NETWORKING I

- The most important characteristics in an electronic cable are the

following ones: impedance, attenuation, shielding and capacitance.

Could you describe them?

Impedance: The resistance to the movement of electrons in an AC

circuit. Its represented by the letter Z.Like resistance, its unit of

measurement is the ohm, represented by Omega.

Attenuation: refers to the resistance to the flow of electrons, and why a

signal becomes degraded(to fade away) as it travels along the conduit.

Its unit of measurement is the db/m.

Shielding: is normally specified as a cable construction detail.For

example Shielded twisted pair STP which contains four pair copper wires

and each pair is wrapped in metallic foil. The functions are to act as a

barrier between the internal or external signals (to reduce the EMI) and

to be part of the electrical circuit.

Capacitance: How much energy it is hold in the cable. Its represented by

the letter C and its unit of measurement is the picofarads pF

- Give a physical description of the following cables: twisted pair, coaxial

and optical fiber. Explain the role of each material.

Twisted pair: It consists of four pairs of thin, copper wires covered in

color-code plastic insulation that are twisted together.

The wire pairs are twisted for two reasons.

First, to provide protection against crosstalk, which is the noise

generated by adjacent pairs of wires. Two magnetic fields occur in

opposite directions and cancel each other out.

Second, network data is sent using two wires in a twisted pair. One

copy of the data is sent on each wire, and two copies are mirror images

of each other(differentials signals). If the two wires are twisted together,

noise seen on one wire is also seen on the other wire. When the data is

received, one copy is inverted, and the two signals are then compared.

In this manner the recover can filter out noise because the noise signals

cancel each other.

Coaxial cable, as show in Figure, consists of four parts:

-Copper conductor.

-Plastic Insulation.

-Braided copper shielding

-Outer jacket

At the center of the cable is a solid copper conductor. Surrounding that

conductor is a layer of flexible plastic insulation. A woven copper braid or

metallic foil is wrapped around the insulation. This layer acts as the

second wire in the cable. It also act as a shield for the inner conductor

and helps reduce the amount of outside interference. Covering this

shield is the outer cable jacket. The connector used on coaxial cable is

the BNC, short for British Naval Connector or Bayonet Neill Concelman,

connector.

Fiber-Optic cablle:Five parts typically make up each fiber-optic cable:

-The core

-The cladding

-A buffer

-A strengthening material

-An outer jacket

The core is the light transmission element at the center of the optical

fiber, and all the light signals travel through the core. This core is

typically glass made from a combination of silica and other elements.

Surrounding the core is the cladding, also made of silica but with a lower

index of refraction than the core. Light rays traveling through the fiber

core reflect off this core-to-cladding interface where the core and

cladding meet, which keeps light in the core as it travels down the fiber.

Surrounding the cladding is a buffer material, usually plastic, that helps

shield the core and cladding from damage.

The strengthening material surrounds the buffer, preventing the fiber

cable from being stretched when installers pull it. The material used is

often Kevlar, the same material used to produce bulletproof vests. The

final element, the outer jacket, surounds the cable to protect the fiber

against abrasions, solvents, and other contaminants. this outer jacket

composition can vary depending on the cable usage.

- What is the difference between UTP and STP? Any consequence?

The difference between UTP and STP is the shielding. The shielding

reduces unwanted electrical noise. This noise reduction provides a major

advantage of STP over unshielded cable. However, shielded cable is

more difficult to install than unshielded cable because the metallic

shielding needs to be grounded. If improperly installed, STP become

very susceptible to noise problems because an ungrounded shield acts

like an antenna, picking up unwanted signals. The insulation and

shielding considerably increase the size, weight, and cost of the cable.

Despite these disadvantages, shielded copper cable is still used as

networking media today, especially in Europe.

- When crimping RJ-45 UTP cables, how can you create straight-

through, crossover and loopback cables? Describe some situations in

which they are used.

Crossover cables provide a network connection between two similar

devices, such as computer to computer or switch to router. With

crossover cables you can connect 2 computers directly. It directly

connects two network devices of the same type to each other over

Ethernet. Ethernet crossover cables are commonly used when

temporarily networking two devices in situations where a network router,

switch or hub is not present. Crossover cables have the 1st and 3rd

wires crossed, and the 2nd and 6th wires crossed. Two devices in the same category use a crossover cable. As you can see as follows:

SWITCH PC (COMPUTER)

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

R+R-T+ T- T+ T-R+ R-

HUB ROUTERStraight cable Cat.1 &

Cat.2

SWITCH SWITCHCrossover cable (Cat.

