igarashione - Tumblr blog

igarashione · 4 years ago

Text

IT Infrastructure and Secure Solution Proposal Reference Example

ABC Accounting Inc. Network Infrastructure Proposal

Table of Contents

Network Topology

Type of Network and Design

Client Network Devices

Firewall

Switch

Wireless

Printer

IP Infrastructure

Logical topology

IP Addressing Scheme

Security

Security Appliances

Web Filtering and Access list

Authentication and Encryption

Antivirus Software and Network Monitoring Conclusion

References

ABC Accounting Inc. has made significant progress from the past year. The expanded of the business have grown from five employees expected up to three hundred fifty employees. There would be a need for an enterprise scale network infrastructure. As facing rapid expansion in ABC Accounting Inc, there would be a consideration in how the network design should look in an expanding office space to three office floors in the same building. A third of the employees are laptop users that travel occasionally, and all users are using windows 7. In the current network infrastructure, it would not be able to serve future expansion of this business, and it would be critical to consider an upgrade at this time

Network Topology

Type of Network and Design

To meet the technology we have today, it is crucial to gain the necessary network infrastructure to create an enterprise scale, dynamically scalable, and secure system. Network infrastructure for this company would need to cover over 350 employees with networking devices such as router, firewall, switch, server, printer, access points, and guest devices. There would be a need for a large-scale network with the right devices to consider.

For the Wide Area Network (WAN) connection, for better redundancy, I suggest having two network carrier which is ATT, which would be ATT business and Comcast business circuits. We would have a static IP from ATT and Comcast a total of eight. There download, and upload speed for these circuits would have 100Mbps upload, and 100Mpbs download network fiber circuit speed from both carriers. The ATT network circuit would be used as a backup line, and the Comcast circuit would be used as a primary network circuit. We would only allow remote users to access the corporate network securely through the backup line of the network. Users would be able to access the company file directory through an entirely separate Global IP Address from the primary IP Address to prevent unwanted intruders to gain access.

Client Network Devices

The client devices specification would need to satisfy some resources programs and application would use. Users would most importantly use email and file share for the majority of their operation. For desktop users, the Dell OptiPlex 3050 Small form factor would be recommended. The desktop would come with the power cable, keyboard, and mouse. Users would not not need too many resources since they would need to run simple applications such as web browser and windows explorer for network file share. The desktop computer has Intel® Core i3-7100 (DC/3MB/4T/3.9GHz/65W) and 4GB (1x4GB) 2400MHz DDR4 Memory, with the 3.5 inch 500GB 7200rpm Hard Disk Drive. The computer would be having a 3 Years ProSupport with Next Business Day Onsite Service for all desktop computer. Desktop users would only use an RJ45 Ethernet port to connect to the internet. We would have the users to use the LED-backlit LCD 24 inch Dell E2417H model monitor, with 1920 x 1080 resolution. The display cable that the monitor would be connecting to the desktop would be Display cable. The display cable would come with the cable along with the power cable.

There would be a need for a portable and lightweight solution for users that comes and goes outside of the company. Laptop users would be users that would go out for sales or out of the office occasionally. We recommend the Dell Inspiron 5000 Series laptop computer for these users. The laptop would be equipped with 8GB of RAM with Intel Core i5 CPU. Lightweight, robust, and optimal laptop. These laptops would not have an RJ-45 network port on the laptop. The laptop users would be using the wireless NIC built in the laptop to connect to the network.

For this new network infrastructure, there would be a couple of servers that would be necessary to create this system. First would be file servers. There should be one file server for users and one file server to store logs and backup for fault tolerance. There would also be a need for a domain controller for our network environment. For redundancy, there would be a need for two servers used for the primary and secondary domain controller. It the two servers would be replicating instantly and securely authenticate users. We recommend having a total of servers.

One for a file server and one for a domain controller for this office. We would be selecting the Dell PowerEdge R430 Rack Server for with 32GB DDR4 DIMM, 128GB SSD, three 1TB SAS HDD for each, and Intel® Xeon® processor with two processor socket. We would need one hundred seventy-five desktop computer and another one hundred seventy-five laptop computer to serve users. Also, we would need four servers to have as a server.

Firewall

For the firewall for this network infrastructure would be the key for security and routing of the network architecture. There would be a need to have high reliability for this device, and a good solution would be configuring a high availability for two firewalls. The firewall that has been configured for high availability active standby would allow the network device create a cluster that automatically detects a fault on the other firewall and enable its interface. For the firewall, I would be recommending the FortiGate 200D. We would have a WAN interface connection from two separate internet carrier, which we would be load balancing and route accordingly. If one network circuit goes offline, the firewall will route network to the backup circuit which would be the ATT circuit. Another important role that the firewall would be playing in this network infrastructure is that the network firewall would be used for securing accessing the file system and company resource through a technology called the IPSec VPN tunnel. A virtual private network, or VPN, provides a solution in which, it supports the creation of virtual links that join far-flung nodes via the Internet which is by creating a logical encrypted tunnel between the nodes to pass traffic. (Doral, 2014) Users that would have to connect the company resource would be using a VPN client agent called the Forti Client, installed on the user’s computer, to load a VPN profile with all the correct parameters and the preshared key to access the network.

Switch

The desktop user would be connecting to their jack port under their desk, which is patched to the server patch panel. From there, the network cable is cabled to the network switch. There would be at least one hundred and seventy-five necessary network ports and more for servers and other networking devices. There would be a need for eight network switch for the network infrastructure. I would recommend the Cisco Catalyst 2960 series switch to be used for the network infrastructure. In the first floor, there would be four network switch that would be set, two network switch on the second floor, and another two network switch on the third floor.

Switch partake managing this important feature in the network architecture which acts as a set of ports attached to one or more Ethernet switches, which is a called the virtual local area network (VLAN), which runs one MAC learning algorithm for each Virtual LAN. (Bonaventure, 2011, pg. 240) We would be using this switch as a layer two switch and would primary carrying VLAN network through trunk connection from the firewall to each switch. Spanning tree root priority is higher on the first floor switches. In each floor, the switches are connected with a stacking cable.

