Don't wanna be here? Send us removal request.
Text
IT Infrastructure and Secure Solution Proposal Reference Example
ABC Accounting Inc. Network Infrastructure Proposal
Table of Contents
Network Topology
Type of Network and Design
Client Network Devices
Firewall
Switch
Wireless
Printer
IP Infrastructure
Logical topology
IP Addressing Scheme
Security
Security Appliances
Web Filtering and Access list
Authentication and Encryption
Antivirus Software and Network Monitoring Conclusion
References
ABC Accounting Inc. has made significant progress from the past year. The expanded of the business have grown from five employees expected up to three hundred fifty employees. There would be a need for an enterprise scale network infrastructure. As facing rapid expansion in ABC Accounting Inc, there would be a consideration in how the network design should look in an expanding office space to three office floors in the same building. A third of the employees are laptop users that travel occasionally, and all users are using windows 7. In the current network infrastructure, it would not be able to serve future expansion of this business, and it would be critical to consider an upgrade at this time
Network Topology
Type of Network and Design
To meet the technology we have today, it is crucial to gain the necessary network infrastructure to create an enterprise scale, dynamically scalable, and secure system. Network infrastructure for this company would need to cover over 350 employees with networking devices such as router, firewall, switch, server, printer, access points, and guest devices. There would be a need for a large-scale network with the right devices to consider.
For the Wide Area Network (WAN) connection, for better redundancy, I suggest having two network carrier which is ATT, which would be ATT business and Comcast business circuits. We would have a static IP from ATT and Comcast a total of eight. There download, and upload speed for these circuits would have 100Mbps upload, and 100Mpbs download network fiber circuit speed from both carriers. The ATT network circuit would be used as a backup line, and the Comcast circuit would be used as a primary network circuit. We would only allow remote users to access the corporate network securely through the backup line of the network. Users would be able to access the company file directory through an entirely separate Global IP Address from the primary IP Address to prevent unwanted intruders to gain access.
Client Network Devices
The client devices specification would need to satisfy some resources programs and application would use. Users would most importantly use email and file share for the majority of their operation. For desktop users, the Dell OptiPlex 3050 Small form factor would be recommended. The desktop would come with the power cable, keyboard, and mouse. Users would not not need too many resources since they would need to run simple applications such as web browser and windows explorer for network file share. The desktop computer has Intel® Core i3-7100 (DC/3MB/4T/3.9GHz/65W) and 4GB (1x4GB) 2400MHz DDR4 Memory, with the 3.5 inch 500GB 7200rpm Hard Disk Drive. The computer would be having a 3 Years ProSupport with Next Business Day Onsite Service for all desktop computer. Desktop users would only use an RJ45 Ethernet port to connect to the internet. We would have the users to use the LED-backlit LCD 24 inch Dell E2417H model monitor, with 1920 x 1080 resolution. The display cable that the monitor would be connecting to the desktop would be Display cable. The display cable would come with the cable along with the power cable.
There would be a need for a portable and lightweight solution for users that comes and goes outside of the company. Laptop users would be users that would go out for sales or out of the office occasionally. We recommend the Dell Inspiron 5000 Series laptop computer for these users. The laptop would be equipped with 8GB of RAM with Intel Core i5 CPU. Lightweight, robust, and optimal laptop. These laptops would not have an RJ-45 network port on the laptop. The laptop users would be using the wireless NIC built in the laptop to connect to the network.
For this new network infrastructure, there would be a couple of servers that would be necessary to create this system. First would be file servers. There should be one file server for users and one file server to store logs and backup for fault tolerance. There would also be a need for a domain controller for our network environment. For redundancy, there would be a need for two servers used for the primary and secondary domain controller. It the two servers would be replicating instantly and securely authenticate users. We recommend having a total of servers.
One for a file server and one for a domain controller for this office. We would be selecting the Dell PowerEdge R430 Rack Server for with 32GB DDR4 DIMM, 128GB SSD, three 1TB SAS HDD for each, and Intel® Xeon® processor with two processor socket. We would need one hundred seventy-five desktop computer and another one hundred seventy-five laptop computer to serve users. Also, we would need four servers to have as a server.
Firewall
For the firewall for this network infrastructure would be the key for security and routing of the network architecture. There would be a need to have high reliability for this device, and a good solution would be configuring a high availability for two firewalls. The firewall that has been configured for high availability active standby would allow the network device create a cluster that automatically detects a fault on the other firewall and enable its interface. For the firewall, I would be recommending the FortiGate 200D. We would have a WAN interface connection from two separate internet carrier, which we would be load balancing and route accordingly. If one network circuit goes offline, the firewall will route network to the backup circuit which would be the ATT circuit. Another important role that the firewall would be playing in this network infrastructure is that the network firewall would be used for securing accessing the file system and company resource through a technology called the IPSec VPN tunnel. A virtual private network, or VPN, provides a solution in which, it supports the creation of virtual links that join far-flung nodes via the Internet which is by creating a logical encrypted tunnel between the nodes to pass traffic. (Doral, 2014) Users that would have to connect the company resource would be using a VPN client agent called the Forti Client, installed on the user’s computer, to load a VPN profile with all the correct parameters and the preshared key to access the network.
Switch
The desktop user would be connecting to their jack port under their desk, which is patched to the server patch panel. From there, the network cable is cabled to the network switch. There would be at least one hundred and seventy-five necessary network ports and more for servers and other networking devices. There would be a need for eight network switch for the network infrastructure. I would recommend the Cisco Catalyst 2960 series switch to be used for the network infrastructure. In the first floor, there would be four network switch that would be set, two network switch on the second floor, and another two network switch on the third floor.
Switch partake managing this important feature in the network architecture which acts as a set of ports attached to one or more Ethernet switches, which is a called the virtual local area network (VLAN), which runs one MAC learning algorithm for each Virtual LAN. (Bonaventure, 2011, pg. 240) We would be using this switch as a layer two switch and would primary carrying VLAN network through trunk connection from the firewall to each switch. Spanning tree root priority is higher on the first floor switches. In each floor, the switches are connected with a stacking cable.
Wireless
Laptop users would need to connect to the network using wifi. Since we would be covering a large amount of space for the network infrastructure, we would need multiple access points to provide full coverage. On the first floor, there would be a need of three access points, two access points on the second floor, and another two access points on the third floor. For the wireless access points, we would recommend the Cisco WAP371 Wireless-AC/N Dual Radio Access Points for the laptop users. There would be a need for a total of seven Cisco WAP371 wireless access points to be set up for the network. All of the wireless access points would be mounted on the ceiling, placed separately access the floor. There would be another cabling necessary to reach the wireless access point mounted to the wall through the ceiling to the server room. The wireless access point would be POE powered so there would be a need a power injector between the patch panel and the network switch. The SSID for the would be “ABC-OFFICE, ” and for security purposes, the SSID would not be broadcasted. The security for the SSID would be using WPA2 Enterprise, which would be authenticated with the RADIUS server in the local network. Since there would be no POE switch, we would need a two POE power injector to light up the wireless access points.
