Digital Router

To make a baseband network practical for many computers to share, the data transmitted by each system is broken up into separate units called packets. When your computer transmits data it might be broken up into many packets, and the computer transmits each packet separately. When all of the packets constituting a particular transmission reach their destination, the receiving computer reassembles them back into original data. This is the basis for a packet-switching network.

Circuit-switching means that the two systems wanting to communicate establish a circuit before they transmit any information. That circuit remains open throughout the life of the exchange, and is only broken when the two systems are finished communicating. Circuit switching is more common in environments like the public switched telephone network (PSTN), in which the connection between your telephone and that of the person you're calling remains open for the entire duration of the call.

FTP or File Transfer Protocol, is one of the big legacy protocols that probably should be retired. FTP is primarily designed for large file transfers, with the capability of resuming downloads if they are interrupted. Access to an FTP server can be accomplished using two different techniques: Anonymous access and Standard Login. Both of these are basically the same, except Anonymous access does not require an active user login while a Standard Login does. Here's where the big problem with FTP lies however- the credentials of the user are transmitted in cleartext which means that anybody listening on the wire could sniff the credentials extremely easily. Two competing implementations of FTP that take care this issue are SFTP (FTP over SSH) and FTPS (FTP with SSL). FTP uses TCP ports 20 and 21.

Even if you don't recognize anything else on this list, you like have heard of TCP/IP before. Contrary to popular believe, TCP/IP is not actually a protocol, but rather TCP is a member of the IP protocol suite. TCP stands for Transmission Control Protocol and is one of the big big mindbogglingly massively used protocols in use today. Almost every major protocol that we use on a daily basis- HTTP, FTP and SSH among a large list of others- utilizes TCP. The big benefit to TCP is that it has to establish the connection on both ends before any data begins to flow. It is also able to sync up this data flow so that if packets arrive out of order, the receiving system is able to figure out what the puzzle of packets is supposed to look like- that this packet goes before this one, this one goes here, this one doesn't belong at all and looks sort of like a fish, etc. Because the list of ports for TCP is so massive, charts are commonplace to show what uses what, and Wikipedia's which can be found here is excellent for a desk reference.

If you were to ask a Microsoft Sales Rep this question, they would no doubt have hundreds of tweaks and performance boosts from system to system. In reality however there are two main differences between the Windows Home edition and Windows Professional: Joining a domain and built-in encryption. Both features are active in Professional only, as joining a domain is nearly a mandatory requirement for businesses. EFS (Encrypted File System) in and its successor Bitlocker are both also only present in Pro. While there are workarounds for both of these items, they do present a nice quality-of-life boost as well as allow easier standardization across multiple systems. That being said, the jump from Windows Pro to Windows Server is a monumental paradigm shift. While we could go through all of the bells and whistles of what makes Windows Server…Windows Server, it can be summed up very briefly as this: Windows Home and Pro are designed to connect outwards by default and are optimized as such. Windows Server is designed to have other objects connect to it, and as a result it is optimized severely for this purpose. Windows Server 2012 has taken this to a new extreme with being able to perform an installation style very similar to that of a Unix/Linux system with no GUI whatsoever. As a result, they claim that the attack vector of the Operating System has been reduced massively (when installing it in that mode)

External Media has been used for backups for a very long time, but has started to fall out of favor in the past few years due to its speed limitations. As capacities continue to climb higher and higher, the amount of time it takes to not only perform a backup but also a restore skyrockets. Tapes have been particularly hit hard in this regard, primarily because they were quite sluggish even before the jump to the terabyte era. Removable hard disks have been able to pick up on this trend however, as capacity and price have given them a solid lead in front of other options. But this takes us back to the question- why use EXTERNAL media? Internal media usually is able to connect faster, and is more reliable correct? Yes and no. While the estimated lifetime of storage devices has been steadily going up, there is always the chance for user error, data corruption, or hiccups on the hard disk. As a result, having regular backups to external media is still one of the best bang-for-buck methods available. Removable hard disks now have the capability to connect very rapidly, even without the use of a dedicated hot-swap drive bay. Through eSATA or USB3, these connections are nearly as fast as if they were plugged directly into the motherboard.

Unix/Linux permissions operate on much simpler methodology than Windows does, but as a result when you're trying to figure out how they work it can feel like you've been hit by a slice of lemon wrapped around a large gold brick: It should be simple, but the way you're used to is incompatible with what you are trying to do so it makes your brain hurt. Linux permissions are normally visible using the following scale: d | rwx | rwx | rwx. This stretch of characters actually represents four distinct sections of binary switches- directory, owner, group, other. The first value (d)- asks 'is this a directory', while the next group (rwx) represents what permissions the owner of the file has- read (r), write (w), and execute (x). The next set of values (rwx), represent what members of the group can do for the same permissions- read, write and execute. The final set (rwx), say what everybody else can do for those same permissions. Fairly straightforward, but where do the 755 and 644 values come into play? These actually are the real-world simplified values the permission scale listed above. For example, when reading permissions with the value of drwxr-xr-x, it would mean that it is a directory, the owner has full permissions, and while everybody else can read and execute, nobody else can write to it. So if we were to look at this as a basic yes/no (1/0) system, we would see something like this:

rwx rwx rwx

111 101 101

So now we have binary values for each of these fields- 1 for yes, 0 for no. Now what do we do with them? We can actually calculate out the values based on what we see here, based on binary.

0000 = 0

0001 = 1

0010 = 2

0011 = 3

0100 = 4

0101 = 5

0110 = 6

0111 = 7

rwx rwx rwx

111 101 101

7 5 5

This would give us 755 as shorthand for owner read, write and execute, and everybody else is read and execute. Let's try this again with the 644 values. Let's work out the following string: rw-r-r-:

rwx rwx rwx

110 100 100

6 4 4

This would give us 644 as shorthand for owner read and write, with everybody else read-only.

