DATA COMMUNICATION AND

COMPUTER NETWORKING
ICT 321
Computer Networks
BY

ENGR MUZAMMIL ABDULRAHMAN

EEED, PTI
2024
COMPUTER NETWORKS
TOPICS UNDER COMPUTER NETWORKS
 Classification of Computer Networks
 Network Topology
 Multimedia Networking- VOIP, Multimedia Network
Support.
 Network Security
 Network Management and Administration
 Network Troubleshooting
COMPUTER NETWORK
 A computer network is interconnection of various
computer systems located at different places. In
computer network two or more computers are linked
together with a medium and data communication
devices for the purpose of communication data and
sharing resources. The computer that provides resources
to other computers on a network is known as server. In
the network the individual computers, which access
shared network resources, are known as nodes.
 NETWORK TOPOLOGY
 1. Bus topology: Bus topology is a network type in where every computer and
network device is connected to single cable.
 BUS TOPOLOGY
 FEATURES
 It transmits data only in one direction.
 Every device is connected to a single cable
 ADVANTAGES
 It is cost effective.
 Cable required is least compared to other network topology.
 Used in small networks.
 It is easy to understand.
 Easy to expand joining two cables together.
 DISADVANTAGES
 Cables fails then whole network fails.
 If network traffic is heavy or nodes are more the performance of the network
decreases.
 Cable has a limited length.
 It is slower than the ring topology.
RING TOPOLOGY
 In this topology each computer is connected to another computer, with the last
one connected to the first. Exactly two neighbours for each device
 RING TOPOLOGY
 FEATURES

 1. A number of repeaters are used and the transmission is

unidirectional.
 2. Date is transferred in a sequential manner that is bit by bit.
 ADVANTAGES
 Transmitting network is not affected by high traffic or by adding more
nodes, as only the nodes having tokens can transmit data.
 Cheap to install and expand
 DISADVANTAGES
 Troubleshooting is difficult in ring topology.
 Adding or deleting the computers disturbs the network activity.
 Failure of one computer disturbs the whole network.
 STAR TOPOLOGY
 In this type of topology all the computers are connected to a single hub
through a cable. This hub is the central node and all others nodes are
connected to the central node.
 STAR TOPOLOGY
 FEATURES
 Every node has its own dedicated connection to the hub.
 Acts as a repeater for data flow.
 Can be used with twisted pair, Optical Fibre or coaxial cable.
 ADVANTAGES

 Fast performance with few nodes and low network traffic.

 Hub can be upgraded easily.
 Easy to troubleshoot.
 Easy to setup and modify.
 Only that node is affected which has failed rest of the nodes can work smoothly.
 DISADVANTAGES

 Cost of installation is high.

 Expensive to use.
 If the hub is affected then the whole network is stopped because all the nodes depend on the hub.
 Performance is based on the hub that is it depends on its capacity
 MESH TOPOLOGY
 In a mesh network topology, each of the network node, computer and
other devices, are interconnected with one another. Every node not only
sends its own signals but also relays data from other nodes. In fact a true
mesh topology is the one where every node is connected to every other
node in the network. It is commonly used in wireless networks. Flooding or
routing technique is used in mesh topology.
 MESH TOPOLOGY
 ADVANTAGES
 Each connection can carry its own data load.
 It is robust.
 Fault is diagnosed easily.
 Provides security and privacy

 DISADVANTAGES
 Installation and configuration is difficult.
 Cabling cost is more.
 Bulk wiring is required.
TREE TOPOLOGY
MESH TOPOLOGY
 FEATURES
 Ideal if workstations are located in groups.
 Used in Wide Area Network.
 ADVANTAGES
 Extension of bus and star topologies.
 Expansion of nodes is possible and easy.
 Easily managed and maintained.
 Error detection is easily done.
 DISADVANTAGES
 Heavily cabled.
 Costly.
 If more nodes are added maintenance is difficult.
 Central hub fails, network fails.
 CLASSIFICATION OF COMPUTER NETWORKS
 BASED ON TECHNOLOGICAL ARRANGEMENT
1. PEER TO PEER MODEL
2. CLIENT SERVER MODEL
1. PEER TO PEER MODEL
 In a P2P network, the "peers" are computer systems
which are connected to each other via the Internet.
Files can be shared directly between systems on the
network without the need of a central server. In other
words, each computer on a P2P network becomes a file
server as well as a client. The only requirements for a
computer to join a peer-to-peer network are an Internet
connection and P2P software. Examples of p2p software
include limewire, bittorrent. Most P2P programs are
focused on media sharing and P2P is therefore often
associated with software piracy and copyright violation.
 ADVANTAGES AND DISADVANTAGES OF
P2P

