EMerge Browser Managed Security Platform Module 1 Networking for eMerge.
-
Upload
gillian-mabel-strickland -
Category
Documents
-
view
232 -
download
4
Transcript of EMerge Browser Managed Security Platform Module 1 Networking for eMerge.
eMerge Browser Managed Security Platform
Module 1Networking for eMerge
Agenda
• Network Basics• IP Networks• Common Cases• Questions
Network Basics
What is a network?
• A collection of devices linked by a common communications infrastructure
• Can be a Local Area Network (LAN) or a Wide Area Network (WAN)
• Often drawn as a pipe, as in a “data pipe” because data flows through it
• The “cloud” typically represents wide area network components such as the Internet
Network
Internet
WAN side
LAN side
Network capacities
• Bandwidth is the amount of data that the pipe can carry– Generally expressed in millions of bits per second, or megabit or
megabaud– Typical Ethernet networks are 10 or 100 megabits– New Ethernet networks exist that carry 1,000,000,000 bits per second
(gigabit Ethernet)• Theoretically because many factors effect the actual amount of data that can be
carried• Remember: throughput is only as good as the slowest segment
– Typical bandwith usage • Controler to node programing=1 megabit per second maximum • Controler to computer=75 kb per second maximum• Controler to node normal operation=25 kb per second maximum
A typical bandwidth situation
• The Internet comes in through a DSL connection
– The connection can supply data inbound at 1.5 megabits per second – good for surfing the web
– The outbound connection is only 325 kilobits per second – not so good for transmitting video
• Inside the office, though, things can run at 100 megabits per second
– BUT: anything involving the WAN is subject to the asymmetric WAN capacities
Network
Your Internet connection
Your computer Another computer
325 kilobitoutbound
1.5 megabitinbound
100 megabitsymmetrical
The physical network, data, and protocols
• Ethernet is an electrical standard for transmitting data– 10BaseT and 100BaseT are Ethernet variants corresponding to 10 megabit and
100 megabit data capacities
• Other than Ethernet, common networks are Token Ring and FDDI (Fiber Distributed Data Interface)
• TCP/IP, UDP, Telnet, and FTP are protocols used for transmitting data
Data protocols
Protocol Description
TCP/IPAssures that data packets arrive at their destination correctly and in order; used by eMerge, web sites, etc.
UDPDoes not assure data packet order or integrity, but is less complicated than TCP/IP
HTTP Used for transmitting web pages using TCP/IP
Telnet Transmits character data using UDP
FTP Used for transmitting files over a network
•An IP address is like your telephone number or your home address -- each one is entirely unique. Every computer on the Internet has its very own IP address.
•The standard format is four groups of numbers separated by periods, and each number is an integer between 0 and 255.
•For example, a typical IP address would look like this: 181.255.107.4
•A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. Unlike the IP number, it includes no indication of where your computer is located. In DHCP's typical use, the server uses a requesting computer's MAC address to uniquely identify it.
IP address and mac address
IP addresses
• Come in “public” and “private” varieties
– Public address is assigned by an Internet service provider, e.g. Verizon
– Private addresses are determined by a DHCP server on the premises – typically like 192.168.x.x or 10.x.x.x
• MAC address is permanent but IP address may be dynamic or static
– Dynamic address is assigned by a DHCP server
– Static address is assigned by a system administrator
Ethernet
Workstation 1 Workstation 2
00-21-3A-BF-CD-04 00-21-45-2F-FD-08
02-32-30-00-BB-0124.122.43.21
192.168.0.21192.168.0.20
0 in a subnet octet means that that part of the ip address is what defines
the individual product
The ip address and subnet mask work together to define a network
192.168.000.250 ip address (255).255.255.000 subnet mask
255 as a subnet mask octet means that that part of the ip address is
used to define the network
192.168.000.250 ip address 255.255.255.(000) subnet mask
Example: So with the subnet mask of 255.255.255.000 and the network has an ip address of 192.168.000.250 Then the devise you are putting on the network would have to have and ip address of 192.168.000.(0-255)
IP address and subnet mask
IP Networks
Ports and IP addresses
• Ports allow multiple data streams to go to a single address
– Port numbers are assigned by IANA
• 80 is the default for web servers using HTTP
