Simple Network Management Protocol - SNMP

Simple Network Management Protocol (SNMP) is a widely used protocol designed to facilitate the management of networked devices from a central location.  Designed originally for the management of devices such as routers and switches, its usage has grown rapidly to encompass the monitoring of nearly any electronic device one can think of.  SNMP is now  used to monitor and manage television broadcast studios, automated fare collection systems, airborne military platforms, energy distribution systems, emergency radio networks, and much more.

The SNMP architecture is composed of three major elements:

• Managers (software) are responsible for communicating with (and managing) network devices that implement SNMP Agents (also software).
• Agents reside in devices such as workstations, switches, routers, microwave radios, printers, and provide information to Managers.
• MIBs (Management Information Base) describe data objects to be managed by an Agent within a device. MIBs are actually just text files, and values of MIB data objects are the topic of conversation between Managers and Agents.

SNMP Standards and Versions:
SNMP Standards are described in Request for Comments (RFC) documents published by the Internet Engineering Task Force (IETF).  Standards Topics can generally be categorized into:

• Messaging protocols between Managers and Agents (which encompasses security issues)
• MIB syntax standards
• “Standard MIB” definitions

Dynamic Host Configuration Protocol - DHCP

DHCP (Dynamic Host Configuration Protocol) is a protocol that lets network administrators manage centrally and automate the assignment of IP (Internet Protocol) configurations on a computer network. When using the Internet's set of protocols (TCP/IP), in order for a computer system to communicate to another computer system it needs a unique IP address. Without DHCP, the IP address must be entered manually at each computer system. DHCP lets a network administrator supervise and distribute IP addresses from a central point. The purpose of DHCP is to provide the automatic (dynamic) allocation of IP client configurations for a specific time period (called a lease period) and to eliminate the work necessary to administer a large IP network.

Work Of DHCP:

When a client needs to start up TCP/IP operations, it broadcasts a request for address information. The DHCP server receives the request, assigns a new address for a specific time period (called a lease period) and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. The DHCP server will not reallocate the address during the lease period and will attempt to return the same address every time the client requests an address. The client may extend its lease with subsequent requests, and may send a message to the server before the lease expires telling it that it no longer needs the address so it can be released and assigned to another client on the network.

Network Interface Card - NIC

A Network Interface Card (NIC) is a device that allows computers to be joined together in a network, typically a Local Area Network (LAN). Networked computers communicate with each other using a particular protocol or agreed-upon language for transmitting data packets between the different machines or "nodes." The network interface card acts as an interpreter, allowing the machine to both send and receive data on a LAN. Information Technology (IT) specialists often use these cards to setup wired or wireless networks.

Function and Purpose of an NIC

One of the most common languages or protocols used with a LAN is Ethernet. There are also other, lesser-used protocols such as Token Ring. When building a LAN, a network interface card is installed in each computer on the network and each one must use the same architecture. For example, all the cards must be Ethernet cards, Token Ring cards, or an alternate technology.

An Ethernet network interface card is installed in an available slot inside the computer, typically on the motherboard. The NIC assigns a unique Media Access Control (MAC) address to the machine, which is used to direct traffic between the computers on a network. Network cards also change data from a parallel format, used by computers, to a serial format necessary in data transfers; and then back again for received information.

Firewall

A Hardware Firewall is a network device that is connected upstream from a server. The Firewall blocks unwanted traffic from a server before the traffic ever reaches the server. The main advantage to having a Hardware Firewall is that a server only has to handle 'good' traffic and no resources are wasted dealing with the 'bad' traffic.Configuring a Firewall is as simple as creating a set of rules to allow access to certain ip addresses and ports from specific internet addresses.

Adding a Firewall to a Server:

To add a Firewall to a server, click on the link under the Security->hardware firewall tab in the customer portal. This page will display a list of servers on the account and which servers are eligible to be protected by a Firewall, which ones are already protected by a Firewall, and which ones cannot be protected by a Firewall due to network configuration.

To add a Firewall to your server, assuming the server is eligible for a Firewall, click the 'add' link and instructions will be displayed on how to have Firewall protection added to the server. Once a Firewall has been added to a server, an 'edit' link will be available to configure the Firewall.