 ADVANTAGES
 1. User friendly as users are allowed to control many parameters of the
operation e.g how many member connections to seek , which systems to
connect to, what services to offer, how many system resources to devote to
the network.
 DISADVANTAGES
 1. Uses of lot of bandwidth
 2. Not secure because it bypasses firewalls and can be used to distribute
malware.
2.CLIENT SERVER MODEL
 Client/server is a program relationship in which one program (the
client) requests a service or resource from another program (the
server). Although the client/server model can be used by programs
within a single computer, it is a more important concept for
networking. In this case, the client establishes a connection to the
server over a local area network (LAN) or wide-area network (WAN),
such as the Internet. Once the server has fulfilled the client's request,
the connection is terminated. Your Web browser is a client program
that has requested a service from a server; in fact, the service and
resource the server provided is the delivery of this Web page. Most
business applications use the client/server model as does the
Internet's main program, TCP/IP
CLASSIFICATION OF COMPUTER NETWORKS
 BASED ON ADMINISTRATIVE ARRANGEMENT.
1. CENTRALISED SYSTEMS
2. DISTRIBUTED SYSTEMS
3. COLLABORATIVE SYSTEMS
CENTRALISED SYSTEMS
 Centralized computing is a type of computing architecture where
all or most of the processing/computing is performed on a central
server. Centralized computing enables the deployment of all of a
central server's computing resources, administration and
management. The central server, in turn, is responsible for delivering
application logic, processing and providing computing resources
(both basic and complex) to the attached client machines.
Centralized computing is similar to a client/server architecture
where one or more client PCs are directly connected to a central
server.
CENTRALISED SYSTEMS
 Advantages and disadvantages.
 The benefits of a Centralized model are lower capital and
operational cost (minimal hardware at each site), security
(all data stored in a secured datacenter), less
administrative overhead (fewer resources needed since
all equipment is in one location), less backup complexity,
and greater control over potential risk areas such as
Internet access. The downside to a Centralized model is
that your remote site’s WAN connection is now a major
point of failure. Whether this is a point-to-point, MPLS, or
VPN connection, if this link goes down, that site now has
zero access to anything at the Datacenter.
 DISTRIBUTED SYSTEMS
 In a purely Distributed model, each site is self-sustained for the most
part. While some connectivity to the primary datacenter is required,
the remote site would host its own Email Server, manage its own
backups, control its own Internet access, and host its own Shared
Files.
DISTRIBUTED SYSTEMS
 Advantages and Disadvantages
 The benefit of a Distributed model is that each site can ‘survive’ on its own.
There is no Single Point of Failure in this regard. The downside to this
approach, obviously, is cost. Not only would this require additional
hardware and software costs, but you most certainly would require at least
a partial onsite presence at each location regardless of how many remote
management components are in place.
 COLLABORATIVE SYSTEMS
 A collaborative system has to do with a combination of
several interconnected systems connected together,
these systems often share resources and can either be
centralized or distributed.
CLASSIFICATION OF COMPUTER
NETWORKS
 BASED ON GEOGRAPHICAL ARRANGEMENT
1. LOCAL AREA NETWORKS
2. METROPOLITIAN AREA NETWORK
3. WIDE AREA NETWORKS
LOCAL AREA NETWORKS
 The computers are geographically close together (that is, in the same
building). This type of computer network is operated under single
administrative system is generally termed as Local Area Network (LAN). A
LAN consists of a shared transmission medium and a set of hardware and
software for interfacing devices to the medium and regulating the orderly
access to the medium
 LAN provides a useful way of sharing the resources between end users. The
resources such as printers, file servers, scanners, and internet are easily
sharable among computers.
LAN APPLICATIONS

