purpose, turn
the windows firewall off (for both public and private networks)
• This is not recommended on real working environment

You may see it is not off immediately on the local server, but it will be changed after some moments, or click on the
refresh button on top
Remote management is enabled by default, leave it enabled. With that we may not be at the physical computer, but
we can manage it remotely using commands in a domain environment
• Uses the winrm command
• Then enable Remote Desktop

Disabled by default, so click on it, then click on “Allow remote connections to this computer” option, click ok on
the dialog box, we can then select users of remote desktop, but for now we have no users, so click ok.
• Remote desktop enables us to work on the server remotely
• The next is NIC Teaming, this is about bringing multiple Network Interface Cards together to function as
one network connection (if we have more than 1 network adapters)

– We only have one NIC now, so leave it

The next is Ethernet, by default it takes IP address from a DHCP server, but we don’t want that since we will make
this machine a domain controller, so click on the link (IPV4 address…)
– Then right click on the network adapter, properties, select Internet Protocol version 4 (TCP/IPv4),
then click on properties, and select “Use the following IP address” option, and give the IP address.

Click on Windows update, then click on Turn on automatic update

– It will update if you have Internet connection.

Then leave all the rest as default but change the time zone appropriately
1.2 Active Directory Domain Services
Active Directory Domain Services (AD DS) is the server service for security and permissions in a windows
environment.
✓ Used to set up computers and security policy for those computers on the network

✓ Users sign in to a network, then all the policy set up on you will apply, like some things are available,
some are not available to you by that single sign up

AD is the brain of a windows server network

✓ If we don’t have AD, what we have is called workgroup, and that is not centrally managed.

• Useful for only for networks with few computers, like less than 10 to 20.

AD is a database that keeps track of a huge amount of stuff and gives us a centralized way to manage all our
network machines, users, and resources.
There are three primary types of items in AD:
✓ Users and groups

✓ Services (like email, etc)

✓ Resources (like printers, shared folders, etc)

All these items are objects in the Active Directory database.

1.3 Domain Controller
▪ A domain controller is a windows server machine that runs AD domain services.

▪ They hold the active directory database files.

▪ We can have multiple domain controllers that all have copies of the same active directory database.

When changes occur, they inform each other about it, in a process called replication
1.4 Domain
A windows server domain is a logical group of computers running versions of the Microsoft windows operating
system that share a central directory database. The machines are all named with part of a domain name like
“AU.EDU.ET” (also called suffix) and are registered in the active directory database so they can be managed
✓ E.g. AU-DC-1.au.edu.et, CL1.au.edu.et, CL2.AU.edu.et, etc

✓ All these names are said to be part of a namespace

Users are also part of the namespace:

✓ e.g. [email protected] (if we have an email server)

Assume we have a domain named globomantics.com:

1.5 Server Roles

A server role is a major job that a server can perform.
✓ E.g. active directory domain services (ADDS)

It is recommended that a server not have too many roles.

A domain controller usually has only two roles:
✓ Active directory domain services, and

✓ DNS

DNS is a service provided by a server that allows you to find other computers in your network.
DNS allows us to type a friendly name of a machine instead of its IP address, allowing our client to get the IP
address from the DNS server and go find the resource.
✓ Without DNS, active directory will not work

1.6 Installing Active Directory Domain Services

To install an active directory on the server, get to the server manager and click on the dashboard, then click on Add
Roles and Features. The page that comes can be eliminated not to come in future by clicking at the checkbox down
(skip this page by default), and press next
▪ Select “Role-based….” the default one, click next.

▪ Select the server, in this case “AU-DC-1”, and click next

▪ From the coming window, select Active Directory Domain Services

▪ Then comes additional roles and features wizard, click on Add Features, and click Next

▪ What is required is automatically checked for you, so click next

▪ Again click next, check on restart if required checkbox, and click on install

▪ Then click on the link “Promote this server to a domain controller”

Here, we have to choose among 3 options

▪ Add a DC to an existing domain

▪ Add a new domain to an existing forest

▪ Add a new forest

Because this DC is the very first one we are installing, we select the last option (add a new forest)
▪ Name it as “au.local”, and click next

Then set functional levels based on how far we install and support previous operating systems.
▪ i.e. what is the oldest DC in the entire forest or in this domain that we have to support

▪ For this case, we don’t have any previous server, so choose the default (Windows Server 2012 R2).

It is a good idea to have an Active Directory integrated DNS for many reasons, so keep the default checked DNS
server
Then type the directory services restore mode password
▪ Which will be used in backup and recovery

Click next, you get a warning about delegation for this DNS server cannot be created… this is because in this
example we used the .local domain, it is saying that it can’t find a DNS server with .local domain, just click next.
▪ It then finds the NetBIOS domain name (for this case AU), and click next

Then it tells you the path where the database and log files will be stored
▪ For production environments, better to separate the database and log files locations to different hard
disks for a better performance.

Click next, and comes the review options.

Here, if you click on the View Script button, you see the actual PowerShell commands to make this all happen. You
can copy and save it for creating similar AD DC (another forest), by changing the domain and domain NetBIOS,
using it as a script.
Then click next, and it makes a pre-requisite check.
If you get an error, you have to follow its recommendation and solve it and re-run this check again
– E.g. if your user account doesn’t have a password, it shows you error, so solve that and come back
again

Then click install. It installs and restarts finally.

When it restarts, login as the domain administrator, [domain name]\[user name]
▪ E.g. AU\administrator

Now we have installed active directory domain controller, you see that on the dashboard, we have the installed roles
shown. We can add another domain controller for backup purposes, if one DC fails, the other functions.
▪ In production environments, it is recommended to have more than one domain controller.

Install another windows server to act as a second domain controller, name it as AU-DC-2.
Here, the important things we change are:
▪ The IP address: give it another IP from same network

▪ AU-DC-1: 192.168.0.10

▪ AU-DC-2 : 192.168.0.11

▪ Set the DNS server of the later domain controller (AU-DC-2) as the IP address of the first
domain controller because we made AU-DC-1 a DNS server (in addition to making it a DC).
Do this together with when configuring the IP address

Then go to the dashboard of AU-DC-2 and add active directory role

▪ Following the same steps as in AU-DC-1 to install Active Directory Domain Services

When you promote the server to a domain controller, this time select “Add a domain controller to an existing
domain” – the default
To specify the domain information, click on the “Select” button.
▪ Put credentials given in the domain and click Ok

▪ Select the domain from the retrieved ones. Click next, and select DNS server, and also Global catalog

You can also make it a read only domain controller (for security reasons), but here just make it read write (the
default)
▪ Give the DSRM password

Click next, for Replicate from, you can choose the nearest DC if you have multiple DCs, but now leave the default
▪ Click install, and then done.

1.7 User Account Management

User Account is an object in AD DS which controls the authentication and access to resources, and contains many
attributes about a user on your network. In other terms, a user account in the AD represents actual user or actual
person, who is going to access resource on the network
Traditional AD Management Tools

New Active Directory Management Tools

1.6.1 Creating User Accounts on a DC

▪ Go to Server Manager, click on Tools menu (right side), and click on Active Directory Users and Computers

▪ On the window that comes, on the left column, under Active Directory Users and Computers, you see Saved
Queries and the Domain Name you created earlier (in this case au.local)

▪ Expand the domain name (click on the small triangle before the name)

▪ There you see the default containers

▪ Builtin

▪ Computers

▪ Domain Controllers

▪ ForeignSecurityPrincipals

▪ Managed Service Accounts

▪ Users

Click on each of these to see what they have

The Domain Controllers for examples show you the DC servers you set up
– Click on Users (the last one), and you see many security groups and 2 or 3 users (including
Administrator and Guest-which is disabled by default)
– Disabled accounts show small little down arrow symbols with them, like on the guest account

To create a user account, right click on User, go to New, click on User

▪ This takes you to New Object – User wizard

▪ Then fill the fields like First name, Last name, etc.

