Common Network Terms

DNS - Domain Name Service. The dns server basically translates a URL into the ip address of the server hosting the URL. If you type http://ezfrancis.blogspot.com in your web browser, your computer needs to know what ip address corresponds to http://ezfrancis.blogspot.com . Your computer contacts the dns server, and "tells" it http://ezfrancis.blogspot.com . The dns server then "tells" your computer 72.14.207.191. If you ping http://ezfrancis.blogspot.com, the first line should be something that includes http://ezfrancis.blogspot.com [72.14.207.191]. This basically tells you if the dns server was able to find the ip address for the domain name you submitted.

Domain Name - A domain name is what you usually type into the web browser when you want to view a page without the www part. You may be familiar with are google.com, yahoo.com...

Dynamic IP Address - The dynamic ip address is not really a type of ip address. The dynamic only relates to how an ip address is assigned. Your router hands out these ip addresses to computers every time they are rebooted. This means that every time your computer is rebooted, its ip address can change. You should have a static, not dynamic ip address if you are trying to do port forwarding. In a port forwarding configuration you must specify an ip address to forward the ports to. Let's say you do that, and then your ip address changes. The ports are now forwarded to the wrong ip address, so your port forwarding configuration just quit working.

Gateway - Usually this is your router. When you talk about your gateway, generally you are talking about the ip address your router uses. When you specify gateway in your TCP/IP properties you are entering the ip address of your router. If you enter your gateway into the browser bar, you get the web interface of your router. That's assuming your router has a web interface.

NAT - Network Address Translation. When your router is using nat, it is taking data from one Public IP address, and breaking that data into multiple private ip addresses. Data is sent to your network on a public ip address, from the internet. Using nat your router then directs that data, to multiple internal private ip addresses. Nat basically breaks one ip into many. There is a problem with it though. When a computer on the internet wants to retrieve data from a computer on your network, your router can't figure out which internal computer to get the data from. This is where port forwarding comes in. Port forwarding tells your router which internal computer to get the data from when it sees data on certain ports.

NIC - Network Interface Card. This is a card in your computer that allows you to connect to routers/hubs/modems via ethernet. It's the thing your network cable plugs into.

Port Forwarding - Allowing your router to direct ports to a private ip address. The data on these ports is always incoming data, and always originates on an external public ip address.

Port Triggering - Allowing your router to dynamically open up ports, when it sees data on other ports. Port triggering allows you to do port forwarding, but only have the ports open when you are running the application. So you open up a program. That program then sends data out on outgoing ports called trigger ports. Your router sees data leaving your network on these ports. The router then allows incoming data on the ports specified in your port triggering configuration. When the router no longer sees data going out on the trigger ports, it turns off access to the incoming ports.

Private(internal) IP Address - If you are using NAT, every computer on your network has one of these ip addresses. These IP addresses are provided by your router. Your entire network can see this ip address. Computers on the outside of your network can not, because your router "hides" private ip addresses.

Public(external) IP Address - Every computer/server that has a public ip address is directly connected to the internet. Usually DLS/cable routers are assigned a public ip address by the ISP they are connecting to.

Static IP Address - Static doesn't really refer to the type of ip address. It refers to how your computer obtains that ip address. Static ip addresses are hard coded into your computer by you, by hand. If you assign a computer on your network a static ip address, all the other computers on the network must have a static ip address.
Subnet Mask - The subnet mask is part of your ip address configuration. The subnet tells your computer which group of ip addresses you belong to.

TCP/IP - This is the protocol your computer uses to communicate with other computers on the internet, and within your network. In windows this portion of your network properties, allows you to define an ip address, subnet mask, gateway, and dns servers.

