Windows LiveWindows Live
 
 
Roger's profileIT CoachPhotosBlogListsMore Tools Help

IT Coach

Provided by Solioz IT Solutions

SkyDrive
Public folders

Blog
December 04

Chapter 7: Telecommunications and Network Security (Part V)

Wireless protocols uses CSMA/CA (avoid collisions). The available frequency is split in frequency ranges, or spectrums. Spread spectrum means someone is distributing signals over allocated frequencies (like a parallel sending of data):

  • Frequency Hopping Spread Spectrum (FHSS): uses total amount of bandwidth and split in smaller channels. Each channel is used in a sequence (hop)
  • Direct Sequence Spread Spectrum (DSSS): uses sub-bit to the message, the sender re-assemble the sub-bits (chips) in a sequence called chipping code. It has higher data throughput than FHSS and has error detection. 802.11 started with FHSS (1-2 Mbps), 802.11b uses DSSS (11 Mbps)
  • Orthogonal Frequency Division Multiplexing (OFDM) compacts multiple carriers together where signals modulation are perpendicular, avoiding interference

The system connecting to a LAN with a cable and using a transceiver is an Access Point (AP). When Stand-alone it works just as hub without link to a LAN. Devices and APs communicate over a channel, uses a SSID (Service Set ID), it is Infrastructure mode. Ad-hoc WLAN have no APs, devices connect directly together.

Wireless authentication is made in OSA (Open System Authentication) the device requires no key, authentication is send in cleartext or SKA (Shared Key Authentication) the device needs to have the correct key, it uses the WEP (Wired Equivalent Privacy) which has a lot of defficiency.

Wireless standards are:

  • 802.11 in 2.4GHz range, 1-2 Mbps
  • 802.11b uses DSSS, 11 Mbps
  • 802.11a uses OFDM in 5GHz range (ok for USA but not for every country), 54 Mbps, is not compatible with older protocols, so is not very used
  • 802.11e implements QoS
  • 802.11f implements Roaming between APs
  • 802.11g, 54 Mbps on the 2.4GHz
  • 802.11h is an implementation of 802.11a for Europe
  • 802.11i, uses EAP, AES, Temporal Key Integrity Protocol (TKIP), Message Integrity Code (MIC), CCM Protocol (CCMP)
    • 802.1X is a port-based network access control. User can not make a full connection until it his properly authenticated (it's user authentication, not device authentication like in WEP). The device will not receive DHCP, HTTP, SMTP before it is properly authenticated to the authentication server. EAP allows also mutual authentication
  • 802.11j tries to bring countries standards together
  • 802.11n, 100 Mbps at 5 GHz
  • 802.16 is broadband WLAN for MAN
  • 802.15 is Personal WLAN (PWLAN) to connect devices with each other (headset...)
    • Bluetooth is a portion of 802.15, 1-3 Mbps up to 10m, in 2.4GHz range. Bluejacking is attack against bluetooth

WEP main deficiencies are poor authentication, use of static encryption keys and the possibility to change frame values without detecting it.

The WAP protocol stack (Wireless Application Protocol) was built to allow wireless devices with limited power to communicate and share applications. It uses XML: WML (Wireless Markup Language), it's own transport security: WTLS (Wireless Transport Layer Security) is analog to TLS. The gap in the WAP is because decryption is done at the ISP.

i-Mode is also used for wireless transmission but is dedicated to entertainment. It works with Compact HTML (cHTML).

Cellular phone cloning happens by duplicating the SIM card. Encryption is used in the wireless part of transmission, but when transmitted in wired part it is no more encrypted. Cell phones and PDAs will be more and more victims of attacks and viruses. Cell phone firewall can be used.

War driving is moving with proper device for detecting APs and breaking into them (Kismet and NetStumbler are Software for this). Airsnard, Airsnort and WEP-Crack can crack WEP.