1)

HUB HUBCrossover cable (Cat.

1)

SWITCH HUBCrossover cable (Cat.

1)

PC ROUTERCrossover cable (Cat.

2)

Loopback cable: A loopback cable redirects the output back into itself.

This effectively gives the NIC the impression that it is communicating on

a network, since its able to transmit and receive communications. You

must Redirect Pin 1 to Pin 3 and Pin 2 to Pin 6 to create Loopback

cable.

- What is the difference between single-mode and multimode fiber-optic

cable?

The part of an optical fiber through which light rays travel is called the

core of the fiber. Light rays cannot enter the core of an optical fiber at all

angles. The rays can enter the core only if their angle is inside the fiber's

numerical aperture: likewise, one the rays have entered the fiber's core,

a limited number of optical paths exist that a light ray can follow through

the fiber. These optical path are called modes. If the diameter of a fiver's

core is large enough so that many paths exist that light can take as it

passes through the fiber, the fiber is called multimode fiber. Single-mode

fiber has a much smaller core that allows light rays to travel along only

one path(one mode) inside the fiber.

- Describe the basic types of networks as far as their size is concerned:

PAN, LAN, CAN, MAN and WAN. Give some examples.

LAN or local area network is a group of interconnected devices that is

under the same administrative control. It is a network which covers a

small physical area. All local networks within a LAN are under one

administrative control group that governs the security and access control

policies. LANs allow users to have common access to data and

equipment such as printers.

WAN or Wide-area networks are networks that connect LANs in

geographically separated locations. It is a network which covers a wider

area, in which machines are usually connected via telephone lines or

radio. A WAN can be as small as two LANs which are connected, or as

big as the Internet. The Internet is a large WAN that is composed of

millions of interconnected LANs. Telecommunications service providers

(TSP) are used to interconnect these LANs at different locations.

MAN or metropolitan area network is a computer network that usually

spans a city or a large campus. A MAN usually interconnects a number

of local area networks (LANs) using a high-capacity backbone

technology, such as fiber-optical links. A MAN typically covers an area of

between 5 and 50 km diameter.

PAN: Personal Area Network (Ex: Bluetooth)

CAN: Campus Area Network (Ex: Hospitals, Universities, etc)

- Compare simplex, half-duplex and full-duplex transmissions.

Simplex: The capability of transmission is only one direction between a

sending station and a receiving station. Broadcast television is an

example of a simplex technology.

half-duplex: A capability for data transmission in only one direction at a

time between a sending station and receiving station.

full-duplex: The capability for simultaneous data transmission between a

sending station and receiving station.

- Data are delivered by means of packets in a network. Provide a

technical description of "packet".

A logical grouping of information that includes a header containing

control information and (usually) user data. Packets most often refer to

network layer units of data. The terms datagram, frame, message, and

segment also describe logical information groupings at various layers of

the OSI reference model and in various technology circles.

- Describe the OSI model.

A network architectural model developed by the ISO. This model

consists of seven layers, each of which specifies particular network

functions, such as addressing, flow control, error control, encapsulation,

and reliable message transfer.

The following sections briefly describe each layer in the OSI

reference model:

Layer 7. The Application Layer. Is the layer that is closest to the user. It

provides network services to the user's applications.

Layer 6. The Presentation Layer. Ensures that the information that the

application layer of one system sends out can be read by the application

layer of another system. If necessary, the presentation layer translates

among multiple data formats by using a common format. One of the

more important tasks of this layer is encryption and decryption.

Layer 5. The Session Layer. As its name implies, the session layer

establishes, manages, and terminates sessions between two

communicating hosts. The session layer provides its services to the

presentation layer. It also synchronizes dialogue between the two host's

presentations layers and manages their data exchange.

Layer 4: The Transport Layer: This layer is responsible for reliable

network communication between en nodes. The transport layer provides

mechanisms to establish, maintain, and terminate virtual circuits,

transport fault detection and recovery, and information flow control.

Layer 3: The Network Layer: This layer provides connectivity and path

selection between two ends systems. The network layer is the layer at

which routing occurs.

Layer 2:The Data Link Layer: This layer provides reliable transit of data

across a physical link. In so doing, the data link layer is concerned with

physical(as opposed to logical) addressing, network topology, network

access, error notification, ordered delivery of frames, and flow control.

Layer 1: Physical Layer: The physical layer defines the electrical,

mechanical, procedural, and functional specifications for activating,

maintaining, and deactivating the physical link between the systems.