A Guide to Understanding DHCP

DHCP stands for Dynamic Host Control Protocol. It does one thing for you. It assigns an ip address, subnet, and gateway to each computer on your local area network. I'll try to briefly go over what an ip address is here, because you need to understand that term to understand dhcp. You don't really have to understand what a subnet or gateway is to understand dhcp. It is enough to know that the subnet and gateway can be handed out via dhcp.
An IP Address is a unique number given to every computer on a network. Once again I say unique, because two computers on the same network can not have the same IP address. The ip address generally takes for form of four 0 through 255 numbers which are seperated by periods. A common ip address would be 192.168.1.2.
Everytime a computer is turned on it contacts the dhcp server to request an ip address, subnet and gateway. The dhcp server generally provides the next availble ip address. This is more important than it sounds. The order in which the computers are turned on effect which computer gets which ip address. One day you turn computer A on first and it gets the 192.168.1.2 ip address. The next day you turn computer A is turned on second and it gets a 192.168.1.3 ip address. Port Forwarding forwards a port to a certain ip address. If that IP address changed, then that port forwarding configuration would not be setup properly. One day your port forwarding configuration would work. The day it might not. In order to avoid this problem, we need to setup a static ip address on the computer that the ports are going to be forwarded to.
A static ip address is an ip address that is not assigned by DHCP. A static ip address is an ip address that has been manually setup on that computer. DHCP actually knows nothing about an ip address that has been assigned staticly. It doesn't even know that ip address has been assigned. So it can very easily hand out an ip address via dhcp that is the same as the one that has been assigned statically. At the start of this explaination, we said that an ip address needs to be unique. When two computers have the same ip address there is an ip address conflict and neither of them can connect to the internet. Let's go back to computer A and computer B. Computer A has the static ip address 192.168.1.2. Computer B boots onto the network and DHCP then hands it the first available ip address. Which it considers to be 192.168.1.2.
There are a couple really easy ways arround this. The first one is to just assign an ip address that is far away from the dhcp assigned ip address. If dhcp assigns 192.168.1.2 as it's first assignable ip address, you should assign a static ip address that is something like 192.168.1.50 or more. It's pretty unlikely that you will have 50 computers on your network, so there will never be an ip address conflict. If the first ip address handed out by dhcp was something like 192.168.1.253, you should enter should assign an ip address that is 192.168.1.150 or less. The only thing that matters is that there are no ip address conflicts. Just make sure you do not setup an static ip address that is one of the ip address that dhcp normally hands out.
The second and safest way to avoid ip address conflicts it to modify the range of ip addresses that dhcp hands out. We have written guides to do this for each particular router. Well we wrote guides for all the routers we had screenshots of. This method is really simple. We tell the DHCP server to only hand out certain ip addresses. Then we assign a static ip address that is not being handed out by dhcp. Here is an example. We tell the dhcp server to hand out the ip addresses from 192.168.1.2 to 192.168.1.10. Then we assign a static ip address to computer A that is 192.168.1.11. Since the DHCP server will never hand out 192.168.1.11, there will never be an ip address conflict. Any ip address that is higher than 192.168.1.10 would work as a static ip address.

What is an IP Address?

Basiclly an IP Address is a name for a computer. A computer can have as many ip addresses as you want to give it, but every computer that wants to send or receive data on the internet needs to have an ip address.
An ip address is a set of four three digit numbers divided by periods. The numbers of an ip address range from 0 to 255. An ip address acts as an identification number for a computer. It lets other computers know which computer it is. Because an ip address acts as identification number, no two computers on the internet can have the same ip address.
Computers that are in an internal network, can be separated from the internet by something called NAT. Computers behind NAT do not have ip address that are directly on the internet. There are some ip addresses that are reserved for internal networks. Here are a couple common ones.
192.168.x.x 10.0.x.x Where x can represent any number from 0 to 255.
I really wanted to just describe what an ip address is and what it looks like. I hope I've done that.

Network Protection Tips

This are some of my routine and guidelines on how do i protect my network against any intrusion:

• Make sure no one person is controlling the system front to back.
• Require every person logging on to use a password.
• Assign supervisory rights to as few people as possible.
• Back up all systems weekly.
• Have a strict sign-in/sign-out system for backup tapes.
• Always have a current copy of the backup tape stored remotely.
• Do backups of desktops and laptops as well as servers.
• Rotate backup tapes - don't keep using the same one over and over again.
• Change passwords every three months.
• Keep servers in a secured area.
• Stay up-to-date on software patches.
• Use intrusion-detection software that alerts you when you are being hit.
• Make sure two pairs of eyes have checked code before it is entered into the system.
• Have an information security department (at least one person and then one other for every 1,000 users) that is separate from the IT department and reports directly to the chief information officer.
• Spend at least 3% to 5% of the IS budget on information security. Train information security personnel to be aware of any employee who shows signs of being troubled or disgruntled, particularly if that employee holds an information-critical position.
• Beef up security during certain events, such as mergers or downsizings, that could upset workers and cause them to lash out at the company.
• Monitor the network - set up software that will alert you if the person is working in a different part of the network or at a different time than usual.
• Scan e-mail to see what's going out of the company, double-check backup tapes and have someone else do the backups if that person is the one in question.
• Make sure the person in charge of the system is not the same person in charge of the backup.
• Have specific policies and punishments built into employee contracts.
• Make sure critical IS workers are bonded.
  

Know your PORT and IP

Having problem which port are open inside your network?What is the insurance that you really open or close the correct port for the corresponding application?
This are newbie questions that are often mislead to scattering doubt.

Assuming that you already forward your port on your hardware router/pc router, use this nifty website ( port checker )to check if it is open or not, if you are protected or browsing this site inside your firewall, your ip address will not be displayed, a big possibility that you can't even get the SUCCESS answer from that site,but its a great help to those who just use a router...
for ip check, use this site ( IP ADDRESS ), this are just a handy websites that you can use whenever you use an application such as like remote softwares or ftp, web, this sites are your buddies.

