Showing posts with label Networks. Show all posts
Showing posts with label Networks. Show all posts

Tuesday, February 1, 2011

IPv6 Basics III - IPv6 Addressing

The IPv6 Address Space

The most obvious distinguishing feature of IPv6 is its use of much larger addresses. The size of an address in 

IPv6 is 128 bits, which is four times the larger than an IPv4 address. A 32-bit address space allows for 232 or 4,294,967,296 possible addresses. A 128-bit address space allows for 2128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 (or 3.4´1038 or 340 undecillion) possible addresses.

In the late 1970s when the IPv4 address space was designed, it was unimaginable that it could be exhausted. 

However, due to changes in technology and an allocation practice that did not anticipate the recent explosion of hosts on the Internet, the IPv4 address space was consumed to the point that by 1992 it was clear a replacement would be necessary.

With IPv6, it is even harder to conceive that the IPv6 address space will be consumed. To help put this number in perspective, a 128-bit address space provides 655,570,793,348,866,943,898,599 (6.5´1023) addresses for every square meter of the Earth’s surface.

It is important to remember that the decision to make the IPv6 address 128 bits in length was not so that every square meter of the Earth could have 6.5´1023 addresses. Rather, the relatively large size of the IPv6 address is designed to be subdivided into hierarchical routing domains that reflect the topology of the modern-day Internet. The use of 128 bits allows for multiple levels of hierarchy and flexibility in designing hierarchical addressing and routing that is currently lacking on the IPv4-based Internet.

The IPv6 addressing architecture is described in RFC 4291.


IPv6 Address Syntax

IPv4 addresses are represented in dotted-decimal format. This 32-bit address is divided along 8-bit boundaries. Each set of 8 bits is converted to its decimal equivalent and separated by periods. For IPv6, the 128-bit address is divided along 16-bit boundaries, and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The resulting representation is called colon-hexadecimal.

The following is an IPv6 address in binary form:                                       
0010000000000001000011011011100000000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010

The 128-bit address is divided along 16-bit boundaries:
0010000000000001   0000110110111000   0000000000000000   0010111100111011   0000001010101010   0000000011111111   1111111000101000   1001110001011010   

Each 16-bit block is converted to hexadecimal and delimited with colons. The result is:

IPv6 representation can be further simplified by removing the leading zeros within each 16-bit block. However, each block must have at least a single digit. With leading zero suppression, the address representation becomes:

Compressing Zeros

Some types of addresses contain long sequences of zeros. To further simplify the representation of IPv6 addresses, a contiguous sequence of 16-bit blocks set to 0 in the colon hexadecimal format can be compressed to “::”, known as double-colon.

For example, the link-local address of FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2. The multicast address FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.

Zero compression can only be used to compress a single contiguous series of 16-bit blocks expressed in colon hexadecimal notation. You cannot use zero compression to include part of a 16-bit block. For example, you cannot express FF02:30:0:0:0:0:0:5 as FF02:3::5. The correct representation is FF02:30::5.

To determine how many 0 bits are represented by the “::”, you can count the number of blocks in the compressed address, subtract this number from 8, and then multiply the result by 16. For example, in the address FF02::2, there are two blocks (the “FF02” block and the “2” block.) The number of bits expressed by the “::” is 96 (96 = (8 – 2)´16).

Zero compression can only be used once in a given address. Otherwise, you could not determine the number of 0 bits represented by each instance of “::”.

IPv6 Prefixes


The prefix is the part of the address that indicates the bits that have fixed values or are the bits of the subnet prefix. Prefixes for IPv6 subnets, routes, and address ranges are expressed in the same way as Classless Inter-Domain Routing (CIDR) notation for IPv4. An IPv6 prefix is written in address/prefix-length notation. 

For example, 21DA:D3::/48 and 21DA:D3:0:2F3B::/64 are IPv6 address prefixes.

Note  IPv4 implementations commonly use a dotted decimal representation of the network prefix known as the subnet mask. A subnet mask is not used for IPv6. Only the prefix length notation is supported.

Types of IPv6 Addresses


There are three types of IPv6 addresses:

1.   Unicast
A unicast address identifies a single interface within the scope of the type of unicast address. With the appropriate unicast routing topology, packets addressed to a unicast address are delivered to a single interface.

2.   Multicast
A multicast address identifies multiple interfaces. With the appropriate multicast routing topology, packets addressed to a multicast address are delivered to all interfaces that are identified by the address. A multicast address is used for one-to-many communication, with delivery to multiple interfaces.