Since there would be multiple wireless access points that would be needed to be managed in the network, there would be a need for a scalable solution for this case. We recommend adding a wireless controller in the network to handle the wireless access points. We suggest adding the CISCO AIR-CT2504-5-K9 2504 Wireless Controller Network Management Device for the wireless controller for these Cisco access points.
Printer
For the printers for the network, we would like to minimize the use of paper at the same time, make life easier when we need it. We would get the most affordable network printer on the network which can authenticate the user through RADIUS server. The network printer that we would be implementing our new IT infrastructure would be the HP LaserJet Pro M477fdw Wireless Color Laser Printer. If you attach a printer to one computer and share it when that computer is off, nobody can print, but an alternative is to purchase a network printer. (FunctionX, Inc., 2014) The printer would be able to use wireless. However, we would be only using an ethernet connection for this case. It has the capability of the copier, scanner, fax, and mobile printing. The printer would be setup scan to email and also scanned documents to the network file share folder.
IP Infrastructure
Logical topology
IP Addressing Scheme
IP addressing of such network infrastructure require a more extensive office network addressing scheme due to some users that are expected to be using and the number of users that would be expecting to increase. There would be two logical networks in the Local Area Network (LAN) which would be the office network and the server network. Something called the VLAN divides this two network. The office network would be the network that would be used for office users including desktops, laptop, wireless access points, and printer. The network address range is expanded to subnet mask 255.255.0.0 or /16. The IP address range would be 10.222.0.0/16.
This network does have DHCP server enabled, which would be enabled from the Fortigate firewall. The DHCP would address from 10.222.0.2 to 10.222.254.254, and the 10.222.255.1 to 10.222.255.255 address ranges would be used for network devices such as printers, firewall, and wireless access point. The default gateway for this network would be 10.222.255.254, and the DNS server would be facing the domain controllers.
The server network does not have a DHCP enabled in the network and had a subnet mask of 255.255.255.0 with 172.22.2.0/24 range. The IP Address of the primary file server would be 172.22.2.20, secondary file server 172.22.2.21, primary domain controller 172.22.2.10, and the secondary domain controller 172.22.2.11. The two network is divided by a VLAN and the network has a security preference called the access list. The network devices would only have specific network port access for granted services such as FTP, SMB, Bonjour, CIFS, LDAP, RPC, HTTPS, etc. The default office network would be routed to the Comcast circuit as a default route, and if there were a down detected in the WAN interface facing the Comcast modem, the network traffic would be routed towards the ATT modem as a backup.
As the network diagram above, it is essential to have a neatly, outlined diagram that can be understood easily. Any mistake in the documentation can be costly. Network documentation is a are the blueprint of the network configuration, and when a problem needs to be solved, a service provider will use the network documentation to obtain an understanding of the network, which results in less time and lower cost. (Colorado State University-Global Campus, 2017). For instance, suppose there were a router needed to be replaced and the service provider purchases a replacement, but there is no router configuration documentation, which leads to two hours to replace the router.
Security
Social Engineering and Cyber Threats
Regarding security threats, it would be very important to get all the basic security setup correctly and monitor all the networking devices including the firewall, the network switch, the wireless access point, and network printer. Also, there would be a need to monitor the server event log and resource statics for measuring stability. Security precautions must be taken seriously, and we are planning to implement enterprise-level security system to protect the important asset the company holds. For security in the OS level, there would be a antivirus software install to prevent malicious file coming in or preventing attacks from the network. They would be having Symantec Endpoint Protection Small Business Cloud installed, which is the most trusted enterprise antivirus solution hosted from the cloud. Privacy of information is said to never to be able to stay hidden forever and would someday expose. Privacy can be seen as the friction that reduces the spread of personal information that makes it more difficult and economically inconvenient to gain access to it. The merit of this definition is to put the privacy into a relative perspective, which excludes the extremes that advocate no friction at all or so much friction to stop the flow of information. (Vacca, & Vacca, 2013). There cannot be a completely secure system, and we are only able to lower the possibility of exposure through security. It is always important to patch security updates to servers and update the firmware on the network devices as well. Routine maintenance would help engineers aware of the issue earlier than it to be too late.
An authentication method that we would use for our new network architecture would be the domain authentication through Microsoft Windows Active Directory. Through domain security, any authentication would be lookup the users in the Active Directory Database. Windows login, file server access, and email would all be using this company active directory server for authentication. For wireless network access, users would be also using the active directory credentials but through an authentification protocol called RADIUS. Wireless access point would have a RADIUS client enabled with the profile information facing the RADIUS server, which would be installed in the Active Directory server. The RADIUS server acknowledges the request to grant permission to the network.
Although, through network security appliances such as the next generation firewall or scaling different separate network through VLAN may not be enough to be protected from recent security threats today. Some of the most common security threat that we have is social engineering. Intruders use social engineering to exploit human by convincing that you are someone that you reveal that you are and gain access. ��The most effective countermeasure for a social engineering is employee awareness training on how to recognize social engineering schemes and how to respond appropriately” (LabSim Online Labs, 2017). Not only that we would scale network security through the network architecture but to prevent any single point of failure but human error.
Project Expense
ITEM
DESCRIPTION
QTY
UNIT
AMOUNT
A
Hardware Equipment
<Network>
1
Forigate 200D
2
$2,540.00
$5,080.00
2
Cisco Catalyst 2960
12
$3,295.00
$39,540.00
3
Cisco WAP371
7
$160.99
$1,126.93
4
Power Injector
7
$15.00
$105.00
<Computer>
1
Dell OptiPlex 3050 (Desktop Computers)
175
$489.00
$85,575.00
2
Dell PowerEdge R430 Rack Server
5
$1,329.00
$6,645.00
3
Dell Inspirion 5000 Series All in One (Laptop)
175
$499.00
$87,325.00
<Other>
Dell E2417H 21.5″ LED Monitor
175
$125.00
$21,875.00
RJ45 Straight through cable
1750
$4.99
$8,732.50
HP LaserJet Pro M477fdw Wireless Color Laser Printer
3
$529.99
$1,589.97
B
License and Warranty
<License>
Fortigate FortiCare Security License Bundle
2
$1,235.00
$2,470.00
Symantec Endpoint Protection Small Business Cloud
355
$54.18
$19,233.90
<Warranty>
Cisco SmartNet Extended Warranty
19
$33.48
$636.12
Dell Extended Hardware Warranty
355
$150.00
$53,250.00
C
Labor
1 man x per hour
120
$35 per
hour
$4,200.00
E
Project Management
– Meetings, Scheduling, and Documenting
$2,500.00
Shipping and Handling
$1,500.00
Taxable Total (Tax Rate: 9.00%)
$333,184.42
Sales Tax
$29,986.60
Non Taxable Total
$6,700.00
Total
$371,371.02
Conclusion
ABC Accounting Inc. has made significant progress through the past year. There would be a need for a new network infrastructure for this rapid growth of employee at ABC Acccounting Inc. To achieve an enterprise network infrastructure, there would be a need for a scalable, secure, reliable, fast, and redundant network that can be easily managed with remote dial-up VPN access. The expanded of the business have grown from five employees expected up to three hundred fifty employees. With a three-floor office, we would consider future scalability and minimize the cost as much as possible, cutting unnecessary high speciation. In the current network infrastructure, it would not be able to serve next expansion of this business, and it would be entirely critical to consider an upgrade at this time.