Common Ports:

 
FTP - 21
SSH - 22
Telnet - 23
SMTP - 25
DNS - 53
HTTP - 80
POP3 - 110
IMAP - 143
HTTPS - 443
MSSQL - 1433
MySQL - 3306
Remote Desktop - 3389
PostgreSQL - 5432
VNC Web - 5800
VNC Client - 5900
Urchin - 9999 or 10000

Routing Information Protocol - RIP

Routing Information Protocol (RIP) is a standards-based, distance-vector, interior gateway protocol (IGP) used by routers to exchange routing information. RIP uses hop count to determine the best path between two locations. Hop count is the number of routers the packet must go through till it reaches the destination network. The maximum allowable number of hops a packet can traverse in an IP network implementing RIP is 15 hops.

it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it's inefficient on large networks with slow WAN links or on networks with a large number of routers installed.

In a RIP network, each router broadcasts its entire RIP table to its neighboring routers every 30 seconds. When a router receives a neighbor's RIP table, it uses the information provided to update its own routing table and then sends the updated table to its neighbors.

RIP Timers:

 

• RIP uses four different kinds of timers to regulate its performance:
• Route update timer
• Sets the interval (typically 30 seconds) between periodic routing updates in which the router sends a complete copy of its routing table out to all neighbors.
• Route invalid timer
• Determines the length of time that must elapse (180 seconds) before a router determines that a route has become invalid. It will come to this conclusion if it hasn’t heard any updates about a particular route for that period. When that happens, the router will send out updates to all its neighbors letting them know that the route is invalid.
• Hold down timer
• This sets the amount of time during which routing information is suppressed. Routes will enter into the hold down state when an update packet is received that indicated the route is unreachable. This continues either until an update packet is received with a better metric or until the hold down timer expires. The default is 180 seconds.
• Route flush timer
• Sets the time between a route becoming invalid and its removal from the routing table (240 seconds). Before it's removed from the table, the router notifies its neighbors of that route's impending failure. The value of the route invalid timer must be less than that of the route flush timer. This gives the router enough time to tell its neighbors about the invalid route before the local routing table is updated.

Subnetting In Network

The process of subnetting involves dividing a network up into smaller networks called subnets or sub networks. Each of these subnets has its own specific address. To create these additional networks we use a subnet mask. The subnet mask simply determines which portion of the IP address belongs to the host. The subnet address is created by dividing the host address into network address and host address.

The network address specifies the type of subnetwork in the network and the host address specifies the host of that subnet. Subnets are under local administration. As such, the outside world sees an organization as a single network and has no detailed knowledge of the organization's intema1 structure. Subnetting provides the network administrator with several benefits, including extra flexibility, more efficient use of network address and the capability to contain broadcast traffic. A given .network address can be broken up into may subnetworks. For example, 172.16.1.0, 172.16.2.0, 172.16.3.0 and 172.16.4.0 are all subnets within network 171.16.0.0.

A subnet address is created by. borrowing bits from the host field and designating them as subnet field. The number of bits borrowed varies and is specified by the subnet mask.

CIDR - Classless Inter Domain Routing

Classless Inter Domain Routing (CIDR) was invented to keep the Internet from running out of IP Addresses. The IPv4, a 32-bit, addresses have a limit of 4,294,967,296 (232) unique IP addresses. The classful address scheme (Class A, B and C) of allocating IP addresses in 8-bit increments can be very wasteful. With classful addressing scheme, a minimum number of IP addresses allocated to an organization is 256 (Class C). Giving 256 IP addresses to an organization only requiring 15 IP addresses is wasteful. Also, an organization requiring more than 256 IP addresses (let's say 1,000 IP addresses) is assigned a Class B, which allocates 65,536 IP addresses. Similarly, an organization requiring more than 65,636 (65,634 usable IPs) is assigned a Class A network, which allocates 16,777,216 (16.7 Million) IP addresses. This type of address allocation is very wasteful.