 1. Video Conferencing
 2. Gaming servers
 3. Remote Access controls
 4. Personal computer LANS
 5. Back end networks and storage area networks
 6. High speed office network
NETWORK LAN TECHNOLOGIES
 1. ETHERNET
 Ethernet is a widely deployed LAN technology.
 Ethernet shares media. Network which uses shared media has high
probability of data collision. Ethernet uses Carrier Sense Multi
Access/Collision Detection (CSMA/CD) technology to detect
collisions. On the occurrence of collision in Ethernet, all its hosts roll
back, wait for some random amount of time, and then re-transmit
the data.
 Ethernet connector is, THE network interface card equipped with 48-
bits MAC address. This helps other Ethernet devices to identify and
communicate with remote devices in Ethernet.
NETWORK LAN TECHNOLOGIES
 Traditional Ethernet uses 10BASE-T specifications. The number 10 depicts
10MBPS speed, BASE stands for baseband, and T stands for Thick Ethernet.
10BASE-T Ethernet provides transmission speed up to 10MBPS and uses
coaxial cable or Cat-5 twisted pair cable with RJ-5 connector. Ethernet
follows star topology with segment length up to 100 meters. All devices are
connected to a hub/switch in a star fashion.
 2. Fast-Ethernet
 To encompass need of fast emerging software and hardware technologies,
Ethernet extends itself as Fast-Ethernet. It can run on UTP, Optical Fiber, and
wirelessly too. It can provide speed up to 100 MBPS. This standard is named
as 100BASE-T in IEEE 803.2 using Cat-5 twisted pair cable. It uses CSMA/CD
technique for wired media sharing among the Ethernet hosts and CSMA/CA
(CA stands for Collision Avoidance) technique for wireless Ethernet LAN.
 NETWORK LAN TECHNOLOGIES
 Fast Ethernet on fiber is defined under 100BASE-FX standard which provides
speed up to 100 MBPS on fiber. Ethernet over fiber can be extended up to
100 meters in half-duplex mode and can reach maximum of 2000 meters in
full-duplex over multimode fibers.
 3. Giga-Ethernet
 After being introduced in 1995, Fast-Ethernet could enjoy its high speed
status only for 3 years till Giga-Ethernet introduced. Giga-Ethernet provides
speed up to 1000 mbits/seconds. IEEE802.3ab standardize Giga-Ethernet over
UTP using Cat-5, Cat-5e and Cat-6 cables. IEEE802.3ah defines Giga-Ethernet
over Fiber.
NETWORK LAN TECHNOLOGIES
 4.Virtual LAN
 LAN uses Ethernet which in turn works on shared media. Shared media in
Ethernet create one single Broadcast domain and one single Collision
domain. Introduction of switches to Ethernet has removed single collision
domain issue and each device connected to switch works in its separate
collision domain. But even Switches cannot divide a network into separate
Broadcast domains.
 Virtual LAN is a solution to divide a single Broadcast domain into multiple
Broadcast domains. Host in one VLAN cannot speak to a host in another. By
default, all hosts are placed into the same VLAN
NETWORK LAN TECHNOLOGIES
 5. VPN
 A Virtual private network (VPN) extends a private network across a public
network, such as the Internet. It enables a computer or network-enabled
device to send and receive data across shared or public networks as if it
were directly connected to the private network, while benefiting from the
functionality, security and management policies of the private network. A
VPN is created by establishing a virtual point-to-point connection through
the use of dedicated connections, virtual tunneling protocols, or traffic
encryption. Major implementations of VPNs include OpenVPN and IPsec.
METROPOLITIAN AREA NETWORK
 The Metropolitan Area Network (MAN) generally expands throughout a city
such as cable TV network. It can be in the form of Ethernet, Token-ring,
ATM, or Fiber Distributed Data Interface (FDDI).Metro Ethernet is a service
which is provided by ISPs. This service enables its users to expand their Local
Area Networks.
WIDE AREA NETWORKS
 The computers are farther apart and are connected by telephone lines or
radio waves. The Wide Area Network (WAN) covers a wide area which may
span across provinces and even a whole country. Generally,
telecommunication networks are Wide Area Network. These networks
provide connectivity to MANs and LANs. Since they are equipped with very
high speed backbone, WANs use very expensive network equipment.
WANs are widely used in banking. The financial markets are also heavily
dependent on wide area computer networks. They provide for remote
database access, which is the basis for airline reservations and home
banking. They also provide electronic mail or e-mail.
MULTIMEDIA NETWORKING

We define a multimedia network application as any

network application that employs audio or video.

