Wednesday, March 30, 2011

Difference between RIP V1 & RIP V2

Difference between RIP V1 & RIP V2.

RIP V1 : Distance Vector Maximum Hop count of 15 Classful No Support for VLSM No support for Discontigious networks.

RIP V2 : Distance Vector Maximum Hop count of 15 Classless Supports VLSM networks Supports Discontigious networks


 Mulitcasting :

Any Communication between a single sender and multiple receivers.

In Networking Multicast messages are sent to a defined subset of the network addresses.
Posted by at No comments:

What is classful and classless routing ?


Classful routing : Routing Protocol that do not send subnet mask information when a route update is sent out. All devices in the network must use the same subnet mask.


Eg : RIP V1

Classless routing : Routing that sends subnet mask information in the routing updates. Classless routing allows VLSM (Variable Length Subnet Masking) 

Eg : RIP V2 EIGRP & OSPF.


Posted by at No comments:

what is the difference Between BRI & PRI ?


          Both BRI (Basic Rate Interface) and PRI (Primary Rate Interface) provide multiple digital bearer channels over which temporary connections can be made and data can be sent.

Features:

ISDN BRI services 2 B channels (64 kbps) and one D channel (16 kbps). The total bandwidth is 144 kbps.

In North America ISDN PRI service is PRI T1 total bandwidth 1.544 Mbps ( 23 B channel with 64 kbps + 1 D channel with 64 Kbps)

In Europe ISDN PRI service is PRI E1 total bandwidth 2.048 Mbps (30 B channel with 64 kbps + 1 D channel with 64 Kbps)
Posted by at No comments:

Tuesday, March 29, 2011

IPv6 Transition Technology


Posted by at No comments:

IPv4 Vs IPv6


Posted by at No comments:

PUBLIC DNS SERVER

=> Service provider: Google
Google public dns server IP address:
  • 8.8.8.8
  • 8.8.4.4
=> Service provider: Dnsadvantage
Dnsadvantage free dns server list:
  • 156.154.70.1
  • 156.154.71.1
=> Service provider: OpenDNS
OpenDNS free dns server list / IP address:
  • 208.67.222.222
  • 208.67.220.220
=> Service provider: Norton
Norton free dns server list / IP address:
  • 198.153.192.1
  • 198.153.194.1
=> Service provider: GTEI DNS (now Verizon)
Public Name server IP address:
  • 4.2.2.1
  • 4.2.2.2
  • 4.2.2.3
  • 4.2.2.4
  • 4.2.2.5
  • 4.2.2.6
=> Service provider: ScrubIt
Public dns server address:
  • 67.138.54.100
  • 207.225.209.66
Posted by at No comments:

IPv6 Header


   IPv6 Header:





IPv6 header contains the following things:

  • Version - This field contains the version of the IP used in the packet. It is of 4-bit in IP version 6.
  • Traffic class - This is an 8-bits field determining the packet priority. Priority values subdivide into ranges: traffic where the source provides congestion control and non-congestion control traffic.
  • Flow label - This 20 bits specifies the QoS management. Originally created for giving real-time applications special service, but currently unused.
  • Payload length - This 16 bits determines the payload length in bytes. When cleared to zero, the option is a "Jumbo payload" (hop-by-hop).
  • Next header - This 8-bits field specifies the next encapsulated protocol. The values are compatible with those specified for the IPv4 protocol field.
  • Hop limit - This is an 8-bits field newly introduced in IPv6. It replaces the time to live field of IPv4.
  • Source Address - This 128 bits field determines the logical address of the host that is sending the packet.
  • Destination Address - This 128 bits field determines the logical address of the host that is receiving the packet.
Posted by at No comments:

Difference Between IPv4 and IPv6


IPv4 
 
  • Source and destination addresses are 32 bits (4 bytes) in length.
  • IPSec support is optional.
  • IPv4 header does not identify packet flow for QoS handling by routers.
  • Both routers and the sending host fragment packets.
  • Header includes a checksum.
  • Header includes options.
  • Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IP address to a link-layer address.
  • Internet Group Management Protocol (IGMP) manages membership in local subnet groups.
  • ICMP Router Discovery is used to determine the IPv4 address of the best default gateway, and it is optional.
  • Broadcast addresses are used to send traffic to all nodes on a subnet.
  • Must be configured either manually or through DHCP.
  • Uses host address (A) resource records in Domain Name System (DNS) to map host names to IPv4 addresses.
  • Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names.
  • Must support a 576-byte packet size (possibly fragmented).

IPv6
 
  • Source and destination addresses are 128 bits (16 bytes) in length.
  • IPSec support is required.
  • IPv6 header contains Flow Label field, which identifies packet flow for QoS handling by router.
  • Only the sending host fragments packets; routers do not.
  • Header does not include a checksum.
  • All optional data is moved to IPv6 extension headers.
  • Multicast Neighbor Solicitation messages resolve IP addresses to link-layer addresses.
  • Multicast Listener Discovery (MLD) messages manage membership in local subnet groups.
  • ICMPv6 Router Solicitation and Router Advertisement messages are used to determine the IP address of the best default gateway, and they are required.
  • IPv6 uses a link-local scope all-nodes multicast address.
  • Does not require manual configuration or DHCP.
  • Uses host address (AAAA) resource records in DNS to map host names to IPv6 addresses.
  • Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names.
  • Must support a 1280-byte packet size (without fragmentation).