References
LabSim Online Labs. (2017). TestOut Network Pro ISBN: 978-1-935080-43-5. Pleasant Grove, UT.
Bonaventure, O., Open Textbook Library, distributor, & University of Minnesota. College of Education & Human Development. (2011). Computer Networking : Principles, Protocols and Practice.
Dordal, P., Open Textbook Library, distributor, & University of Minnesota. College of Education & Human Development. (2014). An Introduction to Computer Networks.
FunctionX, Inc. (2012) Network Hardware. Retrieved , from http://www.functionx.com/networking/Lesson02.htm
Vacca, & Vacca, John R. (2013). Computer and information security handbook (2nd ed., Elsevier Science Direct E-books). Amsterdam: Morgan Kaufmann is an imprint of Elsevier.
CSU-Global (2017). Introduction to Networks, Module 1 to Module 8. Greenwood Village, CO.
The post IT Infrastructure and Secure Solution Proposal Reference Example first appeared on IGARASHI.
via WordPress https://ift.tt/3iesu6h
0 notes
Text
Create and Secure a Wireless Network
Today, living in this world full of technology, most of the cities and public areas all have wifi available for network connection. At many homes, it has become a commodity today to have internet with the wireless access point. The majority of the business also makes use of a wireless access point. Although when it comes to business, some businesses such as hotels, would need to take very serious consideration in what kind of wireless solution they would be implementing in their network infrastructure. If they were to provide wifi as a service to the guest, they would need to start thinking about reliability, coverage, guest management, security, traffic analysis, support, and warranty. There are significant differences in the wireless access point that business would need to consider from wireless access points used at home.
Enterprise and Consumer Wireless Access Points
Home Wireless Access Points
The consumer-grade wireless access point is usually pre-equipped with the internet provider’s internet service plan for most modern-day homes. When you ask for a home internet plan, you will get a technician to run the cables up to your premises and from there, the internet provider engineers would set up their carrier modem. Depending on the modem, it may be equipped with wifi or an engineer would set up a wireless access point. What the home wireless access point can do is simple. Users connect to the wireless access point using pre-shared key AES encryption with WPA2 Personal authentication. “AES is the strongest encryption method currently available, and it is used with WPA2” (LabSim Online Labs, 2017, 10.3.2 Wireless Configuration) Both home wireless access points and enterprise wireless access points do have the capability for AES encryption today. The wireless access point SSID would be mostly broadcasted, using the preshared key pre-setup. The most consumer-grade wireless access point would be able to do only limited features and would not be able to create multiple SSIDs.
Enterprise Wireless Access Points
Enterprise-grade wireless access points are different from standard consumer-grade wireless access points. They have more features and have some feature that can only be adapted to enterprise setup, such as wireless access points with POE feature. This allows wireless access point set up anywhere with just a wall jack. The access point would be able to take power from the POE switch through the Ethernet cable. Many other features include multiple SSID, AP clustering, traffic analysis, better management, great support, and warranty.
In large operations such as setting up a network for a hotel, there would be a need for the wireless connection to be able to be reached every guest room without a blind spot. Covering the whole hotel with one access point would be impossible. There would be a need to set up multiple wireless access points in the premise to spread the wireless radio reach every room. When it comes to multiple wireless access points, the next problem it would be is managing all the access points in the hotel. The larger the hotel, the larger the number of access points would need to be set.
To manage all the access points, there are times where companies would install a wireless controller, to control all the wireless controller in the hotel. There are more benefits in installing a wireless controller such as being able to set up multiple SSID with the use of VLAN, access point clustering, seamless auto-configuration syncing across access points, set up a policy for all access points, security standards, and much more. “An infrastructure that allows for monitoring the performance of the network and the ability to push out quick changes from a single point is fundamental to lower operational costs” (Daryl, 2014). An enterprise-scale wireless network could provide huge security benefits to prevent intrusion and protection to connecting clients. Most wireless access points or wireless controllers would be able to set up a web portal to allow users to authenticate. Through WPA2 and 802.1x authentication with a radius, the server would give an additional capability to change the password for the guest user in reoccurring date. “WPA2 defines two types of security: passphrase authentication for small and small office/home office (SOHO) networks, and 802.1X/EAP security for enterprise networks” (Capano, 2015). There wouldn’t be authentication Traffic management, and host control would be much easier and simplified. If support contracts are bought for these devices, there would be support on the uptime for this device for the company. This would provide better maintenance, troubleshooting, and repair. Through these features, the wireless access points would be able to cover a large space with better reliability, redundant, provide secure wireless connection, well managed, and support service for longer uptime.
A disadvantage of implementing an enterprise-scale wireless network infrastructure is that it would be difficult to configure the enterprise networking devices compared to the consumer scale wireless network devices. The more the difficult to configure the more the difficult it is to troubleshoot and maintain the device. There would be a need to buy a support contract for these devices for this effect, and another reason is because of the cost.
The installation would be expensive and to minimize the cost, the POE feature helps to reduce the cost of extra cabling. However, this considerable disadvantage of using an enterprise wireless network would cost a lot more money. Not only the hardware for these devices however the additional support, cabling, hiring network engineers, and maintenance would be costly. To find the right wireless solution for you, you must first consider how much cost you would be putting for a wireless connection for your business, the need for a wide range of connection, security, and reliability.
Conclusion
Home used wireless access point has a clear limitation in features compared to the wireless access points used for enterprise business scaled wireless network infrastructure. Depending on how you would like your business to make use of the wireless technology and how much you are willing to invest in wireless connectivity, would defy whether if you should implement and home wireless network infrastructure or an enterprise network infrastructure. Businesses would need to take a careful look at how this can be possible through considering things such as reliability, coverage, guest management, security, traffic analysis, support, and warranty support in mind for the wireless network implementation. There would be no other way but take advantage of this great technology.
References Capano, D. (2015). Wireless security basics, standards. Control Engineering, 62(4), 34.
Daryl. S (2014) 6 Key Advantages for Having Controllerless WiFi in Your School. Retrieved
from https://ift.tt/3i0JpZC Controllerless-WiFi-in-Your-School
LabSim Online Labs. (2017). TestOut Network Pro ISBN: 978-1-935080-43-5. Pleasant Grove, UT.