3.   Anycast
An anycast address identifies multiple interfaces. With the appropriate routing topology, packets addressed to an anycast address are delivered to a single interface, the nearest interface that is identified by the address. 

The “nearest” interface is defined as being closest in terms of routing distance. An anycast address is used for one-to-one-of-many communication, with delivery to a single interface.

In all cases, IPv6 addresses identify interfaces, not nodes. A node is identified by any unicast address assigned to one of its interfaces.

Note  RFC 4291 does not define a broadcast address. All types of IPv4 broadcast addressing are performed in IPv6 using multicast addresses. For example, the subnet and limited broadcast addresses from IPv4 are replaced with the link-local scope all-nodes multicast address of FF02::1.

Links and Subnets

Similar to IPv4, an IPv6 subnet prefix is assigned to a single link. Multiple subnet prefixes can be assigned to the same link. This technique is called multinetting.

Sunday, January 2, 2011

VPN Tutorial

The Virtual Private Network - VPN - has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.
The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more convenient way to stay connected to the corporate intranet. No matter your current involvement with VPNs, this is a good technology to know something about. This VPN tutorial involves many interesting aspects of network protocol design, Internet security, network service outsourcing, and technology standards.

What Exactly Is A VPN?

A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security.
A VPN supports at least three different modes of use:
  • Remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

VPN Pros and Cons

Like many commercialized network technologies, a significant amount of sales and marketing hype surrounds VPN. In reality, VPNs provide just a few specific potential advantages over more traditional forms of wide-area networking. These advantages can be significant, but they do not come for free.

The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however. From security and performance concerns, to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.

Technology Behind VPNs

Several network protocols have become popular as a result of VPN developments:
  • PPTP
  • L2TP
  • IPsec
These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public. Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.

A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don't provide any new functionality that isn't already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases.

A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies includes various security mechanisms to protect the virtual, private connections.

Specifically, a VPN supports at least three different modes of use:
  • Internet remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

Internet VPNs for Remote Access

In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute. Employees also continue to travel and face a growing need to stay connected to their company networks. A VPN can be set up to support remote, protected access to the corporate home offices over the Internet. An Internet VPN solution uses a client/server design works as follows:
    1. A remote host (client) wanting to log into the company network first connects to any public Internet Service Provider (ISP).
    2. Next, the host initiates a VPN connection to the company VPN server. This connection is made via a VPN client installed on the remote host.
    3. Once the connection has been established, the remote client can communicate with the internal company systems over the Internet just as if it were a local host.
Before VPNs, remote workers accessed company networks over private leased lines or through dialup remote access servers. While VPN clients and servers careful require installation of hardware and software, an Internet VPN is a superior solution in many situations.

VPNs for Internetworking

Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.

Intranet / Local Network VPNs

Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway. This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their WiFi local networks.

VPN Network Scalability

The cost to an organization of building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4 branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on. Internet based VPNs avoid this scalability problem by simply tapping into the the public lines and network capability readily available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of service.

Using a VPN

To use a VPN, each client must possess the appropriate networking software or hardware support on their local network and computers. When set up properly, VPN solutions are easy to use and sometimes can be made to work automatically as part of network sign on. VPN technology also works well with WiFi local area networking. Some organizations use VPNs to secure wireless connections to their local access points when working inside the office. These solutions provide strong protection without affecting performance excessively.

Limitations of a VPN

Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations:
    1. VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet. 
    2. The reliability and performance of an Internet-based VPN is not under an organization's direct control. Instead, the solution relies on an ISP and their quality of service.
    3. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.
Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side.

For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure.

Types of VPN Tunneling

VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used.
In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection.

In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.

Compulsory VPN tunneling authenticates clients and associates them with specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP), Network Access Server (NAS) or Point of Presence Server (POS). Compulsory tunneling hides the details of VPN server connectivity from the VPN clients and effectively transfers management control over the tunnels from clients to the ISP. In return, service providers must take on the additional burden of installing and maintaining FEP devices.

VPN Tunneling Protocols

Several computer network protocols have been implemented specifically for use with VPN tunnels. The three most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry. These protocols are generally incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
 Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at the data link layer (Layer Two) in the OSI model -- thus the origin of its name.

Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model.

PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer 2 of the OSI model.

