Sunday, May 20, 2012
This book is exactly what its title says - a reference book for XAML. It covers all major areas of XAML related programming - focussing mostly on WPF and Silverlight.
My reactions to reading the book – I did find a few gems in the book, but generally it is a reference book and is intended to be read as a reference book (in small sections as needed or as a general overview).
At times I did ask myself what value I was getting from the book vs reading online references like MSDN but if you are the type of person who does not want to be on the internet searching up topics and want a quick reference for XAML - this book will be a useful companion for XAML related programming.
To see where you can buy it – click here
Thursday, April 26, 2012
Before I go into the contents of this post I would like to give a quick disclaimer – I have been asked to give review of the SQL Source Control webinar, my payment of the review is a free license of SQL Source Control from Red Gate. It’s great to have the license but I have no need for it as my company has already purchased a license of SQL Toolbelt from Red Gate which includes SQL Source Control. I might come across as a bit of a Red Gate fan boy, but it is because their tools have saved my bacon a few times instead of me getting the free license…
Why SQL DB Products from Red Gate
We had a mini disaster a few months ago when we rolled something out to production and a core component of the system just didn’t work. We ended up having 3 senior developers huddled around a monitor trying to determine the cause of the issue – we had already burned an hour or two on trying to debug the issue but could see what was wrong. We had a hunch that it had something to do with one of our SQL update scripts not working correctly against our production schema as the system worked fine on our PostDev environment but we could just not see what was different or missing.
Time was absolutely against us and after exhausting all other options in a last ditch effort to find the issue we downloaded Red Gates SQL Compare and ran the demo version to compare our PostDev Database Schema to our Production Database Schema. In under a minute we knew exactly what the issue was and with a click of a button we had it fixed. The fact that we had no prior training on Red Gates SQL compare at that point and yet were able to use it effectively under pressure is a tribute to how much Red Gate has embraced their philosophy of creating ingeniously simple tools. After that experience we happily ordered and paid for our SQL Toolbelt license and have not looked back since.
Why try the Red Gates Webinars
In the book Pragmatic Thinking & Learning (a great read), Andy Hunt talks about how different people have different primary learning modes. The three main types of learning modes are…
- Visual
- Auditory
- Kinesthetic
I am definitely a visual / auditory learner – I learn more from seeing a demo of a product and asking a few questions than I do from reading a technical brief. This is one reason why the webinar appealed to me – it’s better than just watching a video because you can ask questions and interact with the presenter, closing the feedback loop.
Red Gate currently has a few webinars it offers which include the following titles…
- “Whatever your source control system – use it to version control your database”
- “Repeatable deployment without fear of data loss”
Each webinar consists of two parts, a demo and then a Q&A section. The demo is pretty much a quick overview of the tool with a demo scenario – I found it a good way to get a basic idea of how the tools works, but the section that I really enjoyed in each webinar was the QA section – I learned a ton of things, and it highlighted things that I missed that other Devs had concerns about that were relevant.
For this review Red Gate asked if I would sit through one webinar and blog about what I learned, but I actually ended up sitting through both just because I have a real interest in getting the most from these tools. Without giving to much away, at the end of each webinar I had a good starting point.
In addition, 3 things that stood out to me that I was not aware of before the webinars were…
- With SQL Source Control tool conflict resolution in the tool is currently at an object level
- The dedicated model is the preferred model for SCC of the DB
- For SCC with Git you can only view the history via Git Console, but with TFS and SVN you can view the history in the tool
There are a bunch of other gems in there, but I am going to leave them up to you to discover.
Going forward what would I like to see?
A webinar I could not find that I would really enjoy is an example of implementing these tools into continuous integration. Red Gate has a document targeting continuous integration but to see an example in action would be really useful. If they don’t do one, maybe I will 
My next big thing with the team I am on is to integrate the Red Gate tools with my CI server and a webinar on that would be great.
Monday, April 09, 2012
Today I spent a good part of my day getting to grips with the stack and nasm. After looking at my notes on nasm I think this is one area for the course I am doing they could focus more on… So here are some snippets I have put together that have helped me understand a little bit about the stack…
Simplest example of the stack
You will probably see examples like the following in circulation… these demonstrate the simplest use of the stack…
org 0x100
bits 16
jmp main
main:
push 42h
push 43h
push 44h
mov ah,2h ;set to display characters
pop dx ;get the first value
int 21h ;and display it
pop dx ;get 2nd value
int 21h ;and display it
pop dx ;get 3rd value
int 21h ;and display it
int 20h
The output from above code would be…
DCB
Decoupling code using “call” and “ret”
This is great, but it oversimplifies what I want to use the stack for… I do not know if this goes against the grain of assembly programmers or not, but I want to write loosely coupled assembly code – and I want to use the stack as a mechanism for passing values into my decoupled code. In nasm we have the call and return instructions, which provides a mechanism for decoupling code, for example the following could be done…
org 0x100
bits 16
jmp main
;----------------------------------------
displayChar:
mov ah,2h
mov dx,41h
int 21h
ret
;----------------------------------------
main:
call displayChar
int 20h
This would output the following to the console
A
So, it would seem that call and ret allow us to jump to segments of our code and then return back to the calling position – a form of segmenting the code into what we would called in higher order languages “functions” or “methods”.