Wireless

Laptop users would need to connect to the network using wifi. Since we would be covering a large amount of space for the network infrastructure, we would need multiple access points to provide full coverage. On the first floor, there would be a need of three access points, two access points on the second floor, and another two access points on the third floor. For the wireless access points, we would recommend the Cisco WAP371 Wireless-AC/N Dual Radio Access Points for the laptop users. There would be a need for a total of seven Cisco WAP371 wireless access points to be set up for the network. All of the wireless access points would be mounted on the ceiling, placed separately access the floor. There would be another cabling necessary to reach the wireless access point mounted to the wall through the ceiling to the server room. The wireless access point would be POE powered so there would be a need a power injector between the patch panel and the network switch. The SSID for the would be “ABC-OFFICE, ” and for security purposes, the SSID would not be broadcasted. The security for the SSID would be using WPA2 Enterprise, which would be authenticated with the RADIUS server in the local network. Since there would be no POE switch, we would need a two POE power injector to light up the wireless access points.

Since there would be multiple wireless access points that would be needed to be managed in the network, there would be a need for a scalable solution for this case. We recommend adding a wireless controller in the network to handle the wireless access points. We suggest adding the CISCO AIR-CT2504-5-K9 2504 Wireless Controller Network Management Device for the wireless controller for these Cisco access points.

Printer

For the printers for the network, we would like to minimize the use of paper at the same time, make life easier when we need it. We would get the most affordable network printer on the network which can authenticate the user through RADIUS server. The network printer that we would be implementing our new IT infrastructure would be the HP LaserJet Pro M477fdw Wireless Color Laser Printer. If you attach a printer to one computer and share it when that computer is off, nobody can print, but an alternative is to purchase a network printer. (FunctionX, Inc., 2014) The printer would be able to use wireless. However, we would be only using an ethernet connection for this case. It has the capability of the copier, scanner, fax, and mobile printing. The printer would be setup scan to email and also scanned documents to the network file share folder.

IP Infrastructure

Logical topology

IP Addressing Scheme

IP addressing of such network infrastructure require a more extensive office network addressing scheme due to some users that are expected to be using and the number of users that would be expecting to increase. There would be two logical networks in the Local Area Network (LAN) which would be the office network and the server network. Something called the VLAN divides this two network. The office network would be the network that would be used for office users including desktops, laptop, wireless access points, and printer. The network address range is expanded to subnet mask 255.255.0.0 or /16. The IP address range would be 10.222.0.0/16.

This network does have DHCP server enabled, which would be enabled from the Fortigate firewall. The DHCP would address from 10.222.0.2 to 10.222.254.254, and the 10.222.255.1 to 10.222.255.255 address ranges would be used for network devices such as printers, firewall, and wireless access point. The default gateway for this network would be 10.222.255.254, and the DNS server would be facing the domain controllers.

The server network does not have a DHCP enabled in the network and had a subnet mask of 255.255.255.0 with 172.22.2.0/24 range. The IP Address of the primary file server would be 172.22.2.20, secondary file server 172.22.2.21, primary domain controller 172.22.2.10, and the secondary domain controller 172.22.2.11. The two network is divided by a VLAN and the network has a security preference called the access list. The network devices would only have specific network port access for granted services such as FTP, SMB, Bonjour, CIFS, LDAP, RPC, HTTPS, etc. The default office network would be routed to the Comcast circuit as a default route, and if there were a down detected in the WAN interface facing the Comcast modem, the network traffic would be routed towards the ATT modem as a backup.

As the network diagram above, it is essential to have a neatly, outlined diagram that can be understood easily. Any mistake in the documentation can be costly. Network documentation is a are the blueprint of the network configuration, and when a problem needs to be solved, a service provider will use the network documentation to obtain an understanding of the network, which results in less time and lower cost. (Colorado State University-Global Campus, 2017). For instance, suppose there were a router needed to be replaced and the service provider purchases a replacement, but there is no router configuration documentation, which leads to two hours to replace the router.

Security

Social Engineering and Cyber Threats

Regarding security threats, it would be very important to get all the basic security setup correctly and monitor all the networking devices including the firewall, the network switch, the wireless access point, and network printer. Also, there would be a need to monitor the server event log and resource statics for measuring stability. Security precautions must be taken seriously, and we are planning to implement enterprise-level security system to protect the important asset the company holds. For security in the OS level, there would be a antivirus software install to prevent malicious file coming in or preventing attacks from the network. They would be having Symantec Endpoint Protection Small Business Cloud installed, which is the most trusted enterprise antivirus solution hosted from the cloud. Privacy of information is said to never to be able to stay hidden forever and would someday expose. Privacy can be seen as the friction that reduces the spread of personal information that makes it more difficult and economically inconvenient to gain access to it. The merit of this definition is to put the privacy into a relative perspective, which excludes the extremes that advocate no friction at all or so much friction to stop the flow of information. (Vacca, & Vacca, 2013). There cannot be a completely secure system, and we are only able to lower the possibility of exposure through security. It is always important to patch security updates to servers and update the firmware on the network devices as well. Routine maintenance would help engineers aware of the issue earlier than it to be too late.

An authentication method that we would use for our new network architecture would be the domain authentication through Microsoft Windows Active Directory. Through domain security, any authentication would be lookup the users in the Active Directory Database. Windows login, file server access, and email would all be using this company active directory server for authentication. For wireless network access, users would be also using the active directory credentials but through an authentification protocol called RADIUS. Wireless access point would have a RADIUS client enabled with the profile information facing the RADIUS server, which would be installed in the Active Directory server. The RADIUS server acknowledges the request to grant permission to the network.

Although, through network security appliances such as the next generation firewall or scaling different separate network through VLAN may not be enough to be protected from recent security threats today. Some of the most common security threat that we have is social engineering. Intruders use social engineering to exploit human by convincing that you are someone that you reveal that you are and gain access. “The most effective countermeasure for a social engineering is employee awareness training on how to recognize social engineering schemes and how to respond appropriately” (LabSim Online Labs, 2017). Not only that we would scale network security through the network architecture but to prevent any single point of failure but human error.