A multimedia application can be divided into four

 Stored audio/video,
 Conversational voice/video-over-IP,
 Streaming live audio/video.
 VOICE OVER INTERNET PROTOCOL- VOIP

 Voice over IP (VoIP) is a methodology and group of technologies for the

delivery of voice communications and multimedia sessions over Internet
Protocol (IP) networks, such as the Internet.it is a method for taking analog
audio signals, like the kind you hear when you talk on the phoneand turning
them into digital data that can be transmitted over the Internet. Other terms
commonly associated with VoIP are IP telephony, Internet telephony,
broadband telephony, and broadband phone service. E.g skype
 Examples of VOIP protocols are SIP, session initiation protocol and Skype
protocol. These protocols can be used as software or integrated into a web
page like google talk. With VoIP, analog voice calls are converted into
packets of data. The packets travel like any other type of data, such as e-mail,
over the public Internet and/or any private Internet Protocol (IP) network.
 Using a VoIP service, you can call landline or cell phones. You can also call
computer-to-computer, with both parties speaking into a computer
microphone and listening through computer speakers or headsets.
NETWORK SECURITY
 SECURITY REQUIREMENTS
1. CONFIDENTIALITY: Protection from disclosure to unauthorized
persons
2. INTEGRITY: Maintaining data consistency
3. AUTHENTICATION: Assurance of identity of person or originator of
data
4. NON-REPUDIATION: Originator of communications can’t deny it later
5. AVAILABILITY: Legitimate users have access when they need it
6. ACCESS CONTROL: Unauthorized users are kept out
SECURITY MECHANISMS
 Three basic building blocks are used:
1• Encryption is used to provide confidentiality, can provide authentication
and integrity protection
2• Digital signatures are used to provide authentication, integrity protection,
and non-repudiation
3• Checksums/hash algorithms are used to provide integrity protection, can
provide authentication

 One or more security mechanisms are combined to provide a security

service
ATTACK TYPES
 There are two types of attack on a computer network
 Active Attack
 Passive Attack