• 3306 is the default for database servers
• 7262 is for Network Controller auto recognition of nodes
– Routers can restrict which ports are available
Ethernet
Workstation 2
24.122.43.21
192.168.0.21192.168.0.20
www.mycompany.com
NetBox
Port 80 - web serverPort 3306 - ODBCPort 23 - Telnet
eMerge
Domain Name System (DNS)
• Handles the translation of a text name to an IP address
– Benefit is that text names are easier to type and IP addresses may change
– DNS typically set up by an Internet Service Provider (ISP)
• DNS servers maintain the translation information
– May be located internally or on the Internet (private or public)
– DNS entry changes are propagated across many DNS servers
Ethernet
Workstation 1 Workstation 2
00-21-3A-BF-CD-04 00-21-45-2F-FD-08
02-32-30-00-BB-0124.122.43.21
192.168.0.21192.168.0.20
www.mycompany.com
More about ports and URLs
• A Uniform Resource Locator (URL) identifies the protocol, server, and port for communication
– Format is <protocol>//<server>:<port>– Example: http://192.168.0.22:8080 means communicate with IP address
192.168.0.22 using HTTP protocol on port 8080– Your browser assumes HTTP and port 80, so typing www.myco.com turns into
http://myco.com:80 and DNS is used to translate www.myco.com to its IP address– When you use other than a standard port, you have to specify the protocol, so
“192.168.0.22:8080” without the http:// in front of it doesn’t work– Similarly, if you want an FTP server, you have to specify the protocol (as in
ftp://www.ieib.com) or the browser will think you want HTTP
Switches, routers, bridges, and hubs
• A hub is a simple device for connecting multiple devices to the same communications path
– It functions much like a conventional analog (POTS) phone circuit where every device sees exactly the same data
– You only need a hub in certain rare instances; generally you want a switch
• A switch is a device that connects multiple devices or LAN segments to a communications path
– Unlike a hub, though, the device only “sees” data intended for it– The Network Controller has a two port switch built in– A switch can connect 10 megabit to 100 megabit Ethernet
• A router directs, or routes, data packets between networks• Such as routing between the Internet and an office LAN
– Routers commonly have built-in switches
• A bridge joins two networks or network segments– As in a “wireless Ethernet bridge” that converts wireless to Ethernet communications
Common router capabilities
• Routing – use network topology knowledge to optimally drive data from one point to another
• Gateway – acts as a gateway to the public Internet for devices on a LAN• DHCP server – assigns addresses dynamically to devices on the LAN• Firewall – restricts what types of data can enter the LAN from the outside• Port translation – directs requests for data on the WAN side to a specific IP address
on the LAN side by port (same port number)• Port forwarding - directs requests for data on the WAN side to a specific IP address
on the LAN side by port (different port number)• Web Server – allows configuration through a web browser built into the router
Back side of router
LAN side / 4 port switch WAN / network side
Network attached storage (NAS)
• An inexpensive way to share storage across networked systems
• Makes storage (hard disk or memory stick) available online
– Requires and IP address, user name, and password for the storage server
– Unit at right costs about $80 plus the cost of a USB hard disk
• eMerge uses NAS to perform backups
Typical configurations
Planning a network: most basic configuration – used when there is no preexisting network
• Like pulling twisted pair except that you pull CAT-5
• Determine an ip addressing scheme ie. 192.168.0.XXX most routers have a default values.
• Connect the eMerge Controller to the router
• Connect your computer to the router
Router
LAN side
Laptop computer
Same system, but connected to the public Internet
• Same as previous system, but this time you can set:
– DNS server address(es)– Gateway address– Network time server over the
Internet– Cameras over the Internet
Router
LAN side
Laptop computer
Internet
Corporate LAN with separate network for security devices
• This configuration isolates security equipment from the rest of the network
– Need to exercise caution in assigning addresses
– Note that the router at 192.168.0.24 creates the 192.168.1.x subnet
– Need to open a port through the 192.168.0.24 router to permit HTTP traffic to the eMerge web server
Security LAN
Corporate LAN
Internet
Corporate PC Corporate PC
24.11.223.62
192.168.0.x
192.168.1.x
192.168.0.24