Project Expense

ITEM

DESCRIPTION

QTY

UNIT

AMOUNT

Hardware Equipment

Forigate 200D

$2,540.00

$5,080.00

Cisco Catalyst 2960

$3,295.00

$39,540.00

Cisco WAP371

$160.99

$1,126.93

Power Injector

$15.00

$105.00

Dell OptiPlex 3050 (Desktop Computers)

175

$489.00

$85,575.00

Dell PowerEdge R430 Rack Server

$1,329.00

$6,645.00

Dell Inspirion 5000 Series All in One (Laptop)

175

$499.00

$87,325.00

<Other>

Dell E2417H 21.5″ LED Monitor

175

$125.00

$21,875.00

RJ45 Straight through cable

1750

$4.99

$8,732.50

HP LaserJet Pro M477fdw Wireless Color Laser Printer

$529.99

$1,589.97

License and Warranty

Fortigate FortiCare Security License Bundle

$1,235.00

$2,470.00

Symantec Endpoint Protection Small Business Cloud

355

$54.18

$19,233.90

Cisco SmartNet Extended Warranty

$33.48

$636.12

Dell Extended Hardware Warranty

355

$150.00

$53,250.00

Labor

1 man x per hour

120

$35 per

hour

$4,200.00

Project Management

– Meetings, Scheduling, and Documenting

$2,500.00

Shipping and Handling

$1,500.00

Taxable Total (Tax Rate: 9.00%)

$333,184.42

Sales Tax

$29,986.60

Non Taxable Total

$6,700.00

Total

$371,371.02

Conclusion

ABC Accounting Inc. has made significant progress through the past year. There would be a need for a new network infrastructure for this rapid growth of employee at ABC Acccounting Inc. To achieve an enterprise network infrastructure, there would be a need for a scalable, secure, reliable, fast, and redundant network that can be easily managed with remote dial-up VPN access. The expanded of the business have grown from five employees expected up to three hundred fifty employees. With a three-floor office, we would consider future scalability and minimize the cost as much as possible, cutting unnecessary high speciation. In the current network infrastructure, it would not be able to serve next expansion of this business, and it would be entirely critical to consider an upgrade at this time.

References

LabSim Online Labs. (2017). TestOut Network Pro ISBN: 978-1-935080-43-5. Pleasant Grove, UT.

Bonaventure, O., Open Textbook Library, distributor, & University of Minnesota. College of Education & Human Development. (2011). Computer Networking : Principles, Protocols and Practice.

Dordal, P., Open Textbook Library, distributor, & University of Minnesota. College of Education & Human Development. (2014). An Introduction to Computer Networks.

FunctionX, Inc. (2012) Network Hardware. Retrieved , from http://www.functionx.com/networking/Lesson02.htm

Vacca, & Vacca, John R. (2013). Computer and information security handbook (2nd ed., Elsevier Science Direct E-books). Amsterdam: Morgan Kaufmann is an imprint of Elsevier.

CSU-Global (2017). Introduction to Networks, Module 1 to Module 8. Greenwood Village, CO.

The post IT Infrastructure and Secure Solution Proposal Reference Example first appeared on IGARASHI.

via WordPress https://ift.tt/3iesu6h

#network #System Engineer #it #wordpress

0 notes

igarashione · 4 years ago

Text

Create and Secure a Wireless Network

Today, living in this world full of technology, most of the cities and public areas all have wifi available for network connection. At many homes, it has become a commodity today to have internet with the wireless access point. The majority of the business also makes use of a wireless access point. Although when it comes to business, some businesses such as hotels, would need to take very serious consideration in what kind of wireless solution they would be implementing in their network infrastructure. If they were to provide wifi as a service to the guest, they would need to start thinking about reliability, coverage, guest management, security, traffic analysis, support, and warranty. There are significant differences in the wireless access point that business would need to consider from wireless access points used at home.

Enterprise and Consumer Wireless Access Points

Home Wireless Access Points

The consumer-grade wireless access point is usually pre-equipped with the internet provider’s internet service plan for most modern-day homes. When you ask for a home internet plan, you will get a technician to run the cables up to your premises and from there, the internet provider engineers would set up their carrier modem. Depending on the modem, it may be equipped with wifi or an engineer would set up a wireless access point. What the home wireless access point can do is simple. Users connect to the wireless access point using pre-shared key AES encryption with WPA2 Personal authentication. “AES is the strongest encryption method currently available, and it is used with WPA2” (LabSim Online Labs, 2017, 10.3.2 Wireless Configuration) Both home wireless access points and enterprise wireless access points do have the capability for AES encryption today. The wireless access point SSID would be mostly broadcasted, using the preshared key pre-setup. The most consumer-grade wireless access point would be able to do only limited features and would not be able to create multiple SSIDs.

Enterprise Wireless Access Points

Enterprise-grade wireless access points are different from standard consumer-grade wireless access points. They have more features and have some feature that can only be adapted to enterprise setup, such as wireless access points with POE feature. This allows wireless access point set up anywhere with just a wall jack. The access point would be able to take power from the POE switch through the Ethernet cable. Many other features include multiple SSID, AP clustering, traffic analysis, better management, great support, and warranty.

In large operations such as setting up a network for a hotel, there would be a need for the wireless connection to be able to be reached every guest room without a blind spot. Covering the whole hotel with one access point would be impossible. There would be a need to set up multiple wireless access points in the premise to spread the wireless radio reach every room. When it comes to multiple wireless access points, the next problem it would be is managing all the access points in the hotel. The larger the hotel, the larger the number of access points would need to be set.

To manage all the access points, there are times where companies would install a wireless controller, to control all the wireless controller in the hotel. There are more benefits in installing a wireless controller such as being able to set up multiple SSID with the use of VLAN, access point clustering, seamless auto-configuration syncing across access points, set up a policy for all access points, security standards, and much more. “An infrastructure that allows for monitoring the performance of the network and the ability to push out quick changes from a single point is fundamental to lower operational costs” (Daryl, 2014). An enterprise-scale wireless network could provide huge security benefits to prevent intrusion and protection to connecting clients. Most wireless access points or wireless controllers would be able to set up a web portal to allow users to authenticate. Through WPA2 and 802.1x authentication with a radius, the server would give an additional capability to change the password for the guest user in reoccurring date. “WPA2 defines two types of security: passphrase authentication for small and small office/home office (SOHO) networks, and 802.1X/EAP security for enterprise networks” (Capano, 2015). There wouldn’t be authentication Traffic management, and host control would be much easier and simplified. If support contracts are bought for these devices, there would be support on the uptime for this device for the company. This would provide better maintenance, troubleshooting, and repair. Through these features, the wireless access points would be able to cover a large space with better reliability, redundant, provide secure wireless connection, well managed, and support service for longer uptime.

A disadvantage of implementing an enterprise-scale wireless network infrastructure is that it would be difficult to configure the enterprise networking devices compared to the consumer scale wireless network devices. The more the difficult to configure the more the difficult it is to troubleshoot and maintain the device. There would be a need to buy a support contract for these devices for this effect, and another reason is because of the cost.