The only issue is, in higher order languages there is a way to pass parameters into the functions and return results. Because of the primitive nature of the call and ret instructions, this does not seem to be obvious. We could of course use the registers to pass values into the subroutine and set values coming out, but the problem with this is we…
- Have a limited number of registers
- Are threading our code with tight coupling (it would be hard to migrate methods outside of their intended use in a particular program to another one)
With that in mind, I turn to the stack to provide a loosely coupled way of calling subroutines…
First attempt with the Stack
Initially I thought this would be simple… we could use code that looks as follows to achieve what I want…
org 0x100
bits 16
jmp main
;----------------------------------------
displayChar:
mov ah,2h
pop dx
int 21h
ret
;----------------------------------------
main:
push 41h
call displayChar
int 20h
However running this application does not give the desired result, I want an ‘A’ to be returned, and I am getting something totally different (you will to).
Reading up on the call and ret instructions a discovery is made… they are pushing and popping things onto and off the stack as well…
When the call instruction is executed, the current value of IP (the address of the instruction to follow) is pushed onto the stack, when ret is called, the last value on the stack is popped off into the IP register. In effect what the above code is doing is as follows with the stack…
- push 41h
- push current value of ip
- pop current value of ip to dx
- pop 41h to ip
This is not what I want, I need to access the 41h that I pushed onto the stack, but the call value (which is necessary) is putting something in my way. So, what to do?
Remember we have other registers we can use as well as a thing called indirect addressing…
So, after some reading around, I came up with the following approach using indirect addressing…
org 0x100
bits 16
jmp main
;----------------------------------------
displayChar:
mov bp,sp
mov ah,2h
mov dx,[bp+2]
int 21h
ret
;----------------------------------------
main:
push 41h
call displayChar
int 20h
In essence, what I have done here is used a trick with the stack pointer… it goes as follows…
- Push 41 onto the stack
- Make the call to the function, which will push the IP register onto the stack and then jump to the displayChar label
- Move the value in the stack point to the bp register (sp currently points at IP register)
- Move the at the location of bp minus 2 bytes to dx (this is now the value 41h)
- display it,
- execute the ret instruction, which pops the ip value off the stack and goes back to the calling point
This approach is still very raw, some further reading around shows that I should be pushing the value of bp onto the stack before replacing it with sp, but it is the starting thread to getting loosely coupled subroutines.
Let’s see if you get what the following output would be?
org 0x100
bits 16
jmp main
;----------------------------------------
displayChar:
mov bp,sp
mov ah,2h
mov dx,[bp+4]
int 21h
mov dx,[bp+2]
int 21h
ret
;----------------------------------------
main:
push 41h
push 42h
call displayChar
int 20h
The output is…
AB
Where to from here?
If by any luck some assembly programmer comes along and see this code and notices that I have made some fundamental flaw in my logic… I would like to know, so please leave a comment… appreciate any feedback!
Today I am bashing around with nasm again… some useful things I found…
Set the current working directory of gvim to the current file path
I have found setting the current working directory of gvim to the file location is very useful, especially if you are wanting to use commands in gvim to run your compiled code. It can be done by typing in the following in the command mode in gvim…
cd %:p:h
Once you have set it, you can use the ! to run commands you would normally run in the dos shell.. e.g.
!dir
Compiling code to make an executable
There are three thing you need to specify to compile a basic file in name, they are…
- The output file format
- The output file name
- The source file name
An example of this would be the following (where you have a file called temp.asm which is the source file)
nasm –f bin temp.asm –o temp.com
Output file format
The –f specifies the output file format (in this case a binary file). To get a list of the available output file formats you can type nasm –hf (for my installation bin is the default, in which case I can omit it)
Output file name
This is just the name you want the compiled file to be called. For windows machines I specify .com as my default format.
Saturday, April 07, 2012
After reading this section you should be able to
- Identify security risks in LANs and WANs and design security policies that minimize risks
- Explain how physical security contributes to network security
- Discuss hardware and design based security techniques
- Understand methods of encryption such as SSL and IPSec, that can secure data in storage and in transit
- Describe how popular authentication protocols such as RADIUS< TACACS,Kerberos, PAP, CHAP, and MS-CHAP function
- Use network operating system techniques to provide basic security
- Understand wireless security protocols such as WEP, WPA and 802.11i
Security Audits
Before spending time and money on network security, examine your networks security risks – rate and prioritize risks. Different organizations have different levels of network security requirements.