With CIDR, a network of IP addresses is allocated in 1-bit increments as opposed to 8-bits in classful network. The use of a CIDR notated address can easily represent classful addresses (Class A = /8, Class B = /16, and Class C = /24). The number next to the slash (i.e. /8) represents the number of bits assigned to the network address. The example shown above can be illustrated with CIDR as follows:

   216.3.128.12, with subnet mask of 255.255.255.128 is written as
   216.3.128.12/25

   Similarly, the 8 customers with the block of 16 IP addresses can be
   written as:

   216.3.128.129/28, 216.3.128.130/28, and etc.

With an introduction of CIDR addressing scheme, IP addresses are more efficiently allocated to ISPs and customers; and hence there is less risk of IP addresses running out anytime soon.

POP

POP is the older design, and hails from an era when intermittent connection via modem (dial-up) was the norm.  POP allows users to retrieve email when connected, and then act on the retrieved messages without needing to stay "on-line."  This is an important benefit when connection charges are expensive.

The basic POP procedure is to retrieve all inbound messages for storage on the client, delete them on server, and then disconnect.  (The email server functions like a mailbox at the Post Office -- a temporary holding area until mail gets to its final destination, your computer.)

Outbound mail is generated on the client, and held for transmission to the email server until the next time the user's connection is active.  After it's uploaded, the server forwards the outgoing mail to other email servers, until it reaches its final destination.

Most POP clients also provide an option to leave copies of email on the server.  In this case, messages are only removed from the server when greater than a certain "age" or when they have been explicitly deleted on the client.  It's the copies on the client that are considered the "real" ones, however, with those left on the server merely temporary backups.

Photonic Networks

Technology is constantly improving, often without us even noticing. We are forever finding a new feature on our phones or computers which makes life easier, more manageable and generally quicker. These improvements are often hard to follow, especially when you are running a business, but even a small development can have a huge impact on your productivity. Here are some of the best efficiency improving advances which you should know about.

Terminal Emulation

Getting a Windows terminal emulator could make a huge difference to your business. It will allow you to easily run demanding software on older machines without the need to replace it or install different software. This makes the upgrading of systems far easier, whilst enabling cross-compatibility within your company. Another huge benefit of terminal emulation can be experienced with a 3270 emulation. This will enable access to all of your business phones and imbedded devices through your computer so that you are better
able to manage your business systems.

Remote Desktop

The remote desktop is a fantastic tool which remains underutilized by many businesses. A remote desktop has numerous benefits for a company, because it increases the efficiency of employees. Instead of working on a laptop whilst travelling between jobs and suffering from the lack of access to important files, remote desktops will allow this access wherever you are. Having an internet connection will allow your staff to work on their company computer at all times, so they will always be able to work at full productivity.

Cloud Computing

Cloud computing is probably the biggest innovation of recent years, which will begin to become more available to businesses and personal users soon, particularly with the upcoming release of the new Windows 8 software. The particular benefit of the Microsoft SkyDrive is that it will allow people to run Apps within the cloud so that they will always be able to ensure compatibility with whatever technology they are provided. In terms of business meetings, this will be incredibly important because it will make meetings and presentations far easier to manage.

Social Networking

Social networking is a great way to communicate within a business, as well as outside of it. Internal social networks can be created which are either independent or which piggyback off another network. These social spaces enable fast and effective communication of ideas and developments to a large group of people within your company. It will allow you to ensure that your staff are always up to date with the latest developments and it will provide some opportunities for light-hearted fun, too.

4G

4G in itself will do nothing to improve the networking of home and office, but what it will enable is huge. The faster transfer of data wirelessly is the next step in making computing completely mobile and the increase in speed will enable a far greater range of network capabilities.

Trends Impacting The future Of Networking

As I see it, changes are afoot in the networking world. With explosive growth in mobility and increased adoption of cloud computing, unified communications and collaboration services, along with a change in consumer behavior, your organization will have to change how you think about information technology today.

Your personal experience at home is changing with an increased use of rich media such as sharing photos in the cloud, connecting to your friends via Facebook to watching your favorite TV shows on your iPad. Consumers have been able to digitize their personal life and now they want to have those same experiences in the workplace.To accommodate this shift, your IT staff will be challenged to keep up with the translation of employee’s personal expectations into their work environment.