PTP packages data within PPP packets, then encapsulates the PPP packets within IP packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination.
PPTP-based Internet remote access VPNs are by far the most common form of PPTP VPN. In this environment, VPN tunnels are created via the following two-step process:
    1. The PPTP client connects to their ISP using PPP dial-up networking (traditional modem or ISDN).
    2. Via the broker device (described earlier), PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. PPTP uses TCP port 1723 for these connections.
PPTP also supports VPN connectivity via a LAN. ISP connections are not required in this case, so tunnels can be created directly as in Step 2 above.
Once the VPN tunnel is established, PPTP supports two types of information flow:
  • control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
  • data packets that pass through the tunnel, to or from the VPN client  
PPTP Security
PPTP supports authentication, encryption, and packet filtering. PPTP authentication uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on VPN servers. Intermediate routers and other firewalls can also be configured to selectively filter PPTP traffic. 

In general, PPTP relies on the functionality of PPP for these aspects of virtual private networking.
  • authenticating users and maintaining the remote dial-up connection
  • encapsulating and encrypting IP, IPX, or NetBEUI packets
PPTP directly handles maintaining the VPN tunnel and transmitting data through the tunnel. PPTP also supports some additional security features for VPN data beyond what PPP provides. 

PPTP Pros and Cons
PPTP remains a popular choice for VPNs thanks to Microsoft. PPTP clients are freely available in all popular versions of Microsoft Windows. Windows servers also can function as PPTP-based VPN servers.
One drawback of PPTP is its failure to choose a single standard for authentication and encryption. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently, for example. Concerns also persist over the questionable level of security PPTP provides compared to alternatives.

Proxy Servers Basics - II (Contd..)

Proxy Servers and Microsoft Internet Explorer

To take advantage of a proxy server's capabilities, Web browsers like Internet Explorer (IE) must be configured to explicitly use it. In many proxied environments, the client computers do not have direct Internet access, and browsers generally are not configured to use proxies "out of the box." Clients will be unable to access public Web sites in this scenario until proxy settings have been correctly made. 

Microsoft Internet Explorer 5 Tools menu

Figure 2: IE5 Tools menu
For example, to configure IE5 to use a proxy server, first click on Tools to access the drop-down menu. Click on the Internet Options... menu item to raise the Internet Options dialog. This dialog is a property sheet featuring multiple tabs. 

Clicking on the Connections tab makes available a dialog that includes a button in the bottom-right corner named LAN Settings... . Finally, click this button to raise the Local Area Network (LAN) Settings dialog; here is where proxy information must be entered. 

Microsoft Internet Explorer 5 Options menu, Connections tab

Figure 3: IE5 Internet Options, Connections tab
IE5 supports both manual and automatic configuration options. As shown the Figure, the "Use a proxy server" check box must be checked to enable the manual entering of a proxy. 

Either the network host name or the IP address of the proxy server must be typed in the "Address" field. In addition, any internal domains (such as intranet sites) that do not need to go through a proxy can be entered here in order to bypass the server. 

Microsoft Internet Explorer 5 local area network (LAN) settings

Figure 4: IE5 Internet Options, Connections tab
Microsoft provides Knowledge Base article Q135982 to assist in manually configuring proxy servers using other versions of Internet Explorer. Using the Automatically detect settings check box invokes the WPAD mechanism (discussed earlier) to auto-discover the proxy configuration. Finally, using the Use automatic configuration script check box allows clients to specify the URL that points to the JavaScript configuration file.

Proxy Servers and Netscape Navigator

Netscape Navigator (NN) may also be configured manually or automatically to work with a proxy server.

Netsape Navigator 4 edit menu

Figure: NN4 Edit menu
For example, to manually configure NN4, first click on Edit to access the drop-down menu. Click on the Preferences... menu item to raise the Netscape Preferences dialog. 

This dialog is a property sheet featuring a hierarchical arrangement of buttons in the left channel (as compared to the tabs in IE). Double-clicking on the Advanced item (or single-clicking on the small arrow graphic to the left of this text) displays the Proxies sub-item. Finally, clicking on Proxies displays the proxy server configuration dialog within the window. 

Netscape Navigator 4 Preferences, Proxies dialog

Figure 6: NN4 Preferences, Proxies dialog
Within this dialog, use the Direct connection to the Internet option to bypass proxy servers, and use the Automatic proxy configuration option to work with the automation script mechanism discussed earlier. (Navigator does not support WPAD.) 

To manually configure the proxy configuration, choose the middle option and click View to raise another dialog where the proxy server's host name or IP address can be entered. 

Free Web-Based Anonymous Proxy Servers
The sites listed below support free, Web-based anonymous proxy servers. 
An anonymous Web proxy is a type of proxy server that works through a Web form (also often called a CGI proxy). Instead of configuring the address of the server in the browser as is done for HTTP or SOCKS proxies, you simply navigate to the home page of the Web / CGI proxy, where proxy functionality is then enabled for each browsing session. The top free anonymous Web proxy servers are described below.