Security Risks
Not all security breaches result from a manipulation of network technology – there are human factors that can play a role as well. The following categories are areas of considerations…
- Risks associated with People
- Risks associated with Transmission and Hardware
- Risks associated with Protocols and Software
- Risks associated with Internet Access
Risks associated with People
- Intruders or attackers using social engineering or snooping to obtain user passwords
- An administrator incorrectly creating or configuring user ID’s, groups, and their associated rights on a file server
- Network administrators overlooking security flaws in topology or hardware configuration
- Network administrators overlooking security flaws in the operating system or application configuration
- Lack of proper documentation and communication of security policies
- Dishonest or disgruntled employees abusing their file and access rights
- An unused computer or terminal being left logged on to the network
- Users or administrators choosing easy to guess passwords
- Authorized staff leaving computer room doors open or unlocked
- Staff discarding disks or backup tapes in public waste containers
- Administrators neglecting to remove access and file rights for employees who have left the organization
- Users writing their passwords on paper and then loosing them
Risks associated with Protocols and Software
- TCP/IP contains several security flaws (e.g. falsified IP addresses)
- Trust relationships between one server and another
- NOSs might contain back doors or security flaws
- Administrators might accept the default security options after installing an operating or application
- Transactions that take place between applications, such as databases and web based forms might allow interception
Risks associated with Transmission and Hardware
- Network hubs broadcast traffic over the entire segment, thus making transmission more widely vulnerable to sniffing
- Unused hub, switch, router, or server ports can be exploited and accessed by hackers if they are not disabled
An effective security policy
A security policy identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition it specifies how to address security breaches. It should not state exactly which hardware, software, architecture, or protocols will be used to ensure security, nor how hardware or software will be installed and configured.
A security policy must address an organizations specific risks. to understand your risks, you should conduct a security audit that identifies vulnerabilities and rates both the severity of each threat and its likelihood of occurring.
Security Policy Content
Security policy content should…
- Policies for each category of security
- Explain to users what they can and cannot do and how these measures protect the networks security
- Should define what confidential means to the organization
Response Policy
A security policy should provide for a planned response in the event of a security breach. The response policy should identify the members of a response team, all of whom should clearly understand the the security policy, risks, and measures in place.
Some of the roles concerned could include…
- Dispatcher – the person on call who first notices the breach
- Manager – the person who coordinates the resources necessary to solve the problem
- Technical Support Specialist – the person who focuses on solving the problem
- Public relations specialist – the person who acts as the official spokesperson for the organization
Physical Security
An important element in network security is restricting physical access to its components. There are various techniques for this including locking doors, security people at access points etc. You should identify the following…
- Which rooms contain critical systems or data and must be secured
- Through what means might intruders gain access to these rooms
- How and to what extent are authorized personnel granted access to these rooms
- Are authentication methods such as ID cards easy to forge
- etc.
A more expensive solution involves bio-recognition access, in which a device scans an individuals unique physical characteristics such as the colour patterns in her iris, or the geometry of the hand
Security in Network Design
The optimal way to prevent external security breaches from affecting you LAN is not to connect your LAN to the outside world at all. The next best protection is to restrict access at every point where your LAN connects to the rest of the world.
Router Access List – can be used to filter or decline access to a portion of a network for certain devices.
Intrusion Detection and Prevention
While denying someone access to a section of the network is good, it is better to be able to detect when an attempt has been made and notify security personnel. This can be done using IDS (intrusion detection system) software.
One drawback of IDS software is it can detect false positives – i.e. an authorized person who has forgotten his password attempts to logon.
Firewalls
A firewall is a specialized device, or a computer installed with specialized software, that selectively filters or blocks traffic between networks. A firewall typically involves a combination of hardware and software and may reside between two interconnected private networks.
The simplest form of a firewall is a packet filtering firewall, which is a router that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination or not.
Firewalls can block traffic in and out of a LAN.
NOS (Network Operating System) Security
Regardless of the operating system, generally every network administrator can implement basic security by restricting what users are authorized to do on a network. Some of the restrictions include things related to
- Logons – place, time of day, total time logged in, etc.
- Passwords – length, characters used, etc.
An example of a dictionary attack is when hackers use a software program that try a combination of your user ID and every word in a dictionary to gain access to the network.
Encryption
Encryption is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm. The purpose of encryption is to keep information private. Many forms of encryption exist and new ways of cracking encryption are continually being invented.
Private Key Encryption
In private key encryption, data is encrypted using a single key that only the sender and the receiver know. Private key encryption is also known as symmetric encryption.
Public Key Infrastructure
The use of certificate authorities to associate public keys with certain users is known as Public Key Infrastructure.
