Batistabomb
Deadman Walking
Post all your Networking Related Discussions,Queries here
Guys we had no any seperate thread for NETWORKING, as a Networker having CCNA iam going to start this thread,where everyone of us having knowledge of Networking (wired / wireless) can answer to the problems of Computer's LAN / WAN here,as a LAN Expert i can max. provide answers to our people queries and also provides some basic tips, tutorials, queries and even most frequent problems with solutions,also remember all the carrer guidance , course descriptions, materials, preperation way for Networking World can also discussed here
so let's take on :
1. Wirless Networking Tips :
a. Plan antenna placement
The first step in implementing a closed wireless access point is to place the access point's antenna in such a way that it limits how much the signal can reach areas outside the coverage area. Don't place the antenna near a window, as the glass does not block the signal. Ideally, your antenna will be placed in the centre of the area you want covered with as little signal leaking outside the walls as possible. Of course, it's next to impossible to completely control this, so other measures need to be taken as well.
b. Use WEP
Wireless encryption protocol (WEP) is a standard method to encrypt traffic over a wireless network. While it has major weaknesses, it is useful in deterring casual hackers. Many wireless access point vendors ship their units with WEP disabled in order to make the product installation easier. This practice gives hackers immediate access to the traffic on a wireless network as soon as it goes into production since the data is directly readable with a wireless sniffer.
c.Change the SSID and disable its broadcast
The Service Set Identifier (SSID) is the identification string used by the wireless access point by which clients are able to initiate connections. This identifier is set by the manufacturer and each one uses a default phrase, such as "101" for 3Com devices. hackers that know these pass phrases can easily make unauthorised use of your wireless services. For each wireless access point you deploy, choose a unique and difficult-to-guess SSID, and, if possible, suppress the broadcast of this identifier out over the antenna so that your network is not broadcast for use. It will still be usable, but it won't show up in a list of available networks.
d. Disable DHCP
At first, this may sound like a strange security tactic, but for wireless networks, it makes sense. With this step, hackers would be forced to decipher your IP address, subnet mask, and other required TCP/IP parameters. If a hacker is able to make use of your access point for whatever reason, he or she will still need to figure out your IP addressing as well.
e. Disable or modify SNMP settings
If your access point supports SNMP, either disable it or change both the public and private community strings. If you don't take this step, hackers can use SNMP to gain important information about your network.
f. Use access lists / MAC Filtering
To further lock down your wireless network, implement an access list, if possible. Not all wireless access points support this feature, but if yours does, it will allow you to specify exactly what machines are allowed to connect to your access point. The access points that support this feature can sometimes use Trivial File Transfer Protocol (TFTP) to periodically download updated lists in order to prevent the administrative nightmare of having to sync these lists on every unit.
Using MAC address filtering also improves your security drastically.
Source : forums.guru3d.com
2. Connecting two systems Remotely :
a. In order to connect two remote locations via existing broadband internet is possible only by an added extra remote device,for viewing remote desktop's over exixting internet is possible by different software like VNC (go for Charan's thread in tutorials for more info : *www.thinkdigit.com/forum/showthread.php?t=74510) server, and many net available softwares like Team viewer,r login e.t.c;
b. But by the above one's we can only verify the remote desktop and with some limited access, in need of complete control we don't find these as favour, also these softwares has some distance limitations, what if we want to give access for Windows server in Bangalore to it's head office at Newyork, several workstations, printers, and additional networked equipment connected remotely to the Bangalore server also needs to be accessed to Newyork,here comes remote devices operating in 3 types of technologies :
1. Circuit Switched Technology (rarely used)
ex : ISDN
2. Packet Switched Technology ( moderately used)
ex : Frame Relay,VPN
3. Leased Lines ( mostly used)
EX: T1,T2,T3
c. One of the best choice to cover two offices remotely is the use of Packet Switching and the device with the best use for security concerns is the Virtual Private Network (VPN)
Devices needed :
a. VPN Concentrator or Router (Prefferably CISCO)
ex CISCO VPN 3xxx series,VPN Router : BEFSX41 Linksys Router
b. high-speed (usually Cable orDSL) Internet connection between two locations (Two offices with T1 internet connections can be connected using VPN routers)
If additional speed is required :
c. dedicated T1 line can be set up between two locations. This is called a "point-to-point" T1 line. Your local service provider may offer this feature to you.
Extra Hardware :
d. Assume if you want to access remote server while travelling, for this you need Connect up to the Internet and VPN into their corporate office.For this you need an extra device may be a,
CISCO VPN Gateway ( costing much) or
Linksys VPN Endpoint
Configuration of VPN Concentrator :
I will upload it on request
Most Frequent Problem with VPN's :
Linksys VPN endpoint may not use the same tuneling protocol as your Win XP machine (Microsoft insists on it's L2TP proprietary protocol). If our memory serves Linksys offers a free client for Windows machines.
The simplest way to do VPN is to use Hamachi.that will give you an instant file sharing capabilities between connected machines using an iron clad secure connection.