Simple to Complex Networking

hello its me again,as usual nothing's change :),i would like to share some diagram of basic to complex networking...prolly this would be so useful not only for I-cafe's but also useful to other I.T.'s having trouble what to decide and what to do on how to set things up from scratch.anyway,so much for introduction.

WHAT IS THIS GOOD FOR?:-provide an insights and concept to those who have trouble about their network.

WHO WILL MOST LIKELY TO USE THIS?:-basically anyone can use it for reference purpose,and for actual purpose.

WHAT YOU NEED?-time-pc with printer(if you want to print the diagrams)

legends:

smoothwall - firewall,router(think of it as an ordinary hardware router so that you are not going to confuse what im talking about)

RED - lan card use for WAN(wide area networking)GREEN - lan card use for LAN(local are networking)

ORANGE - a 3rd lan card mostly likely use for DMZ(dimilitarize zone,e.g.:secure side for webserver,fileserver,ftp or for AP(Access Point)

BLUE - same function as ORANGE nic,but sometimes can act as 2nd RED nic for dual wan purpose.(applicable for dual WAN or PC router,not available for single hardware routers)

AP - abbr. for Access Point

the basic setup:

click on image below to enlarge



*the basic setup - is more likely the usual and the most simpliest form of home networking,also the basic setup of most I-Cafe's.The diagram explains that modem is directly connected to smoothwall(router,firewall);smoothwall to LAN switch or hub then spread it to workstations
--------------------------
click on image below to enlarge


*Smoothwall with DMZ - on the above diagram simplify a not-so-complex rule,remember this: one basic law of networking that thy shall not make conflict ip's,subnet's or just computer naming,im saying that you shall not use same subnetting on 2 or 3 different lan cards on same computer,or else you won't get any connectivity,as much as possible that you have to make a way too far subnetting from the other on every lan card,example if your RED network card use a static ip: 10.0.0.*/254 on subnet mask: 255.0.0.0,then use the ip range of: 192.168.1.*/254 subnet mask: 255.255.255.0 on GREEN network card...and if you have an extra 3rd lan card for DMZ,try to use 192.168.0.*/254 on subnet: 255.255.255.128
----------------------
click on image below to enlarge


*Smoothwall with DMZ and AP on BLUE nic - a more complex networking ideal for Hotspots like bars,coffee shops,resto's and for I-Cafe too,diagram shows an add-on router with wifi which act as wireless AP(Access Point) and not as a direct router from modem.The wireless router WAN port are configured to be a static ip with the gateway and prime DNS of smoothwall,DMZ server is still active,this kind of networking is possible to browse its network from other subnets(pretty cool,huh!)
----------------------
click on image below to enlarge

*router added behind smoothwall - this one belongs to basic setup.As you can see,every time a machine server has a direct contact to a router or another machine server it makes the workstations to use the back end server or router ip address,one note for clarification,you cannot use the smoothwall ip as gateway or dns directly if you are on behind by another router or firewall.
----------------------
click on image below to enlarge



*setup with 2 or 3 switches - ummm,this is only 1 of the basic setup for I-cafe if you have 20 workstation but have a single switch with 16 ports,most likely the last resort of this is to buy a new router with atleast 4 port on it,oppsS!now a days,i don't see dealers who sell this kind of switches anymore,but routers with 4 ports do,for market wise you should bought a 24 or 16 port router,some routers have a port called UPLINK,the setup of 2 switches with uplink can most likely be the cable connected from 1st switch is connected to UPLINK port and the end cable be connect to port 1 of 2nd switch,big NOTE:if you use the uplink setup,the cable termination should be CROSSOVER,later on ill post the different kinds of crimping termination.if you have a switch with uplink ports,you still have a choice not to use the UPLINK,hence,you can use the port 1 of switch 1 and connect it to switch 2 on port 2 using straight or cisco termination.
this setup is good for corporate network which area has a 2nd or 3rd floor.
-------------------------
Complex Networking:
click on image below to enlarge


-------------------------------------------
diagrams are linked to other sites,it may be deleted nor replaced by the webmaster. All explanations are brewed encoded by the me. I post this on another forum before but i think it might be good if this will be here knowing the fact that im the one who made all the research and explanations.