Passive attack can only observe communications or data

Active attack can actively modify communications or data
ACTIVE ATTACK
 An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
 Types of active attacks:
 In a masquerade attack, the intruder pretends to be a particular user of a
system to gain access or to gain greater privileges than they are authorized
for. A masquerade may be attempted through the use of stolen login IDs
and passwords, through finding security gaps in programs or through
bypassing the authentication mechanism.
 In a session replay attack, a hacker steals an authorized user’s log in
information by stealing the session ID. The intruder gains access and the
ability to do anything the authorized user can do on the website.
ACTIVE ATTACK
 In a message modification attack, an intruder alters packet header
addresses to direct a message to a different destination or modify the data
on a target machine.
 In a denial of service (DoS) attack, users are deprived of access to a
network or web resource. This is generally accomplished by overwhelming
the target with more traffic than it can handle.
 In a distributed denial-of-service (DDoS) exploit, large numbers of
compromised systems (sometimes called a botnet or zombie army) attack
a single target.
PASSIVE ATTACK
 Active attacks contrast with passive attacks, in which an unauthorized
party monitors networks and sometimes scans for open ports and
vulnerabilities. The purpose is to gain information about the target and no
data is changed. However, passive attacks are often preparatory activities
for active attacks
 A passive attack is a network attack in which a system is monitored and
sometimes scanned for open ports and vulnerabilities. The purpose is solely
to gain information about the target and no data is changed on the
target.
 PASSIVE ATTACK
 Methods of passive attacks:
 War driving detects vulnerable Wi-Fi networks by scanning them from nearby
locations with a portable antenna. The attack is typically carried out from a
moving vehicle, sometimes with GPS systems that hackers use to plot out
areas with vulnerabilities on a map. War driving can be done just to steal an
Internet connection or as a preliminary activity for a future attack.
 In dumpster diving, intruders look for information stored on discarded
computers and other devices or even passwords in trash bins. The intruders
can then use this information to facilitate covert entry to a network or system.
 An intruder might masquerade as an authorized network user and spy without
interaction. With that access, an intruder might monitor network traffic by
setting the network adapter to promiscuous mode.
 Passive attacks include active reconnaissance and passive reconnaissance.
In passive reconnaissance, an intruder monitors systems for vulnerabilities
without interaction, through methods like session capture. In active
reconnaissance, the intruder engages with the target system through
methods like port scans.
FIREWALL
 A firewall is a system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in both hardware and
software, or a combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to
the Internet, especially intranets. All messages entering or leaving the
intranet pass through the firewall, which examines each message and
blocks those that do not meet the specified security criteria.
 Firewalls can be either hardware or software but the ideal firewall
configuration will consist of both. In addition to limiting access to your
computer and network, a firewall is also useful for allowing remote access
to a private network through secure authentication certificates and logins.
 FIREWALL TECHNIQUES
1. PACKET FILTER: Looks at each packet entering or leaving the network and
accepts or rejects it based on user-defined rules. Packet filtering is fairly
effective and transparent to users, but it is difficult to configure. In addition, it
is susceptible to IP spoofing. IP spoofing, also known as IP address forgery or a
host file hijack, is a hijacking technique in which a cracker masquerades as a
trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain
access to a network.
2. APPLICATION GATEWAY : Applies security mechanisms to specific
applications, such as FTP and Telnet servers. This is very effective, but can
impose a performance degradation.
3. CIRCUIT-LEVEL GATEWAY: Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets
can flow between the hosts without further checking.
4. Proxy Server: Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses. In practice, many
firewalls use two or more of these techniques.
 A COMPUTER VIRUS
 A computer virus is a type of malicious software program ("malware") that,
when executed, replicates by reproducing itself (copying its own source
code) or infecting other computer programs by modifying them.[1]
Infecting computer programs can include as well, data files, or the "boot"
sector of the hard drive. When this replication succeeds, the affected areas
are then said to be "infected" with a computer virus.
 Virus parts
1. Infection mechanism
Infection mechanism (also called 'infection vector'), is how the virus spreads or
propagates. A virus typically has a search routine, which locates new files or
new disks for infection.
2. Trigger
The trigger, which is also known as logic bomb, is the compiled version that
could be activated any time an executable file with the virus is run that
determines the event or condition for the malicious "payload" to be activated
or delivered such as a particular date, a particular time, particular presence of
another program, capacity of the disk exceeding some limit, or a double-click
that opens a particular file.
 Virus parts
3. Payload
 The "payload" is the actual body or data that perform the actual malicious
purpose of the virus. Payload activity might be noticeable (e.g., because it
causes the system to slow down or "freeze"), as most of the time the
"payload" itself is the harmful activity, or some times non-destructive but
distributive, which is called Virus hoax.
Phases in the Life Cycle of a Computer
Virus
1. Dormant phase
 The virus program is idle during this stage. The virus program has managed to
access the target user's computer or software, but during this stage, the virus
does not take any action. The virus will eventually be activated by the "trigger"
which states which event will execute the virus, such as a date, the presence of
another program or file, the capacity of the disk exceeding some limit or the
user taking a certain action (e.g., double-clicking on a certain icon, opening
an e-mail, etc.). Not all viruses have this stage.
2. Propagation phase
 The virus starts propagating, that is multiplying and replicating itself. The virus
places a copy of itself into other programs or into certain system areas on the
disk. The copy may not be identical to the propagating version; viruses often
"morph" or change to evade detection by IT professionals and anti-virus
software. Each infected program will now contain a clone of the virus, which
will itself enter a propagation phase.
Phases in the Life Cycle of a Computer
Virus
3. Triggering phase
 A dormant virus moves into this phase when it is activated, and will now
perform the function for which it was intended. The triggering phase can be
caused by a variety of system events, including a count of the number of times
that this copy of the virus has made copies of itself.
4. Execution phase
 This is the actual work of the virus, where the "payload" will be released. It can
be destructive such as deleting files on disk, crashing the system, or corrupting
files or relatively harmless such as popping up humorous or political messages
on screen.
 OTHER TYPES OF MALWARE
 Computer "worms",(Worm ware)
 Ransomware,
 Trojan horses,
 key loggers
 Rootkits
 Spyware
 Adware
 Malicious Browser Helper Object (BHOs)
Delivery/Infection Methods

