Skip to main content

Posts

Showing posts from January 22, 2012

3.2.12 Parming

Pharming Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses — they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". More worrisome than host file attacks is the compromise of a local network router. Since most routers specify a trusted DNS to clients as they join the network, misinformation here will spoil lookups for the entire LAN. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. In pharming, larger numbers of computer users can be victimized because it is not necessary to target indivi

3.2.11 Xmas Attack

Xmas Attack One of the three Nmap scan types: • Xmas scan (-sX) – Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. • Null scan (-sN) – Does not set any bits (TCP flag header is 0) • FIN scan (-sF) – Sets just the TCP FIN bit. One of the most popular attacks that utilizes Nmap is the Xmas attack (also known as the Xmas scan and Christmas attack). This is an advanced scan that tries to get around firewall detection and look for open ports. It accomplishes this by setting three flags (FIN, PSH, and URG). References: http://nmap.org/book/man-port-scanning-techniques.html CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.2.10 Vishing & Spear Phishing

Vishing When you combine phishing with Voice over IP (VoIP), it becomes known as vishing and is just an elevated form of social engineering. Spear phishing Spear phishing is a unique form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party. In spear phishing, the attacker uses information that the target would be less likely to question because it appears to be coming from a trusted source. Because it appears far more likely to be a legitimate message, it cuts through the user's standard defenses like a spear and has a higher likelihood of being clicked. With spear phishing, you might get a message that appears to be from your boss telling you that there is a problem with your direct deposit account and you need to access this HR link right now to correct it. Spear phishing works because it uses information it can find about you from email databases, friends lists, and the like. References

3.2.9 Spim

Spim SpIM is short for "Spam via Instant Messenger" and is a term that refers to unwanted and unsolicited junk messages sent via an instant messenger (instead of through e-mail messaging). Most Spim comes in the form of chat requests/sessions from unknown people who then send you text messages about their products or services. Some may ask you to visit a website, which may contain malware or they may try to send you files to download. The immediacy of IM makes users more likely to reflexively click links. Furthermore, because it bypasses anti-virus software and firewalls. IM is an easy means of passing on not only commercial messages, but also viruses and other malware. Never accept or open attachments from people you don’t know. Turn off the automatic download features in your instant messenger client. Send all downloads to the same folder on your hard drive and then use your anti-virus software to scan that folder each time a new file is added. Related Terms

3.2.8 Phishing

Phishing Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is an example of social engineering techniques used to deceive users; in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request. Vishing involves combining phishing with Voice over IP. An email might look as if it is from a bank and contain some basic information, such as the user's name. A fake website might be created to look just like a legitimate site. It can then gather personal information from the user. The person instigating the phishing can then use the values entered there to access the legitimate account. One of the best counters to phishing is to simply mouse over the “Click Here” link and read the URL. Phishing email messages, websites, and phone calls are designed to steal money, access, informat

3.2.7 Spam

Spam Spam is the use of electronic messaging systems, particularly e-mail but including most broadcast media, digital delivery systems, to send unsolicited bulk messages indiscriminately. In general, e-mail messages you didn’t ask for, from people you don’t know are considered ‘spam’. Spam can contain viruses or other malware, or it may try to trick the recipient to give up passwords and user names, or visit a harmful site. Spam is not actually an acronym. According to the Internet Society and other sources, the term spam is derived from the 1970 Spam sketch of the BBC television comedy series Monty Python's Flying Circus. The sketch is set in a cafe where nearly every item on the menu includes Spam canned luncheon meat. As the waiter recites the Spam-filled menu, a chorus of Viking patrons drowns out all conversations with a song repeating "Spam, Spam, Spam, Spam... lovely Spam! wonderful Spam!", hence "Spamming" the dialogue. Related Terms SPAM – Ho

3.2.5 Smurf Attack

Smurf Attack The smurf attack, named after its exploit program, is a denial-of-service  attack which uses spoofed broadcast ping messages to flood a target system. In the "smurf" attack, from remote location, an attacker sends forged ICMP echo packets directed to the broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target. This generates a denial-of-service attack. There are three parties in these attacks: the attacker, the intermediary, and the victim (note that the intermediary can also be a victim). The intermediary receives an ICMP echo request packet directed to the IP broadcast address of their network. If the intermediary does not filter ICMP traffic directed to IP broadcast addresses, many of the machines on the network will receive this ICMP echo request packet an

