Network Fundamentals: Wireless, Security, and Protocols
Label: handle long and short set, identifies a FEC. LER – Label Edge Router LSR – Label Switching Router
Forward Equivalence Class (FEC): representation of a group of packets with the same requirements for transport, has the same treatment en route to the destination. Based on service requirements or a prefix address.
Wireless: computing devices connected in a wireless network. Type: WPAN, WLAN and WWAN.
WPAN: personal networking, and wireless short-range Bluetooth uses radio waves omnidirectional (the signal spreads in all directions), when two or more Bluetooth devices are connected form a piconet (peer network) with the max 8 devices, the connection of several piconets is a scatternet. IRDA (infrared): bidirectional and requires alignment of the devices.
WLAN: Wireless Local Area Network, has two topologies (ad hoc and infrastructure).
Ad hoc: formed by devices with wireless cards in a peer network without central device.
Infrastructure: plates have access and AP – access point which is a central device for communication between network devices.
Wi-Fi: Wireless Fidelity, assigned to the 802.11 standard.
WWAN: Composed of GSM / GPRS, 2G/3G cellular, CDPD, Mobitex and CDMA/1xRTT. Transmission by satellite and digital cellular networks to connect wirelessly over long distances. Ad-Hoc Infrastructure
Wireless link:
- Typically used to connect the host to the mobile base station, also used as backbone link, multiple access protocols for coordinating access to and link various data rates and transmission distances
Hosts wireless: laptop, PDA, IP phone, run applications and can be fixed or mobile wireless; not always mean mobility
Base Station: Typically connects to the wired network, relay – responsible for sending packets between the wired and wireless hosts in your area. Eg cellular towers. Access Points 802.11
Handoff: mobile host moves from one base station to the other features of the wireless link (the link wired differences make communication more difficult, even point to point): the low signal (the signal is attenuated when they propagate in the most Fast metallic, interference from other sources, multiple propagation paths (main and reflected signal reach the destination at different times).
CSMA: listen before transmit does not conflict with ongoing transmissions and makes collision detection, hard to feel the bumps due to weak received signal.
CSMA / CA: transmitter sends the small frame called request-to-send via the CDMA base station, an RTS may collide but are small, sends a broadcast station (clear to send) in response to RTS, all we hear the CTS but only transmitter sends the selected data frame.
Symmetric key cryptography: keys to the sender and recipient are identical.
Public key cryptography: encryption with public key and decrypt with private key or vice versa.
Code Replacement: replacement of one character by another.
Monoalphabetic cipher: substitute one letter for another.
Hash: result of the calculation can be the same for different messages, is not a function 1×1, produces a message summary of fixed size, only allows validation errors and does not recover.
Hash – properties: resistance to first inversion (unlikely to find the original message with effort 2n), resistance to second inversion (unlikely to find the original message with effort 2n) and resistance to impact (unlikely to find two messages with the same hash to generate the same summary of effort 2n/2).
Digital Signature: cryptographic technique similar to the signatures of hand, the sender digitally signs, but not verifiable forjável applies a hash of the document and after applying the private key, can not guarantee confidentiality and ensures authorship.
Certifying authority: binds public key to a particular entity.
Firewall: isolates the internal network from the public area of the Internet, serve to prevent denial of service, illegal access to internal data, to allow only authorized access to that network. Type: application layer (application gateways) and packet filtering.
Packet filter: internal network connected to Internet via router firewall decision to commit or discard the package is based on: source IP address and destination, number of TCP / UDP source and destination, type of ICMP and TCP bits ( SYN and ACK).
Gateway application: filters packets according to application data and fields of IP / TCP / UDP.
Limitations of firewalls and gateways: IP spoofing (router has no way of knowing whether the source of the data comes from the alleged source), if several applications need special treatment is necessary gateway for each one, the client software must know how to contact gateway, using UDP Filters policy of all or nothing commitment to security in communication with the outside world.
Threats to Internet security: Mapping (before discovered that services are implemented in the network, use ping to determine hosts with network address, port scanning).
Countermeasures: packet filtering and flood seek source of flooding.
Secure Email: using the symmetric key (KS) for encoding the message, encodes KS with recipient’s public key and sends KS(m) and KB(KS). The recipient uses its private key to decrypt and recover KS and uses it to decode KS(m) and recover m. For authentication of the sender and integrity of the message the sender signs the message and sends it (open) along with the signature.