Categories of Encryption
The following are some categories of encryption…
- Key Encryption
- PGP (Pretty Good Privacy)
- SSL (Secure Sockets Layer)
- SSH (Secure Shell)
- SCP (Secure CoPy)
- SFTP (Secure File Transfer Protocol)
- IPSec (Internet Protocol Security)
For a detailed explanation on each section refer to pages 596 to 604 of textbook
Authentication Protocols
Authentication protocols are the rules that computers follow to accomplish authentication. Several types exist and the following are some of the common authentication protocols…
RADIUS and TACACS belong to a category of protocols known as AAA (Authentication, authorization and accounting)
- RADIUS and TACACS
- PAP (Password Authentication Protocol)
- CHAP and MS-CHAP
- EAP (Extensible Authentication Protocol)
- 802.1x (EAPoL)
- Kerberos
With Kerberos, to authenticate a client, the KDC runs an authentication service which issues a ticket, which is a temporary set of credentials that a client uses to prove that its identiy has been validated (note a ticket is not the same as a key)
Wireless Network Security
Wireless transmissions are particularly susceptible to eavesdropping. The following are two wireless network security protocols
- WEP – requires on to enter a network key to gain access to the network
- WPA
After reading this section you should be able to
- Explain how nodes exchange wireless signals
- Identify potential obstacles to successful transmission and their repercussions, such as interference and reflection
- Understand WLAN architecture
- Specify the characteristics of popular WLAN transmission methods including 802.11 a/b/g/n
- Install and configure wireless access points and their clients
- Describe wireless MAN and WAN technologies, including 802.16 and satellite communications
The Wireless Spectrum
All wireless signals are carried through the air by electromagnetic waves. The wireless spectrum is a continuum of the electromagnetic waves used for data and voice communication.
The wireless spectrum falls between 9KHZ and 300 GHZ.
Characteristics of Wireless Transmission
Antennas
Each type of wireless service requires an antenna specifically designed for that service. The service’s specification determine the antenna’s power output, frequency, and radiation pattern.
- A directional antenna issues wireless signals along a single direction.
- An omnidirectional antenna issues and receives wireless signals with equal strength and clarity in all directions
- The geographical area that an antenna or wireless system can reach is known as its range
Signal Propagation
LOS (line of sight) uses the least amount of energy and results in the reception of the clearest possible signal. When there is an obstacle in the way, the signal may… pass through the object or be obsrobed by the object or may be subject to reflection, diffraction or scattering.
- Reflection – waves encounter an object and bounces off it.
- Diffraction – signal splits into secondary waves when it encounters an obstruction
- Scattering – is the diffusion or the reflection in multiple different directions of a signal
Signal Degradation
Fading occurs as a signal hits various objects. Because of fading, the strength of the signal that reaches the receiver is lower than the transmitted signal strength.
The further a signal moves from its source, the weaker it gets (this is called attenuation)
Signals are also affected by noise – the electromagnetic interference)
Interference can distort and weaken a wireless signal in the same way that noise distorts and weakens a wired signal.
Frequency Ranges
Older wireless devices used the 2.4 GHZ band to send and receive signals. This had 11 communication channels that are unlicensed.
Newer wireless devices can also use the 5 GHZ band which has 24 unlicensed bands
Narrowband, Broadband, and Spread Spectrum Signals
- Narrowband – a transmitter concentrates the signal energy at a single frequency or in a very small range of frequencies
- Broadband – uses a relatively wide band of the wireless spectrum and offers higher throughputs than narrowband technologies
The use of multiple frequencies to transmit a signal is known as spread-spectrum technology. In other words a signal never stays continuously within one frequency range during its transmission.
One specific implementation of spread spectrum is FHSS (frequency hoping spread spectrum). Another type is known as DSS (direct sequence spread spectrum)
Fixed vs. Mobile
Each type of wireless communication falls into one of two categories
- Fixed – the location of the transmitted and receiver do not move (results in energy saved because weaker signal strength is possible with directional antennas)
- Mobile – the location can change
WLAN (Wireless LAN) Architecture
There are two main types of arrangements
- Adhoc – data is sent directly between devices – good for small local devices
- Infrastructure mode – a wireless access point is placed centrally, that all devices connect with
802.11 WLANs
The most popular wireless standards used on contemporary LANs are those developed by IEEE’s 802.11 committee.
Over the years several distinct standards related to wireless networking have been released.
Four of the best known standards are also referred to as Wi-Fi. They are….
- 802.11b
- 802.11a
- 802.11g
- 802.11n
These four standards share many characteristics. i.e.
- All 4 use half duplex signalling
- Follow the same access method
Access Method
802.11 standards specify the use of CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to access a shared medium. Using CSMA/CA before a station begins to send data on an 802.11 network, it checks for existing wireless transmissions. If the source node detects no transmission activity on the network, it waits a brief period of time and then sends its transmission. If the source does detect activity, it waits a brief period of time before checking again.
The destination node receives the transmission and, after verifying its accuracy, issues an acknowledgement (ACT) packet to the source. If the source receives the ACK it assumes the transmission was successful, – if it does not receive an ACK it assumes the transmission failed and sends it again.
Association
Two types of scanning…
- Active – station transmits a special frame, known as a prove, on all available channels within its frequency range. When an access point finds the probe frame, it issues a probe response.
- Passive – wireless station listens on all channels within its frequency range for a special signal, known as a beacon frame, issued from an access point – the beacon frame contains information necessary to connect to the point.
Re-association occurs when a mobile user moves out of one access point’s range and into the range of another.