- Describe the following application protocols in TCP/IP: SMTP, POP3,

IMAP4, FTP, HTTP, HTTPS and DNS.

SMTP: Simple mail transfer Protocol. The SMTP protocol transport e-

mail messages in ASCII format using TCP. When a mail server receives

a message destined for a local client, it stores that message and waits

for the client to collect the mail. Mail clients can collect their mail in

several ways:

They can use programs that access the mail servers files directly

or can use one of many network protocols. The most popular mail client

protocols are Post Office Protocol Version 3(POP3) and Internet

Messaging Access Protocol version 4 (IMAP4)

POP3: Post Office Protocol Version 3, which uses TCP port 110, is a

mail protocol that is responsible for holding e-mail until delivery. When a

SMTP servers sends an e-mail message to a POP3 server, POP3 holds

on to the message until a user makes a request to have the data

delivered. Thus, POP3 transfers mail files from a mail server to a mail

client.

IMAP4: Internet Message Access Protocol Version 4 allows a client to

access and manipulate electronic mail messages on a server. IMAP4

permits manipulation remote message folders, called mailboxes, in a

way that functionally equivalent to local mailboxes

FTP: is a fast connection-oriented, error free protocol that uses TCP

ports 20 and 21. FTP allows data to be transferred between servers and

clients. For FTP to connect to a remote server, IP address or host name

must be provided. FTP must be capable of resolving IP addresses to

host names to establish a connection.

HTTP: which uses TCP port 80, allows clients to transfer documents that

are written in Hypertext Markup Language(HTML) over the World Wide

Web for display by a browser. It's the universal display language of the

Internet.

HTTPS: Another protocol for transmitting data securely over the World

Wide Web, which is designed to transmit individual messages securely.

Technically, it is not a protocol in and of itself; rather, it is the result of

simply layering the Hypertext Transfer Protocol (HTTP) on top of the

SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to

standard HTTP communications.

DNS: is a name-resolution service that resolves (associates) host names

to IP addresses. DNS keeps a record of IP addresses and host names in

a process called a domain. DNS provides services along hierarchical

chain, with a database design that is similar to a file tree structure. DNS

also services requests for host names that cannot be resolved locally.

Large inter-networks have several levels os DNS servers to provide

efficient name resolutions.

- Compare the two main transport protocols (i.e. TCP and UDP).

An advantage that UDP has over TCP is that, because it does not

concentrate on establishing a connection, it can transmit more

information in a smaller amount of time than TCP. TCP is useful for

transmitting large amounts of data reliably, but with the penalty of large

ACK overhead consuming bandwidth. UDP is useful for transmitting

small amounts of data when reliability is less crucial, UDP lacks the

overhead caused by ACKs.

- Describe the following Internet protocols: ARP, RARP, ICMP and IGMP.

ARP: Determines de data link layer addresses for known IP addresses.

ARP is used to bind(associate) the physical (MAC) addresses with

a specific logical (IP) address. When the data packet is sent to a

particular destination, ARP matches the addressing information against

the ARP cache for the appropriate MAC address. If no matches are

made, ARP sends a broadcast message on the network looking for the

particular destination. A host responds with the correct address and

sends a reply to ARP.

RARP: (Reverse address Resolution Protocol)Determines de network

addresses when data link layer addresses are known. A protocol in TCP/

IP stack that provides a method for finding IP addresses based on MAC

addresses.

ICMP: Internet Control Message Protocol is a network layer protocol that

reports error. When datagram delivery errors occur, ICMP reports these

errors to the sender of the datagram. ICMP does not correct the

encountered network problem.

IGMP:The Internet Group Management Protocol (IGMP) is a

communications protocol used by hosts and adjacent routers on IP

networks to establish multicast group memberships.

- Compare the role and format of IP addresses and MAC addresses.

Although IP works in a network layer and MAC works in a physical layer

the role is the same. Identify every device that connects to a network or

LAN. The IP addresses are controlled by the AIANA(for instance in

Spain) and the MAC addresses are controlled by the IEEE.The first

known as a software address and the last as a hardware address or

physical address.

The IP addresses are 4 bytes long and the MAC addresses are 6 bytes

long.

- How and why can you ping an IP address?

To ping you have to run this application and It send ICMP echo message

and wait for its reply.Often used in IP networks to test the reachability of

a network device.

- Are there reserved IP addresses within a given network? Which ones?

What for?