1. Proxify

Unlike most other anonymous Web proxies, Proxify supports encryption via the SSL and HTTPS network protocols. Proxify also handles the basic functions of an anonymous proxy server well including hiding your IP address and filtering of cookies.

2. Anonymouse

Anonymouse supports Web, email and Usenet (news) proxies and has existed on the Internet for many years now. In addition to the free open access, a low-cost subscription is available for those who want to upgrade to faster proxy servers and additional services. Anonymouse supports both English and German languages.

3. Anonymizer

Anonymizer may the best-known name among the anonymous Web proxy services. While it does offer a free service, most of the Anonymizer site is decided to "up-selling" various related products. WHen using the free proxy, be prepared to see flashing "UPGRADE NOW!" messages in the status bar of your browser.

4. The Cloak

The Cloak is an HTTP/HTTPS free anonymous proxy. A pay service is also available that avoids the bandwidth throttling used in the free version.

Free Proxy Lists (Anonymous and Elite)

Internet proxy servers allow you to (mostly) hide your home IP address and navigate anonymously. However, these free public servers often are taken offline without warning, and some may offer a less reputable service than others. If you are interested in using anonymous proxies, you should maintain a free proxy server list on your home network to ensure at least one is accessible at all times.
Follow these links to obtain free proxy list downloads.
These free proxy lists are updated regularly.

Proxy Servers Basics - I

Some home networks, corporate intranets, and Internet Service Providers (ISPs) use proxy servers (also known as proxies). Proxy servers act as a "middleman" or broker between the two ends of a client/server network connection. Proxy servers work with Web browsers and servers, or other applications, by supporting underlying network protocols like HTTP.

Key Features of Proxy Servers

Proxy servers provide three main functions:
  1. firewalling and filtering
  2. connection sharing
  3. caching
The features of proxy servers are especially important on larger networks like corporate intranets and ISP networks. The more users on a LAN and the more critical the need for data privacy, the greater the need for proxy server functionality.

Proxy Servers, Firewalling and Filtering

Proxy servers work at the Application layer, layer 7 of the OSI model. They aren't as popular as ordinary firewalls that work at lower layers and support application-independent filtering.
Proxy servers are also more difficult to install and maintain than firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured individually.
However, a properly configured proxy server improves network security and performance. Proxies have capability that ordinary firewalls simply cannot provide.
Some network administrators deploy both firewalls and proxy servers to work in tandem. To do this, they install both firewall and proxy server software on a server gateway.

Because they function at the OSI Application layer, the filtering capability of proxy servers is relatively intelligent compared to that of ordinary routers. For example, proxy Web servers can check the URL of outgoing requests for Web pages by inspecting HTTP GET and POST messages.

Using this feature, network administrators can bar access to illegal domains but allow access to other sites. Ordinary firewalls, in contrast, cannot see Web domain names inside those messages. Likewise for incoming data traffic, ordinary routers can filter by port number or network address, but proxy servers can also filter based on application content inside the messages.

Connection Sharing with Proxy Servers

Various software products for connection sharing on small home networks have appeared in recent years. In medium- and large-sized networks, however, actual proxy servers offer a more scalable and cost-effective alternative for shared Internet access. Rather than give each client computer a direct Internet connection, all internal connections can be funneled through one or more proxies that in turn connect to the outside.

Proxy Servers and Caching

The caching of Web pages by proxy servers can improve a network's "quality of service" in three ways. First, caching may conserve bandwidth on the network, increasing scalability. Next, caching can improve response time experienced by clients. With an HTTP proxy cache, for example, Web pages can load more quickly into the browser. Finally, proxy server caches increase availability. Web pages or other files in the cache remain accessible even if the original source or an intermediate network link goes offline.

Illustration of Web caching using a proxy server.

Figure 1: Web caching with a proxy server

Drawbacks of Proxy Caching

It's reasonable to expect that proxy servers handling hundreds or thousands of Web clients can become a network bottleneck. In addition to using servers with power processors and large amounts of memory, administrators may also choose to deploy multiple proxies to help avoid potential bottlenecks. 

A proxy hierarchy creates multiple layers of caching support. Clients connect directly to a first-level caching, and if a Web page is unavailable there locally, the request "misses" and automatically gets passed to a second-level caching server, and so on. 

As with many caching systems, the effectiveness of a multi-proxy server hierarchy is very dependent on the pattern of traffic. In the worst case, all clients will be visiting Web pages completely unrelated to each other, and proxies (the hardware, and the additional network traffic they generate) become pure overhead. One would expect that normal traffic patterns will usually not be worst-case, but every network's use pattern will be different. 