Pretty good privacy (PGP): encoding scheme e-mail. uses symmetric key encryption, public key cryptography, hash function and digital signature. Provides confidentiality, sender authentication and integrity.
Security Sockets Layer (SSL): works at the transport layer, provides security application IP / SSL, using in electronic commerce (https) server and client authenticates and encrypts data. (to authenticate the server includes the client public keys of CAs, requests data from the server uses the CA public key to extract the public key of the server).
Encrypted SSL session: Browser generates symmetric session key, encrypts with the public key, the server decrypts the session key with your private key, browser and server agree that future messages will be encrypted.
Safety: ability to transfer data between two entities than previously recognized, so that communication is visible only by the parties, where the transfer occurs without change in transit and that no party can file the notice.
Encryption: Authentication, access control, confidentiality, integrity, nonrepudiation, and availability.
Private key: key that only the owner can know.
Public key: key that everyone knows.
H – algorithm Asher
EA – asymmetric algorithm
C – Cryptogram
Da – asymmetric algorithm to decipher.
Propagation delay: travel time of the signal in the propagation medium, it depends on the transmission speed (bps), d = length of physical link, s = propagation speed in medium (~ 200000 km / s). propagation delay = d / s, few microseconds to hundreds of milliseconds.
Intensity of traffic: La / R, La = bandwidth and packet size L. La / R < 0 small delay. La / R < 1: delays become large and La / R >= 1: bit more than the capacity of the link, exponential growth of delay.
Subsystems structured cabling: desktop, secondary network, telecommunications room, the primary network, equipment room, lobby for telecommunications and cable interconnection outside.
Desktop: cabling between devices and wall outlets (one for each 10m2), each outlet must have access to data and voice cable length = 5m.
Secondary network: distribution system horizontal wire center where the blocks are installed in distribution and networking equipment, ended connector or socket interface to desktop and patch panel to the side of the wire center, maximum length of wire = 90m.
Primary Network: vertical cabling, connects the industry input to telecommunications equipment room, priority use of fiber optic, twisted pair cables are also used and are limited to 90m if you use fiber optic maximum length of 3000 m with intermediate frames for each 500.
Telecommunications room: designed according to TIA/EIA0569-A, connects the active work area, a room for each 1000m2
CROSS-CONNECTION deI 1N4TERCONNECTION Page 4
Room equipment: home appliances, transition between secondary and primary network through patch. Cables used: fiber optic single and multimode, UTP Category 5E and 6 cables ScTP and FTP Category 5E and 6, concentration of equipment servers, switches and remote administration.
Sector entry telecommunications: get cable out of the building, transition from external cables for the main network.
External interconnection wiring: wiring between buildings, fiber optic multimode step, gradual or single mode, maximum length of 2000m.
X.25: A set of protocols of the first three layers of the OSI model, physical channel can connect with up to 4095 virtual circuits, supports higher-level protocols such as the YCP / IP and SNA.Physical level: defines mechanical and electrical characteristics of the interface terminal and network. Level tables (link) down the line protocol, responsible for data exchange between terminal and network. Package level: defines how calls are established, maintained and terminated, is independent of the address used by the lower layers and can also provide flow control and sequencing.
Dedicated access protocols: X.25: dedicated access to terminals with synchronous interface with speeds between 9.6 Kbps and 2 Mbps. X.28 dedicated access to terminals with asynchronous interface and a top speed of 9.6 Kbps. SDLC: dedicated access IBM protocol with maximum speed of 256 Kbps.
Switched Access Protocol: X.28 dial-up terminals with asynchronous interface and speed of 9.6 Kbps.
Frame Relay: packets called frames or frames and each one has information of the destination, it uses the DLCI virtual circuits, no confirmation of delivery, represented by a cloud, has multiple virtual circuits on physical link, using multiple logical channels in a same access line (point multi point), is cheaper than a private line, available in 64 Kbps, 128 Kbps, 256 Kbps, 512 Kbps, 1024
Kbps and 2048 Kbps.
. Virtual Circuit: connection between different points configured with a certain band, circuit bidirectional virtual data that serves as a dedicated circuit, there are two types:
Permanent virtual circuits: permanent virtual circuit configured by the network operator changed route in case of failures and fixed ends.