Certain addresses are reserved and cannot be assigned to devices on a

network. These reserved host addresses include the following:

Network addresses are used to identify the network itself for instance

198.150.11.0

The broadcast address is used to broadcast packets to all the devices

on a network.

- Compare subnet mask classes A, B and C. How do they relate with IP

addresses?

To accommodate different-sized networks and to aid in classifying them,

IP addresses are divided into groupings called classes. Each complete

32-bit IP address is broken into a network part and host part. A bit or bit

sequence at the start of each address determines the class of the

address.

Class A use the first byte for the network.

Class B use the first and the second byte for the network.

Class C use the first, second and third byte for the network.

- Describe in detail how TCP communication occurs: TCP 3-Way

Handshake & TCP Windowing.

HANDSHAKE:Establishing a normal TCP connection requires three

separate steps:

1. The first host (Alice) sends the second host (Bob) a

"synchronize" (SYN) message with its own sequence number ,

which Bob receives.

2. Bob replies with a synchronize-acknowledgment (SYN-ACK)

message with its own sequence number and acknowledgement

number , which Alice receives.

3. Alice repl ies with an acknowledgment message with

acknowledgement number , which Bob receives, and doesn't need

to reply to.

In this setup, the synchronize messages, act as service requests from

one server to the other, while the acknowledgement messages return to

the requesting server to let it know the message was received.

One of the most important factors of three-way handshake is that to

exchange the starting sequence number the two sides plan to use. The

client first sends a segment with its own initial sequence number , then

the server responds by sending a segment with its own sequence

number and the acknowledgement number , and finally the client

responds by sending a segment with acknowledgement number .

The reason for the client and server not using the default sequence

number such as 0 for establishing connection is to protect against two

incarnations of the same connection reusing the same sequence number

too soon, which means a segment from an earlier incarnation of a

connection might interfere with a later incarnation of the connection.

WINDOWING:The number of data packets that the sender is allowed to

have outstanding without having received an acknowledgment is know

as the window. Windowing refers to the fact that the window size is

negotiated dynamically during the TCP session. Windowing is a flow-

control mechanism requiring that the source device receive an

acknowledgment from the destination after transmitting a certain amount

of data.

- Describe the main physical topologies (e.g. bus, star, ring and mesh)

according to parameters such as cost, set-up, scalability, maintenance

and performance.

BUS: Common called a linear bus, a bus topology connects all the

devices using a single cable. The main cable segment must end with a

terminator that absorbs the signal when it reaches the end of the line or

wire. If there in no terminator, the electrical signal representing the data

bounces back at the end of the wire, causing errors in the network.

STAR: Is made up of a central connection point that is a device such as

hub, switch, or router,where all the cabling segments meet. Although a

physical star topology costs more to implement that the physical bus

topology, the advantages of a star topology make it worth the additional

cost. Because each host is connected to the central device with its own

cable, when the cable has a problem, only that host is affected but if a

central device fails, the whole network becomes disconnected.

RING: A topology in which host are connected in the form of a ring or

circle. Unlike the physical bus topology, the ring topology has no

beginning or end that needs to be terminated.

MESH:Connects all devices(nodes) to each other for redundancy and

fault tolerance. The advantage is that every node is connected physically

to every other node, which creates a redundant connection. If any link

fails, information can flow through many other links to reach its

destination. The primary disadvantage is that for anything more than a

small number of nodes, the amount of media for the links and the

number of the connections on the lines becomes overwhelming.

Implementing a full.mesh topology is expensive and difficult.

- Explain how communication takes place between two computers within

an Ethernet network. Remember that Ethernet uses CSMA/CD (Carrier

Sense Multiple Access with Collision Detection).

A media-acces mechanism wherein devices ready to transmit data first

check the channel for a carrier. If no carrier is sensed for specific period

of time, a device can transmit. If two devices transmit once, a collision

occurs and is detected by all colliding devices. This collision

subsequently delays retransmissions from those devices for some

random length of time.The retransmission delay when a collision occurs i

the backoff.

- Explain how communication takes place between two computers in a

Token Ring network.

In a token ring network individual host are arranged in a ring. A special

data token circulates around the ring. When a host wants to transmit, it

seizes the token, transmits the data for a limited time, and then places

the token back in the ring, where it can be passed along, or seized, by

another host.

- How do hubs work?

Is a common connection point for devices in a network. Hubs commonly

connect segments of a LAN. A Hub contains multiple ports. When a

packet arrives at one port, it copied to the other ports so that all the

segments of the LAN can see all the packets.