Assume you have a user named John Doe, to create a user account for this person type John as First name, and Doe
as Last name, you see his full name is given by itself
For User logon name, you should first have to plan on what format user logon names should have
In this case for user logon name we will follow First name and the first letter of last name, with no spaces
▪ E.g. JohnD

▪ Then click next

▪ Here you type password for this user

You see the options “user must change password at next logon”, “user cannot change password”, “password never
expires”, “account is disabled”.
▪ For this case, select password never expires, since this is a test environment

▪ Click next, and then finish

User Properties
▪ After creating the user, you see the new user in the list of users

▪ Right click on the newly created user, and click on Properties

▪ There you see many tabs, including the General tab, Account tab, etc.
▪ Click on the Account tab, here you see options like setting the logon hours for the user, the computers he is
allowed to logon etc.

▪ For temporary users, we can set the account expire date also.

▪ User templates are used to create other users based on same properties in the future

▪ To create a user template, right click on Users, then New > User

User Template
▪ User templates are used to create other users based on same properties in the future

▪ To create a user template, right click on Users, then New > User

✓ User templates are still a real user accounts, but let us give first name: _Sales_User, last name:
_Template

✓ Give sample user logon name, like _sales_user_template

Assuming we are creating user account template for future sales department staff members. We use the underscore
(_) just to make the template appear first alphabetically (not a must)
✓ Click next, give appropriate password, and password never expires (or the other option also possible)

✓ Select “Account is disabled”, click next and finish.

Common Administrative Processes

You can reset the password of users
✓ Right click on the user, click on Reset password

✓ There you can type in the new password, and also unlock the account (if it is locked for trying many
times with wrong username password)

You can also unlock an account (not reset the password) by right clicking on the user account name, properties, and
then click on Account tab, there click on Unlock account checkbox. To disable an account (like if the user leaves the
organization), right click on the account, then click on Disable account
▪ We can also delete an account by right clicking on it

▪ We can also rename user accounts, like when you want to change the full name or logon name

✓ To do so, right click on the User account, and click rename

1.8 Group Account Management

A Group Account is an object in AD DS which is used to help manage the permissions assigned to the users on your
network.
Instead of individually give or deny privileges to individual users, we assign them to groups and we manage the
group.
✓ It simplifies the management of permissions assigned to the users in the network.

✓ Assume we have different users, they all work for the same department, and if it is true that they
should have the same access to the same resources on a network, then group account management
becomes important.

It enables us to give permissions to a group, and every user account which is a member of that group will inherit
those permissions.
Types of Groups
There are two types of groups:
✓ Security groups

• Used for the management of permissions

• We will see this in this course

✓ Distribution group

• Used for activities like email distribution groups and the like

• In exchange environment for e.g. we setup distribution groups, and email to the group other
than typing all the individual users

Group Scopes
On a domain based network, we have 3 types of group scopes
✓ Domain local

✓ Global

✓ Universal

Domain Local Groups:

✓ Used for the direct assignment of access permissions on files, printer queues, and other such
resources.

Global groups
✓ Provide domain-centric membership, place all user accounts into Global groups.

✓ Specific to one domain in the forest

Universal groups
✓ Used for the gathering of users and groups from multiple domains throughout the forest

✓ Typically, organizations using WANs should use Universal groups only for relatively static groups in
which memberships change rarely.

In reality, what we mostly deal with is the global group, and the rest are not practiced.
Creating Group Accounts
To create a group, open Active Directory Users and Computers, on the containers list, right click on users, then new,
then select Group.
▪ You get the New Object-Group wizard.

▪ You put the group name (e.g. Sales Users)

✓ The group scope is global

✓ Group type is security

• Just the default

▪ Then click ok. The security group is created.

Make Users Member of a Group

▪ There are more than one ways to make users of a domain be member of a group.

▪ One way is, right click on the group name, select properties, the click on Members tab.

▪ There, type the Add button, there type the user name, and click on Check Names button.

▪ From the populated list, select the right one and click Ok.

▪ The other way to make users be member of a group is go to the user in the Active Directory Users and
Computers, right click on it > properties > click on the Member Of tab, then click on the Add button.

▪ Then type the group name, and click on Check Names, then click ok (with the correct group names
populated)

▪ To add multiple users be members of a group, go to Active Directory Users and Computers, click on Users
container, then press the Control (Ctrl) key and click on the multiple user accounts.

▪ Then right click on the selected users, select Add to Group

▪ Then type the group name, and click on the check names button

▪ Then with the appropriate group populated, click Ok.

Remove Users from a Group Membership

▪ To remove users membership of a group, one way is to right click on the Group, Properties, then click on the
Members tab

▪ Then click on the member tab, and click on Remove button, click Ok.

▪ This does not deletes the user account, but it only removes its membership from that group

▪ Using the Active Directory users and Computers or the GUI, there is not much more to do with managing
groups

▪ But we can use PowerShell to manage our groups using scripts, or at more enterprise level we use AD
Administrative Center.

1.9 Computer Account Management

So far, we saw other ADDS objects, specifically – user accounts and group accounts.
▪ Computer accounts is also another type of ADDS object.

▪ First, go to Active Directory Users and Computers, and click on the Computers container

✓ Because we did not add any computer object so far, the container is empty

▪ First have a client computer

✓ In a VMware environment, install a client operating system (like windows 7)

✓ On a physical environment, have a PC and connect it physically to the network.

On the client computer, give it appropriate name (e.g. WIN8-client1), give an IP address from same address pool, for the DNS
server of the client computer, fill the IP address of one of the Domain Controllers
Joining a Computer to a Domain
▪ Usually, a computer account is created when a client computer joins a domain.
▪ To make a computer join a domain, as an example on a windows 8.1 PC, after giving the appropriate IP
address as stated on the previous slide, right click on My Computer, on the system properties, click on
Change Settings, under the Member of, click on Domain, and type the domain name (in our case au.local),
click Ok

▪ On the coming screen, enter either the AD Administrator credentials, or any created user account on the AD
as user name and password.

It then should well come you to the domain, and allow it to restart
▪ On the Domain controller, go to the Active Directory Users and Computers, and if you click on the
Computers container, you see the newly joined computer name listed.

▪ That is typically how computer accounts are created.

▪ You can also create a computer account before the computer actually joins the domain

✓ This is called pre-staging or manually creating a computer account

✓ To do so, right click on the Computers container > new > computer … (try this by yourself)

✓ Usually used when you want to mass create computer accounts in advance

Computer Account Management

▪ Computer accounts are important for auditing

✓ i.e. to know who did what from which computer

▪ If you go to the client computer and see it full computer name, it puts the domain name as suffix to the
computer name

✓ E.g. WIN7-Client1.au.local

• If the computer name is WIN7-Client

1.10 Implementing DNS

We use DNS (Domain Name System) to translate domain names into IP addresses.
▪ DNS infrastructure has 3 main components:

✓ DNS servers

✓ DNS database

✓ DNS clients

The DNS servers host the DNS database, which is a list of names and the corresponding IP addresses, and DNS
clients get service of name resolution into IP addresses from DNS servers.
If you type a domain name on your browser (like www.xyz.com), that machine is a DNS client.
✓ Because it asks for the IP address of the web server named www.xyz.com from the DNS server.