Dynamic Host Configuration Protocol is the default way for connecting up to a network. The implementation varies across Operating Systems, but the simple explanation is that there is a server on the network that hands out IP addresses when requested. Upon connecting to a network, a DHCP request will be sent out from a new member system. The DHCP server will respond and issue an address lease for a varying amount of time. If the system connects to another network, it will be issued a new address by that server but if it re-connects to the original network before the lease is up- it will be re-issued that same address that it had before.

To illustrate this point, say you have your phone set to wifi at your home. It will pick up a DHCP address from your router, before you head to work and connect to your corporate network. It will be issued a new address by your DHCP server before you go to starbucks for your mid-morning coffee where you'll get another address there, then at the local restaurant where you get lunch, then at the grocery store, and so on and so on.

In plain English, DNS is the Internet's phone book. The Domain Name System is what makes it possible to only have to remember something like "cnn.com" instead of (at this particular moment) "157.166.226.26". IP address change all the time however, although less so for mega-level servers. Human friendly names allow users to remember a something much easier and less likely to change frequently, and DNS makes it possible to map to those new addresses under the hood. If you were to look in a standard phone book and you know the name of the person or business you're looking for, it will then show you the number for that person. DNS servers do exactly the same thing but with updates on a daily or hourly basis. The tiered nature of DNS also makes it possible to have repeat queries responded to very quickly, although it may take a few moments to discover where a brand new address is that you haven't been to before. From your home, say that you wanted to go to the InfoSec Institute's home page. You know the address for it, so you punch it in and wait. Your computer will first talk to your local DNS server (likely your home router) to see if it knows where it is. If it doesn't know, it will talk to your ISP's DNS server and ask it if it knows. If the ISP doesn't know, it will keep going up the chain asking questions until it reaches one of the 13 Root DNS Servers. The responding DNS server will send the appropriate address back down the pipe, caching it in each location as it does so to make any repeat requests much faster.

ipconfig is one of the primary network connection troubleshooting and information tools available for Windows Operating Systems. It allows the user to see what the current information is, force a release of those settings if set by DHCP, force a new request for a DHCP lease, and clear out the local DNS cache among other functions it is able to handle. ifconfig is a similar utility for Unix/Linux systems that while at first glance seems to be identical, it actually isn't. It does allow for very quick (and thorough) access to network connection information, it does not allow for the DHCP functions that ipconfig does. These functions in fact are handled by a separate service/daemon called dhcpd.

When trying to communicate with systems on the inside of a secured network, it can be very difficult to do so from the outside- and with good reason. Therefore, the use of a port forwarding table within the router itself or other connection management device, can allow for specific traffic to be automatically forwarded on to a particular destination. For example, if you had a web server running on your network and you wanted access to be granted to it from the outside, you would setup port forwarding to port 80 on the server in question. This would mean that anyone putting in your IP address in a web browser would be connected up to the server's website immediately. Please note, this is usually not recommended to allow access to a server from the outside directly into your network.

When you're working in Active Directory, you see a tree-type structure going down through various organizational units (OU's). The easiest way to explain this is to run through a hypothetical example.

Say that we had a location reporting for CNN that dealt with nothing but the Detroit Lions. So we would setup a location with a single domain, and computers for each of our users. This would mean starting at the bottom: OU's containing the users, groups and computers are at the lowest level of this structure. A Domain is a collection of these OU's as well as the policies and other rules governing them. So we could call this domain 'CNNDetroitLions". A single domain can cover a wide area and include multiple physical sites, but sometimes you need to go bigger.

A tree is a collection of domains bundled together by a common domain trunk, rules, and structure. If CNN decided to combine all of its football team sites together in a common group, so that its football sports reporters could go from one location to the next without a lot of problems, then that would be a tree. So then our domain could be joined up into a tree called 'football', and then the domain would be 'CNNDetroitLions.football' while another site could be called 'CNNChicagoBears.football'.

Sometimes you still need to go bigger still, where a collection of trees is bundled together into a Forest. Say CNN saw that this was working great and wanted to bring together all of its reporters under a single unit- any reporter could login to any CNN controlled site and call this Forest 'cnn.com' So then our domain would become 'CNNDetroitLions.football.cnn.com' with another member of this same Forest could be called 'CNNNewYorkYankees.baseball.cnn.com', while yet another member could be 'CNNLasVegas.poker.cnn.com'. Typically the larger an organization, the more complicated it becomes to administer, and when you get to something as large as this it becomes exponentially more difficult to police.

For the IP address that most people are familiar with (IPv4), there are 4 sets (octets) of numbers, each with values of up to 255. You likely have run into this when troubleshooting a router or a DHCP server, when they are giving out addresses in a particular range- usually 192.x or 10.x in the case of a home or commercial network. IP classes are primarily differentiated by the number of potential hosts they can support on a single network. The more networks supported on a given IP class, the fewer addresses are available for each network. Class A networks run up to 127.x.x.x (with the exception of 127.0.0.1, which is reserved for loopback or localhost connections). These networks are usually reserved for the very largest of customers, or some of the original members of the Internet and xkcd has an excellent map (albeit a bit dated) located here showing who officially owns what. Class B (128.x to 191.x) and Class C (192.x to 223.x) networks are much more fuzzy at the top level about who officially owns them. Class C addresses are primarily reserved for in-house networks which is as we mentioned above why so many different manufacturers use 192.x as their default setting. Class D and E are reserved for special uses and normally are not required knowledge.