Download

Linux:

Smoothwall ISO and Manuals:
VERSION 3.0 - POLAR
69MB ISO CD Image SmoothWall Express 3.0 (i386) »
71MB ISO CD Image SmoothWall Express 3.0 (64-bit) »
1MB PDF SmoothWall Express 3.0 Installation Guide »
4MB PDF SmoothWall Express 3.0 Administrator Guide »

Express 2.0 Version
smoothwall-2.0.iso
smoothwall-2.0-manuals.iso

Express 2.0 Version Patches:

SmoothWall Express 2.0
fixes 9 fixes 8 fixes 7 fixes 6 fixes 5 fixes 4 fixes 3 fixes 2 fixes 1

The Windows Operating System's Role in Networking

Before I Begin
Before I get started, there are a couple of things that I need to say up front. First, I am going to be spending some time talking about the early days of Windows. There are a lot of rumors alleging that Microsoft “borrowed” parts of the Windows Operating System from companies like IBM and Apple. Personally, I do not know if these rumors are true or not, and to be perfectly frank, I do not really care. I just wanted to acknowledge the point up front in an effort to reduce the number of e-mail messages that I receive in response to this article.
The other thing that I want to clarify up front is that today, every operating system implements networking in roughly the same way. Although one operating system might be more efficient than another, the end result is basically the same. After all, it is no coincidence that Windows, Macintosh, Linux, and UNIX can all communicate across the same Internet, using the same protocols.
By writing about Windows, I am not trying to start an operating system war, as I seem to have inadvertently done so many times in the past. I just choose to write about Windows because it is the most commonly used operating system, and articles about Windows would therefore theoretically benefit the largest number of people, and this is primarily a Windows focused website.
What Windows Did for the World
Now that I have hopefully appeased most of the haters, let us get down to business. The reason why Windows became such a dominant operating system was because it solved two major problems that plagued the IT industry.
The first of these problems is that prior to the creation of Windows, PCs were relatively difficult to use (at least for the lay person anyway). Prior to Windows 3.x, most PCs ran a Microsoft operating system known as MS-DOS. DOS was an acronym that stood for Disk Operating System.
The DOS operating system actually worked pretty well, but it did have some serious shortcomings. For starters, the operating system was text based. This meant that if you wanted to launch an application, you could not just point and click on an icon, you had to know the command or commands needed to launch that application. If you wanted to know how much free disk space you had, you could not just right click on a disk icon, you had to use the CHKDSK or DIR command.
The average person was intimidated by DOS. After all, using DOS even for the basics required learning quite a few commands. Many of those commands could do significant damage to your data if you accidentally used them incorrectly, so that added to the problem.
There is no denying that PC use was already becoming widespread before Microsoft introduced the graphical operating system, but Windows helped to make PCs much easier to use.
The second thing that Windows accomplished was far more important. Windows provided a level of abstraction that allowed device drivers to be separated from applications.
In the days of DOS, it was an application developer’s responsibility to include device drivers as a part of an application. For example, when I was in high school, the best word processor on the market was a now defunct product known as PFS Write. One of the things that made PFS Write such a good product was that it supported numerous printers. Even so, I recall purchasing a copy and installing it onto my computer, only to find out that it did not include a driver for my printer. As a result, I had to buy a new printer, just to be able to use a word processor.
Keep in mind that my previous printer was not junk. The problem was that most applications at the time shipped on floppy disks, which had an extremely limited capacity. As a result, application developers would typically only include drivers for the most commonly available hardware. At the time, it was not at all uncommon to find that some applications (especially video games) did not support particular video cards, sound cards, etc.
The way that drivers were tied to applications was bad for both application developers and for consumers. It was bad for application developers, because they had to spend time writing a zillion device drivers, which increased development cost and increased the amount of time that it took to get their product to market. Because an application could only support a limited set of hardware, the developer inevitably alienated some would be customers by not supporting their hardware.
Having device drivers tied to applications was bad for consumers as well. Typically, older hardware was not supported, often forcing consumers to purchase new hardware along with their new application. At the same time though, cutting edge hardware was not usually supported either. Application developers needed to create drivers that would work for the largest number of people possible, so it was rare for an application to contain drivers for the latest hardware. Often the new hardware was backward compatible with device drivers for older hardware, but it might take years for the cutting edge hardware’s full potential to be widely utilized by applications.
When Microsoft created Windows, they created an environment in which any application can interact with any hardware. Sure, applications still have minimum hardware requirements, but hardware brands and models do not really matter anymore. For example, if I wanted to print this document, it would not really matter what kind of printer I have, as long as I have a printer driver installed.
Windows is built in layers. Every Windows application generates print jobs in exactly the same way, regardless of what the application is, or what type of printer the job is being sent to. The Windows operating system then uses the specified print driver to translate the job into something that the printer can understand. The actual process is a little bit more complicated than this, but I wanted to convey the basic idea rather than going into a lot of boring architectural details.
The point is that abstracting applications from device drivers helps everyone. Application developers no longer suffer the burden of writing device drivers, and consumers are now free to use any hardware they want (so long as it meets minimum standards) without having to worry about whether or not it will work with a particular application.
Conclusion
As you can see, Microsoft was able to design Windows in a way that allowed applications to be abstracted from device drivers.