Recommendations:

  • Enable WEP or other encryption
  • Change default SSID
  • Disable broadcast SSID
  • Implement other authentication layer (RADIUS, Kerberos)
  • Put APs in the center of the building
  • Put APs in a DMZ
  • Implement VPN
  • Allow only known MAC address
  • Disable DHCP and assign static IP
  • Make penetration tests
  • Follow 802.11i

Satellite communication can be used, the user must be in the footprint of the satellite. It is combined with a regular modem line, so data can be also sent to the Internet (Satellite is normally one way communication).

Cell phone technologies:

  • 1G analog, voice
  • 2G voice, low speed data
  • 2.5G higher bandwidth
  • 3G integration of voice and data, packet-switching

Rootkits are software suites for hackers once they are in a place: backdoor software, covering attacker's traces, trojan programs replacing original programs like ipconfig, replaces the kernel sometimes.

Spyware are utilities that tracks users activity, mainly on the Internet and capture passwords or install backdoors. Adware are less dangerous and just tracks the habits. Antivirus programs incorporate anti spyware today.

Instant Messaging (IM) (AOL, Messenger, ICQ...) has many security issues (no encryption, file transfer, execution of programs and scripts, buffer overflow. A company should:

  • Specify IM restrictions in it's policy
  • Implement Firewall on each PC
  • Block IM traffic
  • Upgrade IM Software
  • Incorporat IM Servers
11:41 AM | Add a comment | Permalink | Blog it | CISSP

Chapter 7: Telecommunications and Network Security (Part IV)

Wide Area Networks (WAN) are used for long distance communications.

Multiplexing is the technology of combining multiple communication channels on a single path.

Telecommunication evolution:

  • Copper line = analog signal
  • T1 line = 24 conversations (1.544 Mbps)
  • T3 line = 28 T1 (44.736 Mbps)
  • Fiber-optics and SONET (50 Mbps)
  • ATM over SONET

Optical Carrier (OC) lines:

  • OC-1 = 51.84 Mbps
  • OC-2 = 155.52 Mbps
  • OC-3 = 622.08 Mbps

Europe uses SDH (Synchronous Digital Hierarchy) instead of SONET:

  • E1 = 2.048 Mbps
  • E3 = 34.368 Mbps

A dedicated link or leased line or point-to-point link is single pre-established link for a WAN communication. T-Carriers are dedicated links using PCM (Pulse Code Modulation) and TDM (Time Division Multiplexing):

  • T1 = 24 voice channels (0.064 Mbps)
  • T2 = 96 voice channels (1.544 Mbps)
  • T3 = 672 voice channels (6.312 Mbps)
  • T4 = 4032 voice channels (274.760 Mbps)

Other multiplexing technologies are STDM (Statistical Time Division Multiplexing) and Frequency Division Multiplexing.

WAN technologies are:

  • CSU/DSU (Channel Service Unit / Data Service Unit): is used to connect LAN to WAN over telephone lines.
  • Circuit switching (ISDN): a channel is set up on demand and remains as long as the communication take place
  • Packet switching (Internet, X.25, Frame Relay): offers multiple paths to the destination, each packet going it's own way
  • Frame Relay uses packet switching at data link layer. Companies pay for a bandwidth: CIR (Commited Information Rate). It has a DTE (Data Terminal Equipment) to connect to the company and a DCE (Data Circuit-Terminating Equipment) to connect to the Frame Relay cloud.
  • Virtual Circuits
    • Permanent Virtual Circuits (PVC): are programmed with dedicated bandwidth and remains
    • Switched Virtual Circuits (SVC): a circuit is built on demand, then destroyed (teleconferencing)
  • X.25 is similar to Frame Relay but is older technology and not so efficient
  • ATM (Asynchronous Transfer Mode) uses a cell-switching method (each cell is 53 bytes) and is connection oriented. Very fast and efficient, can provide QoS and can be used in LAN also
  • QoS (Quality of Service) are necessary for some applications like videoconferencing. Several services exist:
    • Constant Bit Rate (CBR) is connection-oriented (voice, video)
    • Variable Bit Rate (VBR) connection-oriented is better for delay-sensitive applications
    • Unspecified Bit Rat (UBR) connectionless with no control
    • Available Bit Rate (ABR) connection-oriented available bandwidth is given
  • QoS levels:
    • Best-effort service
    • Differentiated service (better than best-effort)
    • Guaranteed service (ensure bandwidth)
  • SMDS (Switched Multimegabit Data Service) was used to extend company's LAN over long distance. Is replaced with Frame Relay
  • SDLC (Synchronous Data Link Control) is used for communication between hosts in SNA (System Network Architecture)
  • HDLC (High-Level Data Link Control) is an extension of SDLC and has multiple implementation
  • HSSI (High-Speed Serial Interface) is used to connect routers to high-speed communication services (ATM or Frame Relay), it works at physical layer