Frames
Read page 378 – 381 about frames and specific 802.11 protocols
Bluetooth Networks
Sony Ericson originally invented the Bluetooth technology in the early 1990s. In 1998 other manufacturers joined Ericsson in the Special Interest Group (SIG) whose aim was to refine and standardize the technology.
- It was designed to carry voice, video and data signals over the same communications channels
- It uses FHSS (Frequency hopping spread spectrum) RF signalling in the 2.4 GHZ band'
- It has been codified by the IEEE in their 802.15.1 standard
Bluetooth was designed to be used on small networks composed of personal communications devices. It has become popular wireless technology for communicating among cellular telephones, phone headsets, etc.
Implementing WLANS
For organizations it is important to perform a site survey to assess client requirements, facility characteristics, and coverage areas to determine an access point arrangement that will ensure reliable wireless connectivity within a given area.
Things included in the site survey will be…
- Study building blueprints to help identify potential obstacles and clarify the distances your network needs to span on each floor
- Measure signal coverage and strength from other WLANs
- Testing proposed access point locations
- Reveal unforeseen obstacles such as EMI issued from lights or heavy machinery
- Identify optimal quantity and location of access points
Wireless WANs and Internet Access
Refer to pages 396 – 402 of the textbook for details.
802.16 (WiMAX) Internet Access
WiMAX stands for Worldwide Interoperability for Microwave Access
Satellite Internet Access
In a dial return arrangement, a subscriber receives data from the Internet via a satellite downlink transmission, but sends data to the satellite via an analogue modem.
Dial return service providers advertise downstream throughputs of 400 – 500 Kbps though in practice they may be as high as 1Mbps but upload speeds are limited to the speed of the modem, thus dial return services are asymmetrical technology.
In a satellite return arrangement, a subscriber sends and receives data to and from the Internet using a satellite uplink and downlink. This is a symmetrical technology, in which both upstream and downstream throughputs are advertised to reach 400-500 Kbps.
After reading this section you should be able to
- Understand methods of network design unique to TCP/IP networks, including subnetting, CIDR, and address translation
- Explain the differences between public and private TCP/IP networks
- Describe protocols used between mail clients and mail servers, including SMTP, POP3, and IMAP4
- Employ multiple TCP/IP utilities for network discovery and troubleshooting
Designing TCP/IP-Based Networks
The following sections explain how network and host information in an IPv4 address can be manipulated to subdivide networks into smaller segments.
Subnetting
Subnetting separates a network into multiple logically defined segments, or subnets. Networks are commonly subnetted according to geographic locations, departmental boundaries, or technology types.
A network administrator might separate traffic to accomplish the following…
- Enhance security
- Improve performance
- Simplify troubleshooting
The challenges of Classful Addressing in IPv4 (No subnetting)
The simplest type of IPv4 is known as classful addressing (which was the Class A, Class B & Class C network addresses).
Classful addressing has the following limitations.
- Restriction in the number of usable IPv4 addresses (class C would be limited to 254 addresses)
- Difficult to separate traffic from various parts of a network
Because of the above reasons, subnetting was introduced.
IPv4 Subnet Masks
Subnetting depends on the use of subnet masks to identify how a network is subdivided. A subnet mask indicates where network information is located in an IPv4 address.
The 1 in a subnet mask indicates that corresponding bits in the IPv4 address contain network information (likewise 0 indicates the opposite)
Each network class is associated with a default subnet mask…
- Class A = 255.0.0.0
- Class B = 255.255.0.0
- Class C = 255.255.255.0
An example of calculating the network ID for a particular device with a subnet mask is shown below..
- IP Address = 199.34.89.127
- Subnet Mask = 255.255.255.0
- Resultant Network ID = 199.34.89.0
IPv4 Subnetting Techniques
Subnetting breaks the rules of classful IPv4 addressing.
Read page 490 for a detailed explanation
Calculating IPv4 Subnets
Read page 491 – 494 for an explanation
Important… Subnetting only applies to the devices internal to your network. Everything external looks at the class of the IP address instead of the subnet network ID. This way, traffic directed to your network externally still knows where to go, and once it has entered your internal network it can then be prioritized and segmented.
CIDR (classless Interdomain Routing)
CIDR is also known as classless routing or supernetting.
In CIDR conventional network class distinctions do not exist, a subnet boundary can move to the left, therefore generating more usable IP addresses on your network. A subnet created by moving the subnet boundary to the left is known as a supernet.
With CIDR also came new shorthand for denoting the position of subnet boundaries known as CIDR notation or slash notation. CIDR notation takes the form of the network ID followed by a forward slash (/) followed by the number of bits that are used for the extended network prefix.
To take advantage of classless routing, your networks routers must be able to interpret IP addresses that don;t adhere to conventional network class parameters. Routers that rely on older routing protocols (i.e. RIP) are not capable of interpreting classless IP addresses.