 When we’re trying to build better software to remove malware from your
machine, the main things that we are interested in is how it got into your
computer and how it is continuing to work. The malware will generally fit
into one of the following categories.
 Virus – this is a term that used to be generic. Any bad software used to be a
virus; however, we use the term “malware” now. We use the word “virus” to
describe a program that self-replicates after hooking itself onto something
running in Windows®.
Delivery/Infection Methods
 Worm – a worm is another kind of self-replicating program but generally
doesn’t hook itself onto a Windows process. Worms generally are little
programs that run in the background of your system.

 Trojan – software that you thought was going to be one thing, but turns out
to be something bad. Named for the fabled “Trojan Horse” that appeared
to be a gift but in fact carried a dangerous payload.

 Drive-by download – this is probably the most popular way to get

something nasty into your computer. Most of the time, it comes from visiting
a bad web page. That web page exploits a weakness in your browser and
causes your system to become infected.
Malware Actions
 Once malware is in your computer, it can do many things. Sometimes it’s
only trying to replicate itself with no harm to anyone, other times it’s
capable of doing very nasty things.
 Adware – not truly malware and almost never delivered using one of the
methods above. Adware is software that uses some form of advertising
delivery system. Sometimes the way that advertisements are delivered can
be deceptive in that they track or reveal more information about you than
you would like. Most of the time, you agree to the adware tracking you
when you install the software that it comes with. Generally, it can be
removed by uninstalling the software it was attached to.
Malware Actions
 Spyware – software that monitors your computer and reveals collected
information to an interested party. This can be benign when it tracks what
webpages you visit; or it can be incredibly invasive when it monitors
everything you do with your mouse and keyboard.

 Ransomware – lately a very popular way for Internet criminals to make

money. This malware alters your system in such a way that you’re unable to
get into it normally. It will then display some kind of screen that demands
some form of payment to have the computer unlocked. Access to your
computer is literally ransomed by the cyber-criminal.

 Scareware – software that appears to be something legit (usually

masquerading as some tool to help fix your computer) but when it runs it
tells you that your system is either infected or broken in some way. This
message is generally delivered in a manner that is meant to frighten you
into doing something. The software claims to be able to fix your problems if
you pay them. Scareware is also referred to as “rogue” software – like
rogue antivirus.
 PENETRATION TESTING.
 Penetration Testing is used to find flaws in the system in order to take appropriate
security measures to protect the data and maintain functionality.

 What is Penetration Testing?

 Penetration testing is a type of security testing that is used to test the insecurity of
an application. It is conducted to find the security risk which might be present in
the system.
 If a system is not secured, then any attacker can disrupt or take authorized access
to that system. Security risk is normally an accidental error that occurs while
developing and implementing the software. For example, configuration errors,
design errors, and software bugs, etc.
NEED FOR PENETRATION TESTING

 Penetration testing normally evaluates a system’s ability to protect its

networks, applications, endpoints and users from external or internal
threats. It also attempts to protect the security controls and ensures only
authorized access.
 Penetration testing is essential because −
 It identifies a simulation environment i.e., how an intruder may attack the
system.
 It helps to find weak areas where an intruder can attack to gain access to
the computer’s features and data.
NEED FOR PENETRATION TESTING.

 It supports to avoid active attack and protects the original data.