Multiservice Access Technologies are used to combine several type of technologies (voice, data...):

  • PSTN (Public Switched Telephone Network) is used for standard phone systems
  • VoIP (Voice over IP) uses data network to carry out voice. It uses SIP (Session Initiation Protocol) that create and release voice sessions. Delays is an issue (jittering) and isynchronous networks (guarantee continuous bandwidth) are necessary. Components are:
    • IP telephony device (smart telephone)
    • Call-processing manager (sets up calls)
    • Voicemail system (message storage)
    • Voice gateway (carries packets in and out)

Introducing VoIP is challenging for security, all systems must be patched, firewalls must be used, authentication, monitoring, encryption...

H.323 is a standard that deals with video, real-time audio. H.323 gateways connect to different systems (terminal, circuit-based to packet based) is used for communication between old and new technology.

Remote Access connections are:

  • Dial-Up and RAS (Remote Access Server): the user dials a RAS and authenticate (with RADIUS for example). The RAS can then call-back the user for security reasons and identify it's Caller-ID. Strong authentication is required because remote access bypass the firewall entry point. Wardialing is used by attacker to try every phone number and testing for remote access (modems)
  • ISDN (Integrated Services Digital Circuit) uses the copper telephone lines but is digital and brings more possibilities like full-duplex, BRI (Basic Rate Interface, 144 Kbps) with 2 B channels for data and 1 D for call setup, PRI (Primary Rate Interface, 1.544 Mbps) with 23 B channels and 1 D, BISDN (Broadband ISDN), DDR (Dial-on Demand Routing) allows connection to WAN
  • DSL (Digital Subscriber Line) is high-speed connection over phone lines (up to 52 Mbps). It uses the low and high frequencies not used in human voice but available on the line. It uses symmetric (same speed up and down) or asymmetric services. Because the connection is permanent it is a big security issue!
    • SDSL (Symmetrical)
    • ADSL (Asymmetrical)
    • IDSL (ISDN) suited for longer distances
    • HDSL (High-bit-rate) 1.544 Mbps, requires two pairs
  • Cable modems uses the television cable for connecting to the Internet (up to 50 Mbps)
  • PPP (Point to Point Protocol) replaces SLIP (Serial Line Internet Protocol), is an encapsulation protocol and allows TCP/IP to be carried out in phone lines and connect to a PoP (Point of Presence). To authenticate PPP uses:
    • PAP (Password Authentication Protocol): the user enters credentials sent in cleartext to the server
    • CHAP (Challenge Handshake Authentication Protocol): uses challenge/response, so no pasword is transmitted
    • EAP (Extensible Authentication Protocol): extends the authentication to third party (Kerberos, token based, OTP)
  • VPN (Virtual Private Network) builds a tunnel over the Internet for the communication between the user and the company. Encryption is used, user and server negotiate the encryption method. Tunneling protocols uses encryption and encapsulation (encapsulate one protocol into another) and are:
    • PPTP from Microsoft uses MPPE (Microsoft Point-to-Point Encryption) with MS-CHAP or EAP-TLS. The PPP frame is encapsulated with GRE header and IP header. But it can only be routed in IP networks (not ATM or Frame Relay)
    • L2TP provides PPTP but also for other networks (replaces L2F, Layer 2 forwarding). It has no authentication or encryption, so it requires IPSec. It supports RADIUS and TACACS+
    • IPSec uses more than one security protocol (ESP and AH), has iterated tunneling (tunnel in the tunnel)
10:18 AM | Add a comment | Permalink | Blog it | CISSP
December 03

Chapter 7: Telecommunications and Network Security (Part III)

Network Operating Systems (NOS) connects devices with users enabling them to access resources on a central server (through the use of redirector that points for the client directly to the resource).