Internet Gateways
Gateways are a combination of software and hardware that enable two different network segments to exchange data. A gateway facilitates communication between different networks or subnets. Because on device cannot send data directly to a device on another subnet, a gateway must intercede and hand off the information. Every device on a TCP/IP based network has a default gateway (a gateway that first interprets its outbound requests to other subnets, and then interprets its inbound requests from other subnets).
The internet contains a vast number of routers and gateways. If each gateway had to track addressing information for every other gateway on the Internet, it would be overtaxed. Instead, each handles only a relatively small amount of addressing information, which it uses to forward data to another gateway that knows more about the data’s destination. The gateways that make up the internet backbone are called core gateways.
Address Translation
An organizations default gateway can also be used to “hide” the organizations internal IP addresses and keep them from being recognized on a public network.
A public network is one that any user may access with little or no restrictions.
On private networks, hiding IP addresses allows network managers more flexibility in assigning addresses. Clients behind a gateway may use any IP addressing scheme, regardless of whether it is recognized as legitimate by the Internet authorities but as soon as those devices need to go on the internet, they must have legitimate IP addresses to exchange data.
When a clients transmission reaches the default gateway, the gateway opens the IP datagram and replaces the client’s private IP address with an Internet recognized IP address. This process is known as NAT (Network Address Translation).
TCP/IP Mail Services
All Internet mail services rely on the same principles of mail delivery, storage, and pickup, though they may use different types of software to accomplish these functions.
Email servers and clients communicate through special TCP/IP application layer protocols. These protocols, all of which operate on a variety of operating systems are discussed below…
SMTP (Simple Mail transfer Protocol)
The protocol responsible for moving messages from one mail server to another over TCP/IP based networks. SMTP belongs to the application layer of the ODI model and relies on TCP as its transport protocol.
- Operates from port 25 on the SMTP server
- Simple sub-protocol, incapable of doing anything more than transporting mail or holding it in a queue
MIME (Multipurpose Internet Mail Extensions)
The standard message format specified by SMTP allows for lines that contain no more than 1000 ascii characters meaning if you relied solely on SMTP you would have very short messages and nothing like pictures included in an email.
- MIME us a standard for encoding and interpreting binary files, images, video, and non-ascii character sets within an email message.
- MIME identifies each element of a mail message according to content type.
- MIME does not replace SMTP but works in conjunction with it.
- Most modern email clients and servers support MIME
POP (Post Office Protocol)
- POP is an application layer protocol used to retrieve messages from a mail server
- POP3 relies on TCP and operates over port 110
- With POP3 mail is delivered and stored on a mail server until it is downloaded by a user
- Disadvantage of POP3 is that it typically does not allow users to save their messages on the server because of this IMAP is sometimes used
IMAP (Internet Message Access Protocol)
- IMAP is a retrieval protocol that was developed as a more sophisticated alternative to POP3
- The single biggest advantage IMAP4 has over POP3 is that users can store messages on the mail server, rather than having to continually download them
- Users can retrieve all or only a portion of any mail message
- Users can review their messages and delete them while the messages remain on the server
- Users can create sophisticated methods of organizing messages on the server
- Users can share a mailbox in a central location
Disadvantages of IMAP are typically related to the fact that it requires more storage space on the server.
Additional TCP/IP Utilities
Nearly all TCP/IP utilities can be accessed from the command prompt on any type of server or client running TCP/IP. The syntaxt may differ depending on the OS of the client.
Below is a list of additional TCP/IP utilities – research their use on your own!
- Ipconfig (Windows) & Ifconfig (Linux)
- Netstat
- Nbtstat
- Hostname, Host & Nslookup
- Dig (Linux)
- Whois (Linux)
- Traceroute (Tracert)
- Mtr (my traceroute)
- Route
Ifconfig
Some common operations include…
- -a – Applies the command to all interfaces on a device, can be used with other switches
- down – Marks the interface as unavailable to the network
- up – Reinitializes the interface after it has been taken “down” so that it is once again available to the network
Dig
- Stands for domain information groper.
- Dig allows you to query a DNS database and find the host name associated with a specific IP address or vice versa.
- Dig is useful for helping network administrators diagnose DNS problems
- Dig can provide more information than nslookup
- Dig is included with UNIX and Linux operating systems
Friday, April 06, 2012
After reading this section you should be able to
- Identify the characteristics of a network that keep data safe from loss or damage
- Protect an enterprise-wide network from viruses
- Explain network and system level fault tolerance techniques
- Discuss issues related to network backup and recovery strategies
- Describe the components of a useful disaster recovery plan and the options for disaster contingencies
What are integrity and availability?
- Integrity – the soundness of a networks programs, data, services, devices, and connections
- Availability – How consistently and reliably a file or system can be accessed by authorized personnel
A number of phenomena can compromise both integrity and availability including…
- security breaches
- natural disasters
- malicious intruders
- power flaws
- human error
- users
- etc
Although you cannot predict every type of vulnerability, you can take measures to guard against the most damaging events. The following are some guidelines…
- Allow only network administrators to create or modify NOS and application system users.