 It estimates the magnitude of the attack on potential business.
 It provides evidence to suggest, why it is important to increase investments
in security aspect of technology
 fingerprinting OpenBSD,
Nmap Network Linux, Windows, Free

PENETRATION TESTING TOOLS

Scanning
Port Scanning
FreeBSD, OS X,
HP-UX, NetBSD,
OS Detection Sun, OpenBSD,
Solaris, IRIX, Mac,
etc.
SuperScan Runs queries Windows Free
including ping, 2000/XP/Vista/7
whois, hostname
lookups, etc.
Detects open
UDP/TCP ports
and determines
which services
are running on
those ports.
p0f Os fingerprinting Linux, FreeBSD, Free
Firewall detection NetBSD,
OpenBSD, Mac
OS X, Solaris,
Windows, and AIX
Xprobe Remote active Linux Free
 NETWORK MANAGEMENT AND
ADMINSTRATION
 Network Management involves the use of tools by a network
administrator to actively monitor, manage, and control the
system with which she or he is entrusted.
 A Network Administrator is the trained personnel responsible
for network management in either a LAN, WAN, MAN
 “Network management includes the deployment, integration,
and coordination of the hardware, software, and human
elements to monitor, test, poll, configure, analyze, evaluate,
and control the network and element resources to meet the
real-time, operational performance, and Quality of Service
requirements at a reasonable cost.”
PROCESSES WITHIN NETWORK MANAGMENT
 DETECTING FAILURE OF AN INTERFACE CARD AT A HOST OR A
ROUTER
 HOST MONITORING
 MONITORING TRAFFIC TO AID IN RESOURCE DEPLOYMENT
 DETECTING RAPID CHANGES IN ROUTING TABLES
 MONITORING FOR SERVICE LEVEL AGREEMENTS. : SLAS are contracts
that define specific performance metrics and acceptable levels of
network provider performance with respect to these metrics.
Service level agreements include service availability, latency,
throughput and outage notification requirements.
 INTRUSION DETECTION
 AREAS OF NETWORK MANAGEMENT
 PERFORMANCE MANAGEMENT: The goal of performance management is to
quantify, measure, report, analyze, and control the performance (for
example, utilization and throughput) of different network components.
 FAULT MANAGEMENT: The goal of fault management is to log, detect, and
respond to fault conditions in the network
 CONFIGURATION MANAGEMENT- Configuration management allows a
network manager to track which devices are on the managed network and
the hardware and software configurations of these devices.
 ACCOUNTING MANAGEMENT : Accounting management allows the network
manager to specify, log, and control user and device access to network
resources. Usage quotas, usage-based charging, and the allocation of
resource-access privileges all fall under accounting management
 SECURITY MANAGEMENT: The goal of security management is to control
access to network resources according to some well-defined policy.
NETWORK TROUBLESHOOTING
 Network troubleshooting is the collective measures and
processes used to identify, diagnose and resolve
problems and issues within a computer network. It is a
systematic process that aims to resolve problems and
restore normal network operations within the network.
 Network troubleshooting is primarily done by network
engineers or administrators to repair or optimize a
network. It is generally done to recover and establish
network or Internet connections on end nodes/devices
PROCESSES WITHIN NETWORK
TROUBLESHOOTING

 Finding and resolving problems and establishing Internet/network

connection of a computer/device/node
 Configuring a router, switch or any network management device
 Installing cables or Wi-Fi devices
 Updating firmware devices on router switch
 Removing viruses
 Adding, configuring and reinstalling a network printer
NETWORK TROUBLESHOOTING TOOLS

1. PING
2. TRACEROUTE
3. IPCONFIG
4. NSLOOKUP
5. NETSTAT
6. IP CALCULATOR
7. SPEEDTEST.NET
8. PATHPING
9. ROUTE
 A COMPUTER VIRUS
 A computer virus is a type of malicious software program ("malware") that,
when executed, replicates by reproducing itself (copying its own source
code) or infecting other computer programs by modifying them.[1]
Infecting computer programs can include as well, data files, or the "boot"
sector of the hard drive. When this replication succeeds, the affected areas
are then said to be "infected" with a computer virus.
 Virus parts
1. Infection mechanism
Infection mechanism (also called 'infection vector'), is how the virus spreads or
propagates. A virus typically has a search routine, which locates new files or
new disks for infection.
2. Trigger
The trigger, which is also known as logic bomb, is the compiled version that
could be activated any time an executable file with the virus is run that
determines the event or condition for the malicious "payload" to be activated
or delivered such as a particular date, a particular time, particular presence of
another program, capacity of the disk exceeding some limit, or a double-click
that opens a particular file.
 Virus parts
3. Payload
 The "payload" is the actual body or data that perform the actual malicious
purpose of the virus. Payload activity might be noticeable (e.g., because it
causes the system to slow down or "freeze"), as most of the time the
"payload" itself is the harmful activity, or some times non-destructive but
distributive, which is called Virus hoax.
Phases in the Life Cycle of a Computer
Virus
1. Dormant phase
 The virus program is idle during this stage. The virus program has managed to
access the target user's computer or software, but during this stage, the virus
does not take any action. The virus will eventually be activated by the "trigger"
which states which event will execute the virus, such as a date, the presence of
another program or file, the capacity of the disk exceeding some limit or the
user taking a certain action (e.g., double-clicking on a certain icon, opening
an e-mail, etc.). Not all viruses have this stage.
2. Propagation phase
 The virus starts propagating, that is multiplying and replicating itself. The virus
places a copy of itself into other programs or into certain system areas on the
disk. The copy may not be identical to the propagating version; viruses often
"morph" or change to evade detection by IT professionals and anti-virus
software. Each infected program will now contain a clone of the virus, which
will itself enter a propagation phase.
Phases in the Life Cycle of a Computer
Virus
3. Triggering phase
 A dormant virus moves into this phase when it is activated, and will now
perform the function for which it was intended. The triggering phase can be
caused by a variety of system events, including a count of the number of times
that this copy of the virus has made copies of itself.
4. Execution phase
 This is the actual work of the virus, where the "payload" will be released. It can
be destructive such as deleting files on disk, crashing the system, or corrupting
files or relatively harmless such as popping up humorous or political messages
on screen.
 OTHER TYPES OF MALWARE
 Computer "worms",(Worm ware)
 Ransomware,
 Trojan horses,
 key loggers
 Rootkits
 Spyware
 Adware
 Malicious Browser Helper Object (BHOs)
Delivery/Infection Methods

 When we’re trying to build better software to remove malware from your
machine, the main things that we are interested in is how it got into your
computer and how it is continuing to work. The malware will generally fit
into one of the following categories.
 Virus – this is a term that used to be generic. Any bad software used to be a
virus; however, we use the term “malware” now. We use the word “virus” to
describe a program that self-replicates after hooking itself onto something
running in Windows®.
Delivery/Infection Methods
 Worm – a worm is another kind of self-replicating program but generally
doesn’t hook itself onto a Windows process. Worms generally are little
programs that run in the background of your system.

 Trojan – software that you thought was going to be one thing, but turns out
to be something bad. Named for the fabled “Trojan Horse” that appeared
to be a gift but in fact carried a dangerous payload.

 Drive-by download – this is probably the most popular way to get

something nasty into your computer. Most of the time, it comes from visiting
a bad web page. That web page exploits a weakness in your browser and
causes your system to become infected.
Malware Actions
 Once malware is in your computer, it can do many things. Sometimes it’s
only trying to replicate itself with no harm to anyone, other times it’s
capable of doing very nasty things.
 Adware – not truly malware and almost never delivered using one of the
methods above. Adware is software that uses some form of advertising
delivery system. Sometimes the way that advertisements are delivered can
be deceptive in that they track or reveal more information about you than
you would like. Most of the time, you agree to the adware tracking you
when you install the software that it comes with. Generally, it can be
removed by uninstalling the software it was attached to.
Malware Actions
 Spyware – software that monitors your computer and reveals collected
information to an interested party. This can be benign when it tracks what
webpages you visit; or it can be incredibly invasive when it monitors
everything you do with your mouse and keyboard.

 Ransomware – lately a very popular way for Internet criminals to make

money. This malware alters your system in such a way that you’re unable to
get into it normally. It will then display some kind of screen that demands
some form of payment to have the computer unlocked. Access to your
computer is literally ransomed by the cyber-criminal.

 Scareware – software that appears to be something legit (usually

masquerading as some tool to help fix your computer) but when it runs it
tells you that your system is either infected or broken in some way. This
message is generally delivered in a manner that is meant to frighten you
into doing something. The software claims to be able to fix your problems if
you pay them. Scareware is also referred to as “rogue” software – like
rogue antivirus.