Monday, August 31, 2020

Networking notes

b = bit 

B = byte

Storage in Bytes, networking speed in bits.

8 Mb = 1MB

VPN services are now as of Win2012 built into the OS.


Switch is a smart Hub.  Hubs are no more sophisticated than a splitter. Hubs went out by 2000.

4 to 48 ports is normal for small businesses.j

UNmanagemed Switch vs. Managed switch.

Unmanaged : everything is preset and not configurable/customizable.


T1 still for remote places physically too far for DSL.

T2 and T3 faster than T1.

DSL is not shared, but Cable is (in neighborhood)

trunk line

For CABLE, DOCSIS 3.0 was new in 2010 and was going to blow away DSL by like 10x.

Speeds:

1990s  10 Megabit (Mb)/s

2000s  100 Mb/s

2010s  1000 Mb/s (or 1 Gb)


WAPs: 

standards: 802.11 

four kinds A, B, G, N

A from Intel but flopped

A is not compatible with others.

B from 2001, 11Mb/s

G from 2004ish , 54Mb/s

B and G are compatible with each other.

N new in 2011ish. Lots of devices put out before standard was finalized, so these "pre-N" can have small quirks.

N brought a lot more DISTANCE (twice as large) , at least twice as fast (so 108 Mb/s + ), they allow for REAL TIME VOICE AND VIDEO.

Cabling:

300 feet to patch panel

Port to patch panel to switch

Patch panel useful also for if you want thousands of POTENTIAL live ports but only actually have, say 48 live connections (in your Switch)

(as of 2020, typical Cox speed easily: 530 Mbps)

Latency vs Speed

Latency is total time from REQUEST to time it actually starts being DELIVERED.

Latency important for VOIP, must be less than 20 ms (milliseconds)

--

As of 2011, if you had a dynamic IP,  a lot of spam filters would block things you sent.

As of 2011, ISPs stopped blocking ports.

VPN has its own typical port number(s).

Beware of T1's that are actually FRACTIONAL T1's.

T1 are  1.544 Mbps (synchronous, that is, up and download speed)

Cable easily surpasses this now.


FIOS:

Fiber Optic, so think VERIZON not Cable.

Way faster than cable.j

Huge infrastructure work



The annoying thing about Satellite (Dish) is not the speed per se, but the LATENCY. So no realtime/VOIP.  As of 2011 was still sucky.


Before CAT5 there was CAT3. 

(10-100 Mbps)

CAT 5e better (1,000 Mbps, or 1 Gbps)

CAT 6 next 

Plenum more expensive, used for inside ventilation areas (ducts, heating and cooling) because normal cable insulation is toxic when burning.

4 twisted pairs. twisting creates shielding. If you untwist, that exposes to interference (near jack).


RJ45 for networking, RJ11 is for telephones.


 Cabling pattern A vs B. In the US, use B pattern.

100 meters... about 330 feet limit (signal degradation) for a "run". Running cable.

fish tape, fish sticks (3 feet fiberglass poles that screw together) for drop ceilings. drywall saw 



Physcial Network Segmentation

Demarc Point: where authority for network transfers (like from TelCo to your business)

MDF (property mgt of a building)

Main Distribution Facility/Frame vs Intermediary D F.

- where all cables in building all come together in one central place, often in server room

IDF might be used per floor.



DMZ

- more vulnerable to hackers

- put web servers there, but not ACTIVE DIRECTORY or EMAIL SERVERS or FILE SERVERS

- all you need is TWO routers and firewalls instead of one.

(I wonder if nowadays you just LOGICALLY have two routers instead of PHYSICALLY)

Simple, one DMZ or complex multiple layers of DMZ possible.


Collisions, Broadcast storm

Switches LEARN where computers are and remember, Hubs would never learn.

backplane is TOTAL speed capable over switch

Switches use MAC addresses.

VLAN: only possible on MANAGED switches

- with convergence, we have VOIP and Surveillance traffic, and we don't want them to intermingle with other computer data.  VLANs allow you to have walled gardens. (?? maybe can be used for DMZs?????)


Power Over Ethernet - sending power through switch (12.9 watts ) . 


Class of Service is a way to prioritize VOIP over ordinary data.



Mapping a Network

ICMP - for ERROR messages

Echo request, port scanning, 

SMB Shares for WINDOWS shares.

SNMP for diagnosing (networking management)

- ex. if CPU goes over 90% usage for 5 minutes, send SNMP "trap", useful for inventory

DOS commands:

Ipconfig /all

Default Gateway is important.

If you have a complex network, DHCP, DNS and Default Gateway are all different. Simple network they are all the same. 

Ipconfig /release

Ipconfig /renew

Ping (ip address) -n 300  will do 300 pings.

Tracert


Network Mapping Software: Portscan, Spiceworks free (as of 2011)

NAT : Network Address Translation tables

Default Gateways are the ROUTERS themselves.

typical 198.168.0.1



Servers

Authentication Server, Active Directory, gives you an Access Control Key

Domain Controllers (no longer two kinds, Primary and Backup)

SAMBA is the Linux equivalent to Active Directory.

Remote Access... VPN Server.... (probably Citrix nowadays)


VPN necessary to prevent Man in the Middle Attack.

Tunneling Protocol, everything is encrypted within the tunnel.

Both the tunnel and the internal data is encrypted.

Also tunnels will try to DETECT penetrations from man-in-the-middle snooping.  But be careful, because sometimes old wiring can create the appearance of a hack attack (as far as the VPN is concerned).  Also ancient routers might not allow VPN tunnels.

Typically you have a VPN Server and then a VPN CLIENT to connect to it.

UPLOAD speed so critical for VPN


OpenDNS not only for preventing users from going to bad website, but prevents any malware from "phoning home" behind the scenes.  Sounds like OpenDNS works by "outsourcing" your DNS server to the Cloud. 


GEOLOCATION came along with HTML5 built-in.

Prior to it, triangulation was used.... using time of signal from radio towers.

ARIN is the Internet numbering organization.

Part of IP address registering is giving a physical location.

Google war driving mapping wireless access points by broadcast ID, mac address... (? 2012)




No comments: