AAA is a way to control who can access a network (authenticate), what they can do

while they are there (authorize), and what actions they performed while accessing the
network (accounting).

Main components of AAA are:

Authentication - way to control who can access a network and it can be established
using username and password combinations.

Authorization - After the user is authenticated, authorization services determine which

resources the user can access and which operations the user is allowed to perform.

Accounting - Accounting keeps track of how network resources are used.

Cryptography

Cryptography is a method that is used for secure communication. In this method sender
converts the plain text to cipher text (secure code) and send it to the receiver when it
is received by authorized receiver, cipher text is converted back to plain text by using
key.

Cryptography is provide

1. Confidentially / Privacy:- Ensuring that no one can read the message except the
intended receiver.
2. Integrity:- Assuring the receiver that the received message has not been altered.
3. Authentication:- The process of proving one's identity.
4. Non-repudiation: A mechanism to prove that the sender really sent this message.

Types of Cryptography:- There are 3 type of cryptography algorithm

i) Symmetric cryptography
ii) Asymmetric cryptography
iii) Hash

Symmetric cryptography:- In symmetric cryptography a single key is used for both

encryption and decryption. In this method the sender use key to encrypt the plain text
and send the cipher text to the receiver. The receiver applies the same key to decrypt
the message and recover plain text. It is also known as private key encryption or secret
key encryption.
DEC (data encryption stander), AES (Advance Encryption stander) are examples of
Symmetric cryptography.

Types of Symmetric Cryptography:- There are two types of symmetric cryptography:

i) Stream cipher
ii) Block cipher

Stream ciphers operate on a single bit at a time and implement some form of feedback
mechanism so that the key is constantly changing.

A block cipher operates on one block of data at a time using the same key on each
block.

Asymmetric Cryptography:- In Asymmetric cryptography two keys are used one for
encryption and another for decryption. In this method the sender use public key to
encrypt the plain text and send the cipher text to the receiver. The receiver then
applies private key to decrypt the message and recover plain text. Asymmetric
cryptography is also known as private cryptography.

RSA and DSA (Digital Signature Algorithm) are example of Asymmetric cryptography.

HASH Function:- A Hash function is an algorithm that takes a string of any length as
input and produce a fixed length string as output. Hash function is used in cryptography
for authentication and integrity of data. In this method if data changes then hash value
also change.

It is also known as message digests and one-way encryption.

MD5 (Message Digest) and SSH (Secure Hash Algorithm) are examples of Hash function.

Kerberos provides user-to-server authentication The Kerberos Server has two main
functions known as the Authentication Server (AS) and Ticket-Granting Server (TGS). The
current version of this protocol is Kerberos V5

VPN
A VPN is a private network that is created via tunneling over a public network, such as
Internet. Instead of using a dedicated physical connection, a VPN uses virtual
connections routed through the Internet from the organization to the remote site. The
logical connections can be made at either Layer 2 or Layer 3 of the OSI model.

Types of VPN networks:

i) Site-to-site
ii) Remote-access

A site-to-site VPN is created when devices on both sides of the VPN connection are
aware of the VPN configuration in advance. Frame Relay, ATM, GRE, and MPLS VPNs
are examples of site-to-site VPNs.

A remote-access VPN is created when VPN information is not statically set up, and it is
used for dynamically changing information.

There are two methods for deploying remote-access VPNs:

i) Secure Sockets Layer (SSL)

ii) IP Security (IPsec)

SSL VPN is a technology that provides remote-access connectivity from almost any
Internet-enabled location using a web browser and SSL encryption. It does not require a
software client to be preinstalled on the endpoint host.

SSL VPN provides three modes of remote access on Cisco IOS routers: clientless, thin
client, and full client.

GRE (Generic routing encapsulation) is a tunneling protocol that creates a virtual point-to-
point link between remote devices over an IP. GRE supports multiprotocol tunneling. It
encapsulates the entire original IP packet with a standard IP header and GRE header.

The advantages of GRE are that it can be used to tunnel non-IP traffic over an IP
network. GRE supports multicast and broadcast traffic over the tunnel link. Therefore,
routing protocols are supported in GRE. GRE does not provide encryption.
IPsec is an IETF standard that defines how a VPN can be configured using the IP
addressing protocol. It is a framework that establishes the rules for secure
communications.

IPsec uses either AH or ESP for encapsulating packets and IKE protocol to establish
the key exchange process.