Additional stress is added to an organization’s network with the need to keep up with today’s digital life, which requires more flexibility and bandwidth requirements to support new content and applications. Let me break down the five key trends that will continue to move through organizations like a volcano on the brink of erupting—putting strain on your network’s flexibility and bandwidth: 

1.  Mobility

2.  Consumerization of IT

3.  Pace of change

4.  Globalization meets centralization

5.  Prevalence of the cloud

Terminal Access Controller Access Control System - TACACS

Nonprivileged and privileged mode passwords are global and apply to every user accessing the router from either the console port or from a Telnet session. As an alternative, the Terminal Access Controller Access Control System (TACACS) provides a way to validate every user on an individual basis before they can gain access to the router or communication server. TACACS was derived from the United States Department of Defense and is described in Request For Comments (RFC) 1492. TACACS is used by Cisco to allow finer control over who can access the router in nonprivileged and privileged mode.With TACACS enabled, the router prompts the user for a username and a password. Then, the router queries a TACACS server to determine whether the user provided the correct password. A TACACS server typically runs on a UNIX workstation. Public domain TACACS servers can be obtained via anonymous ftp to ftp.xyz.com in the /pub directory. Use the /pub/README file to find the file name. 

The configuration command tacacs-server host specifies the UNIX host running a TACACS server that will validate requests sent by the router. You can enter the tacacs-server host command several times to specify multiple TACACS server hosts for a router. Privileged Access This method of password checking can also be applied to the privileged mode password with the enable use-tacacs command. If all servers are unavailable, you may be locked out of the router. 

In that event, the configuration command enable last-resort [succeed | password] allows you to determine whether to allow a user to log in to the router with no password (succeed keyword) or to force the user to supply the enable password (password keyword). There are significant risks to using the succeed keyword. If you use the enable use-tacacs command, you must also specify the tacacs-server authenticate enable command.

Recent trends in social networking

Social networking was the most popular method used by companies to improve their visibility and increase the number of customers.It 's interesting to note that what began as a way in which they were connected to friends and relatives, is now a popular means used by companies to communicate vital information to their customers, both existing and potential. The initial wave of sites such as Facebook, MySpace and Twitter, which are equally popular. 

However, some latest trends in social networking these days are known, some of which are:
Social networking goes mobile: with the increasing use of handheld devices and smart phones from people in various businesses, it is clear that a field like social networking would soon adapt to the mobile world, or face the problem of become obsolete. The current trend, which was initially started by the iPhone, involving different sites widget available on a variety of smart phones on the market.

These widgets offer a great way for entrepreneurs as well as their employees to stay in touch and communicate with their customers and visitors in real time.The integration of networking sites more: given the multitude of social networking sites available on the Internet today, choosing the best for your business often becomes very difficult and in some cases, even impossible.Often it is seen that more than one social networking site is important to get visibility with your target.

This is exactly where the concept of integration and connection among other things, the various social networking sites come into play.Widgets are readily available on most sites that allow you to send the same information on multiple sites. For example, if you are updating your status on Twitter, then you can also upload the same on Facebook without duplicating your efforts. Similarly, your LinkedIn profile can easily be linked to other social networking sites so that your followers or fans in a site known to the other. So, you can easily conduct both business and personal communication simultaneously.

The demand for professional business networking sites on-line: more companies with more entering the field of internet marketing, there is a need for more professional networking sites such as LinkedIn, which is becoming a new trend that will in the future. In the past, sharing was more of a personal nature, with information that is doled so that it reaches the other, without hiding the privacy of anyone. However, if you really want to have a sales network in these days, it is important to make sure to share information in a way that is similar to what you would do in any business meeting.

The above trends are just three of many who dominate the world in the coming years. So make your choice based on what your needs and priorities.

Internet Message Access Protocol - IMAP

Stands for "Internet Message Access Protocol" and is pronounced "eye-map." It is a method of accessing e-mail messages on a server without having to download them to your local hard drive. This is the main difference between IMAP and another popular e-mail protocol called "POP3." POP3 requires users to download messages to their hard drive before reading them. 

The advantage of using an IMAP mail server is that users can check their mail from multiple computers and always see the same messages. This is because the messages stay on the server until the user chooses to download them to his or her local drive. Most webmail systems are IMAP based, which allows people to access to both their sent and received messages no matter what computer they use to check their mail.