The installation would be expensive and to minimize the cost, the POE feature helps to reduce the cost of extra cabling. However, this considerable disadvantage of using an enterprise wireless network would cost a lot more money. Not only the hardware for these devices however the additional support, cabling, hiring network engineers, and maintenance would be costly. To find the right wireless solution for you, you must first consider how much cost you would be putting for a wireless connection for your business, the need for a wide range of connection, security, and reliability.

Conclusion

Home used wireless access point has a clear limitation in features compared to the wireless access points used for enterprise business scaled wireless network infrastructure. Depending on how you would like your business to make use of the wireless technology and how much you are willing to invest in wireless connectivity, would defy whether if you should implement and home wireless network infrastructure or an enterprise network infrastructure. Businesses would need to take a careful look at how this can be possible through considering things such as reliability, coverage, guest management, security, traffic analysis, support, and warranty support in mind for the wireless network implementation. There would be no other way but take advantage of this great technology.

References Capano, D. (2015). Wireless security basics, standards. Control Engineering, 62(4), 34.

Daryl. S (2014) 6 Key Advantages for Having Controllerless WiFi in Your School. Retrieved

from https://ift.tt/3i0JpZC Controllerless-WiFi-in-Your-School

LabSim Online Labs. (2017). TestOut Network Pro ISBN: 978-1-935080-43-5. Pleasant Grove, UT.

The post Create and Secure a Wireless Network first appeared on IGARASHI.

via WordPress https://ift.tt/3i1013I

#network #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

Space Walk, Newton Laws of Motion

When we see videos from NASA astronauts out in space in their aircraft, we see a clear sign of an environment without gravity. Imagining that I have signed up for a mission to the International Space Station to remove faulty station component and replace them, I would have to take a couple of precautions to take during my operation. Doing work the same work at the international space station would be entirely different than doing it on earth. Everyone else on this planet is bounded to obey the rules of gravity but not up in outer space.

Working at the International Space Station

Newton’s First Law of Motion

In the international space station, the first thing that you might recognize is that you would be floating in midair. The force of gravity that would be acting upon an object on earth would be 9.81 m/s2, and the international space station would be nearly zero. There would be no force acting upon an object and things would float in midair. “Newton’s first law states that every object will remain at rest or in uniform motion in a straight line unless compelled to change its state by the action of an external force. ” (National Aeronautics and Space Administration, 2017) According to Newton’s first theory of motion, an object would not move without another external force would be acting upon it. Hence the object that would be floating would not fall since there would not be another external force acting upon the object. Which this makes the object to float.

Newton’s Second Law of Motion

Another thing that you may notice is that when an object is pushed, it will keep on moving forward without falling or moving away in another direction. The object would maintain its speed that it started and since there would be no gravitational force or any other force that would be interacting with the object, the object would proceed its course. “According to Newton, an object will only accelerate if there is a net or unbalanced force acting upon it.” (The Physics Classroom ,2017) As Newton’s second law of motion, once a force is applied to an object, the object would continue with that momentum without accelerating or decelerating. Once the force is reflected upon an object, the object would continue to proceed with the same speed until there would be an unbalanced force acting upon the object to change its motion.

Newton’s Third Law of Motion

Astronauts would not able to hold still on the ground on space. For them to move from one place to the other, astronauts would have to kick and push walls away to move forward. By pushing the walls way, the force applied to the wall would directly react back to the astronaut and push back. As Newton’s first two law of motion states the effect of inertia and behavior of net force, the third law covers the effect of forces on two objects when one object applies a force to object two. (Colorado State University-Global Campus. (2017) The Newton’s third law of motion states an important point that to every force interact with another object, the force would reflect back. For example, if an astronaut was to try to get on the space station from space and try to reach for any surface of the space station, the astronaut would always be pushed away from this effect. Any small touch would reflect directly back so getting back on the ship without hanging on to something would be impossible.

Conclusion

It is significantly impressive of how Isaac Newton was able to figure these fundamental materials that are somewhere that can be unseen and unreachable. Out in the space station, we can see a clear sign of an environment almost without gravity. As an astronaut working at a space station, there different precautions and warning next time visiting space. Everything on this planet is bounded to obey the rules of gravity but not up in outer space.

References

Colorado State University-Global Campus. (2017). Introduction to Physics with Lab, Module 3: Explaining

Newton’s Law of Motion. Greenwood Village, CO.

National Aeronautics and Space Administration. (2017) Newton’s Law of Motion. Retrieved from

https://ift.tt/1mJi9uu

The Physics Classroom. (2017) Newton’s Laws – Lesson 3 – Newton’s Second Law of Motion. Retrieved

from

https://ift.tt/1r6CBga

The post Space Walk, Newton Laws of Motion first appeared on IGARASHI.

via WordPress https://ift.tt/3hSjTpq

#Physics #Science #physics #science #wordpress

0 notes

igarashione · 4 years ago

Text

EAP over MS-CHAP version2 Preferred Method of Remote Access Authentication

Extensible Authentication Protocol (EAP) is an authentication framework that is used in wireless network. Rely on protocol that encapsulate the EAP message

The most preferred remote access authentication method I would be using is the EAP over MS-CHAP version 2 with TLS. The security level for a remote access environment in a client would be enormous. To set up a secure network authentication, we would use the MS-CHAP v2 to supports data encryption with manual LAN manager encryption to protect from “man in the middle” attacks. EAP would be an additional authentication used by CHAP using an authentication server and clients with certificates. The data however over an EAP are not encrypted by itself. By having the EAP with TLS, the EAP traffic would go through a secure layer that is encrypted and uses a Windows Active Directory as an as a user database. There would be a RADIUS server necessary to receive the authentication request to securely authorize access. Windows Server can set up a Network Policy Server to set up a RADIUS server to serve RADIUS clients on the network.

There are risks in implementing a MS-CHAP v2 EAP with TLS authentication since there would be a need for a Windows Active Directory Server and an NPS server. Most home consumer scale authentication are not cable of this setup. Having a Microsoft server means that there would be a need to manage the server and maintain the system would be up. There would be a need to hire someone to maintain and troubleshoot the server. Also, the implementation of this authentication method would be a lot costly. There would be a need for an extra server and cost for management. An authentication method that would require a RADIUS server would not be necessary for home and small business scale companies.