Domain Name Service (DNS) resolves hosts names to IP Addresses. On the Internet, there are root DNS servers that maintains each 13 files for the top-level domain servers. The responsibility for allocating IP addresses is by ICANN (Internet Corporation for Assigned Names and Numbers).

Inside a DNS server, networks are split up into zones. The DNS server holding this zone is the authoritative name server for those domains. Mappings of hosts to IP addresses are resource records. It is recommended to have a primary and a secondary DNS server for each zone. They synchronize with zone transfer. This should be controlled and not allowed from any host.

Top-level domains are com, edu, org, us... Second-level domains for example microsoft, google... If a DNS server does not know an IP address it passes the request to another DNS, and so on...

Poisoning DNS happens by intercepting DNS request and responding with a wrong IP address before a regular DNS server responds. To get rid of this situation we could use DNSSEC (DNS security), but each DNS server would need a certificate from a common PKI...

DNS splitting is used by resolving external IPs from DMZ DNS and internal from LAN DNS.

Network Information System (NIS), or Yellow Pages (YP) is like a telephone book and records every resource on the network. It allows to keep configuration files (like password for unix) in a central place, with no need to have copies on each computer. The workstation has a client service (ypbind) and the server has ypserver. It works similar to DHCP. Attackers have been using NIS to get password files for example.

NIS+ corrects the weakness of NIS: hierarchical system, automatic updates, adds secure RPC (S-RPC) and it's backward compatible to NIS. NIS+ has 2 levels: 0 (no security), 1 (no authentication), 2 (default with authentication and authorization)

Directory Services holds a hierarchical database of all resources. It is commonly built upon X.500 model. Several directories communicates with each other and build a meta-directory. Each directory follow a specific schema. Examples are LDAP, AD, NDS.

LDAP (Lightweight Directory Access Protocol) has been developped because DAP was to complex. It uses a tree with entries (leaves) with unique distinguished names (DNs).

Network Address Translation (NAT) is used to extend the numbers of possible IP address to communicate with Internet. Private IP addresses are reserved (10.x.x.x, 172.16.x.x to 172.31.x.x, 192.168.x.x) and non routable. These addresses are used internally. A gateway translates these address to one public IP address making possible connections from inside LAN to external IPs. Implementations are:

  • Static mapping: each private address is mapped to a public address
  • Dynamic mapping: works on first come first served
  • Port Address Translation (PAT): is used when only one public IP address is available. Different internal connections are mapped to different port

Intranet are web-based applications working inside a company. Extranet are web-based applications open to the external world.

EDI (Electronic Data Interchange) brings organization for document sharing in internet. A Value Added Network (VAN) is an EDI infrastructure maintained by a service bureau. For example EDI is used to make orders and paiements without paper work.

Metropolitan Area Network (MAN) is the connection of LANs and LANs to WANs over cable networks like SONET (Synchronous Optical Networks) or FDDI.

5:10 PM | Add a comment | Permalink | Blog it | CISSP

Chapter 7: Telecommunications and Network Security (part II)

Media Access Methods deals with how the systems communicate over the media. The maximum transmission unit (MTU) is a unit that indicates how much data can be carried out.

Token-passing uses a 24bit token (message frame). Computers need to wait for a free token to pass a message.

CSMA (Carrier Sense Multiple Access) is used in Ethernet. Computers monitor transmission activity and wait until the carrier is free to transmit (absence of carrier). If computers transmit at the same time they have to compete (contention) and a collision happens. They use then a random collision timer and retransmit. This is CSMA/CD (with Collision Detection). With CSMA/CA (Collision Avoidance) they transmit their intent to transmit so other computers don't send at this time (for example 802.11 WLAN).