Proxy caching differs from browser caching. Browsers automatically cache pages on the client computer, whereas proxies can also cache pages on a remote Web server. Because browsers already perform their own caching, introducing proxy caching into a network will have only a second-order effect. 

Proxy caches don't help much with refreshed pages. On some sites, Web pages are set with HTML META tags to expire quickly; expired pages force the proxy cache to reload that page. Similarly, caching is rendered ineffective by pages that change content frequently, such as those on news sites, or weblogs. 

Proxy caches also introduce measurement uncertainty into the Internet. Normally, a Web server log will record identifying information of visiting clients such as their IP addresses and domain names. For clients with proxy servers, all public requests are made on behalf of the server, using its IP address and identity. Web sites that carefully track the patterns of use of their visitors have much more difficulty in distinguishing unique client visits through proxies.

Proxy Servers and Browsers

Proxy servers work with specific networking protocols. Obviously HTTP will be the most critical one to configure for Web page access, but browsers also utilize these other protocols:
  • S-HTTP (also called "Secure" or "Security" in the browser)
  • FTP
  • Gopher
  • WAIS
S-HTTP (Secure Hypertext Transfer Protocol) supports encrypted HTTP communications. This protocol is becoming more and more common as ecommerce sites, for example, adopt it to make credit card transactions safer. S-HTTP should not be confused with SSL. Although S-HTTP uses SSL "under the covers," SSL is a lower-level protocol that by itself does not impact a browser's proxy setup. 

FTP (File Transfer Protocol) supports the download of files over the Web. Before HTTP was developed, FTP was an even more popular way to share files across the Internet. FTP treats files as either simple text or binary format, and it is still commonly used to download compressed archives of non-HTML data (like MP3 files, for example). 

SOCKS is a firewall security protocol implemented in some proxy configurations. 

Gopher and WAIS (Wide-Area Indexing Service) were two attempts before HTTP to build a standard protocol for indexing and navigating information on the Internet. Both Gopher and WAIS are effectively obsolete today.

Technically, different proxy servers may be used to support these multiple protocols. For example, the hypothetical host
may serve HTTP and S-HTTP requests, and another hypothetical host
may serve FTP, GOPHER, WAIS, and any others except HTTP/S-HTTP. When manually configuring a browser, clients will need to know these details of the proxy server arrangement. Most of the time, network administrators will configure the proxies to serve all protocols to avoid any confusion. 

Host Identifiers and Ports

To manually specify a proxy server in the browser, two pieces of information are required. First, the host identifier is either the host's network name (as configured in DNS, NIS, or similar naming service) or the host's IP address. Second, the port number is the TCP/IP port on which the server listens for requests. 

A single port number is generally used for all of the supported protocols above. This port should not be confused with the standard ports used by the protocols themselves (port 80 for HTTP, port 21 for FTP, and so on). This is a proxy port only, and it should never be assigned to one of the reserved numbers. 

Unfortunately, a single standard port number does not exist. Some numbers like 8000 and 8080 are used more commonly than others, but the number can be any unassigned value up to 65535. Users manually configuring their browsers will need to be told this port number by their network administrator. 

Automatic Proxy Configuration

To make the deployment of proxy servers easier, some new technologies were developed to work with browsers in a more automated fashion. Administrators can use a special configuration file, for example, to hide details like port numbering from client users. This file contains JavaScript code and is installed on the proxy server itself or on some other Web server. Clients wishing to use this automatic configuration scheme simply enter into their browser settings the URL of this file. To the client, URLs will look like the following:
For Internet Explorer 5, a new technology called Web Proxy Auto Discovery (WPAD) was introduced in an attempt to generalize the discovery of proxy servers as well as other network services. WPAD uses a lookup service like DNS to automatically construct an auto-configuration URL. Instead of a ".pac" file, WPAD expects a ".dat" file to be installed on a Web server as in the following example:
Instead of users explicitly specifying this URL, the browser automatically constructs it using the network domain name (, a default host name on that network (wpad) and a default configuration filename (wpad.dat). Administrators need only configure their name resolution services to redirect to the proper location.

Introduction to Peer to Peer Networks

Peer to peer is an approach to computer networking where all computers share equivalent responsibility for processing data. Peer-to-peer networking (also known simply as peer networking) differs from client-server networking, where certain devices have responsibility for providing or "serving" data and other devices consume or otherwise act as "clients" of those servers.