802.1x is a IEEE standard for port based Network Access Control (NAC) relying on EAP

References

Shinder, D. (2006) Choosing a remote access authentication scheme. Retrieved from

https://ift.tt/31TRmul

The post EAP over MS-CHAP version2 Preferred Method of Remote Access Authentication first appeared on IGARASHI.

via WordPress https://ift.tt/3lERhT0

#security #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

Spanning Tree Protocol – STP (802.1D)

Network loop causes

Broadcast storms – formwarding of a frame repeatedly on the same links consuig significant parts of the links capacity.

MAC table instability – Continual updating of a switch of MAC address table with incrorect etries, in raction to loooping frames being sent from the different interfaces

Multiple frame transmission – A side effect of looping frames in which multiple copies of one frame are delivered to the intended host, confusing the host.

Timer Default Value Description Hello 2 sec The time period between Hellos creeated by the root. MaxAget 10 times Hello How long any switch should wait, after ceasing to hear Hellos, before trying to change the STP topology. Forward delay 15 sec Delay that affects the process that occurs when an interface changes from blocking state to forwarding state. A port stays in an interim listening state, and then an interim learning state, for the number of seconds defined by the forward delay timer. State Forwards Data Frames Learns MAC based on received frames Transitory or stable state Blocking No No Stable Listening No No Transitory Learning No Yes Transitory Forwarding Yes Yes Stable Disable No No Stable

Ethernet Speed IEEE Cost 10 Mbps 2000000 100Mbps 200000 1Gbps 20000 10Gbps 2000 100Gbps 200 1Tbps 20

Rapid STP (802.1w)

Can be used with stp

Elect from

Lowest root bridge id

Lowest MAC Address

Pretty much like stp except

Adds a new mechanism to replace the root port, without any waiting reach a forwarding state

Adds a new mechanism to replace a designated port without any waiting to reach a forwarding state

Lowers wainting times for cases in which rstp must wait

Function Port Role Nonroot switch best path to the root Root port Replaces the root port when the root port fails Alternate port Switch port designated to forward onto a collision domain Designated port Repalces a designated port when a designated port fails Backup port Port that is administratively disabled Disabled port Function 802.1D State 802.1w State Port is administratively disabled Disabled Discarding Stable state that ignores incoming data frames and is not used to forward data frames Blocking Discarding Interim state without MAC learning and without forwarding Listening Not used Interim state with MAC learning and without forwarding Learning Learning Stable state that allows MAC learning and forwarding of data frames Forwarding Forwarding

Show spanning-tree vlan x interface int state

Point to point – sw to sw

Point to point edge -sw to pc

Shared port – hub

Etherchannel lower stp convergence time or avoid connversiance all together.

Portfast transition immediately to blockng to forwarding, only for end device

BPDU Guard – used on access endpoint ports with portfast to prevent control root bridge

Settting Default Command to change defalt BID priority Base: 32,768 Spanning-tree vlan vlan-id root {primary| secondary} Interface cost 100 for 10 Mbps

19 for 100 Mbps

4 for 1 Gbps

2 for 10Gbps

Spanning-tree vlan vlan-id cost cost PortFast Not enabled

Show spanning tree int int portfast

Spanning-tree portfast

Spanning-tree portfast disable

PortFast Global Spanning-tree portfast default

No Spanning-tree portfast default

BPDU Guard Not enabled

Show spanning tree int int detail

Spanning-tree bpduguard enable BPDU Guard Global Show spanning tree summary Spanning-tree portfast bpduguard default

No Spanning-tree portfast bpduguard default

Degug Debug spanning-tree events Mode Spanning-tree mode pvst

Show spanning-tree vlan x

Spanning-tree mode {pvst, rapid-pvst, mst}

Ieee = 802.1d stp

The post Spanning Tree Protocol - STP (802.1D) first appeared on IGARASHI.

via WordPress https://ift.tt/3gXYOJb

#network #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

Name Resolution and Domain Name Server

Domain Name System (DNS) – Resolves Internet names to IP addresses.

The Domain Name System (DNS) provides a way for hosts to use this name to request the IP address of a specific server, as shown in the figure. DNS names are registered and organized on the Internet within specific high-level groups, or domains. Some of the most common high-level domains on the Internet are .com, .edu, and .net.

Translating Domain Names to IP Addresses

Computer names are easier for users to understand than IP addresses. Name Resolution translates IP addresses to computer names to ensure simplification of IP address identification. Instead of using the 32-bit IP addresses, name resolution assigns computer names to the IP addresses of the destination hosts.

Thousands of servers, installed in many different locations, provide the services we use daily over the Internet. Each of these servers is assigned a unique IP address that identifies it on the local network where it is connected.

Without realizing it, by using the internet, we use DNS (Domain Name System). DNS is a protocol within the TCP/IP protocol suite, which is responsible for transferring information between devices within the network. DNS is essentially a GPS for a computer. DNS converts a domain name to an Internet Protocol (IP) address. Another important concept in Name Resolution is FQDN, which stands for Fully Qualified Domain Name. FQDN is the complete domain name for a specific device on the internet. FQDN consists of two parts: the hostname and the domain name. Example: mymail.somecompany.com is the FQDN for a hypothetical company. The hostname is “mymail.” The host is located within the domain “somecompany.com.”

Domain Name Server (DNS) – Service that provides the IP address of a web site or domain name so a host can connect to it

It would be impossible to remember all of the IP addresses for all of the servers hosting services on the Internet. Instead, there is an easier way to locate servers by associating a name with an IP address.

The post Name Resolution and Domain Name Server first appeared on IGARASHI.

via WordPress https://ift.tt/32Fqey8

#network #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

SPAN

SPAN port is also known as Mirror port, which that specific port is configured to send the same frame of another port, most of the time used for monitoring. One port is used for data network and the span port is configured to send the same frame in/out of that data port. A computer using software such as packet capture or a monitoring device is plugged into the span port.

A collection of span rules claled SPAN session can define one ore more source port, on each port, to monitor frams transmitted in and out of the switch port.