Most e-mail client programs such as Microsoft Outlook and Mac OS X Mail allow you to specify what kind of protocol your mail server uses. If you use your ISP's mail service, you should check with them to find out if their mail server uses IMAP or POP3 mail. If you enter the wrong protocol setting, your e-mail program will not be able to send or receive mail.

Network Management Needs New Ideas

As networks have grown, the industry has sought better ways in which to manage them at scale. Traditional network management systems are typically device-centric, particularly for network infrastructure. These systems take a top-down management approach and use a central server to push configuration into devices and to manage device state. With few exceptions, this approach provides no additional abstraction or functionally and fundamentally becomes a GUI representation of CLI configuration.

Top Down Management:

 
This top-down management model runs into problems when networks begin to scale. The problem is twofold: The management server (or a cluster of servers) must support additional elements that get added to the network, and also be able to handle the increasing complexity that comes from managing the state of numerous devices and other minute details.
We can conceptualize this approach as a "big brain" system, which is illustrated below. Unfortunately, the big brain doesn't scale well.                      

The top-level manager must have knowledge of the state of each device and its components as well as the configuration options available for that device. As the overall system scales these systems expand in code complexity and CPU intensity. The fragility comes from the code requirements for precise management of numerous objects, as well as from the structure of the management itself. For example, a centralized management system assumes that the known state of the devices under management are the actual state of those devices. In the real world, however, changes occur and faults happen outside the control of central manager.

Inconsistency between actual state and intended state causes complications with normalizing the system. The linear processing of top-down instructions provides no ability to self-reconverge, or adopt dynamic changes.

Concepts in Promise Theory:

For systems to scale past legacy enterprise environments into densely virtualized or cloud infrastructures, a new management paradigm is needed. We can take concepts from the design of distributed systems.

The first concept is the promise theory. At a high level, the promise theory provides a framework of autonomous agents that assist one another through voluntary cooperation. Rather than have a system of slave objects that rely on orders from a central management system, each object maintains responsibility for itself, and issues declarative state requirements to objects further down the hierarchy (which are in turn autonomous). 

Each object below the control system is fully autonomous and responsible for accepting change requests. Objects are additionally responsible for translating declarative state requirements into actual configuration changes and reporting faults or exceptions upward while maintaining implicit retries. This becomes a constant enforcement loop: observe > interpret > apply. In this model, the intelligence (the brain) is distributed throughout the system.

Promise Theory Model

 
The promise theory model eliminates the serial nature of issuing and executing commands inherent in top-down models. This allows objects in the model to receive declarative state requirements from several other objects or control systems simultaneously and take responsibility for applying them. Declarative state requirements can also come from peers within the system, which can be thought of as requirements spreading like ripples through the system. This provides for better performance, faster convergence, implicit re convergence, self-healing and distributed management.

                            

The second concept that can be taken from distributed systems is the distribution of management. Rather than relying on scale-up, single controller models, or on scale-out models where state replication induces complexity and uncertainty, management can instead be distributed across multiple elements.

This distributed model of management provides far greater scale and resiliency than centralized management. As elements are added to the system, managers can be added as required. This model provides a linear scale between managed objects and management objects.

Internet Working Mechanism

The internet is a world-wide network of computers linked together by telephone wires, satellite links and other means. For the sake of simplicity we will say that all computers on the internet can be divided into two categories: servers and browsers.

Servers are where most of the information on the internet "lives". These are specialized computers which store information, share information with other servers, and make this information available to the general public.

Browsers are what people use to access the World Wide Web from any standard computer. Chances are, the browser you're using to view this page is either Netscape Navigator/Communicator or Microsoft Internet Explorer. These are by far the most popular browsers, but there are also a number of others in common use.

                        

           
When you connect your computer to the internet, you are connecting to a special type of server which is provided and operated by your Internet Service Provider (ISP). The job of this "ISP Server" is to provide the link between your browser and the rest of the internet. A single ISP server handles the internet connections of many individual browsers - there may be thousands of other people connected to the same server that you are connected to right now.

                  

ISP servers receive requests from browsers to view webpages, check email, etc. Of course each server can't hold all the information from the entire internet, so in order to provide browsers with the pages and files they ask for, ISP servers must connect to other internet servers. This brings us to the next common type of server: the "Host Server".