Characteristics of a Peer Network

Peer to peer networking is common on small local area networks (LANs), particularly home networks. Both wired and wireless home networks can be configured as peer to peer environments.
Computers in a peer to peer network run the same networking protocols and software. Peer networks are also often situated physically near to each other, typically in homes, small businesses or schools. Some peer networks, however, utilize the Internet and are geographically dispersed worldwide.
Home networks that utilize broadband routers are hybrid peer to peer and client-server environments. The router provides centralized Internet connection sharing, but file, printer and other resource sharing is managed directly between the local computers involved.

Peer to Peer and P2P Networks

Internet-based peer to peer networks emerged in the 1990s due to the development of P2P file sharing networks like Napster. Technically, many P2P networks (including the original Napster) are not pure peer networks but rather hybrid designs as they utilize central servers for some functions such as search.

Peer to Peer and Ad Hoc Wi-Fi Networks

Wi-Fi wireless networks support so-called ad hoc connections between devices. Ad hoc Wi-Fi networks are pure peer to peer compared to those utilizing wireless routers as an intermediate device.

Benefits of a Peer to Peer Network

You can configure computers in peer to peer workgroups to allow sharing of files, printers and other resources across all of the devices. Peer networks allow data to be shared easily in both directions, whether for downloads to your computer or uploads from your computer. On the Internet, peer to peer networks handle a very high volume of file sharing traffic by distributing the load across many computers. Because they do not rely exclusively on central servers, P2P networks both scale better and are more resilient than client-server networks in case of failures or traffic bottlenecks.

Friday, December 31, 2010

TCP/IP Fundamentals for Microsoft Windows Training

TCP/IP Fundamentals for Microsoft Windows Training
Video Training Format: ISO 900 MB

The bonus course is full of the basic concepts you need to truly understand TCP/ IP – an integral part of networking. We will help you gain a general comfort level for what TCP/ IP is and how to configure it on a basic network computer.

Video 1: What is a protocol?
* Definition of a protocol
* OSI Model

Video 2: Introduction to TCP/IP
* What is TCP/IP?
* TCP/IP Architecture
* TCP/IP Protocol Suite
* Types of TCP/IP communication

Video 3: Configuring an IP Address
* What is an IP Address?
-Network ID
-Host ID
* What is the purpose of a Subnet Mask?
* How to configure a computer with an IP Address
* How to View a Computer’s IP Configuration
* How to Check for Connectivity

Video 4: IP Address Planning
* How to plan an IP Addressing scheme
* Rules for IP Addressing
* What is Classful IP Addressing
* Private IP Addressing vs. Public IP Addressing
* What is Network Address Translation (NAT)?

Video 5: Binary Numbers
* Decimal vs. Binary
* Convert Binary to Decimal
* Convert Decimal to Binary
* Using a Calculator
* IP Address Conversion

Video 6: Internetworking
* Decimal vs. Binary
* Convert Binary to Decimal
* Convert Decimal to Binary
* Using a Calculator
* IP Address Conversion

Video 7: Classless Interdomain Routing
* Problems with Classful IP Addressing
* What is CIDR & VLSM
* Subnetting with CIDR

Video 8: Fundamentals of IPv6
* Disadvantages of IPv4
* IPv6 Solutions
* IPv6 Addressing
* Types of IPv6 Addressing

TrainSignal: Cisco CCNA 640-802 DVD-ISOs

TrainSignal: Cisco CCNA 640-802 DVD-ISOs
Genre: Training | English | 4 DVD ISOs | 10.14 GB

In 3 Days or Less, You’ll Learn How To Install, Operate, and Troubleshoot a Small to Medium Enterprise Branch Network... And Have the Knowledge to Pass the Cisco CCNA 640-802 Exam… Guaranteed!
By Chris Bryant

This exciting course contains nearly 29 hours of video instruction where I break down networking theory as you work hands on with real Cisco routers & switches… and build your own working network!

Cisco CCNA Training – Course Outline

Lesson 1 – Introduction to CCENT
* Video Topics
* Your Instructor
* Exam Prep Tips

Lesson 2 – Introduction to Networking and the Networking Models
Cover the theory needed for the exam, to accelerate Cisco networking career and for troubleshooting experience.
* What is A Network?
* The OSI Model
* The Data Transmission Process
* The TCP/IP Model
* Why Use Networking Models?
* TCP And UDP – Part 1
* TCP And UDP – Part 2
* Ports
* Sockets
* Port Numbers