VLAN mirror will mirror all port in the vlan

Remote SPAN (RSPAN)

Encapsulated RSPAN (ERSPAN) through GRE tunnel

Config terminal Monitor session 1 source interface gi1/0/11 -12 rx|tx|both Monitor session 1 destination interface gi1/0/21 Monitor session 2 source vlan 11 Monitor session 2 destination interface gi1/0/22 Show monitor session all Type, soure port, rx, destination port, eapsulation ,incgress, vlan Show monitor detail Source port, rx only, tx only, both,

The post SPAN first appeared on IGARASHI.

via WordPress https://ift.tt/3lAZ9Vt

#network #System Engineer #Uncategorized #si #wordpress

0 notes

igarashione · 4 years ago

Text

DHCP Address Assignment

Dynamic Host Configuration Protocol (DHCP)

Used to automatically configure devices with IP addressing and other necessary information to enable them to communicate over the Internet.

How Does IPv4 DHCP Work?

Two important concepts of IP addressing are static IP and dynamic IP. A static IP address is one which is assigned to a network device. This static IP address can be subdivided into several dynamic IP addresses, each of which can be assigned to additional devices. Think of the static IP address as the address of an office building, and the dynamic IP addresses as individual suites within that office building.

When a host is first configured as a DHCP client, it does not have an IPv4 address, subnet mask or default gateway. It obtains this information from a DHCP server, either on the local network or one located at the ISP. The DHCP server is configured with a range, or pool, of IPv4 addresses that can be assigned to DHCP clients.

The DHCP server may be located on another network. DHCP clients are still able to obtain IPv4 addresses as long as the routers in-between are configured to forward DHCP requests.

Now that you have an understanding of the components of static IP and dynamic IP, it’s important to review DHCP. DHCP stands for Dynamic Host Configuration Protocol. The DHCP is a client/server protocol, which provides the Internet Protocol (IP) host with its IP address and other configuration information, such as the default gateway and subnet mask. In short, the DHCP server distributes IP addresses to the various devices on a network.

Address Assignment

A client that needs an IPv4 address will send a DHCP Discover message which is a broadcast with a destination IPv4 address of 255.255.255.255 (32 ones) and a destination MAC address of FF-FF-FF-FF-FF-FF (48 ones). All hosts on the network will receive this broadcast DHCP frame, but only a DHCP server will reply. The server will respond with a DHCP Offer, suggesting an IPv4 address for the client. The host then sends a DHCP Request to that server asking to use the suggested IPv4 address.

What if DHCP server is not available at the moment?

When the DHCP server is not available, the machine will select an IP address (from 169.254.0.0 – 169.254.255.255). The aforementioned range is reserved by the Internet Assigned Numbers Authority (IANA). The Address Resolution Protocol (ARP) is used to ensure that the chosen IP address is not already being used by another machine. After assigning an IP address to the machine, the machine can then interact over TCP/IP with other devices on the network, which are configured for APIPA (Automatic Private IP Addressing) or are manually set to the correct address range and a subnet mask value of 255.255.0.0.

The post DHCP Address Assignment first appeared on IGARASHI.

via WordPress https://ift.tt/3joVet4

#network #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

Galileo Determine the Relationship of a Pendulum’s Length and Its Period

We can experiment to test the relationship between the length of a pendulum and its period. First, we would need to set up a pendulum, with a string hanging the pendulum bob with a period to hold the hanging string to a fixed point. We will raise the pendulum bob from whichever direction and release the pendulum bob to create a swinging motion. For every oscillation (every swing) we would be using a stopwatch to note the time in a table to experiment the time a full swing took in different length of the string. Through the experiment, we would be able to retrieve the kind of data that we can compare the effect of a change in a swinging pendulum to the length of the string.

Gravity plays a huge role in this experiment. The weight of the pendulum bob is fixed from a pivot point which the pendulum bob can swing freely. Galileo has found that the mass of the pendulum bob or the size of the arc does not matter. The longer the string that holds the pendulum bob is, the greater amount of time it to complete one oscillation since it has to travel a larger distance for the same angle of swing. (Francis, 2011) As the pendulum bob is placed at a higher position and released, the pendulum bob’s weight would allow the pendulum bob to be pulled downwards and aligned by the fixed pivot point, towards the equilibrium. Once the pendulum bob has reached the equilibrium, the momentum that was building up to pull down the pendulum bob has been built up and released, allowing the energy to place the pendulum ball to move to a higher location on the opposite side of the pivot point. The pendulum bob loses momentum and gets pulled to the equilibrium again. The motion continues and eventually will be put to a stop because of air resistance.

Francis, M. (2011) Physics Quanta: The Pendulum’s Swing. Retrieved fromhttps://galileospendulum.org/2011/05/24/physics-quanta-the-pendulums-swing/

The post Galileo Determine the Relationship of a Pendulum's Length and Its Period first appeared on IGARASHI.

via WordPress https://ift.tt/3jwi9CF

#Physics #Science #physics #science #wordpress

0 notes

igarashione · 4 years ago

Text

PPP and Metro Ethernet

Point-to-Point (PPP) is a point to point encapsulation protocol across dedicated or circuit switching across WAN network, along with protocol such as HDLC SDLC, and ISDN. Below would be a basic configuration for PPP in Cisco configuration terminal.

Config

Interface

Encapsulation ppp/hdlc

Ppp authentication chap

#Ppp authentication pap

#Ppp pap sent-username r1 password pass1

Hostname r1

Username r2 password mypass

Show ppp all

Config multilink

Interface multilink 1

Encapsulation ppp

Ppp multilink

Ip addresss 11111 11111

Ppp multilink group 1

Interface serial0/0/0

Encapsulation ppp

Ppp multilink

No ip address

Ppp multilink group 1

Show ip route

Show ip eigrp interface

Show ip int br

Show interface multilink1

Interface state, mutilink open

Show ppp multillink

Member linnk number

Interfaces

Inactive member

Keepalive feature helps a router notice when a link is no longer functioning.

Debug ppp authentification

Metro Ethernet

PoP Point of presnese – service provicer locally proximate office.

Carrier ethernet – ethernet WAN service provider by a carrier also called metro ether.

IEEE Ethernet Standard useful for metro ethernet access

Name

Speed

Distance

100 Base-LX10

100 Mbps

10 km

1000 Base-LX

1 Gbps

5 km

1000 Base-LX10

1 Gbps

10 km

1000 base-ZX

1 Gbps

100 km

10GBase-LR

10 Gbps

10 km

10GBase-ER

10 Gbps

40km

MEF Service Name

MEF Short Name

Topology Terms

Description

Ethernet Line Service

E-Line / Virtual Private Wire Service (VPWS)

Point-to-Point

Two customer premise equipment (CPE) devices can exchange. Ethernet frames, similar in concept to a leased line.