The post Create and Secure a Wireless Network first appeared on IGARASHI.
via WordPress https://ift.tt/3i1013I
0 notes
Text
Space Walk, Newton Laws of Motion
When we see videos from NASA astronauts out in space in their aircraft, we see a clear sign of an environment without gravity. Imagining that I have signed up for a mission to the International Space Station to remove faulty station component and replace them, I would have to take a couple of precautions to take during my operation. Doing work the same work at the international space station would be entirely different than doing it on earth. Everyone else on this planet is bounded to obey the rules of gravity but not up in outer space.
Working at the International Space Station
Newton’s First Law of Motion
In the international space station, the first thing that you might recognize is that you would be floating in midair. The force of gravity that would be acting upon an object on earth would be 9.81 m/s2, and the international space station would be nearly zero. There would be no force acting upon an object and things would float in midair. “Newton’s first law states that every object will remain at rest or in uniform motion in a straight line unless compelled to change its state by the action of an external force. ” (National Aeronautics and Space Administration, 2017) According to Newton’s first theory of motion, an object would not move without another external force would be acting upon it. Hence the object that would be floating would not fall since there would not be another external force acting upon the object. Which this makes the object to float.
Newton’s Second Law of Motion
Another thing that you may notice is that when an object is pushed, it will keep on moving forward without falling or moving away in another direction. The object would maintain its speed that it started and since there would be no gravitational force or any other force that would be interacting with the object, the object would proceed its course. “According to Newton, an object will only accelerate if there is a net or unbalanced force acting upon it.” (The Physics Classroom ,2017) As Newton’s second law of motion, once a force is applied to an object, the object would continue with that momentum without accelerating or decelerating. Once the force is reflected upon an object, the object would continue to proceed with the same speed until there would be an unbalanced force acting upon the object to change its motion.
Newton’s Third Law of Motion
Astronauts would not able to hold still on the ground on space. For them to move from one place to the other, astronauts would have to kick and push walls away to move forward. By pushing the walls way, the force applied to the wall would directly react back to the astronaut and push back. As Newton’s first two law of motion states the effect of inertia and behavior of net force, the third law covers the effect of forces on two objects when one object applies a force to object two. (Colorado State University-Global Campus. (2017) The Newton’s third law of motion states an important point that to every force interact with another object, the force would reflect back. For example, if an astronaut was to try to get on the space station from space and try to reach for any surface of the space station, the astronaut would always be pushed away from this effect. Any small touch would reflect directly back so getting back on the ship without hanging on to something would be impossible.
Conclusion
It is significantly impressive of how Isaac Newton was able to figure these fundamental materials that are somewhere that can be unseen and unreachable. Out in the space station, we can see a clear sign of an environment almost without gravity. As an astronaut working at a space station, there different precautions and warning next time visiting space. Everything on this planet is bounded to obey the rules of gravity but not up in outer space.
References
Colorado State University-Global Campus. (2017). Introduction to Physics with Lab, Module 3: Explaining
Newton’s Law of Motion. Greenwood Village, CO.
National Aeronautics and Space Administration. (2017) Newton’s Law of Motion. Retrieved from
https://ift.tt/1mJi9uu
The Physics Classroom. (2017) Newton’s Laws – Lesson 3 – Newton’s Second Law of Motion. Retrieved
from
https://ift.tt/1r6CBga
The post Space Walk, Newton Laws of Motion first appeared on IGARASHI.
via WordPress https://ift.tt/3hSjTpq
0 notes
Text
EAP over MS-CHAP version2 Preferred Method of Remote Access Authentication
Extensible Authentication Protocol (EAP) is an authentication framework that is used in wireless network. Rely on protocol that encapsulate the EAP message
The most preferred remote access authentication method I would be using is the EAP over MS-CHAP version 2 with TLS. The security level for a remote access environment in a client would be enormous. To set up a secure network authentication, we would use the MS-CHAP v2 to supports data encryption with manual LAN manager encryption to protect from “man in the middle” attacks. EAP would be an additional authentication used by CHAP using an authentication server and clients with certificates. The data however over an EAP are not encrypted by itself. By having the EAP with TLS, the EAP traffic would go through a secure layer that is encrypted and uses a Windows Active Directory as an as a user database. There would be a RADIUS server necessary to receive the authentication request to securely authorize access. Windows Server can set up a Network Policy Server to set up a RADIUS server to serve RADIUS clients on the network.
There are risks in implementing a MS-CHAP v2 EAP with TLS authentication since there would be a need for a Windows Active Directory Server and an NPS server. Most home consumer scale authentication are not cable of this setup. Having a Microsoft server means that there would be a need to manage the server and maintain the system would be up. There would be a need to hire someone to maintain and troubleshoot the server. Also, the implementation of this authentication method would be a lot costly. There would be a need for an extra server and cost for management. An authentication method that would require a RADIUS server would not be necessary for home and small business scale companies.
802.1x is a IEEE standard for port based Network Access Control (NAC) relying on EAP
References
Shinder, D. (2006) Choosing a remote access authentication scheme. Retrieved from
https://ift.tt/31TRmul
The post EAP over MS-CHAP version2 Preferred Method of Remote Access Authentication first appeared on IGARASHI.
via WordPress https://ift.tt/3lERhT0
0 notes
Text
Spanning Tree Protocol – STP (802.1D)
Network loop causes
Broadcast storms – formwarding of a frame repeatedly on the same links consuig significant parts of the links capacity.
MAC table instability – Continual updating of a switch of MAC address table with incrorect etries, in raction to loooping frames being sent from the different interfaces
Multiple frame transmission – A side effect of looping frames in which multiple copies of one frame are delivered to the intended host, confusing the host.
Timer Default Value Description Hello 2 sec The time period between Hellos creeated by the root. MaxAget 10 times Hello How long any switch should wait, after ceasing to hear Hellos, before trying to change the STP topology. Forward delay 15 sec Delay that affects the process that occurs when an interface changes from blocking state to forwarding state. A port stays in an interim listening state, and then an interim learning state, for the number of seconds defined by the forward delay timer. State Forwards Data Frames Learns MAC based on received frames Transitory or stable state Blocking No No Stable Listening No No Transitory Learning No Yes Transitory Forwarding Yes Yes Stable Disable No No Stable
Ethernet Speed IEEE Cost 10 Mbps 2000000 100Mbps 200000 1Gbps 20000 10Gbps 2000 100Gbps 200 1Tbps 20
Rapid STP (802.1w)
Can be used with stp
Elect from
Lowest root bridge id
Lowest MAC Address
Pretty much like stp except
Adds a new mechanism to replace the root port, without any waiting reach a forwarding state
Adds a new mechanism to replace a designated port without any waiting to reach a forwarding state
Lowers wainting times for cases in which rstp must wait
Function Port Role Nonroot switch best path to the root Root port Replaces the root port when the root port fails Alternate port Switch port designated to forward onto a collision domain Designated port Repalces a designated port when a designated port fails Backup port Port that is administratively disabled Disabled port Function 802.1D State 802.1w State Port is administratively disabled Disabled Discarding Stable state that ignores incoming data frames and is not used to forward data frames Blocking Discarding Interim state without MAC learning and without forwarding Listening Not used Interim state with MAC learning and without forwarding Learning Learning Stable state that allows MAC learning and forwarding of data frames Forwarding Forwarding
Show spanning-tree vlan x interface int state
Point to point – sw to sw
Point to point edge -sw to pc
Shared port – hub
Etherchannel lower stp convergence time or avoid connversiance all together.