Lesson 3 – Ethernet Standards and Cable Types
The CCNA Exam will hammer you with questions about Ethernet… so this course breaks down everything you need to know about cable types. This is also crucial for setting up and running a network in the real world.
* The Need For And Operation of CSMA/CD
* Ethernet Types And Standards
* Pins And Transmissions
* Crosstalk
* Cable Types
* Ethernet Addressing
* Intro to WAN Cabling and a Cable Type Review

Lesson 4 – Switching
I Explain How (and WHY) Switches Work… in theory, for real world application and for the exam.
* Repeaters, Hubs and Bridges
* Building the MAC Table
* “Flood, Filter or Forward?”
* Frame Processing Methods
* Virtual LANs
* Cisco Three-Layer Switching Model
* Introduction to STP
* Basic Switch Security
* Port Security Defaults, Options and Configurations

Lesson 5 – Common Router and Switch Commands
Typical Switch (and Router) Commands are Broken Down. This information is necessary both on exam day and also when working in the real world as a network admin, as these commands are used daily.
* Physical Connections and Passwords
* Telnet and SSH
* User, Enable and Privilege Modes
* Enable Password vs. Enable Secret
* “privilege level 15″
* Physical Side of Cisco Switches
* Assigning an IP Address and Default Gateway To The Switch
* Speed, Duplex, and “Interface Range”
* Banners, “logging synch”, and “exec-timeout”
* Keystroke Shortcuts and Manipulating History

Lesson 6 – IP Addressing and the Routing Process
This section covers must know (and memorize) fundamentals, which are needed for the exam and necessary for future videos: binary math, subnetting, and working with network and port address translations.
* IP Addressing and Binary Conversions
* IP Address Classes
* Private IP Address Ranges
* Intro to the Routing Process
* Keeping Subnets On One “Side” of the Router

Lesson 7 – ARP, DNS and DHCP
This section will teach you these fundamental protocols which are necessary for use within any network.
* One Destination, Two Destination Addresses
* DNS and DHCP Process
* The ARP Process
* Routers, Broadcasts, and Proxy ARP
* Configuring DHCP on a Cisco Router With SDM

Lesson 8 – Memory Components and Config Files
This video introduces the student to basic password and security configurations, as well as assigning privilege levels; so, it’s really the foundation for their knowledge of router security as well as the basic password recovery process.
* ROM, RAM, NVRAM, And Flash
* The Boot Process
* Setup Mode
* Startup And Running Configuration Files
* The COPY Command
* IOS Upgrading
* The Configuration Register

Lesson 9 – Intro to Wireless Networks (WLANs)
Learn the standards of wireless, which relates to all wireless, not just Cisco. This is the fastest evolving and growing field. It’s also necessary to memorize this information for the exam.
* Wireless Network Types
* Standards and Ranges
* Spread Spectrum
* Antenna Types
* CA vs. CD
* SSIDs and MAC Address Authentication
* WEP, WPA, and WPA2

Lesson 10 – Binary Math and Subnetting
Fundamentals for the exam. Also, essential for IP addressing and IP address conservation. #1 topic that causes otherwise well prepared students to fail CCNA.
* “The Secret” (Of Binary Success, That Is)
* Decimal > Binary, Binary > Decimal
* Subnetting Basics
* Calculating Number of Valid Subnets
* Prefix Notification
* Calculating Number of Valid Hosts
* Calculating Number of Valid IP Addresses in a Given Subnet
* Calculating the Subnet Number of a Given IP Address
* Meeting Stated Design Requirements

Lesson 11 – Static Routing and RIP
More fundamentals for the exam, and you will see the work done over a Cisco router. You will learn how to manually set up routing. This video will pave the way for future exam and real world success.
* Static Routing Theory and Labs
* RIP Routing Theory and Labs
* “show ip protocols”, “show ip route rip”, “debug ip rip”, And More!

Lesson 12 – Wide Area Networks (WANs)
Learn to link routers with other routers for communication.
* Physical Side of WANs
* Directly Connecting Cisco Routers Via Serial Interfaces
* HDLC and PPP
* Intro to Frame Relay
* RFC 1918 Addresses, NAT and PAT
* Intro to ATM
* Modems and DSL Variations

Lesson 13 – Troubleshooting
95% of work in the real world is troubleshooting, so it’s necessary for real world success.
* Where to Begin
* Cisco Discovery Protocol (CDP)
* L1 and L2 Troubleshooting
* LAN Troubleshooting
* WAN Troubleshooting
* Telnet and SSH Review and Maintenance Commands
* Administrative Distance
* Extended Ping and Traceroute
* The Real Key to Troubleshooting