Ethernet LAN Service

E-LAN / Virtual Private LAN Service (VPLS)

Full mesh

Acts like a LAN, in that all devices can send frames to all other devices. (N(N-1)/2)

Ethernet Tree Service

E-Tree

Hub-and-spoke: partial mesh: point-to-multipoint

A central site can communicate to a defined set of remote sites, but the remote sites cannot communicate directly.

Route redistribution – taking routes from one routing protocol process and injecting them into another.

MPLS does this between PE router using variation of Multiprotocol BGP (MPBGP)

EIGRP in MPLS

A CE router does become neighbors with the PE router on the othe end of the access link.

A CE router does not become neighbors with toher CE routers.

The MPLS network will advertise the customer’s routes between the various PE routers, so that the CE routers can learn all customer routes through their PE-CE routing protocol neighbor relationship.

OSPF

The MPLS Pes form a backbone area by the name of a super backbone..

Each PE-CE link can be any area, a non-backbone area or the backnone area.

The post PPP and Metro Ethernet first appeared on IGARASHI.

via WordPress https://ift.tt/3lINEvt

#network #System Engineer #Uncategorized #si #wordpress

0 notes

igarashione · 4 years ago

Text

Access List

Access list

Standard numberd ACL (1-99)

Access-list <acl # > {deny | permit} <source ip > <source wild> [log]

Access-list <acl #> remark <text>

In access-group <# > {in | out}

Extended numbered ACL (100-199)

Access-list <acl # > {deny|permit} [protocol] [source] [source wild] [destination] [destinamtion wild] [log]

Access-list <acl # > {deny|permit} tcp [source] [source wild] [port] [destination] [destinamtion wild] [port] [log]

Eq (equals) , gt ( greater than), lt ( less than)

access-list <acl #> remark [text]

Int sx

Ip access-group {number \name [in|out]}

Line vty

Access-class [number | name ] in| out

Ip access-list { standard | extended} name

{deny | permit} [source] [source wild] [log]

{deny | permit} [protocol] [source] [source wild] [destination] [destination] [log]

{deny | permit} tcp [source] [source wild] [port] [destination] [destination] [port] [log]

Additional ACL numbers (1300-1999) standard, (2000-2699) extended

Named ACLs

Improved editing sequence number

Configure standard ACL

Access-list 1 permit 10.1.1.1

Access-list 1 deny 10.1.1.0 0.0.0.255

Access-list 1 permit 10.0.0.0 0.255.255.255

Interface S0/0/1

Ip access-group 1 in

Configure extended ACL

numbered

Access-list 101 remark <text>

Access-list 101 deny tcp host 172.16.3.10 1772.16.1.0 0.0.0.255 eq ftp

Access-list 101 deny tcp host 172.16.2.10 host 172.16.1.100 eq www

Access-list 101 permit ip any any

Int s0

Ip access-group 101 in

Int s1

Ip access-group 101 in

Named

Ip access-list extended barney

Permit tcp host 10.1.1.2 eq www any

Deny udp host 10.1.1.1 10.1.2.0 .0.0.255

Deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255

Deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255

No Deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255

Permit ip any any

Int s1

Ip access-group barney out

Verify standard acl

Show ip access-list [acl # | name]

Show ip access lists

Show access-list [acl # | name]

Show details of config acl for all protocols

Show ip int s0/0/1

Accesslist set to the interface in and out

ACL IPv6

Similarity

Both match on the source address or the destination address in the protocol header.

Both match individual host addresses or subnets/prefixes.

Both can be applied directionally (inbound and outbound) to a router interface.

Both can match on transport layer protocol information such as TCP or UDP source or destination port number

Both can match on specific ICMP message types and codes

Both have an implict deny statement at the end of the ACL that matches all remaining packets.

Both support time ranges for time-based ACLs.

Differences

Ipv4 ACL can only match ipv4 packets and ipv6 acls can only match ipv6 packets.

Ipv4 ACL can be identifieed by number or name, while ipv6 is name only

Ipv4 ACL identify that acl is standard or extended but ipv6 identity differently

Ipv4 ACL can match on specific values unique to an ipv4 header (eg. Option, precedence, Tos TTL, fragments

Ipv6 acl can match on specific values unique to an ipv6 header (flow label, dscp) as well as extension and option header values

Ipv6 acl have some implict permit statements at the end of each ACL just before the implicit deny all at the end of the ACL, while ipv4 do not have implict permit statement.

Ipv6 can match

Traffic class (DSCP, 0 to 63)

Flow label (0 to 1048575)

Ipv6 Next Header field indicting extension header type/number

Source and destination 128-bit ipv6 addresses

Upper-Layer header details: TCP or UDP port numbers, TCP flags SYN,, ACK, FIN, PUSH, URG, RST

ICMPv6 type and code

Ipv6 extension header value and type (hop-by-hop headers, routing headers, fragmentation headers, Ipsec, destination options, among others)

Config

Standard ACL

Ipv6 access-list [name]

[permit | deny] ipv6 {source ip | any | host source ip} {destination ip | any | host destination ip} [log]

Int gi0/2

Ipv6 traffic-filter [name of acl] [in|out]

Extended ACL

Ipv6 access-list [name]

[permit | deny] <protocol> {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]

[permit | deny] icmp {source ip | any | host source ip} icmp-type [icmp-code] | icmp-message] [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [[dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]

[permit | deny] tcp {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [ack] [dest-option-type [doh number | type]] [dscp value] [established] [fin] [flow-label value] [fragments] [hbh] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [neq {port| protocol}] [psh] [range {port|protocol}] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [rst] [sequence value] [ time-range <name>] [urg]

[permit | deny] udp {source ip | any | host source ip} [opperator [port #]] {destination ip | any | host destination ip} [opperator [port #]] [dest-option-type [doh number | type]] [dscp value] [flow-label value] [fragments] [hbh] [log] [log-input] [ mobility] [mobility-type [mh-number | type]] [neq {port| protocol}] [range {port|protocol}] [reflect <name> [timeout <value>]] [routing] [routing-type <routing number>] [sequence value] [ time-range <name>]

Permit icmp any any nd-na (permits NDP NA message)

Permit icmp any any nd-ns (permits NDP NS message)