3.1.6 Rootkits

Rootkits Rootkits are software programs that have the ability to hide certain things from the operating system. Theoretically, rootkits could hide anywhere there is enough memory to reside: video cards, PCI cards, and the like. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard. A rootkit is a type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at a privileged level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkit detection is difficult because a rootkit may be able to subve

3.1.4 Spyware

Spyware Spyware is software that can display advertisements, collect information about you, or change settings on your computer, generally without appropriately obtaining your consent. For example, spyware can install unwanted toolbars, links, or favorites in your web browser, change your default home page, or display pop-up ads frequently. Some spyware displays no symptoms that you can detect, but it secretly collects sensitive information, such as the websites you visit or the text you type. Most spyware is installed through free software that you download, but in some cases simply visiting a website results in a spyware infection. Spyware gathers information on you to pass on to marketers or intercepts personal data such as credit card numbers and makes them available to third parties. References: http://windows.microsoft.com/en-US/windows7/Understanding-security-and-safer-computing

3.1.1 Adware

Adware Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user. Adware is criticized because it can include code that tracks a user's personal information and pass it on to third parties, without the user'

2.2.3 Incident Management

Incident management Incident management—the steps followed when events occur. A clearly defined incident response policy can help contain a problem and provide quick recovery to normal operations. In the event of some form of security incident, some form of procedure should be in place to deal with these events as they happen. The policy should cover each type of compromised security scenario and list the procedures to follow when they happen. The incident response policy should cover the following areas: Contact information for emergency services and other outside resources. Methods of securing and preserving evidence of a security breach. Scenario-based procedures of what to do with computer and network equipment depending on the security problem. How to document the problem and the evidence properly. The components of an incidence-response plan should include preparation, roles, rules, and procedures. Incident-response procedures should define how to maintain busi

2.2.2 Change Management

Change management Change management policies are official company procedures used to identify and communicate current or forthcoming changes to some aspect of the company’s networks and communications services. Change documentation should include the following: Specific details, about the change being proposed/implemented The name of the authority who approved the changes A list of the departments and the names of the supervisors involved in performing the change What the immediate effect of the change will be What the long-term effect of the change will be The date and time the change will occur After the change has occurred, the following should be added to the documentation: Specific problems and issues that occurred during the process Any known workarounds if issues have occurred Recommendations and notes on the event After the change has been requested, documented, and approved, you should then send out notification to the users so that they know what to exp

2.1.7 Risks associated to Cloud Computing and Virtualization

Risks associated to Cloud Computing and Virtualization If you ask two people a question about what cloud computing is, you are likely to get four different answers. That in itself should be considered a risk. For our purpose, we will consider cloud computing as the use of the Internet to host services and data instead of hosting it locally. Implementation of this include Google Mail, Amazon EC2, Salesforce.com, etc. The Security+ certification exam considers the following three ways of implementing cloud computing: The Platform as a Service (PaaS) model, vendors provide a platform for customers to build and run custom applications. Software as a Service (SaaS) is a way of delivering Web-based, on-demand, or hosted applications. Infrastructure as a Service The Infrastructure as a Service (IaaS) model closely resembles the traditional utility model used by electric, gas, and water providers. It delivers computer infrastructure – typically a platform virtualization environment – a

2.1.6 Risk-avoidance, transference, acceptance, mitigation, deterrence

Risk-avoidance, transference, acceptance, mitigation, deterrence Risk Avoidance Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk. Risk avoidance should be based on an informed decision that the best course of action is to deviate from what would/could lead to exposure to the risk. One of the biggest problems with risk avoidance is that you are steering clear of activities you may benefit from. This is the most effective solution, but often not possible due to organizational requirements. Risk transference, you do not simply shift the risk completely to another entity, instead you share some of the burden of the risk with someone else, such as an insurance company. A typical policy would pay you a cash amount if all the steps were in place to reduce risk and your system still was harmed. Risk mitigation is accomplished anytime you take steps to reduce the risk. Steps include installing antivirus soft

2.1.4 Risk Calculation

Risk Calculation The likelihood and impact of a risk has a strong measure on your cost analysis for budgeting funds for risk countermeasures and mitigation. A calculation used to determine this factor is Annual Loss Expectancy (ALE). You must calculate the chance of a risk occurring, sometimes called the Annual Rate of Occurrence (ARO), and the potential loss of revenue based on a specific period of downtime, which is called the Single Loss Expectancy (SLE). By multiplying these factors together, you arrive at the ALE. This is how much money you expect to lose on an annual basis because of the impact from an occurrence of a specific risk. When you're doing a risk assessment, one of the most important things to do is to prioritize. Take into account the likelihood of an event happening and the impact to your organization if it does. Focus on the events that are likely and would have an impact. Not everything should be weighed evenly. One method of measurement to consider is

2.1 Explain risk related concepts

Explain risk related concepts Control types Technical Management Operational False positives Importance of policies in reducing risk Privacy policy Acceptable use Security policy Mandatory vacations Job rotation Separation of duties Least privilege Risk calculation Likelihood ALE Impact Quantitative vs. qualitative Risk-avoidance, transference, acceptance, mitigation, deterrence Risks associated to Cloud Computing and Virtualization

1.5 Identify commonly used default network ports

Identify commonly used default network ports TCP Port # UDP Port # Service 20 FTP (data channel) 21 FTP (control channel) 22 SSH; SCP; SFTP (over SSH) 989 989 FTPS (data): FTP over TLS/SSL 990 990 FTPS (control): FTP over TLS/SSL 69 Trivial File Transfer Protocol (TFTP) 23 Telnet 80 Hypertext Transfer Protocol (HTTP) 443 HTTPS (Hypertext Transfer Protocol over SSL/TLS) 137 137 NetBIOS Name Service 138 138 NetBIOS Datagram Service 139 139 NetBIOS Session Service

1.6.8 SSID Broadcast

SSID broadcast The SSID (Service Set IDentifier), or network name, of your wireless network is required for devices to connect to it. SSID is a function performed by an Access Point (AP) that transmits its name so that wireless stations searching for a network connection can 'discover' it. It's what allows your wireless adapter's software to give you a list of the AP in range. Wireless APs and routers can automatically broadcast their network name (SSID) into open air at regular intervals (every few seconds) to announce their presence. This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs. One method of "protecting" the network that is often recommended is to turn off the SSID broadcast. This should be considered a very weak form of security because it is a trivial process for an attacker to discover the presence of the access point besides the SSID broadcast. Security by obscurity is no s

1.6.4 EAP

EAP Extensible Authentication Protocol (EAP) is an Internet Engineering Task Force (IETF) standard that provides an infrastructure for network access clients and authentication servers to host plug-in modules for current and future authentication methods. EAP is used to authenticate Point-to-Point Protocol (PPP)-based connections (such as dial-up, virtual private network remote access, and site-to-site connections) and for IEEE 802.1X-based network access to authenticating Ethernet switches and wireless access points (APs). EAP is used primarily in WEP/WPA/WPA2-based wireless networks for securely transporting authentication data. EAP separates the message exchange from the authentication process through the use of a different exchange layer and it provides a module-based infrastructure that supports several different authentication methods. EAP, is an authentication framework (not a specific authentication mechanism) frequently used in wireless networks and Point-to-Point connec

1.4.10 SFTP

SFTP In computing, the SSH File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0, but is also intended to be usable with other protocols. SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. The protocol itself does not provide authentication and security; it assumes that it is run over a secure channel, i.e. it expects the underlying protocol to secure this and that the server has already authenticated the client, and the identity of the client user is available to the protocol. SFTP is most often used as subsystem of SSH protocol version 2 implementations. Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in t

1.6.1 WPA

WPA Wi-Fi Protected Access (WPA) is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless networks and surpass the older Wired Equivalent Privacy (WEP) protocol. The Alliance defined WPA in response to serious weaknesses researchers had found in WEP. WPA (defined in the draft IEEE 802.11i standard) became available around 1999 and was intended as an intermediate measure in anticipation that it would be replaced by the more secure WPA2 protocol. There are two versions, WPA and WPA2, with the latter being the full implementation of the security features. The difference between WPA and WPA2 is that WPA implements most—but not all—of 802.11i in order to be able to communicate with older wireless cards and it used the RC4 encryption algorithm with TKIP, while WPA2 implements the full standard and is not compatible with older cards. WPA also mandates the use of the Temporal Key Integrity Protocol (TKIP), while WPA2 favors Counter M

1.4.9 HTTPS

HTTPS Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (http). HTTPS is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol. It provides encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS combines HTTP with SSL/TLS to provide encrypted communication. When a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. A user can tell if they are connected to a secure website if the website URL begins with https:// instead of http://. The default port is 443 and the URL begins with https://. The main idea of HTTPS is to create a secure channel over an insecure network. HTTPS is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layer

1.4.8 FTPS

FTPS FTPS (FTP over SSL) is an extension to the File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols for channel encryption as defined in RFC 2228. Well-known TCP & UDP ports for FTPS: 989 – FTPS (data channel) 990 – FTPS (control channel) Much like HTTPS, but unlike SFTP, FTPS servers may provide a public key certificate. Both FTPS and SFTP use a combination of an asymmetric algorithm (RSA, DSA), a symmetric algorithm (DES/3DES, AES, Twofish and so on), and a key-exchange algorithm. For authentication, FTPS uses X.509 certificates, whereas SFTP (SSH protocol) uses SSH keys. It's a good idea to use FTPS when you have a server that needs to be accessed from personal devices or from some specific operating systems that have FTP support but don't have SSH/SFTP clients. Pros of FTPS: Widely known and used The communication can be read and understood by humans Provides

1.4.6 SSL

SSL Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols that provide communication security over the Internet. SSL (and TLS) encrypt the segments of network connections at the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications. The SSL protocol uses an encryption scheme between the two systems. The client initiates the session, the server responds, indicating that encryption is needed, and then they negotiate an appropriate encryption scheme. TLS is a newer protocol that merges SSL with other protocols to provide encryption. TLS supports SSL connections for compatibility, but it also allows other encry

1.4.4 DNS

DNS DNS (Domain Name Server) allows you to use a host name such as www.google.com instead of 74.125.239.50 (or any one of several IP addresses used to reach the Google web site). DNS makes it more convenient to use the Internet. The Microsoft Outlook mail server may respond when you refer to it as outlook.com, however at its core it wants to be addressed as 157.56.238.11 or whatever its current IP address is. It would be very inconvenient to have to use IP addresses exclusively; DNS was invented to allow the use of the more user-friendly host names. It provides a distributed and robust mechanism that resolves Internet host names into IP addresses and vice versa. Unfortunately many security weaknesses surround IP and the protocols carried by IP. DNS is not immune to these security weaknesses. DNS provides a way to know the IP address of any host on the Internet. DNS attacks can be aimed at the DNS protocol (DNS spoofing, DNS ID hacking, DNS cache poisoning) or th

1.4.3 SSH

SSH Secure Shell (SSH) is a protocol for securely connecting to and opening a remote login connection or and other network services over an insecure network. It is a secure replacement for the ARPA/Berkeley services: Telnet, rlogin, rsh and rcp and it consists of four major components: The Transport Layer Protocol – This layer handles initial key exchange as well as server authentication, and sets up encryption, compression and integrity verification. The User Authentication Protocol – This layer authenticates the client-side user to the server.  It runs over the transport layer protocol. The Connection Protocol – This layer defines the concept of channels, channel requests and global requests using which SSH services are provided. It multiplexes the encrypted tunnel into several logical channels.  It runs over the user authentication protocol. The SSHFP DNS record – This layer provides the public host key fingerprints in order t

1.4.5 TLS

TLS TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email. The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created. The main benefit in opting for TLS over SSL is that TLS was incepted as an open-community standard, mea

1.4.2 SNMP

SNMP Simple Network Management Protocol(SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP is used for collecting information from, and configuring network devices, such as servers, printers, switches, and routers on a TCP/IP network. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. Three versions of SNMP exist: SNMPv1, SNMPv2 and SNMPv3. SNMPv2 provides security and improved remote monitoring over SNMPv1. Security in v1 and v2 consisted of a password (known as a community string) sent in the clear between the management station and the agent. SNMPv3 primarily added security and remote configuration enhancements. Two versions of SNMP exist: SNMP Version 1 (SNMPv1) and SNMP Version 2 (SNMPv2). Both versions have a number of features in c

1.4.1 IPSec

IPSec IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. Its primary goals are data confidentiality, data integrity, and host authentication. The combination of integrity and authentication provides non-repudiation. IPSec also detects replay attacks. IPSec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Unlike protocols such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), that operate in the upper layers of the TCP/IP model, IPSec operates in the Internet Layer of the Internet Protocol Suite and protects any application traffic across an IP network. Applications do not need to be specifically designed to use IPSec. Because IPSec is integrated at t

1.3.8 Virtualization

Virtualization Virtualization providers include proprietary solutions from VMware, Citrix, Microsoft and Red Hat open source solutions from Xen and VirtualBox, for example. Virtualization technology allows you to take any single physical device and hide its characteristics from users—in essence allowing you to run multiple items on one device and make them appear as if they are stand-alone entities. Virtualization is a method of running multiple independent virtual operating systems on a single physical computer.  It is a way of maximizing physical resources to maximize the investment in hardware. A single server can host multiple (logical) virtual machines. Each virtual machine (VM) can run a different operating system, e.g. Ubuntu Linux, Microsoft Windows 2008 R2, etc. By using one host to do multiple functions, you can immediately gain cost savings in terms of hardware, utility, infrastructure, etc. Virtualization presents security challenges. A user accessing the system c

1.3.7 NAC

NAC NAC – Network access control is a method of bolstering the security of a proprietary network by restricting the availability of network resources only to endpoint devices that comply with a defined security policy. NAC aims to control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. When a computer connects to a computer network, it is not permitted to access anything unless it complies with a minimum set of parameters. Checks include the devices operating system, application patch level, anti-virus protection level, user access rights, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies def

1.3.6 Telephony

Telephony When telephone technology is married with information technology, the result is known as telephony. A breach in your telephony infrastructure is just as devastating as any other violation and can lead to the loss of valuable data. Telephony is the technology associated with the electronic transmission of voice, fax, or other information between distant parties using systems historically associated with the telephone. Internet telephony is the use of the Internet rather than the traditional telephone company infrastructure and rate structure to exchange spoken or other telephone information. The term is used frequently to refer to computer hardware and software that performs functions traditionally performed by telephone equipment. As more organizations migrate from land lines to Voice over IP (VoIP) for cost savings and agility, security is increasingly important for Internet Telephony. VOIP can be easily sniffed with tools such as Cain & Abel and is susceptible t

1.3.5 Remote Access

Remote Access Remote access is the broad collection of mechanisms that allow external entities to interact with an internal closed environment. One of the first tools for remote access was the dial-up modem. Today we regularly employ encrypted VPN tunnels. Security over a remote access connection is critical, e.g. via an encrypted tunnel, one-time passwords, etc. Additionally, you need to be aware of every flow of data that penetrates the boundaries of your private LAN and fully control each and every bit of data moving across such a gateway. Monitor your environment and review logs. A first-stage remote access defense is a separate authentication system for remote access that preauthenticates all connections before they are allowed to interact with the LAN itself. If the remote access user fails to properly authenticate to the first-stage defense barrier, they are denied access to the servers on the LAN. Preauthentication systems make full network attacks from remote links mor

1.3.4 NAT

NAT Network Address Translation (NAT) as defined in RFC 1631 enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. NAT acts as a proxy between the local area network (which can be using private IP addresses) and the Internet (which must use public IP addresses). Most NAT implementations assign internal hosts private IP address numbers and use public addresses only for the NAT to translate to and communicate with the outside world. The private address ranges are as follows: 10.0.0.0–10.255.255.255 172.16.0.0–172.31.255.255 192.168.0.0–192.168.255.255 NAT is like the receptionist in a large office. The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist that she is looking for you, the receptionist checks a lookup table that matches your name with your extension. The receptionist knows that you requested this call, and therefore forwards t

1.3.3 VLAN

VLAN A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access. You can also set up VLANs to control the paths that data takes to get from one point to another. A VLAN is a good way to contain network traffic to a certain area in a network. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. VLANs address issues such as scalability, security, and network management. By definition, switches may not br