On our domain controller, we installed DNS as part of installing active directory. To see DNS, go to the active
directory (DC-1), open server manager, tools, and open DNS. On the DNS manager window, you see the domain
controller name on the left pane, under it (when you expand it), you see folders named forward lookup zones,
reverse lookup zones, etc.
Under forward lookup zones, you see the domain name.
✓ If you click it, you see the records on the right, i.e. all the hosts in the domain and their corresponding
IP address.

This DNS was installed as part of the active directory installation process at the beginning of the course.
✓ But the DNS role alone can also be installed just as any other role from the server manager.

1.11 Domain Name Space

Domain name space is hierarchical, starting with root domain, which is simply a dot (.)
✓ It is hidden, and it is at the right most side of a name.

Then we have top-level domain, like .com, .org, .net, and so on for those on the Internet, or for internal domains
.local.
Below that we have second-level domain, like the company name, and below that we can have sub domain or series
of sub domains.

As in the example, inside the globomantics domain, we can have a sub-domain called HQ. Though not
recommended, we can further have a sub domain, as in the example, under HQ, called sales. Assuming there is a
computer that exists inside the domain sales named serverA, the fully qualified domain name of serverA is:
serverA.sales.hq.globomantics.com
DNS Query
A query is a request for name resolution directed to a DNS server. Two different types of queries:
✓ Iterative (I will tell you what I know)

✓ Recursive (I will research the answer for you)

DNS servers can be authoritative or non-authoritative.

Authoritative servers give either the answer or ‘no’
✓ The answer may be the IP address or “I don’t know”

✓ Only an authoritative server can give the answer or an authoritative no.

Non-authoritative servers use either the cache or a forwarder.

✓ If the server has looked the query before, it gives the answer from the cache, or forward the request to
another DNS server, who may be is authoritative.

✓ These queries can be sent to series of DNS servers till an authoritative answer or an authoritative ‘no’
is found.

How Queries Work

Forwarder is a DNS server to which other DNS servers forward queries. Two types of forwarders:
✓ Standard forwarder

• If this DNS server doesn’t know the answer, it asks the forwarder DNS server.

• The query is not specific to any domain

✓ Conditional forwarder

• It sends query to forwarders based on what domain the query is.

How Standard Forwarders Work

How Conditional Forwarding Works
Configuring DNS Forwarding
▪ To configure DNS forwarding, go to the server, open DNS manager (server manager > tools > DNS)

▪ Right click on the server name at the top (AU-DC-1) > properties

▪ Then click on the forwarders tab. There you can click the Edit button and enter the IP address of the
forwarder DNS server.

▪ It validates it, and you click ok.

▪ To configure conditional forwarders, right click on the folder ‘Conditional Forwarders’ (the last folder on the
left pane of the DNS manager.

▪ Select ‘New Conditional Forwarder’ and enter the DNS Domain and the IP address for the server.

DNS Zones
Zone is an area of DNS namespace that a DNS server is authoritative over. Authoritative servers do have the domain
name under their ‘forward lookup zones’ folder by default.
Four zone types:
Primary zone: for which the DNS server has a master copy of the database.
– The server can read and write to the database.

Secondary zone: for which the server has a read only of the database.
Stub zone: A Stub Zone allows for the automatic propagation of delegations to DNS Servers
Active directory integrated: the DNS we get when we install AD DS.
– The database is stored as part of the AD database, and it is replicated between the Ads.

Forward lookup zones: take name and find its IP address.

✓ Gives IP address for a given name.

Reverse lookup: finds the name of a server based on the IP address

✓ Not the most common thing

DNS Records
There are different types of DNS records that are used for different purposes.
▪ The common records are:

✓ A (Host) for IPv4 host, or AAAA for IPv6 host

• The most basic forward lookup record

✓ PTR (Pointer)

• Reverse lookup record (IP address to a name record)

✓ SOA (Start of authority)

✓ SRV (Service Locator)

✓ NS (Name Server)

✓ MX (Mail Exchanger)

✓ CNAME (Alias)
For example, for www give the name of the web server, since there is no server named www in your company
1.12 Working with Organizational Units (OUs)
Organizational Unit (OU) is a container object in AD DS which is primarily used to help with group policy
application and the delegation of permissions of other AD DS objects.
✓ It is an object designed to be a container of other objects.

✓ In windows explorer terms, it is like a folder..

We use OU in domains with too many objects in the AD to organize these objects
Because it is difficult to manage them if they are too many and kept in simple alphabetical order
There are two other reasons why we use OUs
✓ To help with group policy application

• Group policy is applied to the various users and computers based on what container they are
in.

✓ For the delegation of permissions over AD DS objects

• The OUs don’t actually give the permissions, they just help us with the management of those
permissions

Creating OUs
Go to the Domain Controller and open Active Directory Users and Computers
✓ Click on the top level container (the domain name)

✓ You see Domain Controllers are OUs, but the rest are containers

✓ OU objects has a little icon on them (different from containers)

To create your own containers, right click on the domain name (on the left pane of the AD Users and Computers
window) > New > Organizational Unit
Then give it a name
✓ Leave the checked Protect container from accidental deletion on, and click Ok.

Usually, our top level containers are expected to be static (i.e. do not change frequently), like locations
✓ E.g. city of our branch office

✓ For our example, name the OU as Addis.

Then we organize all our AD objects inside the OU. We can put all the users inside the new OU
To do so, you can drag (or cut and paste) the users you want from the Users or Computers containers to the new OU.
It is just like creating folders and sub folders, so you can create sub OUs under OUs
✓ Under the OU Addis, you can have two OUs named Addis Users and Addis Computers, and then put
the appropriate objects inside them

You can decide what OUs to have and the sub OUs to organize objects in appropriate way based on three main
things
✓ Application of Group Policy Objects

▪ How are our group policy objects going to be applied (we will see about group policy in
coming chapters)

✓ Delegation of Control
✓ Organization

▪ What is the best way to organize objects to easily find things in your company AD?

Decide which one is most important (from the three) and do based on that.
Deleting OU
If you delete an OU, everything inside it will be deleted. The ‘Protect container from accidental deletion’ option
makes follow additional steps to delete an OU. To delete an OU, if you right click on it and select delete, you see a
warning that informs you it is not possible. To change that and delete it, click on View menu (of the AD Users and
Computers), click on Advanced Features. Then right click on the OU > Properties > click on the Object tab > then
uncheck the Protect object from accidental deletion check box, and click ok.
✓ Now you can delete the OU

✓ But go to view menu and uncheck the Advanced Features

Delegation of Control
The delegation of control wizard helps us to assign specific privileges to any user, even he/she is not a member of
the administrators group. As an example, we want John Doe to reset passwords of users
✓ He is not an administrator who can do everything but he can only reset passwords

To delegate a user on an OU, right click the OU, select Delegate Control
▪ Click next on the wizard

▪ Then click Add to find the user who will be delegated

▪ Type the name of the user to be delegated and click on Check Names

▪ Click next and select the task that this user will be able to do

✓ E.g. Reset user passwords and force password change at next logon

▪ Then next, and finish

To undo the delegation for a user, make sure the Advanced Features is selected at the View menu, then right click on
the container (OU), click Properties
▪ Click on security tab, click advanced button.