- How do switches work? Describe some core functions such as

learning, flooding, filtering, forwarding and aging.

Switch is a device that connects LAN segments, uses a table of MAC

addresses to determinate on which a frame needs to be transmitted, and

reduces traffic. Similar to bridges, switches forward and flood traffic

based on MAC addresses.Because switching is performed in hardware,

it is significantly faster than the switching function performed by a bridge

using software. Think of each switch port as a micro bridge. Each switch

port acts as a separate bridge and gives each host the medium's flu

bandwidth.This process is called micro segmentation(allows the creation

of private or dedicate segments). However, as with a bridge, a switch

forwards a broadcast message to all the segments on the switch. All

segments in a switched environment are therefor considered to be in the

same broad cast domain.

- Describe the difference between static and dynamic routing.

The process to finding a path to destination host is routing. Static

routing allows routers to properly route a packet from network to network

based on manually configured information.Dynamic routing adjusts

automatically to network topology or traffic changes. Also called adaptive

routing.

Static route knowledge is administered manually by a network

administrator who enters it into a router's configuration. The

administrator must update these static route entry annually whenever an

internetwork topology change requires an update. Dynamic route

knowledge works differently. After a network administrator enters

configuration commands to start dynamic routing, the route knowledge

automatically is updated by a routing process whenever new information

is received from the internetwork. Changes in dynamic know ledge are

exchanged between routers as part of the update process.

- How does RIP work?

Routing Information Protocol uses hop count to determinate the direction

and distance to any link in the internetwork.If there are multiple paths to

a destination, RIP selects the path with the fewest hops. However,

because hop count is the only routing metric RIP uses, it does not

necessarily select the fastest path to a destination.RIP-1 uses only

classful routing. This means that all devices in the network must use the

same subnet mask, because RIP-1 does not include the subnet

information with the routing update.

RIP-2 provides what is called prefix routing and sends subnet mask

information with the route updates. This supports the use of classless

routing. With classless routing protocols, different subnets within the

same network can have different subnet masks. The use of different

subnet masks within the same network is called variable-length subnet

masking(VLSM).

- Explain how the name resolution process works in DNS.

If a local DNS server is capable of translating a domain name into its

associated IP address, it does so and returns the result to the client. If it

cannot translate the address, it passes the request up to the next higher-

level DNS server on the system, which then tries to translate the

address. If the DNS server at this level is capable of translating a

domain name into its associated IP address, it does so and returns the

result to the client. If not, it sends the request to the next higher level.

This process repeats itself until the domain name has been translated or

until the top-level DNS server has been reached. If the domain name

cannot be found on the top-level DNS server, it is considered to be an

error and the corresponding error message is returned.

- State some advantages and disadvantages between these two types of

wireless data transmission media: infrared and radio-frequency.

The radio spectrum is the part of the electromagnetic spectrum used to

transmit voice, video, and data. It uses frequencies from 3 kilohertz to

300 gigahertz. Each type of wireless data communication has its

advantages and drawbacks, as follows:

Infrared(IR):Very high data rates and lower cost, but very short distance.

Narrowband: Low data rates and medium cost. Requires a license and

covers a limited distance.

Spread Spectrum: Medium cost and high data rates. Limited to campus

coverage.

- Explain how communication takes place between two computers with

the CSMA/CA standard in wireless networks?

A carrier sensing is used,but nodes attempt to avoid collisions by

transmitting only when the channel is sensed to be "idle".

- Compare 802.11 standards (a, b and g) according to their frequency,

channels and data rate.

Like 802.11a, 802.11g uses Orthogonal Frequency Division Multiplexing

and supports 54 Mbps. However, 802.11g is not compatible with

802.11a. for one thing, 802.11g uses 2.4GHz, whereas 802.11a uses 5

GHz. On the other hand, 802.11g is backwards compatible with 802.11b.

To support 802.11b, 802.11g also supports the complementary code

keying(CCK) technique used in 802.11b.

- Compare the two most important wireless network modes.

Ad-hoc ModeAd-Hoc mode is sometimes called peer to peer mode, which each

wireless node in direct contact with

each other node in a decentralized free for all. This is suited for wireless

networks use in small groups.

Infrastructure Mode

Wireless networks running in infrastructure mode use one or more WAPs

to connect the wireless network nodes to a wired network segment, as

shown above. A single WAP servicing a given area is called a Basic

Service Set (BSS). This service area can be extended by adding more

WAPs. This is called, appropriately, an Extended basic Service Set

(EBSS).