- Monitor the network for unauthorized access or changes
- Record authorized system changes in a change management system’
- Install redundant components
- Perform regular health checks on the network
- Check system performance, error logs, and the system log book regularly
- Keep backups
- Implement and enforce security and disaster recovery policies
These are just some of the basics…
Malware
Malware refers to any program or piece of code designed to intrude upon or harm a system or its resources.
Types of Malware…
- Boot sector viruses
- Macro viruses
- File infector viruses
- Worms
- Trojan Horse
- Network Viruses – propagate themselves via network protocols, commands, messaging programs and data links
- Bots
Malware characteristics
Some common characteristics of Malware include…
- Encryption
- Stealth
- Polymorphism
- Time dependence
Malware Protection
There are various tools available to protect you from malware called anti-malware software. These monitor your system for indications that a program is performing potential malware operations. A number of techniques are used to detect malware including…
- Signature Scanning
- Integrity Checking
- Monitoring unexpected file changes or virus like behaviours
It is important to decide where anti-malware tools will be installed and find a balance between performance and protection. There are several general purpose malware policies that can be implemented to protect your network including…
- Every compute in an organization should be equipped with malware detection and cleaning software that regularly runs
- Users should not be allowed to alter or disable the anti-malware software
- Users should know what to do in case the anti-malware program detects a malware virus
- Users should be prohibited from installing any unauthorized software on their systems
- System wide alerts should be issued to network users notifying them if a serious malware virus has been detected.
Fault Tolerance
Besides guarding against malware, another key factor in maintaining the availability and integrity of data is fault tolerance. Fault tolerance is the ability for a system to continue performing despite an unexpected hardware or software malfunction.
Fault tolerance can be realized in varying degrees, the optimal level of fault tolerance for a system depends on how critical its services and files are to productivity. Generally the more fault tolerant the system, the more expensive it is.
The following describe some of the areas that need to be considered for fault tolerance.
- Environment (Temperature and humidity)
- Power
- Topology and Connectivity
- Servers
- Storage
Power
Typical power flaws include
- Surges – a brief increase in voltage due to lightening strikes, solar flares or some idiot at City Power
- Noise – Fluctuation in voltage levels caused by other devices on the network or electromagnetic interference
- Brownout – A sag in voltage for just a moment
- Blackout – A complete power loss
The are various alternate power sources to consider including UPS’s and Generators.
UPS’s are found in two categories…
- Standby UPS – provides continuous power when mains goes down (brief period of switching over)
- Online UPS – is online all the time and the device receives power from the UPS all the time (the UPS is charged continuously)
Servers
There are various techniques for fault tolerance with servers.
- Server mirroring is an option where one device or component duplicates the activities of another. It is generally an expensive process.
- Clustering is a fault tolerance technique that links multiple servers together to appear as a single server. They share processing and storage responsibilities and if one unit in the cluster goes down, another unit can be brought in to replace it.
Storage
There are various techniques available including the following…
- RAID Arrays
- NAS (Storage (Network Attached Storage)
- SANs (Storage Area Networks)
Data Backup
A backup is a copy of data or program files created for archiving or safekeeping. Many different options for backups exist with various media including… These vary in cost and speed.
- Optical Media
- Tape Backup
- External Disk Drives
- Network Backups
Backup Strategy
After selecting the appropriate tool for performing your servers backup, devise a backup strategy to guide you through performing reliable backups that provide maximum data protection. Questions that should be answered include…
- What data must be backed up
- At what time of day or night will the backups occur
- How will you verify the accuracy of the backups
- Where and for how long will backup media be stored
- Who will take responsibility for ensuring that backups occurred
- How long will you save backups
- Where will backup and recovery documentation be stored
Different backup methods provide varying levels of certainty and corresponding labour cost. There are also different ways to determine which files should be backed up including…
- Full backup – all data on all servers is copied to storage media
- Incremental backup – Only data that has changed since the last full or incremental backup is copied to a storage medium
- Differential backup – Only data that has changed since the last backup is coped to a storage medium
Disaster Recovery
Disaster recovery is the process of restoring your critical functionality and data after an enterprise wide outage has occurred.
A disaster recovery plan is for extreme scenarios (i.e. fire, line fault, etc).
- A cold site is a place were the computers, devices, and connectivity necessary to rebuild a network exist but they are not appropriately configured.
- A warm site is a place where the computers, devices, and connectivity necessary to rebuild a network exists with some appropriately configured devices.
- A hot site is a place where the computers, devices, and connectivity necessary to rebuild a network exists and all are appropriately configured.
After reading this section you should be able to
- Understand network management and the importance of documentation, baseline measurements, policies, and regulations to assess and maintain a network’s health.
- Manage a network’s performance using SNMP-based network management software, system and event logs, and traffic-shaping techniques
- Identify the reasons for and elements of an asset managements system
- Plan and follow regular hardware and software maintenance routines
Fundamentals of Network Management
Network management refers to the assessment, monitoring, and maintenance of all aspects of a network including checking for hardware faults, ensuring high QoS, maintaining records of network assets, etc.