Portfast transition immediately to blockng to forwarding, only for end device
BPDU Guard – used on access endpoint ports with portfast to prevent control root bridge
Settting Default Command to change defalt BID priority Base: 32,768 Spanning-tree vlan vlan-id root {primary| secondary} Interface cost 100 for 10 Mbps
19 for 100 Mbps
4 for 1 Gbps
2 for 10Gbps
Spanning-tree vlan vlan-id cost cost PortFast Not enabled
Show spanning tree int int portfast
Spanning-tree portfast
Spanning-tree portfast disable
PortFast Global Spanning-tree portfast default
No Spanning-tree portfast default
BPDU Guard Not enabled
Show spanning tree int int detail
Spanning-tree bpduguard enable BPDU Guard Global Show spanning tree summary Spanning-tree portfast bpduguard default
No Spanning-tree portfast bpduguard default
Degug Debug spanning-tree events Mode Spanning-tree mode pvst
Show spanning-tree vlan x
Spanning-tree mode {pvst, rapid-pvst, mst}
Ieee = 802.1d stp
The post Spanning Tree Protocol - STP (802.1D) first appeared on IGARASHI.
via WordPress https://ift.tt/3gXYOJb
0 notes
Text
Name Resolution and Domain Name Server
Domain Name System (DNS) – Resolves Internet names to IP addresses.
The Domain Name System (DNS) provides a way for hosts to use this name to request the IP address of a specific server, as shown in the figure. DNS names are registered and organized on the Internet within specific high-level groups, or domains. Some of the most common high-level domains on the Internet are .com, .edu, and .net.
Translating Domain Names to IP Addresses
Computer names are easier for users to understand than IP addresses. Name Resolution translates IP addresses to computer names to ensure simplification of IP address identification. Instead of using the 32-bit IP addresses, name resolution assigns computer names to the IP addresses of the destination hosts.
Thousands of servers, installed in many different locations, provide the services we use daily over the Internet. Each of these servers is assigned a unique IP address that identifies it on the local network where it is connected.
Without realizing it, by using the internet, we use DNS (Domain Name System). DNS is a protocol within the TCP/IP protocol suite, which is responsible for transferring information between devices within the network. DNS is essentially a GPS for a computer. DNS converts a domain name to an Internet Protocol (IP) address. Another important concept in Name Resolution is FQDN, which stands for Fully Qualified Domain Name. FQDN is the complete domain name for a specific device on the internet. FQDN consists of two parts: the hostname and the domain name. Example: mymail.somecompany.com is the FQDN for a hypothetical company. The hostname is “mymail.” The host is located within the domain “somecompany.com.”
Domain Name Server (DNS) – Service that provides the IP address of a web site or domain name so a host can connect to it
It would be impossible to remember all of the IP addresses for all of the servers hosting services on the Internet. Instead, there is an easier way to locate servers by associating a name with an IP address.
The post Name Resolution and Domain Name Server first appeared on IGARASHI.
via WordPress https://ift.tt/32Fqey8
0 notes
Text
SPAN
SPAN port is also known as Mirror port, which that specific port is configured to send the same frame of another port, most of the time used for monitoring. One port is used for data network and the span port is configured to send the same frame in/out of that data port. A computer using software such as packet capture or a monitoring device is plugged into the span port.
A collection of span rules claled SPAN session can define one ore more source port, on each port, to monitor frams transmitted in and out of the switch port.
VLAN mirror will mirror all port in the vlan
Remote SPAN (RSPAN)
Encapsulated RSPAN (ERSPAN) through GRE tunnel
Config terminal Monitor session 1 source interface gi1/0/11 -12 rx|tx|both Monitor session 1 destination interface gi1/0/21 Monitor session 2 source vlan 11 Monitor session 2 destination interface gi1/0/22 Show monitor session all Type, soure port, rx, destination port, eapsulation ,incgress, vlan Show monitor detail Source port, rx only, tx only, both,
The post SPAN first appeared on IGARASHI.
via WordPress https://ift.tt/3lAZ9Vt
0 notes
Text
DHCP Address Assignment
Dynamic Host Configuration Protocol (DHCP)
Used to automatically configure devices with IP addressing and other necessary information to enable them to communicate over the Internet.
How Does IPv4 DHCP Work?
Two important concepts of IP addressing are static IP and dynamic IP. A static IP address is one which is assigned to a network device. This static IP address can be subdivided into several dynamic IP addresses, each of which can be assigned to additional devices. Think of the static IP address as the address of an office building, and the dynamic IP addresses as individual suites within that office building.
When a host is first configured as a DHCP client, it does not have an IPv4 address, subnet mask or default gateway. It obtains this information from a DHCP server, either on the local network or one located at the ISP. The DHCP server is configured with a range, or pool, of IPv4 addresses that can be assigned to DHCP clients.
The DHCP server may be located on another network. DHCP clients are still able to obtain IPv4 addresses as long as the routers in-between are configured to forward DHCP requests.
Now that you have an understanding of the components of static IP and dynamic IP, it’s important to review DHCP. DHCP stands for Dynamic Host Configuration Protocol. The DHCP is a client/server protocol, which provides the Internet Protocol (IP) host with its IP address and other configuration information, such as the default gateway and subnet mask. In short, the DHCP server distributes IP addresses to the various devices on a network.
Address Assignment
A client that needs an IPv4 address will send a DHCP Discover message which is a broadcast with a destination IPv4 address of 255.255.255.255 (32 ones) and a destination MAC address of FF-FF-FF-FF-FF-FF (48 ones). All hosts on the network will receive this broadcast DHCP frame, but only a DHCP server will reply. The server will respond with a DHCP Offer, suggesting an IPv4 address for the client. The host then sends a DHCP Request to that server asking to use the suggested IPv4 address.
What if DHCP server is not available at the moment?
When the DHCP server is not available, the machine will select an IP address (from 169.254.0.0 – 169.254.255.255). The aforementioned range is reserved by the Internet Assigned Numbers Authority (IANA). The Address Resolution Protocol (ARP) is used to ensure that the chosen IP address is not already being used by another machine. After assigning an IP address to the machine, the machine can then interact over TCP/IP with other devices on the network, which are configured for APIPA (Automatic Private IP Addressing) or are manually set to the correct address range and a subnet mask value of 255.255.0.0.