Wireless networks running in infrastructure mode require more planning

and are more complicated to configure than ad-hoc mode networks, but

they also give you finer control over how the networks operates.

Infrastructure mode is better suited to business networks or networks

that need to share dedicated resources like Internet connections and

centralized databases. If you plan setting up a wireless network for a

large number of PCs, or need to have centralized control over the

wireless network, then infrastructure mode is what you need.

- Describe the step-by-step process to configure a WAP as an extension

point.

Connect the computer to one of the four LAN ports on your router.

Open a web browser, type "192.168.2.1" in the address bar and press

Enter on your keyboard.

Click Login in the upper right corner.

The router does not ship with a password, so just click Submit.Click Use as Access Point on the left side of the page.

Select Enable. This will give you the options to set the IP Address and

Subnet mask for the router. These settings should match your existing

network settings. By default, the IP address will be set to 192.168.2.254

and the Subnet mask will be 255.255.255.0

Some of the older router models have a different setup procedure:1. Click LAN settings.

2. When the LAN settings page opens, you need to make two changes.

First, change the IP Address to something such as 192.168.2.47 or you

can use 192.168.2.200. As long as the first three sets of numbers match

your existing network, you will be fine.

3. Secondly, you need to turn off the DHCP server.

4. When finished, click Apply Changes.

Congratulations! You've now set up your router as an access point.

- Compare the two types of authentication in wireless security: PSK and

RADIUS.

Remote Authentication Dial-in User Service RADIUS is the better option

provided secure (ie long) passwords / passphrases are used and a

sensible lock out policy is in place.

The main reason for this is that for RADIUS, you need to interact with an

authentication service to test a password, and so once you are locked

out, that is the end of your attempt to breach.

With PSK, all you need to do is capture enough handshakes that you

can take offline and bruteforce it. In other words, the bruteforcing of a

PSK is done without any interaction with the AP once the requisite

handshakes are captured, and so are undetectable. You would be totally

unaware of it. Combine this with the difficulty in changing a PSK and

rolling out a new one.

- Give a technical description of a "piconet" in Bluetooth.

A collection of devices connected via Bluetooth technology in an ad hoc

fashion. A piconet starts with two connected devices, and may grow to

eight connected devices. Bluetooth communication always designates

one of the Bluetooth devices as a main controlling unit or master unit.

Other devices that follow the master unit are slave units. This allows the

Bluetooth system to be non-contention based (no collisions). This means

that after a Bluetooth device has been added to the piconet, each device

is assigned a specific time period to transmit and they do not collide or

overlap with other units operating within the same piconet.

Piconet range varies according to the class of the Bluetooth device. Data

transfer rates vary between about 200 and 2100 kilobits per second.

Because the Bluetooth system hops over 79 channels, the probability of

interfering with another Bluetooth system is less than 1.5%. This allows

several Bluetooth Piconets to operate in the same area at the same time

with minimal interference.

- The main problem with radio-frequency connections is interference.

Bluetooth uses a technique called Frequency Hopping Spread-Spectrum

(FHSS) to avoid this problem. Describe this technique.

Transmissions hop from one frequency to another in random patterns.

This technique enables the transmissions to hop around narrowband

interference, resulting in a a clearer signal and higher reliability of the

transmission. However this technology is slower, and the receiver must

use the same pattern to decode.

- ISDN uses the same UTP wiring as POTS, yet it can transmit data at

much higher speeds. How?

Integrates Services Digital Network Using digital signals instead of

analog signals.

- What is the main problem for users of cable Internet?

This broadband service shares bandwidth between telephone and

Internet of all customers of an area or neighbors are connected at the

same demark. The data transfer is reduced as the users join to the

service.

The opposite is the ADSL service that it doesn’t share the bandwidth with

the others.

NETWORKING II- Describe the “Caesar cipher” formula when encrypting the plaintext

“SECRET” when the key is 10.

is one of the simplest and most widely known encryption techniques. It is

a type of substitution cipher in which each letter in the plaintext is

replaced by a letter some fixed number of positions down the alphabet.

For example, with a left shift of 3, D would be replaced by A, E would

become B, and so on. The method is named after Julius Caesar, who

used it in his private correspondence.

The encryption can also be represented using modular arithmetic by first

transforming the letters into numbers, according to the scheme, A = 0, B

= 1,..., Z = 25. Encryption of a letter by a shift n can be described

mathematically

E(x)=(x+n)

Decryption is performed similarly,

D(x)=(x-n)

- What is an attack? Describe the “brute force” attack.