A collision domain is a group of computer on a same segment where collisions can happen.

By polling, some stations are primary stations, others secondary. Primary ask secondary if it has something to transmit.

The physical address of a network card (NIC) is the Media Access Control (MAC) and is unique.

MAC and IP addresses must be correctly mapped. This is the work of the ARP protocol (Address Resolution Protocol). A system send an ARP request to know whose belong an IP address, only the corresponding computer should respond. Then the system keep the mapping in it's ARP table. Attackers do ARP table poisoning by changing the addresses in the tables (masquerading attack).

DHCP (Dynamic Host Configuration Protocol) assigns dynamically IP Addresses when a computer comes up. The system sends a RARP (Reverse ARP) and the server responds with the corresponding IP address. BOOTP (Boot Protocol) is an evolution of RARP with more function. But today most systems uses DHCP.

ICMP (Internet Control Message Protocol) is used to test connectivity (ping). It informs also about delays, routing problems, is used by connectionless protocols.

The Loki Attack uses ICMP to transmit data and gain access over a corrupted computer.

Individual networks are called AS (Autonomous Systems) and is made up of routers using a common IGP (Interior Gateway Protocol). Border routers runs exterior protocols to other ASs. Routing protocols can be dynamic (discover routes and build routing tables) or static (static tables). As route changes it is route flapping. Types of routing protocols are:

  • Distance-vector (based on distance or number of hopes and a vector or direction): RIP (Routing Information Protocol) with slow performance should be used in small networks. IGRP (Interior Gateway routing Protocol, Cisco proprietary) uses 5 criteria to make route decision
  • Link-state (uses a topology database and are more accurate): OSPF (Open Shortest Path First) allows hierarchical routing and is more accurate

Exterior routing protocols are BGP (Border Gateway Protocol) uses a combination of distance-vector and link-state.

Attacks against router happens commonly with spoofed ICMP messages (submit wrong routing table information). Most routers do not switch on authentication.

Network devices are:

  • repeaters (simple repeater of the signal, no intelligence: hub or concentrator)
  • bridges (is used to connect LAN segments and works with MAC addresses. Isolates collision domains. Bridges are sensible to broadcast storm because they broadcast on every segment). Bridges uses forwarding tables to remember on which port is which computer (Spanning Tree Algorithm, STA) = transparent bridging. With source routing the packets contain the information required to route it (should not be allowed by border routers).
    • local bridge connect LAN segments
    • remote bridge connect LAN over MAN through telecommunication services
    • translation bridge used when the LANs uses different protocols
  • routers (works at network layer, looks at IPs, uses routing tables and access control lists, modify header information like TTL)
  • switches (combines repeater and router technologies, only the corresponding ports are accessed, contention and collision are not an issue). There are layer 2, 3 and 4 switches = multilayer switches (QoS, traffic priorization...)
    • Layer 3 and layer 4 switches uses tags to inform other switches which route they should use (Multi Protocol Label Switching MPLS) and are used for QoS, Video conference. They can provide Virtual LANs (VLAN) that brings control over the environment. Computer on 2 separated VLANs require a router to communicate with each other.
  • Gateway (is a general term when a device connects two networks and provides some kind of translation because the protocols are different). A NAS is an example of gateway, or an Email gateway translate from Exchange to X.400 for example.
  • PBX (Private Banch Exchange) is a private telephone switch and has many connections (Analog voice, digital voice, data). A phreaker is a phone hacker and attacks PBX, they uses brute force and other technics.
  • Firewalls (restrict access from one network to another network). It can filter packets, make decision based on the policy, redirection, discard packets... Firewalls are set up to build a Demilitarized Zone (DMZ), a network segment playing a buffer between the bad (internet) and the good (LAN). Types of firewalls are:
    • Packet filtering uses ACL to determine within rules if a packet is allowed or not. They look only at the header and uses routing tables. They are less secure but offer better performance.
    • Stateful firewalls are able to recognize the connection in which each packet belongs. It can make decision based on the connections taking place. It must keep a dynamic state table and is more complex. They are victims of a lot of DoS attacks.
    • Proxy firewalls inspect messages before relaying them. It breaks the communication channel, rebuilding the packets (only the information of IP Firewall will remain). Some are multihomed, that is have multiple NICs and bind several networks together.
      • Application-level proxy inspect packets up to the application level. They understand various services and can decide if some protocols are not built correctly.
      • Circuit-level proxy just know about the client and the server and make decisions based on this communication. It is used when an application is unknown and can not be controlled at application-level. An example is SOCKS (each client must have the SOCKS software).
    • Dynamic packet filtering allows a client to use an application with a random port over 1023 to be used. the firewall recognize it and allow the communication through this port only for this application. It uses ACL to remember connections. (4th generation firewall)
    • Kernel proxy is the 5th generation firewall and build dynamic, cusotmized TCP/IP stacks when packets need to be evaluated. It is evaluated in a virtual stack built into the kernel, so it is faster than proxy firewall because it's not a piece of software that do the job.