The post DHCP Address Assignment first appeared on IGARASHI.
via WordPress https://ift.tt/3joVet4
0 notes
Text
Galileo Determine the Relationship of a Pendulum’s Length and Its Period
We can experiment to test the relationship between the length of a pendulum and its period. First, we would need to set up a pendulum, with a string hanging the pendulum bob with a period to hold the hanging string to a fixed point. We will raise the pendulum bob from whichever direction and release the pendulum bob to create a swinging motion. For every oscillation (every swing) we would be using a stopwatch to note the time in a table to experiment the time a full swing took in different length of the string. Through the experiment, we would be able to retrieve the kind of data that we can compare the effect of a change in a swinging pendulum to the length of the string.
Gravity plays a huge role in this experiment. The weight of the pendulum bob is fixed from a pivot point which the pendulum bob can swing freely. Galileo has found that the mass of the pendulum bob or the size of the arc does not matter. The longer the string that holds the pendulum bob is, the greater amount of time it to complete one oscillation since it has to travel a larger distance for the same angle of swing. (Francis, 2011) As the pendulum bob is placed at a higher position and released, the pendulum bob’s weight would allow the pendulum bob to be pulled downwards and aligned by the fixed pivot point, towards the equilibrium. Once the pendulum bob has reached the equilibrium, the momentum that was building up to pull down the pendulum bob has been built up and released, allowing the energy to place the pendulum ball to move to a higher location on the opposite side of the pivot point. The pendulum bob loses momentum and gets pulled to the equilibrium again. The motion continues and eventually will be put to a stop because of air resistance.
Francis, M. (2011) Physics Quanta: The Pendulum’s Swing. Retrieved fromhttps://galileospendulum.org/2011/05/24/physics-quanta-the-pendulums-swing/
The post Galileo Determine the Relationship of a Pendulum's Length and Its Period first appeared on IGARASHI.
via WordPress https://ift.tt/3jwi9CF
0 notes
Text
PPP and Metro Ethernet
Point-to-Point (PPP) is a point to point encapsulation protocol across dedicated or circuit switching across WAN network, along with protocol such as HDLC SDLC, and ISDN. Below would be a basic configuration for PPP in Cisco configuration terminal.
Config
Interface
Encapsulation ppp/hdlc
Ppp authentication chap
#Ppp authentication pap
#Ppp pap sent-username r1 password pass1
Hostname r1
Username r2 password mypass
Show ppp all
Config multilink
Interface multilink 1
Encapsulation ppp
Ppp multilink
Ip addresss 11111 11111
Ppp multilink group 1
Interface serial0/0/0
Encapsulation ppp
Ppp multilink
No ip address
Ppp multilink group 1
Show ip route
Show ip eigrp interface
Show ip int br
Show interface multilink1
Interface state, mutilink open
Show ppp multillink
Member linnk number
Interfaces
Inactive member
Keepalive feature helps a router notice when a link is no longer functioning.
Debug ppp authentification
Metro Ethernet
PoP Point of presnese – service provicer locally proximate office.
Carrier ethernet – ethernet WAN service provider by a carrier also called metro ether.
IEEE Ethernet Standard useful for metro ethernet access
Name
Speed
Distance
100 Base-LX10
100 Mbps
10 km
1000 Base-LX
1 Gbps
5 km
1000 Base-LX10
1 Gbps
10 km
1000 base-ZX
1 Gbps
100 km
10GBase-LR
10 Gbps
10 km
10GBase-ER
10 Gbps
40km
MEF Service Name
MEF Short Name
Topology Terms
Description
Ethernet Line Service
E-Line / Virtual Private Wire Service (VPWS)
Point-to-Point
Two customer premise equipment (CPE) devices can exchange. Ethernet frames, similar in concept to a leased line.
Ethernet LAN Service
E-LAN / Virtual Private LAN Service (VPLS)
Full mesh
Acts like a LAN, in that all devices can send frames to all other devices. (N(N-1)/2)
Ethernet Tree Service
E-Tree
Hub-and-spoke: partial mesh: point-to-multipoint
A central site can communicate to a defined set of remote sites, but the remote sites cannot communicate directly.
Route redistribution – taking routes from one routing protocol process and injecting them into another.
MPLS does this between PE router using variation of Multiprotocol BGP (MPBGP)
EIGRP in MPLS
A CE router does become neighbors with the PE router on the othe end of the access link.
A CE router does not become neighbors with toher CE routers.
The MPLS network will advertise the customer’s routes between the various PE routers, so that the CE routers can learn all customer routes through their PE-CE routing protocol neighbor relationship.
OSPF
The MPLS Pes form a backbone area by the name of a super backbone..
Each PE-CE link can be any area, a non-backbone area or the backnone area.
The post PPP and Metro Ethernet first appeared on IGARASHI.
via WordPress https://ift.tt/3lINEvt
0 notes
Text
Access List
Access list
Standard numberd ACL (1-99)
Access-list <acl # > {deny | permit} <source ip > <source wild> [log]
Access-list <acl #> remark <text>
In access-group <# > {in | out}
Extended numbered ACL (100-199)
Access-list <acl # > {deny|permit} [protocol] [source] [source wild] [destination] [destinamtion wild] [log]
Access-list <acl # > {deny|permit} tcp [source] [source wild] [port] [destination] [destinamtion wild] [port] [log]
Eq (equals) , gt ( greater than), lt ( less than)
access-list <acl #> remark [text]
Int sx
Ip access-group {number \name [in|out]}
Line vty
Access-class [number | name ] in| out
Ip access-list { standard | extended} name
{deny | permit} [source] [source wild] [log]
{deny | permit} [protocol] [source] [source wild] [destination] [destination] [log]
{deny | permit} tcp [source] [source wild] [port] [destination] [destination] [port] [log]
Additional ACL numbers (1300-1999) standard, (2000-2699) extended
Named ACLs
Improved editing sequence number
Configure standard ACL
Access-list 1 permit 10.1.1.1
Access-list 1 deny 10.1.1.0 0.0.0.255
Access-list 1 permit 10.0.0.0 0.255.255.255
Interface S0/0/1
Ip access-group 1 in
Configure extended ACL
numbered
Access-list 101 remark <text>
Access-list 101 deny tcp host 172.16.3.10 1772.16.1.0 0.0.0.255 eq ftp
Access-list 101 deny tcp host 172.16.2.10 host 172.16.1.100 eq www
Access-list 101 permit ip any any
Int s0
Ip access-group 101 in
Int s1
Ip access-group 101 in
Named
Ip access-list extended barney
Permit tcp host 10.1.1.2 eq www any
Deny udp host 10.1.1.1 10.1.2.0 .0.0.255
Deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255
Deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255
No Deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255
Permit ip any any
Int s1
Ip access-group barney out
Verify standard acl
Show ip access-list [acl # | name]
Show ip access lists
Show access-list [acl # | name]
Show details of config acl for all protocols
Show ip int s0/0/1
Accesslist set to the interface in and out
ACL IPv6
Similarity
Both match on the source address or the destination address in the protocol header.