Scope of network management differs depending on the size and requirements of the network.
All sub topics of network management share the goals of enhancing the efficiency and performance while preventing costly downtime or loss.
Documentation
The way documentation is stored may vary, but to adequately manage a network one should at least record the following…
- Physical topology (types of LAN and WAN topologies – ring, star, hybrid)
- Access method (does it use Ethernet 802.3, token ring, etc.)
- Protocols
- Devices (Switches, routers, etc)
- Operating Systems
- Applications
- Configurations (What version of operating system and config files for serve / client software)
Baseline Measurements
A baseline is a report of the network’s current state of operation. Baseline measurements might include the utilization rate for your network backbone, number of users logged on per day, etc.
Baseline measurements allow you to compare future performance increases or decreases caused by network changes or events with past network performance. Obtaining baseline measurements is the only way to know for certain whether a pattern of usage has changed, or whether a network upgrade has made a difference.
There are various tools available for measuring baseline performance on a network.
Policies, Procedures, and Regulations
Following rules helps limit chaos, confusion, and possibly downtime. The following policies and procedures and regulations make for sound network management.
- Media installations and management (includes designing physical layout of cable, etc.)
- Network addressing policies (includes choosing and applying a an addressing scheme)
- Resource sharing and naming conventions (includes rules for logon ID’s)
- Security related policies
- Troubleshooting procedures
- Backup and disaster recovery procedures
In addition to internal policies, a network manager must consider external regulatory rules.
Fault and Performance Management
After documenting every aspect of your network and following policies and best practices, you are ready to asses you networks status on an on going basis. This process includes both performance management and fault management.
Network Management Software
To accomplish both fault and performance management, organizations often use enterprise-wide network management software. There various software packages that do this, each collect data from multiple networked devices at regular intervals, in a process called polling. Each managed device runs a network management agent. So as not to affect the performance of a device while collecting information, agents do not demand significant processing resources.
The definition of a managed devices and their data are collected in a MIB (Management Information Base).
Agents communicate information about managed devices via any of several application layer protocols. On modern networks most agents use SNMP which is part of the TCP/IP suite and typically runs over UDP on port 161.
Because of the flexibility and sophisticated network management applications are a challenge to configure and fine-tune. One needs to be careful to only collect relevant information and not cause performance issues (i.e. pinging a device every 5 seconds can be a problem with thousands of devices).
MRTG (Multi Router Traffic Grapher) is a simple command line utility that uses SNMP to poll devices and collects data in a log file. MRTG can be used with Windows, UNIX and Linux.
System and Event Logs
Virtually every condition recognized by an operating system can be recorded. This is typically done using event logs. In Windows there is a GUI event log viewer. Similar information is recorded in UNIX and Linux in a system log.
Much of the information collected in event logs and syslog files does not point to a problem, even if it is marked with a warning so it is important to filter your logs appropriately to reduce the noise.
Traffic Shaping
When a network must handle high volumes of network traffic, users benefit from performance management technique called traffic shaping. Traffic shaping involves manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment. Its goals are to assure timely delivery of the most important traffic while offering the best possible performance for all users.
Several types of traffic prioritization exist including prioritizing traffic according to any of the following characteristics…
- Protocol
- IP address
- User group
- DiffServr
- VLAN tag in a Data Link layer frame
- Service or application
Caching
In addition to traffic shaping, a network or host might use caching to improve performance. Caching is the local storage of frequently needed files that would otherwise be obtained from an external source. By keeping files close to the requester, caching allows the user to access those files quickly.
The most common type of caching is Web caching, in which Web pages are stored locally. To an ISP, caching is much more than just convenience. It prevents a significant volume of WAN traffic, thus improving performance and saving money.
Asset Management
Another key component in managing networks is identifying and tracking its hardware. This is called asset management.
The first step to asset management is to take an inventory of each node on the network. You will also want to keep records of every piece of software purchased by your organization.
Asset management simplifies maintaining and upgrading the network chiefly because you know what the system includes. In addition, asset management provides network administrators with information about the costs and benefits of certain types of hardware or software.
Change Management
Networks are always in a stage of flux with various aspects including…
- Software changes and patches
- Client Upgrades
- Shared Application Upgrades
- NOS Upgrades
- Hardware and Physical Plant Changes
- Cabling Upgrades
- Backbone Upgrades
For a detailed explanation on each of these read the textbook (Page 750 – 761)
For those out there that are interested… I am now one of the hosts of the Driven2Distraction podcast. Being a fan of podcasts like .Net Rocks and Hanselminutes for years now, I have always wanted to be involved in the recording of a podcast and now that time has finally come.
What makes the Driven2Distraction podcast different from all the others out there is its uniquely South African flair. It’s focus is towards Software Development in the Southern Africa – and has a mix of “what happening locally” episodes as well as proper “interview style” episodes of local developers and visitors from overseas.
If you are interested you can follow the show on twitter on @d2dpodcast or visit the site