Permit icmp any any router-solicitation

Permit icmp any any router-advertisement

Int gi0/1

Ipv6 traffic-filter [name acl] [in|out]

Line vty 0 4

Ipv6 access-class [name] [in|out]

Show ipv6 access-list

Show ipv6 interface | inc line|list

The post Access List first appeared on IGARASHI.

via WordPress https://ift.tt/3hNw1rF

#network #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

Internal and External Risks to Security in Organizations

The most devastating attack that a company can take would be from the inside instead coming from the outside. Employees are the most potential target or can even be a janitor that has access to the majority of the rooms in the building. One of the most important thing that I have learned in security through this lesson is that there is a different type of security layers we must have in consideration. Whether we must apply more security physically or logically would be two of a different thing. For example, for the physical layer security, it is essential to keep in watch of people going to places they are not supposed to, and you don’t know who did what. Some measures including setting a CCTV system installed would be one of the procedures taken to prevent security issue at the physical level. Some other preventions include putting a lock on the door for the server room with only people granted access can enter the server room. Or shutting down network ports that are not in use or setting your pc up to prevent USB drive usage.

When it comes to logical level security, one of the biggest key to put in mind is to protect password being used by intruders. The first thing that security experts should look into is the basic fundamental security practices that engineer take. Such examples are shutting down unnecessary network ports open to the outside world and setting basic cybersecurity policy in place. There should be different proactive measures be put in place such as LDAP authentication with an Active Directory server and how users authenticate to access the data they need. It is recommended widely to change the password on a timely basis with a minimum requirement of the specific key combination. The next biggest problem is to use with their own devices. This is another security concern of many in the modern day world, such as cell phones. Every manager would know that there would only be an adverse outcome from asking people not to bring their cell phone over to work. Some of the security measures we can use are asking the user to connect to a wifi that is only designated for guest use. Creating a network that is completely separated from the production.

References

Zaharia, A. (2016) 10+ Critical Corporate Cyber Security Risks – A Data Driven List. Retrieved from

https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/

The post Internal and External Risks to Security in Organizations first appeared on IGARASHI.

via WordPress https://ift.tt/2YUAkKC

#security #System Engineer #si #wordpress

0 notes

igarashione · 4 years ago

Text

How Kepler’s Laws Help Calculate the Radius of the Synchronous Orbit of an Earth Orbiting Satellite

When thinking of a planet orbiting another planet, people first assumed that the planet circulates a planet in a perfect circle. Turns out that was not the case. Planets such as Pluto and every other planet did not orbit in a circle. Johannes Kepler published a significant breakthrough in calculating orbiting objects.

Well before Kepler evolved his laws of planetary motion, the philosopher Ptolemy described the epicyclical motion of planets in orbit around the earth. This geocentric model roughly explained the retrograde motion of planets, which appear to move backwards at times, when viewed from the earth. Unfortunately, for Ptolemy, the Copernican heliocentric view proved more correct and invalidated the epicyclical motion model. Still, Copernicus’s theory had a serious flaw. Planets don’t travel in circular orbits. It took Kepler to discover how they really do move. During the solar day under discussion, the line would have swept out a piewedge-shaped space as the planet moved. When the planet is far from the sun, the pie wedge is long and narrow. When the planet is close to the sun, the pie wedge is short and squat. According to Kepler’s second law, the area defined by the long narrow wedge and the short squat wedge are equal.

His study show three laws of planetary motion, which the first law of motion shows orbiting object would travel through using the two internal point to find out the eclipse. The second law of motion shows the objects speed changes as it orbits an object. The closer the object orbit around the foci the faster the object travels. Kepler’s third law shows “The square of the orbital period of a planet is proportional to the cube of the mean distance from the Sun (or in other words–of the”semi-major axis” of the ellipse, half the sum of smallest and greatest distance from the Sun)” (Stern, 2005). Kepler’s third law shows a comparison of two or more motion of an orbiting object. This third law shows that object orbit farther from the foci has larger equilibrium. Meaning the object would travel a longer path, slower speed, and takes longer to complete a full orbit. Making these rules in place, thinking about a satellite orbiting around the earth, we would be able to figure exactly how the satellite would orbit the earth. The Kepler law allows us to understand the shape of the equilibrium, the speed, velocity, and differences in orbiting the earth at a various distance from the foci from the mass of the satellite.

Many satellites operate at roughly the same distance from earth; a sweet spot called the GEO (Geostationary equatorial orbit). This is a sweet spot because the time it takes for a full orbit around earth is equal to one earth day. This can be important for numerous reasons, surveillance is among them.

Kepler’s 3rd law teaches us “The square of the period of any planet is proportional to the cube of the semimajor axis of its orbit” (HyperPhysics). This gives scientists the ability to determine an orbital pattern just by recording how long it takes to make a full orbit. Interestingly this is not exactly true. “Proportional” is a key word here. Because the Sun is so massive, adding any planet’s mass to it is close to negligible, this is why the equation is simplified to T^2=A^3.

Detailed examination of Brahe’s measurements over an additional 10-year period led Kepler to uncover the constant relationship between the time of one planetary orbit (orbital period) and the average orbital radius. The constant relationship stands as the square of the orbital period (T) divided by the cube of the average orbital radius (R), or K = T2/R3.

These discoveries made by Kepler and Galileo has impact strongly in Isaac Newton’s study of the law of motion and principle of mathematics in astronomy. Kepler’s law of planetary motion set a numerical rule that sets the ground for many future discoveries in the world of wonder. As Newton has expanded in Galileo and Kepler’s studies, by showing discoveries in changes in velocity, momentum, inertia, and more in-depth relationship in motion in the law of gravity.

The impact of Kepler’s discoveries is penetrative to many sciences, most obviously space travel. Studying the behavior of entities in space, including planets, provides insights into spacecraft travel. It has also impacted Lagrange, Laplace, Hamilton, Gibbs, and many great scientists came after to finish his work up till today.

References

Stern, D. (2005) Kepler’s Three Laws of Planetary Motion. Retrieved from

https://ift.tt/3jrc5LN

Kepler. (n.d.). Retrieved October 05, 2017, from https://ift.tt/2gTDYgc

The post How Kepler's Laws Help Calculate the Radius of the Synchronous Orbit of an Earth Orbiting Satellite first appeared on IGARASHI.

via WordPress https://ift.tt/2QK8wnr

#Physics #Science #physics #science #wordpress

0 notes