Both match individual host addresses or subnets/prefixes.
Both can be applied directionally (inbound and outbound) to a router interface.
Both can match on transport layer protocol information such as TCP or UDP source or destination port number
Both can match on specific ICMP message types and codes
Both have an implict deny statement at the end of the ACL that matches all remaining packets.
Both support time ranges for time-based ACLs.
Differences
Ipv4 ACL can only match ipv4 packets and ipv6 acls can only match ipv6 packets.
Ipv4 ACL can be identifieed by number or name, while ipv6 is name only
Ipv4 ACL identify that acl is standard or extended but ipv6 identity differently
Ipv4 ACL can match on specific values unique to an ipv4 header (eg. Option, precedence, Tos TTL, fragments
Ipv6 acl can match on specific values unique to an ipv6 header (flow label, dscp) as well as extension and option header values
Ipv6 acl have some implict permit statements at the end of each ACL just before the implicit deny all at the end of the ACL, while ipv4 do not have implict permit statement.
Ipv6 can match
Traffic class (DSCP, 0 to 63)
Flow label (0 to 1048575)
Ipv6 Next Header field indicting extension header type/number
Source and destination 128-bit ipv6 addresses
Upper-Layer header details: TCP or UDP port numbers, TCP flags SYN,, ACK, FIN, PUSH, URG, RST
ICMPv6 type and code
Ipv6 extension header value and type (hop-by-hop headers, routing headers, fragmentation headers, Ipsec, destination options, among others)
Config
Standard ACL
Ipv6 access-list [name]
[permit | deny] ipv6 {source ip | any | host source ip} {destination ip | any | host destination ip} [log]
Int gi0/2
Ipv6 traffic-filter [name of acl] [in|out]
Extended ACL
Ipv6 access-list [name]
[permit | deny] <protocol> {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]
[permit | deny] icmp {source ip | any | host source ip} icmp-type [icmp-code] | icmp-message] [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [[dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]
[permit | deny] tcp {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [ack] [dest-option-type [doh number | type]] [dscp value] [established] [fin] [flow-label value] [fragments] [hbh] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [neq {port| protocol}] [psh] [range {port|protocol}] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [rst] [sequence value] [ time-range <name>] [urg]
[permit | deny] udp {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [hbh] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [neq {port| protocol}] [range {port|protocol}] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]
Permit icmp any any nd-na (permits NDP NA message)
Permit icmp any any nd-ns (permits NDP NS message)
Permit icmp any any router-solicitation
Permit icmp any any router-advertisement
Int gi0/1
Ipv6 traffic-filter [name acl] [in|out]
Line vty 0 4
Ipv6 access-class [name] [in|out]
Show ipv6 access-list
Show ipv6 interface | inc line|list
The post Access List first appeared on IGARASHI.
via WordPress https://ift.tt/3hNw1rF
0 notes
Text
Internal and External Risks to Security in Organizations
The most devastating attack that a company can take would be from the inside instead coming from the outside. Employees are the most potential target or can even be a janitor that has access to the majority of the rooms in the building. One of the most important thing that I have learned in security through this lesson is that there is a different type of security layers we must have in consideration. Whether we must apply more security physically or logically would be two of a different thing. For example, for the physical layer security, it is essential to keep in watch of people going to places they are not supposed to, and you don’t know who did what. Some measures including setting a CCTV system installed would be one of the procedures taken to prevent security issue at the physical level. Some other preventions include putting a lock on the door for the server room with only people granted access can enter the server room. Or shutting down network ports that are not in use or setting your pc up to prevent USB drive usage.
When it comes to logical level security, one of the biggest key to put in mind is to protect password being used by intruders. The first thing that security experts should look into is the basic fundamental security practices that engineer take. Such examples are shutting down unnecessary network ports open to the outside world and setting basic cybersecurity policy in place. There should be different proactive measures be put in place such as LDAP authentication with an Active Directory server and how users authenticate to access the data they need. It is recommended widely to change the password on a timely basis with a minimum requirement of the specific key combination. The next biggest problem is to use with their own devices. This is another security concern of many in the modern day world, such as cell phones. Every manager would know that there would only be an adverse outcome from asking people not to bring their cell phone over to work. Some of the security measures we can use are asking the user to connect to a wifi that is only designated for guest use. Creating a network that is completely separated from the production.
References
Zaharia, A. (2016) 10+ Critical Corporate Cyber Security Risks – A Data Driven List. Retrieved from
https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/
The post Internal and External Risks to Security in Organizations first appeared on IGARASHI.
via WordPress https://ift.tt/2YUAkKC
0 notes
Text
How Kepler’s Laws Help Calculate the Radius of the Synchronous Orbit of an Earth Orbiting Satellite
When thinking of a planet orbiting another planet, people first assumed that the planet circulates a planet in a perfect circle. Turns out that was not the case. Planets such as Pluto and every other planet did not orbit in a circle. Johannes Kepler published a significant breakthrough in calculating orbiting objects.
Well before Kepler evolved his laws of planetary motion, the philosopher Ptolemy described the epicyclical motion of planets in orbit around the earth. This geocentric model roughly explained the retrograde motion of planets, which appear to move backwards at times, when viewed from the earth. Unfortunately, for Ptolemy, the Copernican heliocentric view proved more correct and invalidated the epicyclical motion model. Still, Copernicus’s theory had a serious flaw. Planets don’t travel in circular orbits. It took Kepler to discover how they really do move. During the solar day under discussion, the line would have swept out a piewedge-shaped space as the planet moved. When the planet is far from the sun, the pie wedge is long and narrow. When the planet is close to the sun, the pie wedge is short and squat. According to Kepler’s second law, the area defined by the long narrow wedge and the short squat wedge are equal.
His study show three laws of planetary motion, which the first law of motion shows orbiting object would travel through using the two internal point to find out the eclipse. The second law of motion shows the objects speed changes as it orbits an object. The closer the object orbit around the foci the faster the object travels. Kepler’s third law shows “The square of the orbital period of a planet is proportional to the cube of the mean distance from the Sun (or in other words–of the”semi-major axis” of the ellipse, half the sum of smallest and greatest distance from the Sun)” (Stern, 2005). Kepler’s third law shows a comparison of two or more motion of an orbiting object. This third law shows that object orbit farther from the foci has larger equilibrium. Meaning the object would travel a longer path, slower speed, and takes longer to complete a full orbit. Making these rules in place, thinking about a satellite orbiting around the earth, we would be able to figure exactly how the satellite would orbit the earth. The Kepler law allows us to understand the shape of the equilibrium, the speed, velocity, and differences in orbiting the earth at a various distance from the foci from the mass of the satellite.
Many satellites operate at roughly the same distance from earth; a sweet spot called the GEO (Geostationary equatorial orbit). This is a sweet spot because the time it takes for a full orbit around earth is equal to one earth day. This can be important for numerous reasons, surveillance is among them.