Posted by at No comments:

Saturday, March 26, 2011

About IPV6

Posted by at No comments:

Thursday, March 17, 2011

How to Configure Switch Security ?

Cisco Switch Port Security

Conventional network security often focuses more on routers and blocking traffic from the outside. Switches are internal to the organization and designed to allow ease of connectivity, therefore only limited or no security measures are applied.
The following basic security features can be used to secure your switches and network:

*  Physically secure the device
Use secure passwords
*  Enable SSH access
*  Enable port security
*  Disable http access
*  Disable unused ports
*  Disable Telnet

Lets look at how to implement and configure some of the above mentioned switch security features.

1.   How To Configure the privileged EXEC password.
       Use the enable secret command to set the password. For this activity, set the password to orbit.
SW1#configure terminal
SW1(config)#enable secret orbit
SW1(config)#

2.   How To Configure virtual terminal (Telnet) and console passwords and require users to login.
A password should be required to access the console line.  Even the basic user EXEC mode can provide significant information to a malicious user. In addition, the VTY lines must have a password before users can access the switch remotely.
Use the following commands to secure the console and telnet:
SW1(config)#line console 0
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#

3.  How To Configure password encryption.
At this stage, the privileged EXEC password is already encrypted. To encrypt the line passwords that you just configured, enter the service password-encryption command in global configuration mode.
SW1(config)#service password-encryption
SW1(config)#

4.  How To Configure and test the MOTD banner.
Configure the message-of-the-day (MOTD) using Authorized Access Only as the text. Follow these guidelines:
i.   The banner text is case sensitive. Make sure you do not add any spaces before or after the banner text.

ii.   Use a delimiting character before and after the banner text to indicate where the text begins and ends. The delimiting character used in the example below is %, but you can use any character that is not used in the banner text.

iii.   After you have configured the MOTD, log out of the switch to verify that the banner displays when you log back in.

SW1(config)#banner motd %Authorized Access Only%
SW1(config)#end
SW1#exit

5.  How To Configure Port Security
Enter interface configuration mode for FastEthernet 0/11 and enable port security.
Before any other port security commands can be configured on the interface, port security must be enabled.
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport port-security
* Notice that you do not have to exit back to global configuration mode before entering interface configuration mode for fa0/11.

6. How To configure the maximum number of MAC addresses.
To configure the port to learn only one MAC address, set the maximum to 1:
SW1(config-if)#switchport port-security maximum 1

7.  How To configure the port to add the MAC address to the running configuration.
The MAC address learned on the port can be added to (“stuck” to) the running configuration for that port.
SW1(config-if)#switchport port-security mac-address sticky 

8. How To Configure the port to automatically shut down if port security is violated.
If you do not configure the following command, SW1 only logs the violation in the port security statistics but does not shut down the port.
SW1(config-if)#switchport port-security violation shutdown
Use the show-mac-address- table command to confirm that SW1 has learned the MAC address for the intended devices, in this case PC1.
SW1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
20 0060.5c4b.cd22 STATIC Fa0/11

You can use the show port-security interface fa0/11 command to also verify a security violation with the command.
SW1#show port-security interface fa0/11

Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 00E0.F7B0.086E:20
Security Violation Count : 1

9.  How To Secure Unused Ports
Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. Disabling an unused port stops traffic from flowing through the port(s)
Step 1: Disable interface Fa0/10 on SW1.
Enter interface configuration mode for FastEthernet 0/17 and shut down the port.
SW1(config)#interface fa0/10
SW1(config-if)#shutdown
Step 2: Disable interfaces Fa0/1 to Fa0/24 on SW1
SW1(config)#interface range fa0/1-24
SW1(config-if)#shutdown
Posted by at No comments:

Sucure your Cisco Routers

How to secure your network with Cisco Routers
  • Security passwords configuration
  • Pass phrases configuration
  • Secure administrative access
  • Secure Telnet and SSH
  • Maintain Router activity logs
Before we learn how to secure Cisco routers, lets briefly summarise the role routers play in network security

The Role of Routers in Network Security

As you must have known, routers are used to route traffic between different networks based on Layer 3 IP addresses and provide access to network segment and sub networks. So said, that makes routers the definite targets for network attackers. When the border router of an organisation’s network is compromised or gained access to, unauthorized, it poses a potential threat to its sensitive information and other network services and resources.
Routers can be compromised in many ways, (Trust exploitation and MITM attacks) and this exposes the internal network configuration or components to scans and attacks.
In summary, two primary roles router plays in a network.

  • Advertise networks and filter (permit/deny) who can use them.
  • Provide access to network segments and subnetworks
                             


Posted by at No comments:

MAJOR ISP IN INDIA


     MAJOR ISP’S IN INDIA


1.      Bharti Airtel Ltd.

2.      BSNL.

3.      Reliance Communication.

4.      Sify Technologies Ltd.

5.      Tata Communications Ltd.

6.      Tata Teleservices Ltd.

7.      Tulip Telecom Ltd.
Posted by at No comments:
Subscribe to: Comments (Atom)