Switched Virtual Circuit: switched virtual circuit, available automatically as demand or contingency rule (failure of the main entrance).
LMI: A protocol used by the router to communicate with the first frame relay switch in the cloud, only runs between the frame relay switch and the router, allows the dynamic creation of virtual circuits.
DLCI: Data Link Conection identifier, virtual circuit to the remote site, each DLCI identifies a number of CV on the link and can not be used as an address because it identifies the number of HP.
CIR: Guaranteed minimum rate of transfer, the higher the CIR selected for higher speed access to ensure traffic and link cost. CIR = 0 without guaranteed delivery of packages.
Protocol Frame Relay: using common structure and streamlined flags indicate the beginning and end of each frame, header: control information, with 10-bit DLCI is the address of the recipient PVC and has local significance to the port of origin. Frame Network Relay: consists of user equipment (workstations, servers, mainframes, etc..) access equipment (bridges, access routers, access devices – FRAD, etc.) and network equipment (switches, routers , transmission equipment E1 or T1, etc.). information sent via DLCI (recipient of the frame), if you have speech problems or congestion frame is dropped, does not perform error correction requires transmission circuits with low rate of errors and failures.
Frame Relay versus X.25: networking technologies long distance, oriented virtual circuits, the source telephony and can be used to carry IP datagrams (intelligence in the network).
IP vs X.25: X, 25 in order to deliver reliable and sequential (detection and recovery of errors by repetition). IP delivery end to end unreliable and non-sequential (intelligence is in the hosts).
ATM communication technology, high-speed data, linking local area networks, metropolitan and long distance voice, data, audio and video. Provides a means of asynchronous transmission through data networks with cell division (fixed length packets) that carries the address to determine, for networking equipment, its destination, the process uses packet switching and is sending information to different requirements for delay time, reliability and functionality. Composed of user equipment (workstations, servers, mainframe computers, PABX, etc..) Access equipment (bridges, access routers, hubs, switches) and network equipment (switches, routers, transmission equipment E1 or T1, etc.) is represented by a cloud as it is not a simple physical connection between two points, virtual connection with a particular band and the band allocates physical cell to cell when the transmission uses multiplexing and packet switching to a connection-oriented service in asynchronous mode, uses a fixed packet size, the cell has 48 bytes for the information and 5 for the header, each cell has addressing information that establishes a virtual connection between source and destination.
Advantages: dynamic bandwidth management, fixed cost of processing and low, includes various types of traffic (data, voice and video) guarantees bandwidth allocation and resources, high availability, supports multiple classes of service, pick-sensitive applications or not to delay and packet loss, applicable to both public and private networks can compose scalable, flexible and procedure of automatic crash recovery, it can interoperate with Frame Relay, TCP / IP, DSL, Gigabit Ethernet, wireless, SDH / Sonet.
Restrictions: other technologies, Fast Ethernet, Gigabit Ethernet and TCI / IP has been implemented using ATM interfaces were not well received in workstations and high-performance servers because of the cost of complexity. Telecommunications carriers use ATM in their backbone networks to save on media.
ATM – Virtual Connections: VPC: Virtual connection route between two devices or User access, collection of VPs configured to connect origin and destination. VCC: Virtual Channel connection between two devices or access User, collection of VCs to include origin and destination.
MPLS: Provides means for mapping IP addresses (done only once in the edge node) labels in simple, fixed-length used by different technologies and packet switching. Routing based on a label inserted in the packet header (address and does not bring is changed every switch). Avoid intense process of research data enabling the routers to decide the most appropriate way based on the labels. Advantages: faster processing of packets, giving priority to the labels, packages traverse the network through CVs (based VPNs), allows different levels of encryption and transport of multiple protocols because the packet payload is not examined by the router. The assignment of a package to a particular FEC is done only once in the RSI.
READ: MPLS node that connects an MPLS domain with a node outside the domain.
LSR: MPLS node receives the packet, extracts the label and use to discover, in the routing table, the output port and the new label, has only one algorithm may have one or several routing tables that are made using labels distributed using label distribuiton protocol, RSVP and routing protocols such as BGP and OSPF.
LSP (label switching path): In a MPLS transmission occurs in the label switched paths (LSP) are set before transmitting the data or the detection of a certain flow of data.
LDP (label distribuiton protocol): set of procedures by which the LSR LSR informs another of label associations / FEC. MPLS architecture concepts