A bastion host is a hardened system with a firewall software.

Dual-homed firewalls have two NICs, multihomed several.

A screened host is a firewall directly behind a perimeter router. A screened subnet is built if a second firewall is present before any access to the LAN (they build a DMZ between them called the screened subnet).

A honeypot is a system that sits in the screened subnet and simulate a productive system so an attacker will try to gain access to it and can be detected.

4:13 PM | Add a comment | Permalink | Blog it | CISSP

Chapter 7: Telecommunications and Network Security

Telecommunication is the electrical transmission of data among systems (analog, digital, wireless...). Systems uses protocols to communicate with each others.

Some standards drives the telecommunication: FCC (Federal Communications Commission), ITU (International Telecommunication Union), ISO (International Standards and Organization).

ISO built the OSI model (ISO 7498) as an open interconnection system (open systems). OSI model has 7 layer:

  • Application (examples: HTTP, FTP, SMTP, LPD, TFTP)
  • Presentation (syntax and format of data, adds encryption and compression, examples: GIF, TIFF, Word file)
  • Session (maintain connection session between applications in simplex, half-duplex or full-duplex mode, examples: NFS, SQL, NetBIOS, RPC)
  • Transport (handshake between 2 computers to agree about communication, error detection, correction, flow control, examples: TCP, UDP, SSL, SPX)
  • Network (add information to route the packets, examples: IP, ICMP, RIP, OSPF, BGP, IGMP)
  • Data link (LAN or WAN binary transformation in electrical signal for ethernet, token ring, ATM of FDDI, examples: SLIP, PPP, RARP, L2F, L2TP, ISDN)
    • LLC (logical link control communicate with the network layer IEEE 802.2)
    • MAC (connect to the physical: ethernet IEEE 802.3, WLAN 802.11)
  • Physical (convert bits in voltage, examples: HSSI, X.21, EIA/TIA-232)

Each layer communicate logically with another system's same layer (encapsulation: headers and trailers are added to the information).

TCP/IP is a suite of protocols:

  • IP is a connectionless protocol at network layer responsible to provides addresses to packet to be properly routed
  • TCP is a connection-oriented protocol at transport layer that makes sure packets are correctly transmitted
  • UDP is a connectionless protocol (best-effort, is faster but no control is made upon reception)

TCP and UDP uses ports to communicate (so the packets knows where to go): it opens a socket.

Ports 0-1023 are well-known ports used by known applications (20-21=FTP, 23=telnet, 25=SMTP, 80=HTTP, 161-162=SNMP...)

The TCP handshake works in these phases:

  1. The host sends a synchronous packet to the receiver (SYN)
  2. The receiver acknowledge it (SYN/ACK)
  3. The Host acknowledge it (ACK)

The data structure is made of a message (original data), split in segments at transport layer, then datagrams at network layer and frame at data link layer. All these are called packets.