▪ There in the list, find the person you delegated, and double click on it or click on the edit button

▪ Then you uncheck the check boxes, or down click on clear all, and click ok.

1.13 Implementing File Services

Implementing file services is about making data stored on a server available to clients.
✓ It is about making files and folders stored centrally on the server available to users on client
computers.

To create an item to work with, open the new partition on the server, and create a folder named ‘demo folder’, and
inside this folder create a simple text file named ‘demo file’.
NTFS Permissions
Right click on the file and click on properties, and click on the security tab. There you see an access control list,
which is a list of users and groups
✓ In our server case, you see 3 groups

• System, Administrators, Users

✓ When you click on each, in the permission for users box (down below) you see the level of
permission for each user or group to access this particular file.

• There are two columns (Allow and Deny)

• The Users group for example has the ability to read & execute, and read.

▪ An individual user can be a member of more than one group

✓ Like administrators and users.

▪ Deny always overrides permit!!!

That means, if a user is member of two groups, and in one group he/she is allowed to have full control, and in the
other group he/she is denied to modify, the deny is effective (more powerful than the allowed full control).
The administrator is by default member of the two groups Administrators and Users.
✓ If you deny one permission in the users group but allow that same permission in the administrators
group, the deny has more power, so he/she will be denied

If you want to add permission to a user or group, click on the edit button, then click on the group or user in the
group or user names, and check in the appropriate check boxes to either allow or deny permissions in the list down
below, and click ok.
If you want to add another user or group, click on the add button, then type the group or user name and click ok.
✓ e.g. add the IT Users group, that we created in the active directory, and allow the group to modify
(that includes permission of the additional 4 permissions below) and click ok.

• Then all members of that group will inherit these permissions.

The previous things were on the file. If you right click a folder, and click on properties, then on security tab, you see
the same things, but also one additional item, called ‘list folder contents’. If you allow permission to list folder
contents, the object can see the contents of that folder, even if they can’t access it.
Sharing
▪ There is another tab, called sharing tab (before the security tab)

▪ If we share a folder, we make it accessible across the network.

▪ To share, we have two ways

✓ Share

✓ Advanced sharing

▪ If you click the advanced sharing, you can check the share check box.

▪ The share name can be different from the folder name

▪ Click on permissions button to set up specific permissions to users/groups, the same way we setup NTFS
permissions

You can add users/groups and specify whether they have read, change or full control access
To access a file over a network, we must share the folder first. When you share the folder, if you limit the
permissions of the folder sharing to specific groups, this also applies to the files inside this folder, even if
users/groups have full control to the files inside the folder
✓ Folder sharing permissions override file security permissions
This way, you can set a folder to be accessible only by some groups/users created in the active directory, and not be
accessed by others.

1.14 Implementing DHCP

DHCP is Dynamic Host Configuration Protocol. With DHCP we dynamically configure our hosts’ TCP/IP protocol.
✓ We automatically assign IP addresses

Instead of going to individual computers and assign static IP address, DHCP allows those IP addresses automatically
be assigned. DHCP works following the 4 processes:
Discover: client locates a DHCP server
▪ Client sends out a broadcast on the network asking if there is any DHCP server.

Offer: DHCP server offers an IP address

▪ Any or all DHCP servers that hear the discover broadcast respond back with an offer.

▪ It is like the DHCP server says “here is an IP address if you want it” to the client.

▪ This is because there can be more than one DHCP server.

Request: client asks for address

▪ The client sends a request to the first server that offered, saying it would like to have the IP
address

Ack: server acknowledges and issues lease

The DHCP server acknowledges back to the client confirming that the client can now have the IP address, for
specified amount of time.
– Lease, i.e. the IP address is given for a designated amount of time.

The server then registers this IP address into its database so that it does not give it to anyone else.
There is a process of DHCP Renewal
✓ Takes place every half time of the lease period

✓ It is a two step process:

• Request

• Ack

✓ For e.g. if the lease period is 8 days, it is renewed at the 4th day, for a fresh 8 days again (being at the
4th day)

If at the lease renewal day the server does not respond, the client keeps using the IP address for the remaining lease
days
✓ But tries to renew every half of the remaining half time

• At the 2nd date from half time, then at 3rd

At the 87.5 % of the life used up, the client makes the renewal process a broadcast, trying to renew the lease by any
DHCP server accessible.If no response still, at the end of the lease period, the client starts the DHCP process again
from the beginning.
1.16 Using DHCP in a Routed Network
If our network is segmented by routers, and the DHCP server is on the other segment of the network, a DHCP
discover broadcast can’t pass the router, since a broadcast can’t pass through a router.
There are the following 3 solutions for this
✓ Put a DHCP server on every network segment

• DHCP servers are not resource intensive

• Or make the router itself a DHCP server, it serves all the segments.

✓ Use routers that can pass through a DHCP broadcast

• The router opens up UDP ports 67 and 68

– These are the ports used by DHCP process

✓ Third option is to implement DHCP relay agent

• The relay agent is another computer that knows the IP address of the DHCP server on the
other segment

• It takes a client’s broadcast and sends a unicast to the server

• Some routers can be a DHCP relay agents

– E.g. Cisco routers use the IP helper address command to do so

1.15 Implementing DHCP

We can create another server in addition to the domain controller to serve as a DHCP.But in this course, we use the
domain controller to act as a DHCP sever too
✓ In addition to being a DC

DHCP is a role, just like other roles.To install a DHCP role, open the server manager
▪ Then click on Add roles and features link on the server manager

▪ Click next, next again and select DHCP from the role list.

▪ Then click Add Features button when Add roles and features wizard comes

▪ Then click next, again next, and click install.

▪ After the initial adding features is completed, click on the ‘Complete DHCP configuration’ link.

▪ Click next

▪ At the Authorization step, any DHCP server in the domain must be authorized to start its service

✓ This is to avoid a rogue DHCP

✓ Any DHCP server must be member of the domain, and be authorized to serve as DHCP.

✓ To authorize any DHCP server, you must have an administrator account in the forest.

▪ Click Commit button, and close the wizard, and close the previous wizard also.

▪ Now to configure the DHCP server, click on tools menu at the server manager

▪ Click DHCP
▪ On the DHCP wizard, click on the server name on the left pane

▪ Right click on the IPv4 link and select New Scope

▪ Click next

▪ Give the scope a name

✓ Any name

▪ Click next, and give the actual range of the IP addresses in the pool

✓ Do not include the IP addresses to be used by servers statically in the scope

✓ For our example purpose, let the pool start from 192.168.100.30 to 192.168.100.200

▪ This depends on how many clients you have on your network

✓ You may modify the subnet mask there, if required, and click next

▪ Then comes the Add exclusions and delay fields

▪ Here type in the IP addresses you do not want the DHCP server give to clients

▪ Type as a range (by typing the start IP and end IP addresses) and click Add button, or just type individual IP
addresses and click Add

▪ Then click next, and specify the lease duration, or leave the default

✓ If in the network the clients move around frequently (changing), from one network to another, make
the lease duration short

✓ If however clients in the network are not changing place frequently, you can make the lease duration
very long

▪ Or even enter all 0 in the 3 fields (days, hours, minutes) to make the lease indefinite (not
lease, but permanent) => not recommended, it has problems

▪ Click next (with the default period of 8 days for our example)

▪ Then comes DHCP options configuration, used to tell clients other important IP addresses in addition to their
own IP address, like the default gateway and DNS servers, click next

▪ Add the default gateway IP address, and click next

▪ Then add the DNS server IP addresses, and click next

▪ Then comes WINS server, leave it blank and click next (almost obsolete feature)

Activate the scope and click next, and click finish

▪ You can now see the scope under the IPv4 list on the DHCP managing tool

▪ You see address pool, address leases, etc.