The IPsec framework consists of five building blocks:

i) IPsec protocol
iii) confidentiality
iv) integrity
v) Authentication.
vi) Secure key exchange.

The two main IPsec framework protocols are AH and ESP.

i) AH (Authentication Header) –is used for packet encapsulation when confidentiality is

not required or permitted. It uses IP protocol 51.

ii) ESP (Encapsulating Security Payload) – is used for packet encapsulation when
confidentiality and authentication is required. It provides confidentiality by performing
encryption on the IP packet. It
uses IP protocol 50.

HMAC (Hashed Message Authentication Codes) is a data integrity algorithm that guarantees
the integrity of the message using a hash value. At the local device hash algorithm is
used to produce a hash value. Then message is sent over the network with hash
value. At the remote device, the hash value is recalculated and compared to the sent
hash value. If the transmitted hash matches the received hash, the message integrity is
verified.

There are two common HMAC algorithms:

i) (MD5) Message Digest – is known as Message-Digest Algorithm and it is a widely

used cryptographic hash function that produces a 128-bit (16-byte) hash value. It
is commonly used to check data integrity. It uses a 128-bit shared-secret key.
 The variable-length message and 128-bit shared secret key are combined and run
through the MD5 hash algorithm. The output is a 128-bit hash.

ii) SHA – is known as for "secure hash algorithm". It uses a 160-bit secret key.
The variable-length message and the 160-bit shared secret key are combined and
run through the SHA hash algorithm. The output is a 160-bit hash.

There are two primary methods of configuring peer authentication.

i) PSKs (Pre-shared Keys) – is a pre-shared secret key value is entered into each
peer manually and is used to authenticate the peer. Pre-shared keys are easy to
configure manually but do not scale well.

ii) RSA is one of the most common asymmetric algorithms and it is based on a
public key and a private key. In RSA the local device derives a hash and
encrypts it with its private key. The encrypted hash is attached to the message
and is forwarded to the remote end. At the remote end, the encrypted hash is
decrypted using the public key of the local end. If the decrypted hash matches
the recomputed hash, the signature is genuine.

Zone-based Firewall:- In zone-based policy firewall interfaces are assigned to zones and
then an inspection policy is applied to traffic moving between the zones..

A DMZ is a portion of a network bounded by a firewall or set of firewalls. It also

defines the portions of a network that are trusted and the portions that are untrusted.

Digital signatures provide the same functionality as handwritten signatures with much more
facilities. It is based on a hash function and a public-key algorithm. It is used to
authenticate a user by using the private key of the user and the signature. RSA or
DSA (Digital Signature Algorithm) are used to perform digital signing.

How Digital Signature Works

In digital signature process, the sending device (signer) creates a hash of the document.
Then sending device encrypts the hash with the private key of the signer. After that
sender transmit it to receiver. The receiving device (verifier) accepts the document with
the digital signature and obtains the public key of the sending device. Then it decrypts
the signature using the public key of the sending device and makes a hash of the
received document, and compares this hash to the decrypted signature hash. If the
hashes match, the document is authentic.

PKI is known as public key infrastructure and it is a service framework that needed to
support large-scale public key-based technologies. It is an important authentication solution
for VPNs.

Certificate – is a document, which binds together the name of the entity and its public
key and has been signed by the certificate authority (CA).

Certificate authority (CA) – is a trusted third party entity that signs the public keys of
entities in a PKI-based system and issues certificates.

The port number is a 16 bit binary number in the TCP. The port numbers are divided
into three ranges. Each application or service is represented at Layer 4 by a port
number. The port number is in the range of 0-65535.

Types of Port No

 Well Known ports.

 Registered Ports.
 Dynamic Ports/Ephemeral ports

Well known Ports

The port numbers ranging from 0-1023.They are assigned to standard server processes
such as FTP, Telnet. The numbers are assigned by IANA
Registered Ports
The ports ranging from 1024 - 49151 are registered ports. They can be used for
proprietary server processors.

Dynamic Ports
The ports numbers from 49152 – 65535 are dynamic. It can be frequently used.
Normally they are used by client process temporarily.

TCP/IP Model:
TCP/IP created by department of defense in 1970. It is also called DoD Model. In
TCP/IP there are 4 layers:
1. Application Layer
2. Transport Layer
3. Internet Layer
4. Network Access Layer

The main difference between OSI and TCPI

 OSI Reference model has 7 layers whereas TPC/IP has 4 Layers.