Host servers are where websites "live". Every website in the world is located on a host server somewhere (for example, MediaCollege.Com is hosted on a server in Parsippany, New Jersy USA). The host server's job is to store information and make it available to other servers.

• To view a web page from your browser, the following sequence happens:
• You either type an address (URL) into your "Address Bar" or click on a hyperlink.
•  Your browser sends a request to your ISP server asking for the page.
•  Your ISP server looks in a huge database of internet addresses and finds the exact host   server which houses the website in question, then sends that host server a request for the page.
• The host server sends the requested page to your ISP server.
• Your ISP sends the page to your browser and you see it displayed on your screen.

 

Data Security in Network

Data Security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites.It means protecting a database from destructive forces and the unwanted actions of unauthorized users.Data is any type of stored digital information.Security is about the protection of assets.  It is based on prevention, Detection and Reaction.

Security Measures:

Data security is subject to several types of audit standards and verifications. The most common are ISO 17799, ISO 2700102, ITIL, SAS-70, HIPPA, SOX…Security measures controlling physical access to hardware and software, backing up data and programs (storing a copy of files on a storage device to keep them safe). Implementing network controls such as using password, installing firewall, encrypting data, installing a call back system, using signature verification and biometric security devices.Data are protected from many type of viruses or other techniques such as hacking, salami shaving, denial of service attack, Trojan horse, trapdoors, mail bombing, spoofing, defacing, hijacking, jump command, EXE files, Trojan etc…

The Security Policy :

The Security Policy is the key document in effective security practices.Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.  All users need to be trained on these best practices with continuing education at regular intervals.Secure data usually isolated from other stored data because the sensitive data must be logged. The encryption is too difficult in the sensitive data.

To monitor Secure Data the following tools are used: passwords, log files, protection systems, alert administrators, SNMP monitoring servers etc…Backups are used to ensure data which is lost can be recovered. 

Data Masking of structured data is the process of masking specific data within a database to ensure that data security is maintained and sensitive information is not exposed to unauthorized personnel. Data Erasure is software based overwriting method.  It completely destroys all electronic data residing on a hard drive.

Security Threats:

• Technical Data Security Threats to Information Systems contains Non-existent security architecture, Un-patched Client side software and applications, “phishing” and targeted attacks (“Spear Phishing”), Internet Web Sites, Poor Configuration Management, Mobile devices, Cloud Computing, Removal Media, Zero-day attacks.
• Non-technical Cyber Security Threats to Information Systems contains Insider, Poor Passwords, Physical security, Insufficient backup and recovery, Improper destruction, Social media, Social Engineering.

Once the risks have been assessed and organizational security policies specified, security architecture should be designed and a security plan implemented.  Consistent implementation of the security plan will reduce susceptibility to cyber threats and increase the overall security of an organization’s data.

Need of Efficient Computer Network

If you want to have a good connection with your clients, you need to ensure you have efficient computer network. This will enable you to use the internet to your advantage. You have the chance to make more cash if you use the right methods. This will include

•    Using the social sites
•    Having fast and reliable internet connection
•    Using the networking options that many companies have
•    Knowing the latest tricks used to advertise your business

Many company owners want to cut down on costs but it gets harder when they do not have the efficient computer network leads. It blocks them from having the direct connection with the clients and this means the business will not grow as desired. In order to get the right reaction, you have to make sure you connect with the clients using means they can relate.

When you have a website, you shall have the chance of posting videos, photos, and messages for clients. However, many people will not have the right hosting and this makes it harder for clients to load the site. It needs to be fast, and very effective for them to get the messages. If you decide to use the social sites, it is important to keep the readers abreast all the time. This means you have the capacity to get the latest feeds on time. This means the clients will get all the messages you post on time.

You get many benefits when you have the efficient computer network. This means you are always on the network all day and night. It enables clients from all over the world to get in touch with you regardless of time barrier. However, you need to make sure you have invested in the right media in order to connect with your clients well. Many make the mistake of settling with cheaper solutions, which do not guarantee them the right connection with the clients. Luckily, when you have an efficient computer network, you have the guarantee of getting the attention of your clients. It is important for one to use the latest media solutions to update their clients.