✓ The address leases folder shows you any client that got an IP address fro this pool.
▪ Reservations is not same as exclusion

▪ Exclusion excludes the IP address from being given to clients, but reservation is a way to give an IP address
from the pool to be given only to one client always

✓ You need to know the MAC address of the client to reserve an IP address for it

✓ To do so, right click on reservations, and fill the fields.

✓ One example this is typically done is for network printers.

✓ It is like giving a static address for the client from the server.

▪ We can have additional server scopes, with different address pool, etc.

Self-check questions
I. Circle on the Correct Choice (2 marks each)
1. Which one of the following is the best definition of a server?
a. A network-connected device that provides IP routing to the network
b. A network connected device that provides services to the network and devices on that
network
c. A stand-alone device that is used by a user to perform mathematical analysis
d. A network connected device that is used to access websites using a web browser
2. One of the following is done first
a. Join a domain from a client computer
b. Create a domain
c. Create a group account
d. Create a user account
3. Which one of the following is not an initial (very first) configuration task on a windows
server?
a. Setting the computer name
b. Setting IP address
c. Configure date time
d. Adding the Active Directory Domain Services role
4. One of the following loads automatically on the desktop and is opened by default after
Windows Sever 2012 is powered on
a. Command line (cmd)
b. Control panel
c. Server Manager
d. PowerShell interface
5. Where do you commonly (most of the times) add a record in a DNS server?
a. Forward lookup zone
b. Reverse lookup zone
c. Two way lookup zone
d. None
6. Administrative entity you create on a DNS server to represent a discrete portion of the DNS
namespace.
a. Zone
b. Level
c. Border
d. Area
7. _____________ is another computer that knows the IP address of the DHCP server on the
other segment of the network
a. Relay agent
b. Name resolution
c. Switch
d. None of the above
8. _________________ is what you set up on a DNS server to indicate the other DNS server to
send a request of unknown name.
a. Pointer
b. Forwarder
c. Resolver
d. Finder
9. For which of the following devices the dynamic IP addresses are assigned?
a. Domain controllers
b. Internet web servers
c. Client computers
d. DHCP server
2
10. DNS servers contain DNS database, which contains the list of
a. Only names of the client computers
b. Only the IP addresses of computers
c. Names and the corresponding IP addresses
d. None
11. The .com .net and .org are at
a. Top level domain
b. Second level domain
c. Sub domain
d. Fully qualified domain
12. If you want a client computer to get a known IP address from a DHCP server, and the IP
address should not change (be the same always), you do one of the following on the DHCP
server:
a. Put the address as a router
address
b. Reserve the address
c. Create a separate scope
d. None
13. When you configure the very first domain controller, which option do you use?
a. Add a DC to an existing domain
b. Add a new domain to an existing forest
c. Add a new forest
d. Add a new client
14. What is at the top of the hierarchy tree of Domains?
a. .com
b. Root
c. .net
d. .org
15. What is the IP address pool available for lease to DHCP clients?
a. NAT
b. Scope
c. Lease options
d. IP address pool
16. When you create a user, by default that user will be member of the following security group:
a. Administrators
b. Site managers
c. Domain users
d. Enterprise admins
3
17. One of the following is true about computer accounts in domain controller:
a. When a computer joins a domain, a computer account is created automatically in
the active directory
b. In the active directory, you see list of IP addresses of computers that join the
domain
c. A user must be a domain administrator to login to a computer in a domain
d. None
18. An organizational unit is:
a. An object which is container of other objects
b. Just like a folder in windows explorer
c. Used to delegate permissions over AD objects
d. All
19. A DHCP server gives one of the following to clients
a. IP address for the host
b. Default gateway address
c. DNS server address
d. All
20. One of the following is true:
a. A user can be a member of more than one groups in a domain controller
b. A forest must have at least two domains
c. It is recommended to run too many server roles only on one server
d. None
II. Write the answers only on the spaces provided (1 marks each)
21. Briefly describe the following message types by indicating and their source in DHCP.
a. Discover:
b. Offer:
c. Request:
d. Ack:
4
22. What protocol is used to automatically assign IP addresses and dynamically configure
your hosts’ TCP/IP protocol? ______________________
23. What are the two group account types in active directory?
_______________________________________________________
24. What is the role you add on a server to make it a Domain Controller?
___________________________
25. Write one common user account administrative process you do on a domain controller.
___________________________
Sub theme 3 Computer Security
Learning Objectives of the unit
Be able to understand that information security is concerned with securing all of the information resources, not just hardware
and data.
Be able to understand the three main objectives of information security.

What is Computer Security?

The meaning of the term computer security has evolved in recent years. Before the problem of data security became
widely publicized in the media, most people’s idea of computer security focused on the physical machine.
Traditionally, computer facilities have been physically protected for three reasons:
• To prevent theft of or damage to the hardware
• To prevent theft of or damage to the information
• To prevent disruption of service
Strict procedures for access to the machine room are used by most organizations, and these procedures are often an
organization’s only obvious computer security measures.

Today, however, with pervasive remote terminal access, communications, and networking, physical measures rarely
provide meaningful protection for either the information or the service. Currently computer security can be defined
as the protection afforded to an automated information system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications)

1.2 Confidentiality, Integrity, Availability: The three components

of the CIA Triad
What is the CIA triad? No, CIA in this case is not referring to the Central Intelligence Agency. CIA refers to
Confidentiality, Integrity and Availability of information. Many security measures are designed to protect one or
more facets of the CIA triad.

Confidentiality

Confidentiality is about protecting the information from disclosure to unauthorized parties. Information has value,
especially in today’s world e.g. bank account statements, personal information, credit card numbers, trade secrets,
government documents. Everyone has information they wish to keep a secret. Protecting such information is a very
major part of information security.

Organizations protect against loss of confidentiality with access controls and encryption. A very key component of
protecting information confidentiality would be encryption. Encryption ensures that only the right people (people
who know the key) can read the information. Other ways to ensure information confidentiality include enforcing file
permissions and access control list to restrict access to sensitive information.

For example, users are first required to authenticate and then access is granted to users based on their proven
identity. In short, users are granted access to data via permissions. If users do not have permissions, they are denied
access.

If a system suffers loss of confidentiality, then data has been disclosed to unauthorized individuals. This could be
high level secret or proprietary data.

Integrity

Integrity of information refers to protecting information from being modified by unauthorized parties. Information
only has value if it is correct. Information that has been tampered with could prove costly. For example, if you were
sending an online money transfer for $100, but the information was tampered in such a way that you actually sent
$10,000, it could prove to be very costly for you.

As with data confidentiality, cryptography plays a very major role in ensuring data integrity. Commonly used
methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original
message.

Loss of integrity means that data or an IT system has been modified or destroyed by an unauthorized entity. This
could be the modification of a file, or the change in the configuration to a system that results inaccurate and
unreliable information.

For example, if a file is infected with a virus, the file has lost integrity. Similarly, if a message within an email is
modified in transit, the email has lost integrity.