Guys we had no any seperate thread for NETWORKING, as a Networker having CCNA iam going to start this thread,where everyone of us having knowledge of Networking (wired / wireless) can answer to the problems of Computer's LAN / WAN here,as a LAN Expert i can max. provide answers to our people queries and also provides some basic tips, tutorials, queries and even most frequent problems with solutions,also remember all the carrer guidance , course descriptions, materials, preperation way for Networking World can also discussed here
so let's take on :
1. Wirless Networking Tips :
a. Plan antenna placement
The first step in implementing a closed wireless access point is to place the access point's antenna in such a way that it limits how much the signal can reach areas outside the coverage area. Don't place the antenna near a window, as the glass does not block the signal. Ideally, your antenna will be placed in the centre of the area you want covered with as little signal leaking outside the walls as possible. Of course, it's next to impossible to completely control this, so other measures need to be taken as well.
b. Use WEP
Wireless encryption protocol (WEP) is a standard method to encrypt traffic over a wireless network. While it has major weaknesses, it is useful in deterring casual hackers. Many wireless access point vendors ship their units with WEP disabled in order to make the product installation easier. This practice gives hackers immediate access to the traffic on a wireless network as soon as it goes into production since the data is directly readable with a wireless sniffer.
c.Change the SSID and disable its broadcast
The Service Set Identifier (SSID) is the identification string used by the wireless access point by which clients are able to initiate connections. This identifier is set by the manufacturer and each one uses a default phrase, such as "101" for 3Com devices. hackers that know these pass phrases can easily make unauthorised use of your wireless services. For each wireless access point you deploy, choose a unique and difficult-to-guess SSID, and, if possible, suppress the broadcast of this identifier out over the antenna so that your network is not broadcast for use. It will still be usable, but it won't show up in a list of available networks.
d. Disable DHCP
At first, this may sound like a strange security tactic, but for wireless networks, it makes sense. With this step, hackers would be forced to decipher your IP address, subnet mask, and other required TCP/IP parameters. If a hacker is able to make use of your access point for whatever reason, he or she will still need to figure out your IP addressing as well.
e. Disable or modify SNMP settings
If your access point supports SNMP, either disable it or change both the public and private community strings. If you don't take this step, hackers can use SNMP to gain important information about your network.
f. Use access lists / MAC Filtering
To further lock down your wireless network, implement an access list, if possible. Not all wireless access points support this feature, but if yours does, it will allow you to specify exactly what machines are allowed to connect to your access point. The access points that support this feature can sometimes use Trivial File Transfer Protocol (TFTP) to periodically download updated lists in order to prevent the administrative nightmare of having to sync these lists on every unit.
Using MAC address filtering also improves your security drastically.
Source : forums.guru3d.com
2. Connecting two systems Remotely :
a. In order to connect two remote locations via existing broadband internet is possible only by an added extra remote device,for viewing remote desktop's over exixting internet is possible by different software like VNC (go for Charan's thread in tutorials for more info : *www.thinkdigit.com/forum/showthread.php?t=74510) server, and many net available softwares like Team viewer,r login e.t.c;
b. But by the above one's we can only verify the remote desktop and with some limited access, in need of complete control we don't find these as favour, also these softwares has some distance limitations, what if we want to give access for Windows server in Bangalore to it's head office at Newyork, several workstations, printers, and additional networked equipment connected remotely to the Bangalore server also needs to be accessed to Newyork,here comes remote devices operating in 3 types of technologies :
1. Circuit Switched Technology (rarely used)
ex : ISDN
2. Packet Switched Technology ( moderately used)
ex : Frame Relay,VPN
3. Leased Lines ( mostly used)
EX: T1,T2,T3
c. One of the best choice to cover two offices remotely is the use of Packet Switching and the device with the best use for security concerns is the Virtual Private Network (VPN)
Devices needed :
a. VPN Concentrator or Router (Prefferably CISCO)
ex CISCO VPN 3xxx series,VPN Router : BEFSX41 Linksys Router
b. high-speed (usually Cable orDSL) Internet connection between two locations (Two offices with T1 internet connections can be connected using VPN routers)
If additional speed is required :
c. dedicated T1 line can be set up between two locations. This is called a "point-to-point" T1 line. Your local service provider may offer this feature to you.
Extra Hardware :
d. Assume if you want to access remote server while travelling, for this you need Connect up to the Internet and VPN into their corporate office.For this you need an extra device may be a,
CISCO VPN Gateway ( costing much) or
Linksys VPN Endpoint
Configuration of VPN Concentrator :
I will upload it on request
Most Frequent Problem with VPN's :
Linksys VPN endpoint may not use the same tuneling protocol as your Win XP machine (Microsoft insists on it's L2TP proprietary protocol). If our memory serves Linksys offers a free client for Windows machines.
The simplest way to do VPN is to use Hamachi.that will give you an instant file sharing capabilities between connected machines using an iron clad secure connection.
Last edited: