The 7 Layers of the OSI Model

The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.

The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.

Application (Layer 7)

This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

Presentation (Layer 6)

This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.

Session (Layer 5)

This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.

Transport (Layer 4)

This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

Network (Layer 3)

This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.

Data Link (Layer 2)

At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.

Physical (Layer 1)

This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

Source: webopedia.com
How to wire Ethernet Cables

What You Need:

Required:
  • Ethernet Cable - bulk Category (Cat) 5, 5e, 6, 6a or higher ethernet cable
  • Wire Cutters - to cut and strip the ethernet cable if necessary
  • For Patch Cables:
    • 8P8C Modular Connector Plugs ("RJ45")
    • Modular Connector Crimper ("RJ45")
  • For Fixed Wiring:
    • 8P8C Modular Connector Jacks ("RJ45")
    • 110 Punch Down Tool
Recommended:
  • Wire Stripper
  • Cable Tester

Ethernet Cable Pin Outs:

There are two basic ethernet cable pin outs. A straight through ethernet cable, which is used to connect to a hub or switch, and a crossover ethernet cable used to operate in a peer-to-peer fashion without a hub/switch. Generally all fixed wiring should be run as straight through. Some ethernet interfaces can cross and un-cross a cable automatically as needed, a handy feature.

Standard, Straight-Through Wiring Diagram(both ends are the same):

RJ45 Pin #Wire Color
(T568A)
              10Base-T Signal 100Base-TX Signal
1White/Green              Transmit+
2Green                       Transmit-
3White/Orange              Receive+                          
4Blue             Unused
5White/Blue             Unused
6Orange             Receive-
7White/Brown             Unused
8Brown             Unused
Straight-Through Ethernet Cable Pin Out for T568A

RJ45 Pin #Wire Color
(T568B)
10Base-T Signal 100Base-TX Signal
1White/Orange                      Transmit+
2Orange Transmit-                        
3White/Green     Receive+
4Blue Unused
5White/Blue Unused
6Green Receive-
7White/Brown Unused
8Brown Unused
Straight-Through Ethernet Cable Pin Out for T568B

____________________________________________________

Crossover Cable Wiring Diagram(T568B):

RJ45 Pin #
(END 1)
Wire Color                RJ45 Pin #
 (END 2)
Wire Color
1White/Orange1White/Green
2Orange2Green
3White/Green3White/Orange
4Blue4Blue
5White/Blue5White/Blue
6Green6Orange
7White/Brown7White/Brown
8Brown8Brown

Crossover Ethernet Cable Pin Outs
+Note: The crossover ethernet cable layout is suitable for 1000Base-T operation, all 4 pairs are crossed.

Source: ertyu.org
What's DMZ Network?

A DMZ network helps in protecting your internal network environment from direct access on the internet. DMZ is not any physical device or a virtual software. It is both a logical and a physical term.

In computer security, a DMZ (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military action is not permitted.

Services in the DMZ
Any service that is being provided to users on the external network can be placed in the DMZ. The most common of these services are:



Web servers that communicate with an internal database require access to a database server, which may not be publicly accessible and may contain sensitive information. The web servers can communicate with database servers either directly or through an application firewall for security reasons.
E-mail messages and particularly the user database are confidential information, so they are typically stored on servers that cannot be accessed from the Internet (at least not in an insecure manner), but can be accessed from the SMTP servers that are exposed to the Internet.
The mail server inside the DMZ passes incoming mail to the secured/internal mail servers. It also handles outgoing mail.
For security, legal compliance and monitoring reasons, in a business environment, some enterprises install a proxy server within the DMZ. This has the following consequences:
  • Obliges the internal users (usually employees) to use the proxy to get Internet access.
  • Allows the company to reduce Internet access bandwidth requirements because some of the web content may be cached by the proxy server.
  • Simplifies the recording and monitoring of user activities and block content violating acceptable use policies.
A reverse proxy server, like a proxy server, is an intermediary, but is used the other way around. Instead of providing a service to internal users wanting to access an external network, it provides indirect access for an external network (usually the Internet) to internal resources. For example, a back office application access, such as an email system, could be provided to external users (to read emails while outside the company) but the remote user would not have direct access to his email server. Only the reverse proxy server can physically access the internal email server. This is an extra layer of security, which is particularly recommended when internal resources need to be accessed from the outside. Usually such a reverse proxy mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a packet filter firewall does.

Architecture
There are many different ways to design a network with a DMZ. Two of the most basic methods are with a single firewall, also known as the three legged model, and with dual firewalls. These architectures can be expanded to create very complex architectures depending on the network requirements.

Single firewall

A single firewall with at least 3 network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. The firewall becomes a single point of failure for the network and must be able to handle all of the traffic going to the DMZ as well as the internal network. The zones are usually marked with colors -for example, purple for LAN, green for DMZ, red for Internet (with often another color used for wireless zones).

Dual firewall

A more secure approach is to use two firewalls to create a DMZ. The first firewall (also called the "front-end" firewall) must be configured to allow traffic destined to the DMZ only. The second firewall (also called "back-end" firewall) allows only traffic from the DMZ to the internal network.
This setup is considered more secure since two devices would need to be compromised. There is even more protection if the two firewalls are provided by two different vendors, because it makes it less likely that both devices suffer from the same security vulnerabilities. For example, accidental misconfiguration is less likely to occur the same way across the configuration interfaces of two different vendors, and a security hole found to exist in one vendor's system is less likely to occur in the other one. This architecture is, of course, more costly. The practice of using different firewalls from different vendors is sometimes described as a component of a "defense in depth" security strategy.

DMZ host

Some home routers refer to a DMZ host. A home router DMZ host is a host on the internal network that has all ports exposed, except those ports otherwise forwarded. By definition this is not a true DMZ (Demilitarized Zone), since it alone does not separate the host from the internal network. That is, the DMZ host is able to connect to hosts on the internal network, whereas hosts within a real DMZ are prevented from connecting with the internal network by a firewall that separates them, unless the firewall permits the connection. A firewall may allow this if a host on the internal network first requests a connection to the host within the DMZ. The DMZ host provides none of the security advantages that a subnet provides and is often used as an easy method of forwarding all ports to another firewall / NAT device.

Source: wikipedia
Understanding Router Settings

Understanding router settings is essential to configuring your router. Without understanding the settings, you might never get a functional router, or you might be missing vital security protocols.

Access control. Access control varies depending on the router, but it enables you to create custom settings for Internet and Web access. You can permit certain Web sites, or block them. You can also use access control to give some applications permission to access the Internet, which you may need to do if you participate in online gaming.

DHCP. DHCP stands for Dynamic Host Configuration Protocol. Practically speaking, when DHCP is enabled, your router assigns devices on your network an IP address when they connect. DHCP can sometimes cause IP address conflicts, such as when you have a printer connected to the network with a specific IP address and the router assigns the same IP address to a computer or laptop. The default DHCP settings are usually sufficient, but you might need to edit them if you have frequent IP address conflicts or issues.

DNS. DNS, or Domain Name System, is a part of your Internet connection data. You can typically enter a default DNS, or a DNS provided by your ISP, for most Internet applications. However, if you're hosting your own Web site or you need to use a custom DNS setting, you'll need to make some specific edits to this setting.

MAC address filter. Every device on your network has a unique address, called a MAC address. For added network security on wireless routers, you can set up MAC address filtering. When MAC address filtering is enabled, only permitted MAC addresses can connect to your network. You must manually enter the MAC addresses for permitted devices in your router settings. Any device whose address is not entered in your MAC address filtering panel is unable to access your network.

Port forwarding. Some software programs or applications use specific ports to connect to the Internet and send data. By default, routers allow data transfer only through certain ports. If a device on your network attempts to send data through a blocked port, it won't go through. You can use port forwarding to open ports specifically for one computer or device, such as if you need it for online video conferencing or online gaming.

Visibility. Visibility controls whether or not other people can "see" your wireless network. When visibility is turned on, anyone within range of your router can see your wireless network's name on a list of wireless connection points. For added security, turn visibility off; then only people who know the network is there are able to connect to it.

Web site filter. A Web site filter works in one of two ways: Either you can set it to block all Web sites except the ones on the "allowed" list, or you can set it to allow all Web sites except those on the "blocked" list. Consult your router's documentation to determine how your Web site filtering works.

Wireless channel. The wireless channel is just like a wireless phone channel. If you experience interference on your wireless channel, you can try changing the channel to reduce interference.

WEP, WPA and WPA2. These are all encryption protocols to protect your network and data, in order of least effective to most effective. WPA2 is the best security protocol you can utilize in wireless routers, but not all devices support it. You might need to select a less effective protocol if your devices won't support higher-level protocols.

Source: life123.com