One of the common ways of ensuring integrity is with hashing. In short, a hash is a number and a hashing algorithm
can calculate a hash for a file or string of data. As long as the data has not changed, the hash will always be the
same. The two primary hashing algorithms used today are Message Digest 5 (MD5) and Secure Hashing Algorithm
1 (SHA-1).

Availability

Availability of information refers to ensuring that authorized parties are able to access the information when needed.

Information only has value if the right people can access it at the right times. Denying access to information has
become a very common attack nowadays.

Other factors that could lead to lack of availability to important information may include accidents such as power
outages or natural disasters such as floods.

How does one ensure data availability? Primary methods that organizations use to protect against loss of availability
are fault tolerant systems, redundancies, and backups.

• Backup is key. Backups ensure that that important data is backed up and can be restored if the original data
becomes corrupt.

• Fault tolerance means that a system can develop a fault, yet tolerate it and continue to operate.

• This is often accomplished with redundant systems such as redundant drives or redundant servers that ensure
data and systems are up and operational when they are needed.

For example, if a Web server is not operational when a customer wants to purchase a product, the Web
server has suffered a loss of availability.

1. Security threats/attacks.

In the context of computer/network security, an attack is an attempt to access resources on a computer or a network
without authorization, or to bypass security measures that are in place.The common types of attacks include:
a. Snooping attacks - This is when someone looks through your files in the hopes of finding something interesting
whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling
bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper
tracked to your bulletin board. Computer snooping on the other hand involves someone searching through your
electronic files trying to find something interesting.
b. Back door Attacks - back door refers to gaining access to a network and inserting a program or utility that
creates an entrance for an attacker. The program may allow a certain user to log in without a password or gain
administrative privileges. A number of tools exist to create a back door attack such as, Back Orifice. There are many
more. Fortunately, most anti-virus software will recognize these attacks.
c. Spoofing Attacks - This is an attempt by someone or something to pretend as someone else. This type of attack is
usually considered as an access attack. The most popular spoofing attacks today are IP spoofing and DNS spoofing.
The goal of IP spoofing is to make the data look like it came from a trusted host when it really didn't. With DNS
spoofing, The DNS server is given information about a name server that it thinks is legitimate when it isn't. This can
send users to a website other than the one they wanted to go to.
d. Packet Sniffing attack A program that captures data as it travels across a network.
e. Man-in-the-Middle Attacks – In cryptography and computer security, it is an attack where the attacker secretly
relays and possibly alters the communication between two parties who believe they are directly communicating with
each other.
This can be fairly sophisticated, this type of attack is also an access attack, but it can be used as the starting point of
a modification attack. This involves placing a piece of software between a server and the user that neither the server
administrators nor the user are aware of. This software intercepts data and then send the information to the server as
if nothing is wrong. The server responds back to the software, thinking it's communicating with the legitimate client.
The attacking software continues sending information to the server and so forth.
f. TCP hijacking attack is a dangerous technique that intruders can use to gain access to Internet servers.
Cracker- A hacker who specializes in “cracking” or discovering system passwords to gain access to computer
systems without authorization. Crash Sudden failure of a computer system, rendering it unusable.
Hacker A person who spends time learning the details of computer programming and operating systems, how to test
the limits of their capabilities, and where their vulnerabilities lie.
g.Denial of Service attack A deliberate action that keeps a computer or network from functioning as intended (for
example, preventing users from being able to log onto the network).
Threat A potential danger to data or systems. A threat agent can be a virus; a hacker;
a natural phenomenon, such as a tornado; a disgruntled employee; a competitor, and other mechanisms.
Risk the probability that a specific security threat will be able to exploit system vulnerability, resulting in damage,
loss of data, or other undesired results. That is, a risk is the sum of the threat plus the vulnerability.
Vulnerability A weakness in the hardware or software or security plan that leaves a system or network open to
threat of unauthorized access or damage or destruction of data.

g. Password Guessing Attacks - This occur when an account is attacked repeatedly. This is accomplished by
sending possible passwords to an account in a systematic manner. These attacks are initially carried out to gain
passwords for an access or modification attack. There are three types of password guessing attacks: Today, there are
three common methods used to break into a password-protected system.

1. Brute Force Attack

A hacker uses a computer program or script to try to log in with possible password combinations, usually starting
with the easiest-to-guess passwords. (So just think: if a hacker has a company list, he or she can easily guess
usernames. If even one of the users has a “Password123”, he will quickly be able to get in.)

2. Dictionary Attack

A hacker uses a program or script to try to login by cycling through combinations of common words. In contrast
with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only
those possibilities which are most likely to succeed, typically derived from a list of words.

3. Key Logger Attack

A hacker uses a program to track all of a user’s keystrokes. So at the end of the day, everything the user has typed—
including their login IDs and passwords—have been recorded. A key logger attack is different than a brute force or
dictionary attack in many ways. Not the least of which, the key logging program used is malware (or a full-blown
virus) that must first make it onto the user’s device (often the user is tricked into downloading it by clicking on a
link in an email). Key logger attacks are also different because stronger passwords don’t provide much protection
against them, which is one reason that multi-factor authentication (MFA) is becoming a must-have for all businesses
and organizations.

With multi-factor authentication (also called two-factor authentication, 2FA, and advanced authentication), a user
is required to not only provide a password to gain access to the system, but also a another security “factor,” like a
unique one-time access code generated from a token device or secure mobile app on their smartphone.

Positive Warnings about password security: Never share your password. Never use the vendor default password
(like Netgear1). Never use an easy-to-guess password (like Password123 or Mike1982).

2.1. Security mechanisms

A security policy describes precisely which actions the entities in a system are allowed to take and which ones are
prohibited. Entities include users, services, data, machines, and so on.
Once a security policy has been laid down, it becomes possible to concentrate on the
Security mechanisms by which a policy can be enforced, important security mechanisms are:
1. Encryption
2. Authentication
3. Authorization
4. Auditing
1. Encryption is fundamental to computer security. Encryption transforms data into something an attacker
cannot understand. In other words, encryption provides a means to implement confidentiality. In addition,
encryption allows us to check whether data have been modified. It thus also provides support for integrity.
2. Authentication is used to verify the claimed identity of a user, client, server, and so on.
In the case of clients, the basic premise is that before a service will do work for a client, the service must
learn the client’s identity. Typically, users are authenticated by means of passwords, but there are many other
ways to authenticate clients such as biometrics, certification, multi-factor authentication etc.
3. Authorization, after a client has been authenticated, it is necessary to check whether that client is authorized
to perform the action requested. Access to records in a medical database is a typical example. Depending on
who accesses the database, permission may be granted to read records, to modify certain fields in a record, or
to add or remove a record.
4. Auditing tools are used to trace which clients accessed what, and which way. Although auditing does not
really provide any protection against security threats, audit logs can be extremely useful for the analysis of a
security breach, and subsequently taking measures against intruders. For this reason, attackers are generally
keen not to leave any traces that could eventually lead to exposing their identity. In this sense, logging
accesses makes attacking sometimes a riskier business.
5. Malicious nodes

It is computer program or script that performs an action that intentionally damages a system or data, that performs
another unauthorized purpose, or that provides unauthorized access to the system.

virus: A virus is a small, self-contained piece of computer code hidden within another computer program. Like a
real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A
virus is only one of several types of "malicious logic" that It may damage or corrupt data, change data, or degrade
the performance of your system by utilizing resources such as memory or disk space or your entire network.

worm : A computer worm spreads like a virus but is an independent program rather than hidden inside another
program.They are self contained and use the networks to spread, in much the same way viruses use files to spread.
Some people say the solution to viruses and worms is to just not have any files or networks.

logic bomb :A logic bomb is a program normally hidden deep in the main computer and set to activate at some
point in the future, destroying data.