IP Addressing:

  • IPv4 uses 32 bits addresses
    • Class A from 0.0.0.0 to 127.255.255.255 (1st byte is network, 16'777'216 hosts)
    • Class B from 128.0.0.0 to 191.255.255.255 (byte 1 and 2 are network, 65'536 hosts)
    • Class C from 192.0.0.0 to 223.255.255.255 (byte 1, 2 and 3 are network, 256 hosts)
    • Class D from 224.0.0.0 to 239.255.255.255 (multicast)
    • Class E from 240.0.0.0 to 255.255.255.255 (reserved for research)
  • IPv6 uses 128 bits addresses (or IPng IP next generation)
    • Scoped addresses (reserved for server...)
    • Auto configuration
    • Do not need NAT
    • QoS

Analog transmission use modulation of amplitude or frequency of a signal. Digital signals are built on binary digits. Bandwidth refers to the number of pulses that can be transmitted within a second.

Asynchronous communication happens when the devices are not synchronized (examples: terminal, modem. Synchronous when they are (usually with clocking, better for long messages).

Baseband uses all the communication channel (Ethernet), broadband divides it in individual channels (Cable TV: multiple TV channels).

The physical arrangement of computers and devices is called network topology:

  • Ring topology
  • Bus topology (linear = single cable, tree = branches)
  • Star topology (devices connected to a switch or hub: ethernet)
  • Mesh topology (each device is connected to all others: internet is a partial mesh)

A LAN is a network with a limited number of devices. Connection between LANs are made by WANs through routers.

Ethernet has evolved from 10Mbps, 100Mbps, 1Gbps to 10Gbps and has these characteristics:

  • Shares media
  • Broadcast and collision domains
  • uses CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
  • support full-duplex
  • use coaxial or twisted-pair media
  • IEEE 802.3

Several implementations: 10Base2 (coax), 10Base5 (thick coax), 10Base-T (twisted pair, RJ-45 connectors), Fast ethernet...

Token Ring was developped by IBM (IEEE 802.5) and uses a token which travels from computer to computer in a logical ring (4Mbps or 16Mbps). Each computer is connected to a central hub Multistation Access Unit (MAU). The system in posession of the token can transmit data. Active monitor and beaconing are used for common errors (computer blocking...).

FDDI (Fiber Distributed Data Interface) is a high speed token-passing technology (IEEE 802.8, 100Mbps) with fault tolerance (uses 2 rings). FDDI was mainly used for backbones (up to 100km). Extensions are CDDI (on UTP cabling) and FDDI-2.

The cabling is important to transmit data without loss. The bandwidth indicates the highest frequency (10Base-T uses 10MHz, 100Base-TX uses 80MHz). Data throughput rate is after compression (10BaseT = 10Mbps, 100Base-TX = 100Mbps).

Coaxial cable uses a shielded copper core are of types 50-ohm or 75-ohm (faster), 10Base2 (thin) or 10Base5 (thick).

Twisted pair cables are shielded (STP) or unshielded (UTP). UTP categories are:

  1. Voice
  2. 4 Mbps
  3. 10 Mbps (ethernet)
  4. 16 Mbps
  5. 100 Mbps
  6. 155 Mbps
  7. 1 Gbps

Fiber-optic uses glass to transmit data with laser lights. But it's more expensive and difficult to work with.

Most common cabling problems are:

  • Noise (motors...)
  • Attenuation (too long lines > 185m for UTP)
  • Crosstalk (data goes from one pair to the other)

Cables must follow fire ratings to not produce harmful smoke while burning. In plenum space (where it can affect people) they have to follow different rules than nonplenum spaces. On sensible portions it is possible to use pressurized conduits to detect attacks.

Multiple transmission methods are used:

  • unicast: send to 1 computer
  • multicast: send to specific group of computers (the user must tell the router he wants this kind of multicast, so the corresponding packets goes through to him: IGMP protocol)
  • broadcast: send to everyone
2:03 PM | Add a comment | Permalink | Blog it | CISSP