 TCP/IP map Application, Presentation and Session layers into Application layer. It
also maps Data Link layer and Physical Layer into Network Access Layer.
 Both assume packet switching not circuit switching.

TCP/IP Protocols
TCP/IP is known as Transport Control Protocol/Internet Protocol it is the most commonly
used network protocol stack. Almost every network supports TCP/IP because it enables
different types of computer workstations to communicate.
TCP/IP performs these functions:
 Enables two network devices to establish a point-to-point connection and exchange
data. This is done by using an IP address.
 Allows devices to communicate over a LAN or over the Internet.
 Sends data from one LAN to another. This means it is a routable protocol.

TCP and UDP

 TCP UDP

Sequenced Unsequenced

Reliable Unreliable

Connection Oriented Connectionless

Virtual circuit Low overhead

Acknowledgement No Acknowledgement

Windowing and flow control No windowing or no flow control

Port 6 Port 17

FTP AND TFTP

FTP TFTP

FTP is known as File Transfer Protocol TFTP is known as Trivial File Transfer
Protocol
FTP uses TCP port 20 and 21 TFTP uses UDP port no 69

FTP provides authentication by using user TFTP does not provide authentication
name and password
FTP uses windowing while file transfer TFTP does not use windoing

IT is reliable but slow It is unreliable but faster

HTTP and HTTPs

HTTP is known as Hyper Text Transfer Protocol, and is a communications protocol for the
transfer of information on the Internet and the World Wide Web.

HTTP HTTPS
HTTP is known as Hyper Transport Protocol HTTPs stand for Hypertext Transfer Protocol
and it is used for communication on internet Secure and it is a combination of the
Hypertext Transfer Protocol with the
SSL/TLS protocol to provide encrypted
communication and secure identification of a
network web server.

URL begins with “http://” URL begins with “https://”

It uses port 80 for communication It uses port 443 for communication

Unsecured Secured

Operates at Application Layer Operates at Transport Layer

No encryption Encryption is present

No certificates required Certificates required

Telnet is a tcp/ip protocol that allows us to connect to remote computers. We use

software called a telnet client on our computer to make a connection to a telnet server
i.e., the remote host. Once our telnet client establishes a connection to the remote host,
client becomes a virtual terminal and thereby allowing us to communicate with the
remote host from our computer. Telnet requires the use of a user name and password,

SSH:- is a tcp/ip protocol that allows us to connect to remote computers. We use

software called a SSH client on our computer to make a connection to a remote host.
It is same as telnet but it provides secure connection and it encrypts the information
before transfer.

SFTP is known as SSH File Transfer protocol that provides file access, file transfer,
and file management functionality over any reliable data stream.

APIPA is known as automatic private IP addressing (APIPA) and it is a window feature.

When a Windows client boots up and If there is something wrong with the DHCP
server and a system on the network is not able to obtain an address from the DHCP
server, the clients will all assign themselves an address starting with 169.254.
ICMP is known as Internet control message protocol ICMP (Port No-1) and it is a
network layer protocol that is used by hosts and gateways to send notification of
datagram problems back to the sender. It uses the echo test / reply to test whether a
destination is reachable and responding. It also handles both control and error messages.
ICMP are encapsulated within ip datagram.

ARP is known as Address Resolution Protocol (ARP) and it resolves ip addresses to

Ethernet (MAC) addresses.

OSI Reference Model

OSI Reference model is known as Open System Interconnection and it describes how
information is transferred from one networking component to another. It also provides a
guideline to the venders for the implementation of new networking standards and
technologies. It is most often used as a teaching and troubleshooting tool. It is
developed by the International Organization for Standardization (ISO).

Layers of the OSI Reference Model

There are 7 layers of OSI reference model. The function of upper three

1. Application Layer:- is the 7th layer of OSI Reference Model and it provides interface
(such as CLI and SDM) between communication software and any applications that need
to communicate outside the computer on which the application resides. It also defines
process for user authentication. FTP for file transfer, HTTP for web browsing, POP3 and
SMTP for e-mail are examples of Application Layer protocols

2. Presentation Layer:- is the 6th layer of OSI Reference Model and It is responsible for
defining how various form of information is transferred and presented to the user in the
required format. It also provides encryption, decryption and data compression. ASCII,
JPEG, MIDI main examples of Presentation Layer.