Trojan Horse: A Trojan Horse seems as a legitimate software program. It waits until triggered by some pre-set
event or date and then delivers a payload that may include destroying files or disks. From an information security
point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to
access and control your computer without your knowledge whenever you are on the Internet.

6. Social engineering

Social engineering refers to psychological manipulation of people into performing actions or divulging confidential
information. It is a type of confidence trick for the purpose of information gathering, fraud, or system access.

Mail from a friend (Phishing attempts)- Typically, a phisher sends an e-mail, IM, comment, or text message that
appears to come from a legitimate, popular company, bank, school, or institution.

If a criminal manages to hack or socially engineer one person’s email password they have access to that person’s
contact list as well.

Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave
messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends. These
messages may use your trust and curiosity such as:

• Contain a link that you just have to check out

• Contain a download–pictures, music, movie, document, etc., that has malicious software embedded. If you
download–which you are likely to do since you think it is from your friend–you become infected.
• The message may notify you that you’re a ’winner’
• The message may ask for help.
Encryption and Decryption
Encryption is a mechanism by which a message is transformed so that only the sender and
recipient can see. For instance, suppose that Alice wants to send a private message to Bob.
To do so, she first needs Bob’s public-key; since everybody can see his public-key, Bob can
send it over the network in the clear without any concerns. Once Alice has Bob’s public-key,
she encrypts the message using Bob’s public-key and sends it to Bob. Bob receives Alice’s
message and, using his private-key, decrypts it.

1. Digital Signature and Verification

Digital signature is a mechanism by which a message is authenticated i.e. proving that a message is effectively
coming from a given sender, much like a signature on a paper document. For instance, suppose that Alice wants to
digitally sign a message to Bob. To do so, she uses her private-key to encrypt the message; she then sends the
message along with her public-key (typically, the public key is attached to the signed message). Since Alice’s
public-key is the only key that can decrypt that message, a successful decryption constitutes a Digital Signature
Verification, and meaning that there is no doubt that it is Alice’s private key that encrypted the message.

1.5 Identity and keys

Until now, we have taken for granted the keys being used for encryption/decryption and digital
signature/verification belong to Bob and Alice. How can we be sure that Alice is really Alice?

And, how can Alice be sure that only Bob will see what she encrypted? So far, the only thing we know is that the
user of a given key pair has signed and encrypted the message.
But, is he really the owner? George, for instance, may have sent a message to Bob pretending that he is Alice; Bob
cannot tell whether or not it is Alice or George who is sending the message. The same applies to Bob’s public-key.
This issue is solved by the use of certificates.
What is a Certificate?
A certificate is a piece of information that proves the identity of a public-key’s owner. Like a passport, a certificate
provides recognized proof of a person’s (or entity) identity. Certificates are signed and delivered securely by a
trusted third party entity called a Certificate Authority
(CA). As long as Bob and Alice trust this third party, the CA, they can be assured that the keys belong to the persons
they claim to be.
A certificate contains among other things:
1) The CA’s identity
2) The owner’s identity
3) The owner’s public-key
4) The certificate expiry date
5) The CA’s signature of that certificate
6) Other information that is beyond the scope of this article.
With a certificate instead of a public-key, a recipient can now verify a few things about the issuer to make sure that
the certificate is valid and belongs to the person claiming its ownership:
1) Compare the owner’s identity
2) Verify that the certificate is still valid
3) Verify that the certificate has been signed by a trusted CA
4) Verify the issuer’s certificate signature, hence making sure it has not been altered.
Bob can now verify Alice’s certificate and be assured that it is Alice’s private-key that has been used to sign the
message. Alice must be careful with her private-key and must not divulge how to get to it; by doing so, she is
enforcing one aspect of the non-repudiation feature associated with her digital signature. As will be seen in section
3.2, there is more to consider for effective non-repudiation support.
Note that certificates are signed by a CA, which means that they cannot be altered. In turn, the CA signature can be
verified using that CA’s certificate.
2.1 Certificate validation added to the process
When Alice encrypts a message for Bob, she uses Bob’s certificate. Prior to using the public-key included in Bob’s
certificate, some additional steps are performed to validate Bob’s certificate:
1) Validity period of Bob’s certificate
2) The certificate belongs to Bob
3) Bob’s certificate has not been altered
4) Bob’s certificate has been signed by a trusted CA
Additional steps would be required to validate the CA’s certificate in the case where Alice does not trust Bob’s CA.
These steps are identical to the ones requires to validate Bob’s certificate. In the example below, it is assumed that
both Bob and Alice trust that CA.

Summery

Comparison of symmetric and asymmetric encryption

3.cybersecurity incident
A cybersecurity incident is a specific type of security incident that involves a breach or compromise of digital assets,
computer systems, networks or data. It encompasses incidents that relate to the intentional exploitation of digital
vulnerabilities such as malware, hacking attacks, data breaches or DoS attacks. Cybersecurity incidents can vary
widely in terms of scope, impact and severity. They require immediate attention and response to mitigate potential
harm.
How are cybersecurity incidents related to security events and security incidents?

Security events Security incidents Cybersecurity incident

A confirmed violation of security

An observable activity or policies or unauthorized access A subset of security incidents
behavior that may indicate a that results in potential harm or specifically involving breaches
potential security issue damage to systems, data, or or compromises of digital
within the IT environment. networks. assets through cyber means.

In conclusion, a cybersecurity incident is a subset of security incidents, involving confirmed breaches or

compromises of digital security that lead to unauthorized access or potential damage. It signifies a significant breach
of security policies. In contrast, security events are early indicators of potential threats, highlighting unusual
activities in IT environments. While security events are potential precursors to incidents, a cybersecurity event is a
broader term covering both minor security events and major security incidents. Security incidents are any activity
that poses a real time threat to the integrity of an organization's network. Organizations must diligently monitor and
respond to cybersecurity events to enhance their cybersecurity posture and safeguard against security incidents.

For instance, a real-life example of a cybersecurity incident involved ChatGPT in March 2023. OpenAI admitted to
the breach by releasing a statement acknowledging that credit card information, email IDs, membership numbers,
names, and addresses of some users were visible to other users. This information was available for a nine-hour
window and users who were active during this time risked having their details visible to other users. This breach is
attributed to a bug in the open source AI that was being used by ChatGPT.

3.1 The growing importance of cybersecurity

The risks associated with cybercrimes are escalating as the digital age continues to progress. CyberCrime Magazine
predicted that cybercrime will cost the world over USD 10 trillion annually by 2025.It is difficult to calculate the
return on investment while budgeting for an organization's cybersecurity spending, however it remains most
important. Highlighting the emphasis on cybersecurity

Understanding the intricacies of cybersecurity incidents, distinguishing them from security events and other
incidents is crucial.
Difference between a security event and security incident
It is important to know the difference between a security event and a security incident. A security event is an
occurrence in the network that might lead to a security breach. If a security event is confirmed to have resulted in a
breach, the event is termed a security incident. A security incident results in risk or damage to the resources and
assets of an enterprise. Based on the breach detected, sufficient action has to be taken to limit the damage
and prevent the incident from getting worse.
3.2 Security events
Security events are the first step towards identifying a threat or a complete attack. An enterprise might run into
thousands of security events per day. However, not all security events indicate a cyberattack. For example, a user
receiving a spam email triggers a security event. Such events need to be monitored using a SIEM solution to detect
if a security event leads to a security incident.