Kepler’s 3rd law teaches us “The square of the period of any planet is proportional to the cube of the semimajor axis of its orbit” (HyperPhysics). This gives scientists the ability to determine an orbital pattern just by recording how long it takes to make a full orbit. Interestingly this is not exactly true. “Proportional” is a key word here. Because the Sun is so massive, adding any planet’s mass to it is close to negligible, this is why the equation is simplified to T^2=A^3.
Detailed examination of Brahe’s measurements over an additional 10-year period led Kepler to uncover the constant relationship between the time of one planetary orbit (orbital period) and the average orbital radius. The constant relationship stands as the square of the orbital period (T) divided by the cube of the average orbital radius (R), or K = T2/R3.
These discoveries made by Kepler and Galileo has impact strongly in Isaac Newton’s study of the law of motion and principle of mathematics in astronomy. Kepler’s law of planetary motion set a numerical rule that sets the ground for many future discoveries in the world of wonder. As Newton has expanded in Galileo and Kepler’s studies, by showing discoveries in changes in velocity, momentum, inertia, and more in-depth relationship in motion in the law of gravity.
The impact of Kepler’s discoveries is penetrative to many sciences, most obviously space travel. Studying the behavior of entities in space, including planets, provides insights into spacecraft travel. It has also impacted Lagrange, Laplace, Hamilton, Gibbs, and many great scientists came after to finish his work up till today.
References
Stern, D. (2005) Kepler’s Three Laws of Planetary Motion. Retrieved from
https://ift.tt/3jrc5LN
Kepler. (n.d.). Retrieved October 05, 2017, from https://ift.tt/2gTDYgc
The post How Kepler's Laws Help Calculate the Radius of the Synchronous Orbit of an Earth Orbiting Satellite first appeared on IGARASHI.
via WordPress https://ift.tt/2QK8wnr
0 notes
Text
IPv4 Routing
Routing is the process of selecting one path from multiple paths to reach a destination. The routing process occurs through network devices, which are known as routers. A router is always configured with a default route, which tells the router where to forward a packet if there is no route found for a specific destination.
Once the router notices a link up in their interfaces, they resolve the end device MAC Address to put in their MAC Address table. This process is within the Data link layer of the five network layers and takes care of ethernet and frames. The MAC Address is an IEEE 802 global identifier which is 48bits long and is unique to every network interface. The first half of the MAC Address is register names of the makers and manufacturers. Using the MAC address table, the router would be able to identify in which interface, where these devices are located. The router identifies the IP addresses of the connected devices through arp resolution and the IP Address are put into an ARP table. Using the routing table that the routers are configured with, the router routes the packet to the appropriate destination. A routing table is a list of policy for the packets to be routed. This series of receiving and routing packets are included in the Transportation layer of the five-layer network model. The packet IPv4 header TTL flag is present to help the transportation protocol to have a ‘time to live’ set to the packet so when the packet goes looping, it would stop somewhere. When both PC’s are able to communicate with each other through the router, they most likely use a TCP connection to communicate to different TCP IP ports. TCP protocol uses flags in the packet to signify the session state between communication with the end host. TCP uses FIN, ACK, SYN, RST, PSH, URG, ECE, CWR, and NS checksum to maintain the session with the end host. Through session communication, reliable data transportation is possible.
Cisco Configuration
A router on a stick (ROAS) – router route traffic between VLANs for l2 switch
Configure VLAN on a Cisco router
Int gi0/0
No ip add
# native lan if ip add set
# if shutdown all vlan int is ‘administratively shut’
Int gi0/0.10
Encapsulation dot1q 10
Ip add 10.1.10.1 255.255.255.0
Int gi0/0.20
Encapsulation dot1q 20
Ip add 10.1.20.1 255.255.255.0
Show IP route connected
Show C routes for .10 and .20
Show VLAN
Encapsulation
Native VLAN
Ip
Vlan tagged address and statics
Layer 3 switch
Allow inter VLAN routing
Has switch virtual interface (SVI)
Enable IP
routing on switch
sdm prefer lanbase-routing
Reload
Ip rouing
Show ip route
Enable SVI
Int vlan 10
Ip address xxxxx
On ports that shouldn’t act as a switch but a router use
No switch-port
Then assign a ip address
EtherChannel for Layer3 switches
Int gi0/13
No switchport
No ip address
Channel-group 12 mode on
Int gi0/14
No switchport
No ip address
Channel-group 12 mode on
Int po12
No switchport
Ip address 10.1.12.1 255.255.255.0
Show etherchannel 12 summary
Shows layer3 in used for which port used.
If there are multiple paths that exist, the router can make decisions based on the following:
Bandwidth
Hop Count
Prefix-length
Delay
Metric
There are four types of routing, which include unicast, broadcast, multicast, and anycast routing.
The post IPv4 Routing first appeared on IGARASHI.
via WordPress https://ift.tt/34MmZYq
0 notes
Text
International Space Station and the Difference Between Temperature and Heat
Imagining in a situation where working at an international space station and there is an interstellar gas cloud approaching the space station that is about millions of degrees. We know that the international space station orbit around the earth, experiencing temperatures between 200 degrees Fahrenheit and below 200 degrees Fahrenheit. In this case, however, the cloud of gas that is targeting directly towards the international space station has a low density. A Million degrees would be way past the boiling point of this international space station however due to the low density, the rate in which the heat is transferred to the international space station may be significantly low. Heat energy is passed on to a higher temperature to low temperature. Also, different elements have their characteristic to absorb heat. For example, when water reaches its boiling temperature, adding more heat energy would not increase the temperature. As mentioned, “When energy is added to a liquid at the boiling temperature, it converts the liquid into a gas at the same temperature.” Water cancels out the added heat energy by converting it into gas.
Should we abandon the space station? Leaving the ship may not be a good idea. The international space station has a larger mass which could expand the time of the international space station reach the boiling point during the impact. Heat is related to the quantity of matter. Also, the international space station is traveling about 17,000 miles per hour. If I am at a distance to the target where I would need to make this decision, my ride better is able to travel faster than the interstellar gas, or I am not going anywhere.
References
The Physics Classroom (2017) Thermal Physics – Lesson 1 – Heat and Temperature. Retrieved from
http://www.physicsclassroom.com/class/thermalP/Lesson-1/What-is-Heat
The post International Space Station and the Difference Between Temperature and Heat first appeared on IGARASHI.
via WordPress https://ift.tt/3juqd6O
0 notes
Text
VLAN
https://ift.tt/2EB1qis #computerscience #tech #innovation #science #usa #world #share #follow #followforfollow #fbf #followback #subscribe #like https://www.igarashi.one/index.php/2020/08/27/vlan/
0 notes
Text
PPP and Metro Ethernet
https://ift.tt/eA8V8J #computerscience #tech #innovation #science #usa #world #share #follow #followforfollow #fbf #followback #subscribe #like https://www.igarashi.one/index.php/2020/08/27/ppp-and-metro-ethernet/
0 notes