In computer and computer networks an attack is any attempt to destroy,

expose, alter, disable, steal or gain unauthorized access to or make

unauthorized use of an asset.[1]

brute force:

It consists of systematically checking all possible keys until the correct

key is found.

- What do you mean by “block cipher”?

In cryptography, a block cipher is a deterministic algorithm operating on

fixed-length groups of bits, called blocks, with an unvarying

transformation that is specified by a symmetric key. Block ciphers are

important elementary components in the design of many cryptographic

protocols, and are widely used to implement encryption of bulk data.

In computer science, a deterministic algorithm is an algorithm which,

given a particular input, will always produce the same output, with the

underlying machine always passing through the same sequence of

states.

- How do symmetric-key and public-key systems work?

two separate keys, one of which is secret and one of which is public.

Although different, the two parts of the key pair are mathematically

linked. One key locks or encrypts the plaintext, and the other unlocks or

decrypts the ciphertext. Neither key can perform both functions by itself.

The public key may be published without compromising security, while

the private key must not be revealed to anyone not authorized to read

the messages.

Public-key cryptography uses asymmetric key algorithms and can also

be referred to by the more generic term "asymmetric key cryptography."

The algorithms used for public key cryptography are based on

mathematical relationships (the most notable ones being the integer

factorization and discrete logarithm problems) that presumably have no

efficient solution. Although it is computationally easy for the intended

recipient to generate the public and private keys, to decrypt the message

using the private key, and easy for the sender to encrypt the message

using the public key, it is extremely difficult (or effectively impossible) for

anyone to derive the private key, based only on their knowledge of the

public key. This is why, unlike symmetric key algorithms, a public key

algorithm does not require a secure initial exchange of one (or more)

secret keys between the sender and receiver. The use of these

algorithms also allows the authenticity of a message to be checked by

creating a digital signature of the message using the private key, which

can then be verified by using the public key. In practice, only a hash of

the message is typically encrypted for signature verification purposes.

Hash encoding, or hashing, ensures that messages are not corrupted

or tampered with dur- ing transmission. Hashing uses a mathematical

function to create a numeric value that is unique to the data. If even one

character is changed, the function output, called the message digest, will

not be the same. However, the function is one-way. Knowing the

message digest does not allow an attacker to re-create the message.

This makes it difficult for someone to

intercept and change messages. Figure 16-4 illustrates the hash-

encoding process. The names of the most popular hashing algorithms

are SHA and MD5.

- Compare advantages and disadvantages between symmetric-key and

public-key encryptions (e.g. security, speed and number of keys).

Advantages and disadvantages:

Security: It is more secure the asymmetric-key because the private key

is never sent across the network. It is less secure the public key because

the key is sent across the network and the hacker can intercept the key

and decrypt the information.

Speed: Symmetric encryption it is faster because it uses simpler

operations, such as XOR, on smaller numbers (64 or 128 bits).

Asymmetric encryption usually uses complex mathematical operations,

such as power and modulus, on very large numbers (2048 bits). These

operations take time.

Number of keys: In case that it is uses symmetric key, for a group of N

people using a secret-key cryptosystem, it is necessary to distribute a

number of keys equal to:

In case that it is uses asymmetric key, for a group of N people using a

secret-key cryptosystem, it is necessary to distribute a number of keys

equal to: 2*N

- What is a digital signature? How is it created?

A digital signature is a mathematical scheme for demonstrating the

authenticity of a digital message or document.

A digital signature scheme typically consists of three algorithms:

• A key generation algorithm that selects a private key uniformly at

random from a set of possible private keys. The algorithm outputs

the private key and a corresponding public key.

• A signing algorithm that, given a message and a private key,

produces a signature.

• A signature verifying algorithm that, given a message, public key

and a signature, either accepts or rejects the message's claim to

authenticity.

Two main properties are required. First, a signature generated from a

fixed message and fixed private key should verify the authenticity of that

message by using the corresponding public key. Secondly, it should be

computationally infeasible to generate a valid signature for a party

without knowing that party's private key.

- Describe the characteristics of hash functions.

A hash function is any algorithm or subroutine that maps data sets of

variable length to data sets of a fixed length. For example, a person's

name, having a variable length, could be hashed to a single integer. The

values returned by a hash function are called hash values, hash codes,

hash sums, checksums or simply hashes.

- Explain how SSL uses symmetric and asymmetric encryption together

with a digital certificate.

How SSL worksSSL uses both symmetric and asymmetric encryption algorithms.