Some of the most common sources of security events that should be analyzed in a network are explained below.

3.3 Firewalls
A firewall controls traffic to and from the network. Firewall logs provide the first evidence of an intrusion
by attackers. So, security events detected from firewall logs must be carefully monitored. Below are some
of the common security events and incidents that you should monitor from firewall logs.

• Spike in incoming or outgoing traffic: A spike in incoming or outgoing traffic is a critical security event.
On further inspection into the firewall logs, if multiple packets are received from source IP addresses
unknown to your organization, this is a security incident, as it indicates a possible DDoS attack.
• Configuration changes to firewall policies: Changes to firewall configurations are security events, not
incidents. However, if a user whose privileges have been recently escalated tries to change the firewall
configurations, the event is termed a security incident.
Modification to firewall settings: Changes made to firewall rules can be normal events unless they allow
traffic from or to a malicious C2C server or any other malicious source for data

• exfiltration. In such cases, the change becomes a security incident. Therefore, it is necessary to carefully
monitor these changes.
3.4 Critical servers
Critical servers, such as file servers, web servers, and domain controllers, are highly susceptible to attacks, as
compromising these systems means gaining control of the network or data to a large extent. Monitoring all the user
activities and changes to configurations in these servers is critical. Some of the common security events that you
should monitor on critical servers are:

• User logins.
• User permission changes to access the servers.
• Changes to system settings.
• Changes to security configurations.

When the above events, upon investigating, turn out to be from a suspicious source or indicate unusual user
behavior, then they are security incidents.

These are some common events that you should monitor. Depending on the functionality of the servers, you can add
other events for monitoring. For instance, in a web server, it becomes essential for you to monitor the logs for
injection attempts.

Databases
Databases are one of the most common targets for attackers, as they store employee details, confidential business
data, and more. Some of the common security events in databases are:
• Changes to database tables: Changes to the tables in a database by privileged account users are security events. If
such a user goes on to manipulate multiple tables, it is a security incident.
• Changes to user privileges: When a user's privileges are elevated to access database resources, it is a security event.
This becomes a security incident if the user with recently elevated privileges tries to change the privileges of other
users by adding or removing members in the database administrators security group.
• Accessing or extracting sensitive data: Employee biometric information, customer records, and transaction details
are examples of sensitive enterprise information. If a user tries to extract such information from the database, it is a
security incident.
Endpoints

Endpoints such as laptops and desktops generate a huge amount of security events in a single day. Some of the
common security events that you need to monitor from endpoints are:

• Failed login attempts: If a user logs in to their device after repeated failed attempts, it is a security event. If such an
event is followed by the user trying to escalate their privileges, it is a security incident.
• Unauthorized software installations: Downloading and installing unauthorized software on a device is a security
event. If such an application harms the functioning of other applications and causes the device to malfunction, it is
termed a security incident.
Security incidents

A security incident is a security event that damages network resources or data as part of an attack or security threat.
An incident doesn’t always cause direct damage, but it still puts the enterprise's security at risk. For example, a user
clicking on a link in a spam email is a security incident. This incident doesn't directly cause any damage, but it could
install malware that causes a ransomware attack.

Some of the security incidents that you should be monitoring in your network include:
• Traffic from known malicious IP addresses: Several IP addresses are identified as malicious because of suspected
notorious activities carried out through them. The information about malicious IP addresses is called threat
information or a threat feed. To track down traffic from malicious sources, you should configure your security
solution, such as a SIEM tool, to correlate data between these dynamically updated threat feeds and your network
traffic information. If such an IP address is attempting to access the network, your SIEM solution can detect the
attempt and take counteraction immediately.
• Suspicious malware installations on endpoints: Millions of malicious emails with genuine-looking attachments are
sent to people every day. If such an attachment is opened by an unsuspecting user, this might lead to malware being
installed on the device. The attacker may extract sensitive information stored on the user's device through the
malware or gain entry into the enterprise's network resources, either of which make this a security incident.
• Unknown login attempts: Companies use VPN services to help remote users connect to the organization's network.
If a hacker manages to crack the credentials of a remote user, they can enter the network and launch a full-scale
cyberattack. If a user reports that their credentials have been compromised and that they had not logged in to the
network recently, this is a serious security incident requiring rapid response from the IT administrator.
• Privilege escalations: Once an attacker has gained access to the enterprise's network, they can cause only limited
damage by masquerading as the user they impersonate. So, their next step is often privilege escalation. Privilege
escalation allows the attacker to gain more access and, therefore, better control over the network.
• Unauthorized changes to configurations of critical devices: An unauthorized attempt to make changes to critical
services such as firewalls indicates a possible attack on the network, so it’s logged as a security incident.
• Malware infection through removable media: Plugging removable media, such as USB drives and hard drives, into a
workstation can be harmful if the external device contains malware. If an antivirus system detects an external device
containing malware, a security incident is logged.
• Data manipulation in databases: If the data present in an enterprise’s databases is deleted or modified by an
unauthorized user, it is termed a security breach, and the IT administrator must take immediate action to prevent
further damage to the enterprise's network.

Self-check questions
I. Choose the Best Answer by Circling (2pts each).
1. When hackers looks or steal your electronic or paper files with out permission, it is said to be:
A. Back door Attacks
B. Snooping attacks
C. Spoofing Attacks
D. Packet Sniffing attack
2. _______is used to verify the claimed identity of a user, client, and server from illegal individuals.
A. Authorization
B. Encryption
C. Decryption
D. Authentication
3. Before the problem of data security became widely known, most people’s idea of computer security focused
on:
A. Information/data
B. Software
C. Hardware
D. Telecommunications
4. The absence of one of the CIA leads mores to denial of service (DOS).
A. confidentiality
B. availability
C. integrity
D. none

5. When hackers looks or steal your electronic or paper files with out permission, it is said to be:
E. Back door Attacks
F. Snooping attacks
G. Spoofing Attacks
H. Packet Sniffing attack
6. _______is used to verify the claimed identity of a user, client, and server from illegal individuals.
E. Authorization
F. Encryption
G. Decryption
H. Authentication
7. Before the problem of data security became widely known, most people’s idea of computer security focused
on:
E. Information/data
F. Software
G. Hardware
H. Telecommunications
8. The absence of one of the CIA leads mores to denial of service (DOS).
E. confidentiality
F. availability
G. integrity
H. none
II. Answer the following question accordingly
1. Differentiate between computer threat and computer risk.
2 Discuss the three CIAs in detail. What are the risks and solution mechanisms to CIA security?
3 Give at least two examples to show how social engineering matters on information security.
4 Compare and contrast between brute force attack and dictionary attack.
5 Differentiate between computer threat and computer risk.(2pts)
6 Discuss the three CIAs in detail. What are the risks and solution mechanisms to CIA security? (4pts)
7 Give at least two examples to show how social engineering matters on information security.(2pts)

Reference
[1] Routing and Switching Essentials Companion Guide Cisco Networking Academy
[2] Connecting Networks V6 Companion Guide (Cisco Networking Academy)
[3] Switching, Routing, and Wireless Essentials V7. 0 (SRWE) Companion Guide (Cisco Networking Academy)
[4] Enterprise Networking, Security, and Automation Companion Guide (CCNAv7)