3. Session Layer:- is the 5th layer of OSI Reference Model and it establish, manage, and
terminate session between two communicating hosts. It organize communication between
two hosts by offering three different modes

 Simplex

 Half Duplex
  Full Duplex

4. Transport Layer:- is the 4th Layer of OSI Reference Model and it manages end to end
communication between two hosts and error correction. It also assigns port number.
Transport Layer provides 5 main services:

a. Reliable or Unreliable delivery of data

b. Connection oriented or Connectionless communication

c. Multiplexing

d. Segmentation and

e. Flow control.

TCP and UDP are the main examples of transport layer protocol.

5Network Layer: is the 3rd layer of OSI Reference Model and it determines three main
features: Routing, logical addressing and path determination. Router works at this layer.
TCP/IP, IP, IPX and Apple Talk are the example of network layer protocols. Ping,
tracerroute and ARP are common tools used to troubleshoot the network layer issue.

6. Data Link Layer:- is the 2nd layer of OSI Reference Model and defines the media’s
frame type and transmission method. It provides physical (MAC) or hardware address.
The data link layer also responsible for taking bits (binary 1 or 0s) from physical layer
and reassembling them into frame. It also does error detection by using FCS and
discards bad frames. Ethernet, HDLC, PPP, ATM and Frame Relay are examples of
Data Link Layer Protocol. Switch, Bridge, modem and NIC work at Data Link Layer.

Logical Link Control (LLC) 802.2 Sub Layer defines how to multiplex multiple network layer
protocols in the data link layer frame. LLC is performed in software.

Media Access Control (MAC) 802.3 Sub Layer defines how information is transmitted in an
Ethernet environment, and defines the framing, MAC addressing, and mechanics as to
how Ethernet works. MAC is performed in hardware.
7. Presentation Layer:- is the 1st or bottom most layer of OSI Reference Layer and
define physical characteristics of transmission medium including wire (UTP and FIBER)
and connectors (RJ-45, DB-9). It also provides Encryption, Compression and
Conversion. Ethernet IEEE 802.3 and RJ-45 are main examples of presentation layer.
Hub and Repeaters work at presentation layer.

Institute of Electrical and Electronics Engineers (IEEE) 802 Standards

 IEEE 802.1: Standards related to network management.

 IEEE 802.2: General standard for the data link layer in the OSI Reference Model.
The IEEE divides this layer into two sublayers -- the logical link control (LLC)
layer and the media access control (MAC) layer.

 IEEE 802.3: Defines the MAC layer for bus networks that use CSMA/CD. This is
the basis of the Ethernet standard.

 IEEE 802.4: Defines the MAC layer for bus networks that use a token-passing
mechanism (token bus networks).

 IEEE 802.5: Defines the MAC layer for token-ring networks.

 IEEE 802.6: Standard for Metropolitan Area Networks (MANs)

3 Way Handshakes is necessary for reliable TCP communication. To establish a reliable

connection, TCP use three-way handshake.

1. The client sends a SYN segment to the server indicating that the source wants to
establish a reliable session.

2. In response, the server replies with SYN-ACK segments indicating that session can be
established.
3. Finally the client sends an ACK back to the server indicating that session is now
established.

Flow control

Flow Control is used to ensure that networking devices don’t send too much information
to the destination; otherwise due to overflow some information can be dropped.

The transport layer can use two basic flow control methods:

1. TCP Windowing- Windowing is a method of flow control. In this method a window

size is defined that specifies how much segment can be sent before the source has to
wait for an acknowledgement from destination. Once the acknowledgment (ACK) is
received the source can send the next batch of data. For Example If we have
configured a window size of 3, the it is allowed to transmit three data segments before
an acknowledgment is received.

2. Ready/not ready signals- When the destination receives more traffic than it can handle
then it can send a not ready signal to the source indicating that the source should stop
transmitting data. When destination become free then it can send a ready signal
indicating that source can resume sending data.

MULTIPLEXING:- is a method by which multiple analog message signals or digital data

streams are combined into one signal over a shared medium. The multiplexed signal is
transmitted over a communication channel. The multiplexing divides the capacity of the
high-level communication channel into several low-level logical channels, one for each
message signal or data stream to be transferred. A reverse process, known as
demultiplexing, that can extract the original channels on the receiver side.

Data Encapsulation:

As application data is passed down the protocol stack on its way to be transmitted
across the network media, various protocols add information to it at each level. This is
commonly known as the encapsulation process.