Symmetric algorithms use the same key to encrypt and decrypt data.

They are faster than asymmetric algorithms but can be insecure.

Asymmetric algorithms use a pair of keys. Data encrypted using one key

can only be decrypted using the other. Typically, one of the keys is kept

private while the other is made public. Because one key is always kept

private, asymmetric algorithms are generally secure; however, they are

much slower than symmetric algorithms. To reap the benefits of both

algorithms, SSL encapsulates a symmetric key that is randomly selected

each time inside a message that is encrypted with an asymmetric

algorithm. After both the client and server possess the symmetric key,

the symmetric key is used instead of the asymmetric ones.

When server authentication is requested, SSL uses the following

process:

1. To request a secure page, the client uses HTTPS.

2. The server sends the client its public key and certificate.

3. The client checks that the certificate was issued by a trusted party

(usually a trusted Certificate Authority) that the certificate is still

valid, and that the certificate is related to the contacted site.

4. The client uses the public key to encrypt a random symmetric

encryption key and sends it to the server, along with the encrypted

URL required and other encrypted HTTP data.

5. The server decrypts the symmetric encryption key using its private

key and uses the symmetric key to decrypt the URL and HTTP

data.

6. The server sends back the requested HTML document and HTTP

data that are encrypted with the symmetric key.

7. The client decrypts the HTTP data and HTML document using the

symmetric key and displays the information.

- Give examples of telephone scams and hoaxes.

The attacker makes a phone call to someone in the organization to gain

information. The attacker attempts to come across as someone inside

the organization and uses this to get the desired information. Probably

the most famous of these scams is the “I forgot my user name and

password” scam

hoaxes -> chains mails

- How does phishing work?

Is the act of trying to get people to give their usernames, passwords, or

other security information by pretending to be someone else

electronically. A classic example is when a bad guy sends you an e-mail

that’s supposed to be from your local credit card company asking you to

send them your username and password. Phishing is by far the most

common form of social engineering done today.

- Describe the following types of network attacks: sniffing, port scanning

and spoofing.

Sniffing: intercept and log traffic passing over a digital network or part of

a network.

captures each packet and, if needed, decodes the packet's raw data,

showing the values of various fields in the packet, and analyzes its

content

port scanning: sends client requests to a range of server port

addresses on a host, with the goal of finding an active port and exploiting

a known vulnerability of that service

spoofing: is email activity in which the sender address and other parts

of the email header are altered to appear as though the email originated

from a different source.

- Explain Denial of Service (DoS) attacks.

is an attempt to make a machine or network resource unavailable to its

intended users.

One common method of attack involves saturating the target machine

with external communications requests, so much so that it cannot

respond to legitimate traffic, or responds so slowly as to be rendered

essentially unavailable

- Compare the following malware: virus, worm and Trojan.

Virus: a computer virusis a piece of malicious software that gets passed

from computer to

computer. A computer virus is designed to attach itself to a program on

your computer. It could be our e-mail program, your word processor, or

even a game. Whenever you use the infected program, the virus goes

into action and does whatever it was designed to do. It can wipe out your

e-mail or even erase our entire hard drive! Viruses are also sometimes

used to steal information or send spam e-mails to veryone in your

address book.

Worm: is a complete program that travels from machine to machine,

usually through computer etworks. Most worms are designed to take

advantage of security problems in operating systems and nstall

hemselves on vulnerable machines. They can copy themselves over and

over again on infected networks nd can create so much activity that they

overload the network by consuming bandwidth, in worst cases ven

bringing chunks of the entire Internet to a halt

Trojan: freestanding programs that do something other than what the

person who runs the program thinks they will

- Describe a Demilitarized Zone (DMZ).

Is a physical or logical subnetwork that contains and exposes an

organization's external- facing services to a larger untrusted network,

usually the Internet. The purpose of a DMZ is to add an additional layer

of security to an organization's local area network (LAN); an external

attacker only has access to equipment in the DMZ, rather than any other

part of the network.

- What are packet-filtering firewalls? Describe some advantages and

limitations.

A set of rules that allow or deny traffic based on criteria such as IP

addresses, protocols, or ports used

- What are stateful firewalls? Describe some advantages and limitations.

Firewall that keeps track of the state of network connections traveling

through the firewall. Packets that are not part of a known connection are

not allowed back through the firewall.

- What are proxy firewalls? Describe some advantages and limitations.

A firewall that inspects all traffic and allows or denies packets based on

configured rules. A proxy acts as a gateway that protects computers

inside the network