eMerge Browser Managed Security Platform Module 1 Networking for eMerge

Agenda Network Basics IP Networks Common Cases Questions

Network Basics

What is a network? A collection of devices linked by a common communications infrastructure Can be a Local Area Network (LAN) or a Wide Area Network (WAN) Often drawn as a pipe, as in a “data pipe” because data flows through it The “cloud” typically represents wide area network components such as the Internet

Network capacities Bandwidth is the amount of data that the pipe can carry – Generally expressed in millions of bits per second, or megabit or megabaud – Typical Ethernet networks are 10 or 100 megabits – New Ethernet networks exist that carry 1,000,000,000 bits per second (gigabit Ethernet) Theoretically because many factors effect the actual amount of data that can be carried Remember: throughput is only as good as the slowest segment – Typical bandwith usage Controler to node programing=1 megabit per second maximum Controler to computer=75 kb per second maximum Controler to node normal operation=25 kb per second maximum

A typical bandwidth situation The Internet comes in through a DSL connection – The connection can supply data inbound at 1.5 megabits per second – good for surfing the web – The outbound connection is only 325 kilobits per second – not so good for transmitting video Inside the office, though, things can run at 100 megabits per second – BUT: anything involving the WAN is subject to the asymmetric WAN capacities

The physical network, data, and protocols Ethernet is an electrical standard for transmitting data – 10BaseT and 100BaseT are Ethernet variants corresponding to 10 megabit and 100 megabit data capacities Other than Ethernet, common networks are Token Ring and FDDI (Fiber Distributed Data Interface) TCP/IP, UDP, Telnet, and FTP are protocols used for transmitting data

Data protocols ProtocolDescription TCP/IP Assures that data packets arrive at their destination correctly and in order; used by eMerge, web sites, etc. UDP Does not assure data packet order or integrity, but is less complicated than TCP/IP HTTPUsed for transmitting web pages using TCP/IP TelnetTransmits character data using UDP FTPUsed for transmitting files over a network

An IP address is like your telephone number or your home address -- each one is entirely unique. Every computer on the Internet has its very own IP address. The standard format is four groups of numbers separated by periods, and each number is an integer between 0 and 255. For example, a typical IP address would look like this: A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. Unlike the IP number, it includes no indication of where your computer is located. In DHCP's typical use, the server uses a requesting computer's MAC address to uniquely identify it. IP address and mac address

IP addresses Come in “public” and “private” varieties – Public address is assigned by an Internet service provider, e.g. Verizon – Private addresses are determined by a DHCP server on the premises – typically like x.x or 10.x.x.x MAC address is permanent but IP address may be dynamic or static – Dynamic address is assigned by a DHCP server – Static address is assigned by a system administrator

0 in a subnet octet means that that part of the ip address is what defines the individual product The ip address and subnet mask work together to define a network ip address ( 255) subnet mask 255 as a subnet mask octet means that that part of the ip address is used to define the network ip address (000) subnet mask Example: So with the subnet mask of and the network has an ip address of Then the devise you are putting on the network would have to have and ip address of (0-255) IP address and subnet mask

IP Networks

Ports and IP addresses Ports allow multiple data streams to go to a single address – Port numbers are assigned by IANA 80 is the default for web servers using HTTP 3306 is the default for database servers 7262 is for Network Controller auto recognition of nodes – Routers can restrict which ports are available eMerge

Domain Name System (DNS) Handles the translation of a text name to an IP address – Benefit is that text names are easier to type and IP addresses may change – DNS typically set up by an Internet Service Provider (ISP) DNS servers maintain the translation information – May be located internally or on the Internet (private or public) – DNS entry changes are propagated across many DNS servers

More about ports and URLs A Uniform Resource Locator (URL) identifies the protocol, server, and port for communication – Format is // : – Example: means communicate with IP address using HTTP protocol on port 8080http:// :8080 – Your browser assumes HTTP and port 80, so typing turns into and DNS is used to translate to its IP addresswww.myco.com – When you use other than a standard port, you have to specify the protocol, so “ :8080” without the in front of it doesn’t workhttp:// – Similarly, if you want an FTP server, you have to specify the protocol (as in ftp:// or the browser will think you want HTTP ftp://

Switches, routers, bridges, and hubs A hub is a simple device for connecting multiple devices to the same communications path – It functions much like a conventional analog (POTS) phone circuit where every device sees exactly the same data – You only need a hub in certain rare instances; generally you want a switch A switch is a device that connects multiple devices or LAN segments to a communications path – Unlike a hub, though, the device only “sees” data intended for it – The Network Controller has a two port switch built in – A switch can connect 10 megabit to 100 megabit Ethernet A router directs, or routes, data packets between networks Such as routing between the Internet and an office LAN – Routers commonly have built-in switches A bridge joins two networks or network segments – As in a “wireless Ethernet bridge” that converts wireless to Ethernet communications

Common router capabilities Routing – use network topology knowledge to optimally drive data from one point to another Gateway – acts as a gateway to the public Internet for devices on a LAN DHCP server – assigns addresses dynamically to devices on the LAN Firewall – restricts what types of data can enter the LAN from the outside Port translation – directs requests for data on the WAN side to a specific IP address on the LAN side by port (same port number) Port forwarding - directs requests for data on the WAN side to a specific IP address on the LAN side by port (different port number) Web Server – allows configuration through a web browser built into the router Back side of router LAN side / 4 port switchWAN / network side

Network attached storage (NAS) An inexpensive way to share storage across networked systems Makes storage (hard disk or memory stick) available online – Requires and IP address, user name, and password for the storage server – Unit at right costs about $80 plus the cost of a USB hard disk eMerge uses NAS to perform backups

Typical configurations

Planning a network: most basic configuration – used when there is no preexisting network Like pulling twisted pair except that you pull CAT-5 Determine an ip addressing scheme ie XXX most routers have a default values. Connect the eMerge Controller to the router Connect your computer to the router

Same system, but connected to the public Internet Same as previous system, but this time you can set: – DNS server address(es) – Gateway address – Network time server over the Internet – Cameras over the Internet

Corporate LAN with separate network for security devices This configuration isolates security equipment from the rest of the network – Need to exercise caution in assigning addresses – Note that the router at creates the x subnet – Need to open a port through the router to permit HTTP traffic to the eMerge web server