Lesson 14 – Introduction to Network Security
You will learn about network attackers and intruders, how they get in, and how to keep your network save by keeping them out.
* Firewalls and Proxy Servers
* The Attacker’s Arsenal
* Intro to PIX, ASA, IDS, and IPS
* Viruses, Worms, and Trojan Horses
* Preventing Virus Attacks
* One Final Cisco “Secret”

Lesson 15 – Introduction to ICND2
* Your Instructor
* CCNA Exam Paths

Lesson 16 – Switching II
* Root Bridges, Root Ports, and Designated Ports
* STP Timers and Port States
* Portfast
* VLANs and Trunking
* Access and Trunk Port Comparison
* “Router on a Stick”
* Etherchannels

Lesson 17 – PTP WAN Links, HDLC, PPP, and Frame Relay
This will help you when working on real production networks. All topics are shown being configured on live equipment. Frame Relay is a major topic on the exam and in the real world.
* HDLC vs. PPP
* PPP Features
* PAP and CHAP
* Frame Relay Introduction
* Frame Relay LMI Theory
* Frame Relay Configs, DLCIs, Frame Maps, and Inverse ARP
* Frame Sub-Interfaces3
* Split Horizon
* Frame Relay LMI Show, Debug, and Lab
* FECN, BECN, DE bits
* PVC Status Meanings

Lesson 18 – Static Routing and RIP
This video expands on the CCENT video, covering advanced topics found on the ICND2 and in the real world.
* Static Routing Theory and Configuration
* Distance Vector Protocol Behavior – Split Horizon and Route Poisoning
* RIP Theory and Version Differences
* The Joy of “show ip protocols”
* RIP Limitations
* RIP Timers
* Floating Static Routes

Lesson 19 – OSPF
OSPF is an Internet protocol. In this video you will look at types of OSPF and how to configure on a live network. Experience with OSPF is necessary for the CCNA, for the real world, and to build upon for CCNP & CCIE.
* Link State Routing Protocol Concepts and Basics
* The DR and BDR
* Hello Packets
* Troubleshooting Adjacency Issues
* Hub-and-Spoke NBMA OSPF Networks
* Broadcast Networks
* OSPF Router Types
* Advantages of OSPF
* Point-to-Point OSPF Networks
* Default-Information Originate (always?)
* OSPF Authentication

Lesson 20 – EIGRP
Learn the theory and practice with labs to learn this hybrid routing protocol which has increased operational efficiency from it predecessor. Learn the capabilities and attributes.
* Introduction to EIGRP
* Successors and Feasible Successors
* EIGRP vs. RIPv2
* Basic Configuration
* Wildcard Masks
* Load Sharing (Equal and Unequal-cost)
* EIGRP, RIPv2, and Autosummarization
* Passive vs. Active Routes

Lesson 21 – IP Version 6 and NAT
Learn the basic theory and routing protocol. You will need to know the basics for the CCNA exam and for working with networks. IP Version 6 is everywhere and becoming more prevalent, so understanding this material is vital for future success.
* IPv6 Theory and Introduction
* Zero Compression and Leading Zero Compression
* IPv6 Reserved Addresses
* The Autoconfiguration Process
* OSPF v3 Basics
* Transition Strategies
* NAT Theory and Introduction
* Static NAT Configuration
* Dynamic NAT Configuration
* PAT Configuration

Lesson 22 – VPNs and IPSec
Learn key terminology & definitions for the exam.
* Definitions and Tunneling Protocols
* Data Encryption Technologies
* Key Encryption Schemes
* IPSec, AH and ESP
* A VPN in Your Web Browser

Lesson 23 – ACLs and Route Summarization…part01.rar.html…part02.rar.html…part03.rar.html…part04.rar.html…part05.rar.html…part06.rar.html…part07.rar.html…part08.rar.html…part09.rar.html…part10.rar.html…part11.rar.html…part12.rar.html…part13.rar.html…part14.rar.html…part15.rar.html…part16.rar.html…part17.rar.html…part18.rar.html…part19.rar.html…part20.rar.html…part21.rar.html…part22.rar.html…part23.rar.html…part24.rar.html…part25.rar.html…part26.rar.html…part27.rar.html…part28.rar.html…part29.rar.html…part30.rar.html…part31.rar.html…part32.rar.html…part33.rar.html…part34.rar.html…part35.rar.html…part36.rar.html…part37.rar.html…part38.rar.html…part39.rar.html…part40.rar.html…part41.rar.html…part42.rar.html…part43.rar.html…part44.rar.html…part45.rar.html…part46.rar.html…part47.rar.html…part48.rar.html…part49.rar.html…part50.rar.html…part51.rar.html…part52.rar.html